Packages changed:
MozillaFirefox (129.0.1 -> 130.0.1)
apr (1.7.4 -> 1.7.5)
bind (9.20.1 -> 9.20.2)
cairo
git (2.46.0 -> 2.46.1)
kernel-firmware-nvidia-gspx-G06-cuda
kernel-source (6.10.9 -> 6.10.11)
libdovi (3.2.0 -> 3.3.1)
libeconf (0.7.2 -> 0.7.3)
libsamplerate
mdadm
nbdkit (1.40.2 -> 1.40.3)
nvidia-open-driver-G06-signed-cuda (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1)
openSUSE-release (20240918 -> 20240923)
osinfo-db
patterns-media
postgresql (16 -> 17)
postgresql17 (16.3 -> 17~rc1)
setools
shim-leap
swtpm
usbutils
virt-manager
virt-v2v (2.5.9 -> 2.5.10)
vte (0.76.3 -> 0.76.4)
wpa_supplicant
xml-commons-apis
yast2-kdump (5.0.1 -> 5.0.2)
yast2-storage-ng (5.0.17 -> 5.0.18)
=== Details ===
==== MozillaFirefox ====
Version update (129.0.1 -> 130.0.1)
- Firefox 130.0.1 Release
https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes
* Enterprise: Added an enterprise policy to disable the
* Firefox Labs* section in *Settings*. (bmo#1911826)
* Fixed a recent regression causing some UI elements to
be rendered as left-to-right instead of right-to-left for
users of our Saraiki localization. (bmo#1917175)
* Linux: Fixed black rendering of AVIF images when
Firefox is built with GCC. (bmo#1916038)
- removed obsolete patches
mozilla-bmo1916038.patch
- Mozilla Firefox 130.0
https://www.mozilla.org/en-US/firefox/130.0/releasenotes
MFSA 2024-39 (bsc#1229821)
* CVE-2024-8385 (bmo#1911909)
WASM type confusion involving ArrayTypes
* CVE-2024-8381 (bmo#1912715)
Type confusion when looking up a property name in a "with" block
* CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970,
bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326,
bmo#1894891, bmo#1897648)
Fullscreen notice on Android could be hidden under various
panels and OS prompts
* CVE-2024-8382 (bmo#1906744)
Internal event interfaces were exposed to web content when
browser EventHandler listener callbacks ran
* CVE-2024-8383 (bmo#1908496)
Firefox did not ask before openings news: links in an
external application
* CVE-2024-8384 (bmo#1911288)
Garbage collection could mis-color cross-compartment objects
in OOM conditions
* CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529)
SelectElements could be shown over another site if popups are
allowed
* CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009)
Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2,
and Thunderbird 128.2
* CVE-2024-8389 (bmo#1907230, bmo#1909367)
Memory safety bugs fixed in Firefox 130
- requires NSS 3.103
- removed obsolete patches
mozilla-bmo1898476.patch
mozilla-bmo1907511.patch
- added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500)
- Update dependency on clang-devel from LLVM15 to LLVM18
- Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling
==== apr ====
Version update (1.7.4 -> 1.7.5)
- version update to 1.7.5 [bsc#1229783] CVE-2023-49582
* ) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()"
and "classic mmap" shared memory implementations. [Joe Orton,
Ruediger Pluem]
* ) Fix missing ';' for XML/HTML hex entities from apr_escape_entity().
[Yann Ylavic]
* ) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner.
[Yann Ylavic]
* ) Improve platform detection by updating config.guess and config.sub.
[Rainer Jung]
* ) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov]
* ) CMake: Enable support for MSVC runtime library selection by abstraction.
[Ivan Zhakov]
* ) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1)
to apr:: namespace. [Ivan Zhakov]
- modified patches
% apr-visibility.patch (refreshed)
% reproducible.patch (refreshed)
==== bind ====
Version update (9.20.1 -> 9.20.2)
Subpackages: bind-doc bind-utils
- Update to release 9.20.2
New Features:
* Support for Offline KSK implemented.
* Add a new configuration option offline-ksk to enable Offline
KSK key management. Signed Key Response (SKR) files created
with dnssec-ksr (or other programs) can now be imported into
named with the new rndc skr -import command. Rather than
creating new DNSKEY, CDS, and CDNSKEY records and generating
signatures covering these types, these records are loaded from
the currently active bundle from the imported SKR.
* The implementation is loosely based on
draft-icann-dnssec-keymgmt-01.txt.
* Print the full path of the working directory in startup log
messages.
* named now prints its initial working directory during startup,
and the changed working directory when loading or reloading its
configuration file, if it has a valid directory option defined.
* Support a restricted key tag range when generating new keys.
* When multiple signers are being used to sign a zone, it is
useful to be able to specify a restricted range of key tags to
be used by an operator to sign the zone. The range can be
specified with tag-range in dnssec-policy’s keys (for named and
dnssec-ksr) and with the new options dnssec-keyfromlabel -M and
dnssec-keygen -M.
Feature Changes:
* Exempt prefetches from the fetches-per-zone and
fetches-per-server quotas.
* Fetches generated automatically as a result of prefetch are now
exempt from the fetches-per-zone and fetches-per-server quotas.
This should help in maintaining the cache from which query
responses can be given.
* Follow the number of CPUs set by taskset/cpuset.
* Administrators may wish to constrain the set of cores that
named runs on via the taskset, cpuset, or numactl programs (or
equivalents on other OSes).
* If the admin has used taskset, named now automatically uses the
given number of CPUs rather than the system-wide count.
Bug Fixes:
* Delay the release of root privileges until after configuring
controls.
* Delay relinquishing root privileges until the control channel
has been configured, for the benefit of systems that require
root to use privileged port numbers. This mostly affects
systems without fine- grained privilege systems (i.e., other
than Linux).
* Fix a rare assertion failure when shutting down incoming
transfer.
* A very rare assertion failure could be triggered when the
incoming transfer was either forcefully shut down, or it
finished during the printing of the details about the
statistics channel. This has been fixed.
* Fix algorithm rollover bug when there are two keys with the
same keytag.
* If there was an algorithm rollover and two keys of different
algorithms shared the same keytags, there was the possibility
that the check of whether the key matched a specific state
could be performed against the wrong key. This has been fixed
by not only checking for the matching key tag but also the key
algorithm.
* Fix an assertion failure in validate_dnskey_dsset_done().
* Under rare circumstances, named could terminate unexpectedly
when validating a DNSKEY resource record if the validation had
been canceled in the meantime. This has been fixed.
Known Issues:
* Long-running tasks in offloaded threads (e.g. the loading of
RPZ zones or processing zone transfers) may block the
resolution of queries during these operations and cause the
queries to time out. To work around the issue, the
UV_THREADPOOL_SIZE environment variable can be set to a larger
value before starting named. The recommended value is the
number of RPZ zones (or number of transfers) plus the number of
threads BIND should use, which is typically the number of CPUs.
==== cairo ====
Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2
- Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't
fail if no local subs. Fix regression when writing PDFs with
fonts.
==== git ====
Version update (2.46.0 -> 2.46.1)
Subpackages: git-core git-email git-svn git-web perl-Git
- Update to version 2.46.1;
* "git checkout --ours" (no other arguments) complained that the
option is incompatible with branch switching, which is technically
correct, but found confusing by some users. It now says that the
user needs to give pathspec to specify what paths to checkout.
* It has been documented that we avoid "VAR=VAL shell_func" and why.
* "git add -p" by users with diff.suppressBlankEmpty set to true
failed to parse the patch that represents an unmodified empty line
with an empty line (not a line with a single space on it), which
has been corrected.
* "git rebase --help" referred to "offset" (the difference between
the location a change was taken from and the change gets replaced)
incorrectly and called it "fuzz", which has been corrected.
* "git notes add -m '' --allow-empty" and friends that take prepared
data to create notes should not invoke an editor, but it started
doing so since Git 2.42, which has been corrected.
* An expensive operation to prepare tracing was done in re-encoding
code path even when the tracing was not requested, which has been
corrected.
* Perforce tests have been updated.
* The credential helper to talk to OSX keychain sometimes sent
garbage bytes after the username, which has been corrected.
* A recent update broke "git ls-remote" used outside a repository,
which has been corrected.
* "git config --value=foo --fixed-value section.key newvalue" barfed
when the existing value in the configuration file used the
valueless true syntax, which has been corrected.
* "git reflog expire" failed to honor annotated tags when computing
reachable commits.
* A flakey test and incorrect calls to strtoX() functions have been
fixed.
* Follow-up on 2.45.1 regression fix.
* "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should
behave more or less like "git log -p --remerge-diff" but instead it
crashed, forgetting to prepare a temporary object store needed.
* The patch parser in "git patch-id" has been tightened to avoid
getting confused by lines that look like a patch header in the log
message.
* "git bundle unbundle" outside a repository triggered a BUG()
unnecessarily, which has been corrected.
* The code forgot to discard unnecessary in-core commit buffer data
for commits that "git log --skip=<number>" traversed but omitted
from the output, which has been corrected.
* "git verify-pack" and "git index-pack" started dying outside a
repository, which has been corrected.
* A corner case bug in "git stash" was fixed.
==== kernel-firmware-nvidia-gspx-G06-cuda ====
- Update to 550.120 (boo#1230779)
==== kernel-source ====
Version update (6.10.9 -> 6.10.11)
- Linux 6.10.11 (bsc#1012628).
- usb: typec: ucsi: Always set number of alternate modes
(bsc#1012628).
- usb: typec: ucsi: Fix cable registration (bsc#1012628).
- drm/mediatek: Set sensible cursor width/height values to fix
crash (bsc#1012628).
- ksmbd: override fsids for share path check (bsc#1012628).
- ksmbd: override fsids for smb2_query_info() (bsc#1012628).
- usbnet: ipheth: remove extraneous rx URB length check
(bsc#1012628).
- usbnet: ipheth: drop RX URBs with no payload (bsc#1012628).
- usbnet: ipheth: do not stop RX on failing RX callback
(bsc#1012628).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(bsc#1012628).
- net: ethernet: use ip_hdrlen() instead of bit shift
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
(bsc#1012628).
- drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
(bsc#1012628).
- net: phy: vitesse: repair vsc73xx autonegotiation (bsc#1012628).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1012628).
- wifi: mt76: mt7921: fix NULL pointer access in
mt7921_ipv6_addr_change (bsc#1012628).
- drm/amdgpu: Update kmd_fw_shared for VCN5 (bsc#1012628).
- net: hns3: use correct release function during uninitialization
(bsc#1012628).
- btrfs: update target inode's ctime on unlink (bsc#1012628).
- Input: ads7846 - ratelimit the spi_sync error message
(bsc#1012628).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(bsc#1012628).
- hid-asus: add ROG Ally X prod ID to quirk list (bsc#1012628).
- HID: multitouch: Add support for GT7868Q (bsc#1012628).
- Input: edt-ft5x06 - add support for FocalTech FT8201
(bsc#1012628).
- cgroup/cpuset: Eliminate unncessary sched domains rebuilds in
hotplug (bsc#1012628).
- scripts: kconfig: merge_config: config files: add a trailing
newline (bsc#1012628).
- platform/x86: asus-wmi: Add quirk for ROG Ally X (bsc#1012628).
- platform/surface: aggregator_registry: Add Support for Surface
Pro 10 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Studio 2 (bsc#1012628).
- platform/surface: aggregator_registry: Add fan and thermal
sensor support for Surface Laptop 5 (bsc#1012628).
- platform/surface: aggregator_registry: Add support for Surface
Laptop 6 (bsc#1012628).
- spi: zynqmp-gqspi: Scale timeout by data size (bsc#1012628).
- drm/msm/adreno: Fix error return if missing firmware-name
(bsc#1012628).
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(bsc#1012628).
- drm/xe/xe2lpm: Extend Wa_16021639441 (bsc#1012628).
- drm/xe: fix WA 14018094691 (bsc#1012628).
- drm/xe: use devm instead of drmm for managed bo (bsc#1012628).
- s390/mm: Pin identity mapping base to zero (bsc#1012628).
- smb/server: fix return value of smb2_open() (bsc#1012628).
- NFSv4: Fix clearing of layout segments in layoutreturn
(bsc#1012628).
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (bsc#1012628).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (bsc#1012628).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the
sinf array (bsc#1012628).
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1012628).
- selftests: mptcp: join: restrict fullmesh endp on 1st sf
(bsc#1012628).
- arm64: dts: rockchip: fix eMMC/SPI corruption when audio has
been used on RK3399 Puma (bsc#1012628).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (bsc#1012628).
- minmax: reduce min/max macro expansion in atomisp driver
(bsc#1012628).
- net: tighten bad gso csum offset check in virtio_net_hdr
(bsc#1012628).
- net: libwx: fix number of Rx and Tx descriptors (bsc#1012628).
- dm-integrity: fix a race condition when accessing recalc_sector
(bsc#1012628).
- clocksource: hyper-v: Use lapic timer in a TDX VM without
paravisor (bsc#1012628).
- x86/hyperv: fix kexec crash due to VP assist page corruption
(bsc#1012628).
- mm: avoid leaving partial pfn mappings around in error case
(bsc#1012628).
- bcachefs: Fix bch2_extents_match() false positive (bsc#1012628).
- bcachefs: Revert lockless buffered IO path (bsc#1012628).
- bcachefs: Don't delete open files in online fsck (bsc#1012628).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for
ROCK Pi E (bsc#1012628).
- firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
(bsc#1012628).
- riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq
... changelog too long, skipping 766 lines ...
- commit e9c5fe9
==== libdovi ====
Version update (3.2.0 -> 3.3.1)
- Update to 3.3.1:
* Changed AV1 function signatures to take slices as input and
return a Vec.
* Added write_av1_rpu_metadata_obu_t35_complete function to encode
RPUs in complete metadata OBU payloads.
* XML parser: support decimals when parsing Level6 MaxCLL/MaxFALL
values.
* Added DoviRpu::parse_itu_t35_dovi_metadata_obu and deprecated
av1::parse_itu_t35_dovi_metadata_obu.
* Fixed encoding AV1 payloads with trailing bytes. They are now
discarded.
* Added dovi_write_av1_rpu_metadata_obu_t35_{payload,complete}
functions.
* Added dovi_parse_itu_t35_dovi_metadata_obu function.
* Added support for parsing ext_mapping_idc in RpuDataHeader.
==== libeconf ====
Version update (0.7.2 -> 0.7.3)
- Update to version 0.7.3:
* Groups handled in an own list (#218)
* Add econftool as dependency of its tests
* Simplify snprintf call
* Remove unused functions and reduce variable visibility (#213)
* Fix typos (#212)
==== libsamplerate ====
- Use a constant profile dir for reproducible builds (boo#1062303)
==== mdadm ====
- Detail: remove duplicated code (bsc#1226413)
0008-Detail-remove-duplicated-code.patch
- mdadm: Fix native --detail --export (bsc#1226413)
0009-mdadm-Fix-native-detail-export.patch
==== nbdkit ====
Version update (1.40.2 -> 1.40.3)
Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin
- Update to version 1.40.3:
* Version 1.40.3.
* ip: Do late filtering in list_exports as well as open
* docs/nbdkit_shutdown.pod: Minor copyediting
* docs/nbdkit_error.pod: Typo 'thre' -> 'there'
* podwrapper: Check cross-references to C API pages
* docs: Fix cross-reference to nbdkit_stdio_safe(3)
* ocaml: Use thread-local key to register & unregister the thread
* ocaml: Reinitialize the OCaml runtime after fork
* tests: Refactor ocaml errorcodes plugin used in testing
- Move nbdkit-null-plugin to the nbdkit-server package
==== nvidia-open-driver-G06-signed-cuda ====
Version update (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1)
- Update to 550.120 (boo#1230779)
* Fixed a bug that could cause kernel crashes upon attempting
KMS operations through DRM when nvidia_drm was loaded with
modeset=0.
- aarch64-TW-buildfix.patch
* fixes build on aarch64 with latest TW kernel
==== openSUSE-release ====
Version update (20240918 -> 20240923)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== osinfo-db ====
- Add support for SLE Micro 6.1 (jsc#PED-8910)
add-slem6.1-support.patch
- Drop support for Leap 15.7. Next major version is Leap 16
add-opensuse-leap-15.7-support.patch
- Adjust place holder release-date for sle15sp7
add-sle15sp7-support.patch
==== patterns-media ====
Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd
- pam-extra needs to be present for upgraders, as pam_limits.so
moved from pam to pam-extra. Ensure it's added to the DVD.
==== postgresql ====
Version update (16 -> 17)
Subpackages: postgresql-contrib postgresql-server
- Bump major and default to 17 for Factory and TW.
==== postgresql17 ====
Version update (16.3 -> 17~rc1)
- Upgrade to 17rc1
https://www.postgresql.org/about/news/postgresql-17-rc1-released-2926/
- Upgrade to 17beta3 (bsc#1229013):
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
during pg_dump executes arbitrary SQL
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
- Upgrade to 17beta2.
- Upgrade to 17beta1.
- Allow LLVM <= 18
==== setools ====
Subpackages: python311-setools setools-console
- Add upstream tarball signature
- Add key 85649089C9F385B35F40568D21698FD29D4355A4 to setools.keyring
==== shim-leap ====
- RelEng emergency fix: fux source number to install shim-install.
==== swtpm ====
Subpackages: swtpm-selinux
- Fix swtpm custom module (bsc#1229131)
- Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch
- this can be removed once swtpm upstream sorts out their custom selinux module.
see: https://github.com/stefanberger/swtpm/issues/885
there were a couple changes in the selinux-policy libvirt handling
which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled
virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t
==== usbutils ====
- enable usbreset
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- Fix SUSE SL Micro detection
virtinst-add-slem60-detection-support.patch
- Solve bsc#1228384 --dry-run creating pools in a different way
virtinst-dont-create-storage-pool-for-dryrun.patch
- Upstream bug fixes (bsc#1027942) (jsc#PED-8910)
094-uitests-handle-newer-libvirt-test-driver-UpdateDevice-support.patch
095-uitests-force-internal-snapshots-in-test_snapshot.py.patch
==== virt-v2v ====
Version update (2.5.9 -> 2.5.10)
Subpackages: virt-v2v-bash-completion
- Update to virt-v2v 2.5.10 (jsc#PED-8910)
* convert: Display osinfo in "Converting ..." message
* Updated language translations
* Fix the bugs in YAML generator
* output: -o kubevirt: Fix firmware section to match specification
==== vte ====
Version update (0.76.3 -> 0.76.4)
Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91
- Update to version 0.76.4:
* fonts: ensure ref of font from glyph item analysis
* build: Post release version bump
==== wpa_supplicant ====
- Revert "Mark authorization completed on driver indication
during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection
problems with brcmfmac wifi hardware. (bsc#1230797)
[+ Revert-Mark-authorization-completed-on-driver-indica.patch]
==== xml-commons-apis ====
- Use SOURCE_DATE_EPOCH for reproducible builds
==== yast2-kdump ====
Version update (5.0.1 -> 5.0.2)
- Don't write empty fadump="" kernel parameter (bsc#1230359)
- 5.0.2
==== yast2-storage-ng ====
Version update (5.0.17 -> 5.0.18)
- Extend the API to resize partitions during a proposal (required
by gh#openSUSE/agama#1599).
- 5.0.18