Packages changed: alsa-utils apache-commons-logging apparmor argyllcms autofs (5.1.8 -> 5.1.9) bolt (0.9.6 -> 0.9.7) branding-openSUSE distrobox docker (24.0.7_ce -> 25.0.3_ce) ell (0.61 -> 0.62) fde-tools git (2.43.1 -> 2.43.2) grub2 highway (1.0.7 -> 1.1.0) java-21-openjdk libapparmor libdbusmenu-qt5 libdecor libpng16 (1.6.40 -> 1.6.42) libqt5-qtwebengine libstorage-ng (4.5.189 -> 4.5.190) man mozilla-nss (3.96.1 -> 3.97) perl-Bootloader (1.11 -> 1.12) pipewire qalculate (4.8.1 -> 4.9.0) qemu (8.2.0 -> 8.2.1) sdbootutil (1+git20240214.ba81e0e -> 1+git20240215.cb7e392) signon-plugin-oauth2 utempter vid_stab webrtc-audio-processing wget wqy-zenhei-fonts wsdd yast2-trans (84.87.20240210.1383f689ba -> 84.87.20240219.f6e4117fe0) zip zvbi === Details === ==== alsa-utils ==== - Use %patch -P N instead of deprecated %patchN. ==== apache-commons-logging ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - Use %patch -P N instead of deprecated %patchN. ==== argyllcms ==== - Use %patch -P N instead of deprecated %patchN. ==== autofs ==== Version update (5.1.8 -> 5.1.9) - Use %patch -P N instead of deprecated %patchN. - update to 5.1.9 (bsc#1219508) * fix kernel mount status notification. * fix fedfs build flags. * fix set open file limit. * improve descriptor open error reporting. * fix root offset error handling. * fix fix root offset error handling. * fix nonstrict fail handling of last offset mount. * dont fail on duplicate offset entry tree add. * fix loop under run in cache_get_offset_parent(). * bailout on rpc systemerror. * fix nfsv4 only mounts should not use rpcbind. * simplify cache_add() a little. * fix use after free in tree_mapent_delete_offset_tree(). * fix memory leak in xdr_exports(). * avoid calling pthread_getspecific() with NULL key_thread_attempt_id. * fix sysconf(3) return handling. * remove nonstrict parameter from tree_mapent_umount_offsets(). * fix handling of incorrect return from umount_ent(). * dont use initgroups() at spawn. * fix bashism in configure. * musl: fix missing include in hash.h. * musl: define fallback dummy NSS config path * musl: avoid internal stat.h definitions. * musl: add missing include to hash.h for _WORDSIZE. * musl: add missing include to log.h for pid_t. * musl: define _SWORD_TYPE. * add autofs_strerror_r() helper for musl. * update configure. * handle innetgr() not present in musl. * fix missing unlock in sasl_do_kinit_ext_cc(). * fix a couple of null cache locking problems. * restore gcc flags after autoconf Kerberos 5 check. * prepare for OpenLDAP SASL binding. * let OpenLDAP handle SASL binding. * configure: LDAP function checks ignore implicit declarations. * improve debug logging of LDAP binds. * improve debug logging of SASL binds. * internal SASL logging only in debug log mode. * more comprehensive verbose logging for LDAP maps. * fix invalid tsv access. * support SCRAM for SASL binding. * ldap_sasl_interactive_bind() needs credentials for auto-detection. * fix autofs regression due to positive_timeout. * fix parse module instance mutex naming. * serialise lookup module open and reinit. * coverity fix for invalid access. * fix hosts map deadlock on restart. * fix deadlock with hosts map reload. * fix memory leak in update_hosts_mounts(). * fix minus only option handling in concat_options(). * fix incorrect path for is_mounted() in try_remount(). * fix additional tsv invalid access. * fix use_ignore_mount_option description. * include addtional log info for mounts. * fail on empty replicated host name. * improve handling of ENOENT in sss setautomntent(). * don't immediately call function when waiting. * define LDAP_DEPRECATED during LDAP configure check. * fix return status of mount_autofs(). * don't close lookup at umount. * fix deadlock in lookups. * dont delay expire. * make amd mapent search function name clear. * rename statemachine() to signal_handler(). * make signal handling consistent. * eliminate last remaining state_pipe usage. * add function master_find_mapent_by_devid(). * use device id to locate autofs_point when setting log priotity. * add command pipe handling functions. * switch to application wide command pipe. * get rid of unused field submnt_count. * fix mount tree startup reconnect. * fix unterminated read in handle_cmd_pipe_fifo_message(). * fix memory leak in sasl_do_kinit() * fix fix mount tree startup reconnect. * fix amd selector function matching. * get rid entry thid field. * continue expire immediately after submount check. * eliminate realpath from mount of submount. * eliminate root param from autofs mount and umount. * remove redundant fstat from do_mount_direct(). * get rid of strlen call in handle_packet_missing_direct(). * remove redundant stat call in lookup_ghost(). * set mapent dev and ino before adding to index. * change to use printf functions in amd parser. * dont call umount_subtree_mounts() on parent at umount. * dont take parent source lock at mount shutdown. * fix possible use after free in handle_mounts_exit(). * make submount cleanup the same as top level mounts. * add soucre parameter to module functions. * add ioctlfd open helper. * make open files limit configurable. * use correct reference for IN6 macro call. * dont probe interface that cant send packet. * fix some sss error return cases. * fix incorrect matching of cached wildcard key. * fix expire retry looping. ... changelog too long, skipping 18 lines ... ("autofs-5.1.8 - add soucre parameter to module functions") ==== bolt ==== Version update (0.9.6 -> 0.9.7) - update to 0.9.7: * Add a 'nopcie' security level since some devices report nopcie when Thunderbolt is disabled through BIOS setting. * Markdown lint styling is used for documents. ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE libreoffice-branding-openSUSE plymouth-branding-openSUSE wallpaper-branding-openSUSE yast2-qt-branding-openSUSE - Remove update-alternatives usage, we don't have dynamic wallpapers anymore which were using that (bsc#1219919). ==== distrobox ==== Subpackages: distrobox-bash-completion - Add 0001-Fix-systemd-init-container-startup-1069.patch: * run podman exec command as root since some distros would ask for user password when using su to login even though the user has no password in /etc/shadow * fix pam_systemd not being checked for su ==== docker ==== Version update (24.0.7_ce -> 25.0.3_ce) Subpackages: docker-bash-completion docker-rootless-extras - Update to Docker 25.0.3-ce. See upstream changelong online at - Fixes: * bsc#1219267 - CVE-2024-23651 * bsc#1219268 - CVE-2024-23652 * bsc#1219438 - CVE-2024-23653 - Rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * cli-0001-docs-include-required-tools-in-source-tree.patch - Remove upstreamed patches: - 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch ==== ell ==== Version update (0.61 -> 0.62) - Update to version 0.62 * Add support for cleanup functions and macros. * Add support for setting DHCP max attempts. ==== fde-tools ==== - Add fde-tools-bsc1213945-set-rsa-key-size.patch to set the highest supported RSA key size (bsc#1213945) ==== git ==== Version update (2.43.1 -> 2.43.2) - Do not replace apparmor configuration, fixes bsc#1216545 - update to 2.43.2: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.txt * Update to a new feature recently added, "git show-ref --exists". * Rename detection logic ignored the final line of a file if it is an incomplete line. * "git diff --no-rename A B" did not disable rename detection but did not trigger an error from the command line parser. * "git diff --no-index file1 file2" segfaulted while invoking the external diff driver, which has been corrected. * A failed "git tag -s" did not necessarily result in an error depending on the crypto backend, which has been corrected. * "git stash" sometimes was silent even when it failed due to unwritable index file, which has been corrected. * Recent conversion to allow more than 0/1 in GIT_FLUSH broke the mechanism by flipping what yes/no means by mistake, which has been corrected. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch * add 0002-ofdisk-add-early_log-support.patch ==== highway ==== Version update (1.0.7 -> 1.1.0) - Update to release 1.1.0 * Add BitCastScalar, DispatchedTarget, Foreach * Add Div/Mod and MaskedDiv/ModOr, SaturatedAbs, SaturatedNeg * Add InterleaveWholeLower/Upper, Dup128VecFromValues * Add IsInteger, IsIntegerLaneType, RemoveVolatile, RemoveCvRef * Add MaskedAdd/Sub/Mul/Div/Gather/Min/Max/SatAdd/SatSubOr * Add MaskFalse, IfNegativeThenNegOrUndefIfZero, PromoteEven/OddTo * Add ReduceMin/Max, 8-bit reductions, f16 <-> f64 conversions * Add Span, AlignedArray, matrix-vector mul * Add SumsOf2/4, I8 SumsOf8, SumsOfAdjQuadAbsDiff, SumsOfShuffledQuadAbsDiff * Extend Dot to f32*bf16, FMA to integer * Fix: RVV 8-bit overflow, UB in vqsort, big-endian bugs, PPC HTM * New targets: HWY_Z14, HWY_Z15 ==== java-21-openjdk ==== Subpackages: java-21-openjdk-headless - Use %patch -P N instead of deprecated %patchN. ==== libapparmor ==== - Use %patch -P N instead of deprecated %patchN. ==== libdbusmenu-qt5 ==== - Switch to %autosetup - Drop obsolete patch: * full_include_dir.patch ==== libdecor ==== Subpackages: libdecor-0-0 - Remove the -devel package from baselibs.conf ==== libpng16 ==== Version update (1.6.40 -> 1.6.42) - Update to version 1.6.42: * Fixed the implementation of the macro function "png_check_sig". This was an API regression, introduced in libpng-1.6.41. (Reported by Matthieu Darbois) ==== libqt5-qtwebengine ==== - Switch to '%patch -P' - Build with python 3.11 on Leap ==== libstorage-ng ==== Version update (4.5.189 -> 4.5.190) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Indonesian) (bsc#1149754) - 4.5.190 ==== man ==== - We don't need anymore systemd-tmpfiles (boo#1219370#c13) ==== mozilla-nss ==== Version update (3.96.1 -> 3.97) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit - update to NSS 3.97 * bmo#1875506 - make Xyber768d00 opt-in by policy * bmo#1871631 - add libssl support for xyber768d00 * bmo#1871630 - add PK11_ConcatSymKeys * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken * bmo#1871152 - add a FreeBL API for Kyber * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo * bmo#1835828 - Removing the calls to RSA Blind from loader.* * bmo#1874111 - fix worker type for level3 mac tasks * bmo#1835828 - RSA Blind implementation * bmo#1869642 - Remove DSA selftests * bmo#1873296 - read KWP testvectors from JSON * bmo#1822450 - Backed out changeset dcb174139e4f * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * bmo#1871219 - Wrap CC shell commands in gyp expansions ==== perl-Bootloader ==== Version update (1.11 -> 1.12) - merge gh#openSUSE/perl-bootloader#163 - validate test output for each shell individually - update and extend tests - reworked default-settings command - add test case for default-settings - rework get-option command - add test case for get-option - rework del-option command - add test case for del-option - rework add-option command - add test case for add-option - rework grub2-efi install - adjust some tests - systemd-boot test adjusted - rework remove-kernel option and add tests - rework add-kernel option and add tests - adjust kexec-bootloader and add tests - remove support for dash - remove ancient perl library code from master branch - updated git2log script - adjust spec file - rewrite grub2 install to be more compatible (bsc#1214361) - 1.12 ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Force using doxygen-1_10 in SLE where the default doxygen is too old and generates broken docs (boo#1217886) - Add a conflict in -pulseaudio with pipewire-modules-%{apiver} < 1.0.0 since the libpipewire-module-protocol-pulse.so module was included in - modules before 1.0.0 so we should avoid a file conflict. ==== qalculate ==== Version update (4.8.1 -> 4.9.0) Subpackages: libqalculate22 qalculate-data - update to v4.9.0: * Support for specifying a fixed denominator for display of fractions (e.g. "0.3 ft ➞ 1/8 ≈ (3 + 5/8) in") * Return gcd of numerators divided by lcm of denominators in gcd() with non-integer rational numbers, and vice versa for lcm() * Add units for mean Gregorian and tropical years * Ignore underscore in number * Replace defunct exchange rates source and fix bitcoin exchange rate * Fix asin(x)=a, acos(x)=a, and atan(x)=a, when a contains an angle unit and default angle unit is set * Fix output of value converted to unit expression with numerical multiplier in denominator, e.g. "➞ L/(100 km)" * Fix segfault when trying to solve "(xsqrt(x)-ysqrt(y))/(sqrt(x)-sqrt(y))=x+sqrt(x*y)+y" * Fix parsing of case insensitive object name ending with Unicode character when followed by another Unicode character in expression, e.g. "микрометр" * Add history command, listing expression history * Display all exponents 0-9 using Unicode superscript characters if these are the only exponents in the expression ==== qemu ==== Version update (8.2.0 -> 8.2.1) Update to latest stable version (8.2.1) - Downstream changes: * [openSUSE][RPM]: Install the VGA module "more often" (bsc#1219164) * [openSUSE][RPM] Fix handling of qemu-kvm legacy package for RISCV * [openSUSE][RPM] factor common definitions between qemu and qemu-linux-user spec files - Upstream backports: * target/arm: Fix incorrect aa64_tidcp1 feature check * target/arm: Fix A64 scalar SQSHRN and SQRSHRN * target/xtensa: fix OOB TLB entry access * qtest: bump aspeed_smc-test timeout to 6 minutes * monitor: only run coroutine commands in qemu_aio_context * iotests: port 141 to Python for reliable QMP testing * iotests: add filter_qmp_generated_node_ids() * block/blklogwrites: Fix a bug when logging "write zeroes" operations. * virtio-net: correctly copy vnet header when flushing TX (bsc#1218484, CVE-2023-6693) * tcg/arm: Fix SIGILL in tcg_out_qemu_st_direct * linux-user/riscv: Adjust vdso signal frame cfa offsets * linux-user: Fixed cpu restore with pc 0 on SIGBUS * block/io: clear BDRV_BLOCK_RECURSE flag after recursing in bdrv_co_block_status * coroutine-ucontext: Save fake stack for pooled coroutine * tcg/s390x: Fix encoding of VRIc, VRSa, VRSc insns * accel/tcg: Revert mapping of PCREL translation block to multiple virtual addresses * acpi/tests/avocado/bits: wait for 200 seconds for SHUTDOWN event from bits VM * s390x/pci: drive ISM reset from subsystem reset * s390x/pci: refresh fh before disabling aif * s390x/pci: avoid double enable/disable of aif * hw/scsi/esp-pci: set DMA_STAT_BCMBLT when BLAST command issued * hw/scsi/esp-pci: synchronise setting of DMA_STAT_DONE with ESP completion interrupt * hw/scsi/esp-pci: generate PCI interrupt from separate ESP and PCI sources * hw/scsi/esp-pci: use correct address register for PCI DMA transfers * migration/rdma: define htonll/ntohll only if not predefined * hw/pflash: implement update buffer for block writes * hw/pflash: use ldn_{be,le}_p and stn_{be,le}_p * hw/pflash: refactor pflash_data_write() * backends/cryptodev: Do not ignore throttle/backends Errors * target/i386: pcrel: store low bits of physical address in data[0] * target/i386: fix incorrect EIP in PC-relative translation blocks * target/i386: Do not re-compute new pc with CF_PCREL * load_elf: fix iterator's type for elf file processing * target/hppa: Update SeaBIOS-hppa to version 15 * target/hppa: Fix IOR and ISR on error in probe * target/hppa: Fix IOR and ISR on unaligned access trap * target/hppa: Export function hppa_set_ior_and_isr() * target/hppa: Avoid accessing %gr0 when raising exception * hw/hppa: Move software power button address back into PDC * target/hppa: Fix PDC address translation on PA2.0 with PSW.W=0 * hw/pci-host/astro: Add missing astro & elroy registers for NetBSD * hw/hppa/machine: Disable default devices with --nodefaults option * hw/hppa/machine: Allow up to 3840 MB total memory * readthodocs: fully specify a build environment * .gitlab-ci.d/buildtest.yml: Work around htags bug when environment is large * target/s390x: Fix LAE setting a wrong access register * tests/qtest/virtio-ccw: Fix device presence checking * tests/acpi: disallow tests/data/acpi/virt/SSDT.memhp changes * tests/acpi: update expected data files * edk2: update binaries to git snapshot * edk2: update build config, set PcdUninstallMemAttrProtocol = TRUE. * edk2: update to git snapshot * tests/acpi: allow tests/data/acpi/virt/SSDT.memhp changes * util: fix build with musl libc on ppc64le * tcg/ppc: Use new registers for LQ destination * hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers * hw/vfio: fix iteration over global VFIODevice list * vfio/container: Replace basename with g_path_get_basename * edu: fix DMA range upper bound check * hw/net: cadence_gem: Fix MDIO_OP_xxx values * audio/audio.c: remove trailing newline in error_setg * chardev/char.c: fix "abstract device type" error message * target/riscv: Fix mcycle/minstret increment behavior * hw/net/can/sja1000: fix bug for single acceptance filter and standard frame * target/i386: the sgx_epc_get_section stub is reachable * configure: use a native non-cross compiler for linux-user * include/ui/rect.h: fix qemu_rect_init() mis-assignment * target/riscv/kvm: do not use non-portable strerrorname_np() * iotests: Basic tests for internal snapshots * vl: Improve error message for conflicting -incoming and -loadvm * block: Fix crash when loading snapshot on inactive node - Fixes: * bsc#1218484 (CVE-2023-6693) - Try to solve the qemu-kvm dependency issues on all arches (see, e.g., bsc#1218684) * [openSUSE][RPM] Create the legacy qemu-kvm symlink for all arches ==== sdbootutil ==== Version update (1+git20240214.ba81e0e -> 1+git20240215.cb7e392) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240215.cb7e392: * Add --no-random-seed argument ==== signon-plugin-oauth2 ==== - Switch to %autosetup ==== utempter ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== vid_stab ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== webrtc-audio-processing ==== - Use %patch -P N instead of deprecated %patchN. ==== wget ==== Subpackages: wget-lang - Use %patch -P N instead of deprecated %patchN. ==== wqy-zenhei-fonts ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== wsdd ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN ==== yast2-trans ==== Version update (84.87.20240210.1383f689ba -> 84.87.20240219.f6e4117fe0) Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20240219.f6e4117fe0: * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * Translated using Weblate (Czech) * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'hana-ha'. * New POT for text domain 'control'. ==== zip ==== - Use %patch -P N instead of deprecated %patchN. ==== zvbi ==== - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN.