Packages changed: bolt (0.9.7 -> 0.9.8) gdk-pixbuf (2.42.11 -> 2.42.12) git (2.45.0 -> 2.45.1) glib2 (2.80.0 -> 2.80.2) grub2 hwdata (0.380 -> 0.382) iproute2 (6.8 -> 6.9) libbpf (1.4.1 -> 1.4.2) libmodulemd libressl (3.9.1 -> 3.9.2) libxml2 (2.12.6 -> 2.12.7) libxml2-python (2.12.6 -> 2.12.7) makedumpfile (1.7.4 -> 1.7.5) mozilla-nss (3.99 -> 3.100) ovmf (202308 -> 202311) patterns-base perl-Crypt-OpenSSL-Random (0.15 -> 0.160.0) perl-GD (2.78 -> 2.810.0) perl-Net-DNS (1.420.0 -> 1.450.0) perl-URI (5.270.0 -> 5.280.0) pipewire powerdevil6 python-pyudev (0.24.1 -> 0.24.3) python-zope.interface (6.2 -> 6.3) sdbootutil (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) soundtouch (2.3.2 -> 2.3.3) strace (6.8 -> 6.9) wicked xwayland (23.2.6 -> 24.1.0) === Details === ==== bolt ==== Version update (0.9.7 -> 0.9.8) - update to 0.9.8: * A new NHI for REMBRANDT. * CI fixes. * Don't install an empty DB directory. * Fixed: Determine the string length before writing file. * Fixed: Free on error to prevent resource leak. ==== gdk-pixbuf ==== Version update (2.42.11 -> 2.42.12) Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Update to version 2.42.12: + Fix a build failure, + Fix occasional build failures, + ani: Reject files with multiple INA or IART chunks, + ani: Reject files with multiple anih chunks (CVE-2022-48622), + ani: validate chunk size, + Updated translations. - Drop 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: fixed upstream. ==== git ==== Version update (2.45.0 -> 2.45.1) Subpackages: git-core git-email git-svn git-web perl-Git - update to 2.45.1: * CVE-2024-32002: recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (boo#1224168) * CVE-2024-32004: arbitrary code execution during local clones (boo#1224170) * CVE-2024-32020: file overwriting vulnerability during local clones (boo#1224171) * CVE-2024-32021: git may create hardlinks to arbitrary user- readable files (boo#1224172) * CVE-2024-32465: arbitrary code execution during clone operations (boo#1224173) ==== glib2 ==== Version update (2.80.0 -> 2.80.2) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.80.2: + Fix a regression with IBus caused by the fix for CVE-2024-34397. + Fix installation directory of the GVariant specification. + Bugs fixed: - GVariant specification installed in wrong directory. - Backport "gdbusconnection: Fix test signal subscription ordering" to glib-2-80. - Backport “Correct installation directory of GVariant specification” to glib-2-80. - Backport “gdbusconnection: Allow name owners to have the syntax of a well-known name” to glib-2-80. - Changes from version 2.80.1 + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. + Updated translations. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Update to the latest upstreaming TPM2 patches * 0001-key_protector-Add-key-protectors-framework.patch - Replace 0001-protectors-Add-key-protectors-framework.patch * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch - Merge other TSS patches * 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch * 0002-tpm2-Add-more-marshal-unmarshal-functions.patch * 0003-tpm2-Implement-more-TPM2-commands.patch * 0003-key_protector-Add-TPM2-Key-Protector.patch - Replace 0003-protectors-Add-TPM2-Key-Protector.patch * 0004-cryptodisk-Support-key-protectors.patch * 0005-util-grub-protect-Add-new-tool.patch * 0001-tpm2-Support-authorized-policy.patch - Replace 0004-tpm2-Support-authorized-policy.patch * 0001-tpm2-Add-extra-RSA-SRK-types.patch * 0001-tpm2-Implement-NV-index.patch - Replace 0001-protectors-Implement-NV-index.patch * 0002-cryptodisk-Fallback-to-passphrase.patch * 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch * 0004-diskfilter-look-up-cryptodisk-devices-first.patch - Refresh affected patches * 0001-Improve-TPM-key-protection-on-boot-interruptions.patch * grub2-bsc1220338-key_protector-implement-the-blocklist.patch - New manpage for grub2-protect - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) * grub2-fix-menu-in-xen-host-server.patch ==== hwdata ==== Version update (0.380 -> 0.382) - update to 0.382: * Update pci, usb and vendor ids ==== iproute2 ==== Version update (6.8 -> 6.9) Subpackages: iproute2-bash-completion - Update to release 6.9 * ss: add option to suppress queue columns * m_mirred: allow mirred to block * tc: add NLM_F_ECHO support for actions and filters * ip/bond: add coupled_control support * ss: add support for BPF socket-local storage * ip: ioam6: add monitor command ==== libbpf ==== Version update (1.4.1 -> 1.4.2) - update to 1.4.2: * Another struct_ops-focused bug fix release. It addresses a few more corner cases when dealing with SEC("struct_ops") programs. * It also improves error messaging around common use case of declaring struct_ops BPF program and not referencing it from SEC(".struct_ops") variable (backed by struct_ops BPF map). * This release should improve overall experience of using BPF struct_ops functionality. ==== libmodulemd ==== - Add glib-2.80.2-glibdoc-path.patch: Fix GLib documentation path for GLib 2.80.2 (https://github.com/fedora-modularity/libmodulemd/pull/618). ==== libressl ==== Version update (3.9.1 -> 3.9.2) - Update to release 3.9.2 * A missing bounds check could lead to a crash due to dereferencing a zero-sized allocation. ==== libxml2 ==== Version update (2.12.6 -> 2.12.7) Subpackages: libxml2-2 libxml2-tools - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== libxml2-python ==== Version update (2.12.6 -> 2.12.7) - Update to version 2.12.7: + Fix buffer overread with `xmllint --htmlout` (CVE-2024-34459). + xmllint: Fix --pedantic option. + save: Handle invalid parent pointers in xhtmlNodeDumpOutput. ==== makedumpfile ==== Version update (1.7.4 -> 1.7.5) - Update to 1.7.5: * Support for kernels up to v6.8 (x86_64) * Support for printk caller_id by --dump-dmesg option * [PATCH] ppc64: get vmalloc start address from vmcoreinfo * [PATCH] ppc64: read cur_mmu_type from vmcoreinfo * [PATCH] add PRINTK_CALLER id support to --dump-dmesg option * [PATCH v2 2/2] s390x: uncouple virtual and physical address spaces * [PATCH 1/2] s390x: fix virtual vs physical address confusion Regenerated the content of the makedumpfile-ppc64-VA-range-SUSE.patch file based on version 1.7.5 of the code ==== mozilla-nss ==== Version update (3.99 -> 3.100) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs mozilla-nss-sysinit mozilla-nss-tools - update to NSS 3.100 - bmo#1893029 - merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. - bmo#1893752 - remove ckcapi. - bmo#1893162 - avoid a potential PK11GenericObject memory leak. - bmo#671060 - Remove incomplete ESDH code. - bmo#215997 - Decrypt RSA OAEP encrypted messages. - bmo#1887996 - Fix certutil CRLDP URI code. - bmo#1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. - bmo#676118 - Add ability to encrypt and decrypt CMS messages using ECDH. - bmo#676100 - Correct Templates for key agreement in smime/cmsasn.c. - bmo#1548723 - Moving the decodedCert allocation to NSS. - bmo#1885404 - Allow developers to speed up repeated local execution of NSS tests that depend on certificates. ==== ovmf ==== Version update (202308 -> 202311) Subpackages: qemu-uefi-aarch64 - Removed ovmf-UefiCpuPkg-BaseXApicX2ApicLib-fix-CPUID_V2_EXTENDED_.patch file which is merged to edk2-stable202311: - 170d4ce8e90a UefiCpuPkg/BaseXApicX2ApicLib: fix CPUID_V2_EXTENDED_TOPOLOGY detection ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - add procps into the base pattern as recommended together with zypper (which dropped the dependency) ==== perl-Crypt-OpenSSL-Random ==== Version update (0.15 -> 0.160.0) - updated to 0.16 see /usr/share/doc/packages/perl-Crypt-OpenSSL-Random/Changes 0.16 2024-04-13 rurban - add github actions, travis and appveyor. - Many patches by Takumi Akiyama. - Fix broken github image for strawberry perl by stripping its PATH. their new mingw is incompatible to their old strawberry 5.32 - minor documentation fixes. ==== perl-GD ==== Version update (2.78 -> 2.810.0) - updated to 2.81 see /usr/share/doc/packages/perl-GD/ChangeLog 2.81 * Change GD::Polygon::transform to match old demos (RT #140043), and GD::Polyline. Add GD::Polygon::rotate(cw-radian) helper. Allow GD::Polygon::scale(2.0). 2.80 * Fix broken copyTranspose and copyReverseTranspose (RT #153300) by Yuriy Yevtukhov. * Add transformation tests * Fix wrong WBMP name and detection * Fix wrong filename extension auto-detection for gd,gd2,wbmp * Fix wrong filename extension auto-detection for xpm, newFromXpm needs the filename, not handle. * Fix wrong libgd doc link (PR #52) by Tsuyoshi Watanabe 2.79 * Improve image type autodetection (RT #153212), add a test * Fix Avif without Heif config * Improve gdlib.pc reader for supported library features ==== perl-Net-DNS ==== Version update (1.420.0 -> 1.450.0) - updated to 1.45 see /usr/share/doc/packages/perl-Net-DNS/Changes ==== perl-URI ==== Version update (5.270.0 -> 5.280.0) - updated to 5.28 see /usr/share/doc/packages/perl-URI/Changes 5.28 2024-03-27 01:49:44Z - Using Scalar::Util::reftype instead of just ref(), but mindful this time about definedness to avoid warnings (GH#140) (Jacques Deguest) ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Move modules jack-tunnel and jackdbus-detect to the pipewire-spa-plugins-0_2-jack since those modules should only be used when the real jack server is running. This fixes pipewire starting jackdbus on start. ==== powerdevil6 ==== - Recommend ddcutil-i2c-udev-rules (boo#1224197) ==== python-pyudev ==== Version update (0.24.1 -> 0.24.3) - Update to 0.24.3: * Tidies and Maintenance fixes - Switch to pyproject macros. - No more greedy globs in %files. - Add patch support-pytest-8.patch: * Support pytest 8 changes. ==== python-zope.interface ==== Version update (6.2 -> 6.3) - update to 6.3: * Add preliminary support for Python 3.13 as of 3.13a6. ==== sdbootutil ==== Version update (1+git20240506.573a6a4 -> 1+git20240514.56dc89c) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240514.56dc89c: * Add show-entry command * Add SYSTEMD_COLORS flag * Add byte order mark to boot.csv ==== soundtouch ==== Version update (2.3.2 -> 2.3.3) - Update to 2.3.3: * Fixing compiler warnings, maintenance fixes to make/build files for various systems - Refresh disable-ffast-math.patch ==== strace ==== Version update (6.8 -> 6.9) - Update to strace 6.9 * Implemented --always-show-pid option. * The --user|-u option has learned to recognize numeric UID:GID pair, allowing e.g. statically-built strace to be used without invoking nss plugins. * Implemented decoding of IORING_REGISTER_SYNC_CANCEL, IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS, IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of io_uring_register syscall. * Implemented decoding of BPF_TOKEN_CREATE bpf syscall command. * Updated decoding of io_uring_register and pidfd_send_signal syscalls. * Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*, PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants. * Updated lists of ioctl commands from Linux 6.9. ==== wicked ==== Subpackages: wicked-service - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014). [+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch] ==== xwayland ==== Version update (23.2.6 -> 24.1.0) - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert "xwayland/glamor: Avoid implicit redirection with depth 32 parent windows" * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased