Packages changed: Mesa (23.3.5 -> 23.3.6) Mesa-drivers (23.3.5 -> 23.3.6) acl (2.3.1 -> 2.3.2) apparmor attr (2.5.1 -> 2.5.2) binutils (2.41 -> 2.42) expat (2.5.0 -> 2.6.0) gcc14 (13.2.1+git8285 -> 14.0.1+git8957) gnome-maps ibus-m17n (1.4.27 -> 1.4.28) kernel-source (6.7.4 -> 6.7.5) libapparmor libshumate libstorage-ng (4.5.188 -> 4.5.189) mariadb (11.2.2 -> 11.2.3) nodejs21 (21.6.1 -> 21.6.2) python311 python311-core qemu qt6-base (6.6.1 -> 6.6.2) qt6-declarative (6.6.1 -> 6.6.2) qt6-imageformats (6.6.1 -> 6.6.2) qt6-translations (6.6.1 -> 6.6.2) qt6-wayland (6.6.1 -> 6.6.2) rpm-config-SUSE (20240118 -> 20240214) webkit2gtk3 webkit2gtk3-soup2 === Details === ==== Mesa ==== Version update (23.3.5 -> 23.3.6) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1 - Update to bugfix release 23.3.6 - -> https://docs.mesa3d.org/relnotes/23.3.6.html ==== Mesa-drivers ==== Version update (23.3.5 -> 23.3.6) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - Update to bugfix release 23.3.6 - -> https://docs.mesa3d.org/relnotes/23.3.6.html ==== acl ==== Version update (2.3.1 -> 2.3.2) Subpackages: libacl1 libacl1-32bit - Update to version 2.3.2: + libobj: declare s_str directly in string_obj_tag. + Use thread-safe getpwnam_r and getgrnam_r. + setfacl: preserve the failed status when processing multiple files. + man: Document pitfall with negative permissions and user namespaces. + tools: mark long_options static & const. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) ==== attr ==== Version update (2.5.1 -> 2.5.2) Subpackages: libattr1 - update to 2.5.2: * attr: eliminate a dead store in attr_copy_action() * libattr: Set symbol versions for legacy syscalls via attribute or asm * exports: use LGPL for library code * documentation updates * translation updates (Polish, Dutch, Gregorian, French) * build system updates ==== binutils ==== Version update (2.41 -> 2.42) Subpackages: libctf-nobfd0 libctf0 - Add binutils-disable-code-arch-error.diff to demote an error about swapped .arch/.code directives to a warning. It happens in the wild. - Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus - -error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in "objdump -M insndesc" to display an instruction description as comment along with the disassembly. - Add binutils-2.42-branch.diff.gz. - Rebased s390-biarch.diff. - Adjusted binutils-revert-hlasm-insns.diff, binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff for upstream changes. - Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2, binutils-2.41-branch.diff.gz. - Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff and riscv-relro.patch (all upstreamed). - Removed add-ulp-section.diff, we use a different mechanism for live patching since a long time. ==== expat ==== Version update (2.5.0 -> 2.6.0) Subpackages: libexpat1 - Update keyring automatically from keyserver during OBS service run. - Explicitly use --without-docbook (before it was implicit). - Include missing files for documentation and examples. - Add manpage for xmlwf, which is not available in the release tarball. - Clean the spec file a bit. - Update to 2.6.0: * Security fixes: - CVE-2023-52425 (boo#1219559) - - Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (boo#1219561) - - Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent "invalid token" error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example "element_declarations.c" - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section "Cflags.private" in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of "NULL" and "null" - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ==== gcc14 ==== Version update (13.2.1+git8285 -> 14.0.1+git8957) Subpackages: libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 - Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957 * bumps libgphobos and libgdrundime SONAME - Use %patch -P N instead of %patchN - Refresh gcc44-rename-info-files.patch ==== gnome-maps ==== Subpackages: gnome-maps-lang - Update license based on legaldb review ==== ibus-m17n ==== Version update (1.4.27 -> 1.4.28) - Update to 1.4.28 * Add Russian translations ==== kernel-source ==== Version update (6.7.4 -> 6.7.5) Subpackages: kernel-default kernel-default-devel kernel-devel kernel-macros - Linux 6.7.5 (bsc#1012628). - ext4: regenerate buddy after block freeing failed if under fc replay (bsc#1012628). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (bsc#1012628). - dmaengine: ti: k3-udma: Report short packet errors (bsc#1012628). - dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA (bsc#1012628). - dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (bsc#1012628). - phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018 (bsc#1012628). - phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018 (bsc#1012628). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (bsc#1012628). - perf tests: Add perf script test (bsc#1012628). - perf test: Fix 'perf script' tests on s390 (bsc#1012628). - perf evlist: Fix evlist__new_default() for > 1 core PMU (bsc#1012628). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (bsc#1012628). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1012628). - cifs: avoid redundant calls to disable multichannel (bsc#1012628). - cifs: failure to add channel on iface should bump up weight (bsc#1012628). - drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case (bsc#1012628). - drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (bsc#1012628). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1012628). - x86/efistub: Give up if memory attribute protocol returns an error (bsc#1012628). - x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR (bsc#1012628). - net: stmmac: xgmac: fix handling of DPP safety error for DMA channels (bsc#1012628). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1012628). - wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1012628). - wifi: mac80211: fix waiting for beacons logic (bsc#1012628). - wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628). - wifi: brcmfmac: Adjust n_channels usage for __counted_by (bsc#1012628). - netdevsim: avoid potential loop in nsim_dev_trap_report_work() (bsc#1012628). - net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628). - selftests: net: cut more slack for gro fwd tests (bsc#1012628). - selftests/net: convert unicast_extensions.sh to run it in unique namespace (bsc#1012628). - selftests/net: convert pmtu.sh to run it in unique namespace (bsc#1012628). - selftests/net: change shebang to bash to support "source" (bsc#1012628). - selftests: net: fix tcp listener handling in pmtu.sh (bsc#1012628). - selftests: net: avoid just another constant wait (bsc#1012628). - tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628). - tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1012628). - atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628). - octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628). - hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628). - hwmon: (coretemp) Fix bogus core_id to attr name mapping (bsc#1012628). - inet: read sk->sk_family once in inet_recv_error() (bsc#1012628). - drm/i915/gvt: Fix uninitialized variable in handle_mmio() (bsc#1012628). - x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section (bsc#1012628). - rxrpc: Fix generation of serial numbers to skip zero (bsc#1012628). - rxrpc: Fix delayed ACKs to not set the reference serial number (bsc#1012628). - rxrpc: Fix response to PING RESPONSE ACKs to a dead call (bsc#1012628). - rxrpc: Fix counting of new acks and nacks (bsc#1012628). - selftests: net: let big_tcp test cope with slow env (bsc#1012628). - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1012628). - af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC (bsc#1012628). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1012628). - ppp_async: limit MRU to 64K (bsc#1012628). - selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628). - netfilter: nft_compat: narrow down revision to unsigned 8-bits (bsc#1012628). ... changelog too long, skipping 163 lines ... - commit 1dccf2a ==== libapparmor ==== - Add apparmor-abstractions-openssl-allow-version-specific-en.patch to allow version specific engdef & engines openssl paths (boo#1219571) ==== libshumate ==== Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0 - Update licenses based on legaldb review ==== libstorage-ng ==== Version update (4.5.188 -> 4.5.189) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#986 - log textdomain codeset - 4.5.189 ==== mariadb ==== Version update (11.2.2 -> 11.2.3) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.2.3: https://mariadb.com/kb/en/mariadb-11-2-3-release-notes/ https://mariadb.com/kb/en/mariadb-11-2-3-changelog/ - Update list of skipped tests ==== nodejs21 ==== Version update (21.6.1 -> 21.6.2) Subpackages: npm21 - Update to 21.6.2: (security updates) * (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Add upstream patch libexpat260.patch, Fix tests for XMLPullParser with Expat 2.6.0, gh#python/cpython#115289 ==== qemu ==== Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 - Update the service file to use OBS-scm (by fvogt) - Various fixes: * [openSUSE][RPM] Fix enabling features on non-x86_64 * [openSUSE][RPM] Disable test-crypto-secret in linux-user build * [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722) * [openSUSE][RPM] spec: allow building without spice ==== qt6-base ==== Version update (6.6.1 -> 6.6.2) Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 - Update to 6.6.2 * https://www.qt.io/blog/qt-6.6.2-released - Drop patches, merged upstream: * 0001-QMimeDatabase-handle-buggy-type-definitions.patch * 0001-QMimeDatabase-collect-glob-patterns-from.patch * 0001-HPack-fix-a-Yoda-Condition.patch * 0002-HPack-fix-incorrect-integer-overflow-check.patch * 0001-Http2-fix-potential-overflow-in-assemble_hpack_block.patch ==== qt6-declarative ==== Version update (6.6.1 -> 6.6.2) Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports - Update to 6.6.2 * https://www.qt.io/blog/qt-6.6.2-released - Add upstream changes to make build reproducible: * 0001-QuickControls-Link-the-impl-libraries-into-the-base-.patch * 0001-Dialogs-Depend-on-controls-styles-in-QuickDialogs2Qu.patch ==== qt6-imageformats ==== Version update (6.6.1 -> 6.6.2) - Update to 6.6.2 * https://www.qt.io/blog/qt-6.6.2-released ==== qt6-translations ==== Version update (6.6.1 -> 6.6.2) - Update to 6.6.2 * https://www.qt.io/blog/qt-6.6.2-released ==== qt6-wayland ==== Version update (6.6.1 -> 6.6.2) Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Update to 6.6.2 * https://www.qt.io/blog/qt-6.6.2-released - Drop patch, merged upstream: * client-avoid-creating-decorations-in-the-render-thread.patch ==== rpm-config-SUSE ==== Version update (20240118 -> 20240214) - Update to version 20240214: * set_permissions: handle chkstat failure more grateful (bsc#1219736) ==== webkit2gtk3 ==== Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Increase mem_per_process again to match what is in SLE. The build was sporadically failing there (bsc#1198743). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072). ==== webkit2gtk3-soup2 ==== Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Increase mem_per_process again to match what is in SLE. The build was sporadically failing there (bsc#1198743). - Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0, but webkitgtk uses a function added in 1.20.0, so we need to ensure that the wayland update is pulled in (bsc#1215072).