Packages changed: Imath (3.1.11 -> 3.1.12) Mesa Mesa-drivers MozillaFirefox (134.0 -> 134.0.1) abseil-cpp amarok (3.1.1 -> 3.2.1) apache2 apache2-manual apache2-mod_php8 (8.3.15 -> 8.3.16) apache2-prefork apache2-utils at-spi2-core (2.54.0 -> 2.54.1) binutils clamav codec2 dnsmasq elfutils emacs freeipmi (1.6.14 -> 1.6.15) gimp (2.10.38 -> 3.0.0~RC2) git (2.48.0 -> 2.48.1) glib2 (2.82.2 -> 2.82.4) gnome-color-manager (3.36.0 -> 3.36.2) gnome-control-center gnome-online-accounts (3.52.2 -> 3.52.3.1) gnome-remote-desktop (47.2 -> 47.3) gnome-shell (47.2 -> 47.3) gnome-software (47.3 -> 47.4) gpg2 (2.5.2 -> 2.5.3) gupnp-av (0.14.1 -> 0.14.3) harfbuzz (10.1.0 -> 10.2.0) hplip libcdio (2.1.0 -> 2.2.0) libeconf (0.7.6 -> 0.7.7) libgee (0.20.6 -> 0.20.8) libixion libquicktime libsecret (0.21.4 -> 0.21.5) libsoup (3.6.1 -> 3.6.4) libvirt (10.10.0 -> 11.0.0) libwnck (43.1 -> 43.2) libxcrypt (4.4.37 -> 4.4.38) llvm19 (19.1.6 -> 19.1.7) meson mutter (47.3 -> 47.4) ncurses nvidia-open-driver-G06-signed-cuda (565.57.01_k6.12.8_2 -> 565.57.01_k6.12.9_1) openSUSE-release (20250114 -> 20250119) opensc (0.26.0 -> 0.26.1) pango (1.56.0 -> 1.56.0+12) pangomm (2.54.0 -> 2.56.1) patterns-base perl-XML-Twig (3.52 -> 3.530.0) php8 (8.3.15 -> 8.3.16) polkit-default-privs (1550+20241129.21d7d0b -> 1550+20250117.6b45c52) postgresql17 power-profiles-daemon (0.22 -> 0.23) python-charset-normalizer python-httpx python-libvirt-python (10.10.0 -> 11.0.0) python-pyOpenSSL python311-setuptools qalculate (5.4.0 -> 5.5.0) rsync (3.3.0 -> 3.4.1) samba (4.21.2+git.382.df546a2d31b -> 4.21.3+git.385.dab50f14578) sqlite3 (3.47.2 -> 3.48.0) suse-module-tools (16.0.55 -> 16.0.56) susepaste (0.7 -> 20241225) systemd-presets-common-SUSE tree-sitter (0.24.6 -> 0.24.7) u-boot-rpiarm64 util-linux (2.40.2 -> 2.40.4) util-linux-systemd (2.40.2 -> 2.40.4) xfce4-terminal xterm === Details === ==== Imath ==== Version update (3.1.11 -> 3.1.12) - update to 3.1.12: * Support for compiling half.h with hip-runtime-amd * Also, the v3.1.11 release had improper versioning in its cmake and pkgconf configuration files. This is now fixed. ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - aarch64: enable build of panvk driver ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - aarch64: enable build of panvk driver ==== MozillaFirefox ==== Version update (134.0 -> 134.0.1) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 134.0.1 * Fixed UI hangs happening on YouTube and Google Docs in some situations (bmo#1939295) * Fixed a startup crash affecting some users upgrading from Firefox 133 (bmo#1941134) * Fixed an issue where search engines selection menus and context menus could be broken if a user had previously reverted to an earlier version (bmo#1940533) - raised required rust version to 1.81 ==== abseil-cpp ==== Subpackages: libabsl_2407_0_0 libabsl_lite_2407_0_0 - Extend options-cxx17.patch and options-old.patch to avoid race-condition (boo#1235867) ==== amarok ==== Version update (3.1.1 -> 3.2.1) - Update to 3.2.1 * Support gpodder and lastfm on Qt6 builds * Limit maximum current track font size more when context view is narrow * Fix displaying settings button for Internet services * Enable Wikipedia context applet on Qt6 builds * Don't crash when copying multiple files to MTP device (kde#467616) * Avoid unnecessarily flooding MTP devices with storage capacity queries * Compilation fixes for various compiler + Qt6 version combinations - Update to 3.2.2 * Building an experimental Qt6/KF6 Amarok version is now possible * Allow filtering collection by lack of tag / empty tag (kde#325317) * Amarok now depends on KDE Frameworks 5.108 * Show current track context applet by default * Probably fix occasional crashes when filtering collection (kde#492406) * Probably fix occasional crashes when clearing CompondProgressBars * Fix context view applets on Qt6/KF6 * Fix Ampache login on server version 5.0.0 and later (kde#496581) * Fix crash if Ampache login is redirected (kde#396590) - Rebase disable-web-plugins-by-default.patch ==== apache2 ==== - Fix builds of test package with RPM 4.20: + noarch packages cannot rely on libdir, which is an arch-dependent variable. Rely on apxs -q libdir to extract the correct information instead. ==== apache2-manual ==== - Fix builds of test package with RPM 4.20: + noarch packages cannot rely on libdir, which is an arch-dependent variable. Rely on apxs -q libdir to extract the correct information instead. ==== apache2-mod_php8 ==== Version update (8.3.15 -> 8.3.16) - version update to 8.3.16 Core: Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF). Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly). Fixed bug GH-17211 (observer segfault on function loaded with dl()). Fixed bug GH-17216 (Trampoline crash on error). Date: Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences. DBA: Skip test if inifile is disabled. DOM: Fixed bug GH-17224 (UAF in importNode). Embed: Make build command for program using embed portable. FFI: Fixed bug #79075 (FFI header parser chokes on comments). Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. Fixed bug GH-16013 and bug #80857 (Big endian issues). Filter: Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890). FPM: Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)). Fixed bug GH-17112 (Macro redefinitions). Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits). GD: Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c). Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs). Gettext: Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()). Iconv: Fixed bug GH-17047 (UAF on iconv filter failure). LDAP: Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes). LibXML: Fixed bug GH-17223 (Memory leak in libxml encoding handling). MBString: Fixed bug GH-17112 (Macro redefinitions). Opcache: opcache_get_configuration() properly reports jit_prof_threshold. Fixed bug GH-17246 (GC during SCCP causes segfault). PCNTL: Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry. PgSql: Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument). Fixed further ArgumentCountError for calls with flexible number of arguments. Phar: Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). SimpleXML: Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). Fixed bug GH-17153 (SimpleXML crash when using autovivification on document). Sockets: Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option(). SPL: Fixed bug GH-17225 (NULL deref in spl_directory.c). Streams: Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling). Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value). Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds). Windows: Hardened proc_open() against cmd.exe hijacking. XML: Fixed bug GH-1718 (unreachable program point in zend_hash). - modified patches % php-build-reproducible-phar.patch (refreshed) - obsolete php7 to smooth the migration [bsc#1234788] ==== apache2-prefork ==== - Fix builds of test package with RPM 4.20: + noarch packages cannot rely on libdir, which is an arch-dependent variable. Rely on apxs -q libdir to extract the correct information instead. ==== apache2-utils ==== - Fix builds of test package with RPM 4.20: + noarch packages cannot rely on libdir, which is an arch-dependent variable. Rely on apxs -q libdir to extract the correct information instead. ==== at-spi2-core ==== Version update (2.54.0 -> 2.54.1) Subpackages: libatk-1_0-0 libatk-bridge-2_0-0 libatspi0 typelib-1_0-Atk-1_0 typelib-1_0-Atspi-2_0 - Update to version 2.54.1: + Fix various memory leaks. + Fix the build on FreeBSD. - Switch to source service for tarball. ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - Enable multitarget build on loongarch64 ==== clamav ==== Subpackages: libclamav12 libclammspack0 libfreshclam3 - bsc#1232242: Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. ==== codec2 ==== - Build AVX2 enabled hwcaps library for x86_64-v3 ==== dnsmasq ==== - bsc#1235834: Don't let compile time options change silently. - Use pkgconfig for libidn2. - Disable --nftset for SLE-15-SP3 and older. - bsc#1235517: Reintroduce nogroup for SLE-15-SP3 and older. ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add fix-static-linking.patch (bsc#1234445) ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox etags - Try to avoid crash on later loaded shared libraries as seen in bug boo#1234865 with libnvidia-tls.so ==== freeipmi ==== Version update (1.6.14 -> 1.6.15) - freeimpi 1.6.15: * In ipmi-config, fix incorrect output of IPv6_Dynamic_Address_Source_Type * In ipmi-oem, increase precision of Dell cumulative energy output * Do not advertise options that are only available when special debugging is compiled into FreeIPMI * libfreeipmi: remove unnecessary / duplicate parameter checks * Minor documentation updates - drop gcc-14.patch ==== gimp ==== Version update (2.10.38 -> 3.0.0~RC2) Subpackages: gimp-plugin-aa - drop buildrequires for the font. really not needed. - scm scripts seems to also require the typelib for gimp. move the typelib to the main package including the requires for the babl/gegl typelibs - Added 33ab56f55406cc3cbe3cc7c0627340da1c1f2d6a.patch This properly fixes that gimp doesnt crash if it doesnt find any fonts. - guard the gdb buildrequires in a bcond debug_in_build_gimp so we can easily reenable it for future issues - replace bitstream-vera-fonts with google-noto-sans-fonts The actual font it looks for is "Warsaw Gothic" but according to https://gitlab.gnome.org/GNOME/gimp/-/issues/12640#note_2312400 it should not really need it during the build - Sync spec file with master package - add libbacktrace-devel for better backtrace support - add BR for bitstream-vera-fonts so that at least some fonts are available for the splash screen. this fixes the build crash. - cleanup lua BR as the lua plugin is experimental and shouldnt be enabled. - Add gdb.patch and gdb BR to debug https://gitlab.gnome.org/GNOME/gimp/-/issues/12640 - Import some useful patches from Fedora gimp-2.99.19-cm-system-monitor-profile-by-default.patch gimp-2.99.19-external-help-browser.patch gimp-2.99.19-no-phone-home-default.patch - Add BuildRequires for the python runtime requires to see if it fixes the problem with the splash screen - Update to 3.0.0~RC2 https://www.gimp.org/news/2024/12/27/gimp-3-0-RC2-released/ ==== git ==== Version update (2.48.0 -> 2.48.1) Subpackages: git-core git-email git-svn git-web perl-Git - update to 2.48.1: (boo#1235600 boo#1235601) * CVE-2024-50349, CVE-2024-52006: refuse to accept URLs that contain control sequences ==== glib2 ==== Version update (2.82.2 -> 2.82.4) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Update to version 2.82.4: + Fix a double-unref crash which affects many apps which use pygobject to export objects on D-Bus + Bugs fixed: - Fix regression: lollypop crashes on startup - Revert "gdbus: Fix leak of method invocation when registering an object with closures" - ci: Add release component to automate tarball publishing - Update to version 2.82.3: + Fix compatibility with tzdata 2024b + Bugs fixed: - Test regressions with tzdata 2024b - gdatetime test: Do not assume PST8PDT was always exactly - 8/-7 - glib: Don't require GLIB_DOMAIN to be a NUL-terminated string - gio: Fix GFileEnumerator leaks in gio tools - macos: Remove extraous space from type identifier - refstring: Fix race between releasing and re-acquiring an interned GRefString - appmonitor: Fix warning building test - grefstring: Mark a variable as potentially unused - gdbus: Fix leak of method invocation when registering an object with closures ==== gnome-color-manager ==== Version update (3.36.0 -> 3.36.2) - Update to version 3.36.2: + Remove forgotten libcanberra include + Set prgname to application ID + Update appdata + Updated translations. - Switch to source service for tarball/sources. - Drop obsolete update-desktop-files BuildRequires and macros. - Drop pkgconfig(libcanberra-gtk3) BuildRequires following upstream changes. ==== gnome-control-center ==== Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces gnome-control-center-users - Recommend ppd-server instead of power-profiles-daemon: there is also tuned-ppd, which provides the same dbus interface. If the user does not chose between the two, we suggest the original power-profiles-daemon. - Fix escaping of commented out patch: with RPM 4.20, %patch becomes a standard, expandable macro, that can span more than one line. Commenting out with #%patch can thus lead to invalid results. ==== gnome-online-accounts ==== Version update (3.52.2 -> 3.52.3.1) Subpackages: libgoa-1_0-0 libgoa-backend-1_0-2 - Update to version 3.52.3.1: + Bugs fixed: - Unable to Sign In to Microsoft Exchange account - Missing kerberos password not detected - Fail faster - don't wait 120 seconds to timeout - goadaemon: Changes around "no provider" runtime warnings ==== gnome-remote-desktop ==== Version update (47.2 -> 47.3) - Update to version 47.3: + Fix gdctl crash when setting VNC password + Don't hard code keyboard type ==== gnome-shell ==== Version update (47.2 -> 47.3) Subpackages: gnome-extensions gnome-shell-calendar - Update to version 47.3: + Fix Escape handling in run dialog + Fix custom text-scaling-factor getting reset + Tweak ibus candidate popover appearance + Misc. bug fixes and cleanups ==== gnome-software ==== Version update (47.3 -> 47.4) Subpackages: gnome-software-plugin-packagekit - Update to version 47.4: + Fix downloads of firmware updates + Fix the release process ==== gpg2 ==== Version update (2.5.2 -> 2.5.3) Subpackages: dirmngr - Update to 2.5.3 * gpg: Allow for signature subpackets of up to 30000 octets. [rG36dbca3e69] * gpg: Silence expired trusted-key diagnostics in quiet mode. [T7351] * gpg: Allow smaller session keys with Kyber and enforce the use of AES-256 if useful. [T7472] * gpg: Fix regression in key generation from existing card key. [T7309,T7457] * gpg: Print a warning if the card backup key could not be written. [T2169] * The --supervised options of gpg-agent and dirmngr have been renamed to --deprecated-supervised as preparation for their removal. [rGa019a0fcd8] * There is no more default for a keyserver. ==== gupnp-av ==== Version update (0.14.1 -> 0.14.3) Subpackages: libgupnp-av-1_0-3 - Update to version 0.14.3: + xml: Fix compatibility with libxml2 2.12.x + Add missing array annotation + build: Fix Requires: line of pkg-config file + Loosen restriction on dc:date verification - Drop patches fixed upstream: + 1e10a41f.patch + 767388bc.patch + gupnp-av-libxml2.11-support.patch - Switch to source service for tarball/sources. ==== harfbuzz ==== Version update (10.1.0 -> 10.2.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 10.2.0: + Consider Unicode Variation Selectors when subsetting “cmap” table. + Guard hb_cairo_glyphs_from_buffer() against malformed UTF-8 strings. + Fix incorrect “COLR” v1 glyph scaling in hb-cairo. + Use locale-independent parsing of double numbers is “hb-subset” command line tool. + Fix incorrect zeroing of advance width of base glyphs in various “Courier New” font versions due to incorrect “GDEF” glyph classes. + Fix handling of long language codes with “HB_LEAN” configuration. + Update OpenType language system registry. + Allow all Myanmar tone marks (including visarga) in any order. + Don’t insert U+25CC DOTTED CIRCLE before superscript/subscript digits. + Handle Garay script as right to left script. + New API for serializing font tables and potentially repacking them in optimal way. + New API for converting font variation setting from and to strings. + Various build fixes. + Various subsetter and instancer fixes. + New API: - +hb_subset_serialize_link_t - +hb_subset_serialize_object_t - +hb_subset_serialize_or_fail() - +hb_subset_axis_range_from_string() - +hb_subset_axis_range_to_string() - Drop harfbuzz-CVE-2024-56732.patch: Fixed upstream. ==== hplip ==== Subpackages: hplip-hpijs hplip-sane hplip-udev-rules - hplip.spec: re-introduce macros for SLE12 compatibility, so that we can backport security fixes to older releases (bsc#1234745, CVE-2020-6923) ==== libcdio ==== Version update (2.1.0 -> 2.2.0) - Update to 2.2.0: - Revised to note ABI change in ISO-9660 shared library (.so) version numbers; bump release version from 2.1.1 to 2.2.0 to note both API and ABI changes. These are the last three bullet items under Version 2.1.1. - Remove LIBCDIO_SOURCE_PATH from configure.ac. - Update to 2.1.1: - More checks of potentially NULL buffers. More malloc()/calloc() result checks. - Enforce non-widestring ("A" suffixed) calls when we pass char* parameters. - Use widestring API calls unless otherwise specified. - Remove a deprecation warning of the declaration of is_cdrom_aspi() and GetVersion(). - Updates for compiling on MSVC. - Move to github - Add github CI checks. - Count empty fields as tracks. - Add some validity checks to enhance security. - Add support for ISO9660 multi extent files. - Fix Recognition of multi-extent in ISO9660 when Joliet is present. - Use getmntent/setmntent for reading mounts. - Use GNU/Linux new ioctl on kernel v5.16 or newer. - Use "%s"-style format in cdda-player.c: to make it catch cases when user input is used in place of format. - Remove some memory leaks in C++ code. - Allow for DO_NOT_WANT_COMPATIBILITY macro in config.h to disable APIs that are being retired. - Fix win32 implementation of .get_track_msf() for CD with first track number > 1 - Fix testing on Windows and remove compilation warnings. - Add Rock Ridge deep directory support. - Fix and clean up various Rock Ridge issues and adjust tests. - Fix double reporting of sizes in cd-info.c. - CD-Text character set interpretation more tolerant of bad input. - Remove homegrown boolean type in favor of . - Improve pkg-config configuration detection - Fix crash reading CD TOC on macOS Ventura. - Update freedb references to GnuDB. - Fix charset check in Windows cdio_charset_from_utf8 implementation. - Add support for reading CD-Text on macOS and Windows - Remove upstreamed patch: - fix-undefined-behavior-in-readlink.patch - Remove GPG authentication, not supported any more. ==== libeconf ==== Version update (0.7.6 -> 0.7.7) - Update to version 0.7.7: * Additional fix for parsing empty config files (bsc#1234405). ==== libgee ==== Version update (0.20.6 -> 0.20.8) - Update to version 0.20.8: + Fixes for newer valac. - Drop patches fixed upstream: + ce8461ff6ea8ed79ce06b4241cb4fbb6d3d314f1.patch + b33a6627f4fc96938b6015e05849867c472160a8.patch + 2f0bbe8987e5eb1390b23ac531c971b202c2ef77.patch - Add check section and run make check during build. ==== libixion ==== - Add upstream change to fix failure with -Werror=undef: * 0001-Fix-_WIN32-is-not-defined-when-not-on-Windows.patch ==== libquicktime ==== - update fix-gcc14-build.patch * add fix for faad2 and faac as well ==== libsecret ==== Version update (0.21.4 -> 0.21.5) Subpackages: libsecret-1-0 typelib-1_0-Secret-1 - Update to version 0.21.5: + session: Tolerate non-approved DH parameter usage in FIPS mode + Add some missing GIR annotations + meson: - Create default test setup with D-Bus - Use env.prepend() for test environment setup - Fix license field + build: - Remove self-inclusion from secret-item.h - Fix compiler warnings in Vala tests + tests: Fix "\|" used in test-secret-tool.sh not portable + Fix typo in D-Bus XML + docs: - Fix minor gi-docgen reference - Fix Python example - Mention file backend - Fix link in README + Several CI-related updates + Updated translations. ==== libsoup ==== Version update (3.6.1 -> 3.6.4) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Update to version 3.6.4: + http2: Fix regression on 32bit systems when reading response data. - Update to version 3.6.3: + http2: Significantly reduce memory usage of large requests + server: Treat `ECONNREFUSED` when listening on IPv6 as unsupported + auth-digest: Fix handling missing nonce/realm in responses, as well as a leak + In `soup_uri_decode_data_uri()` fix handling of URIs with a path beginning with `//` + In `soup_message_headers_get_content_disposition()` fix possibility of NULL-deref and double-free + In `soup_header_parse_quality_list()` fix leak + In `soup_form_decode_multipart()` fix ownership annotation for the multipart object - Update to version 3.6.1+4: + Fix ownership annotatin for soup_form_decode_multipart(). - Convert to obs_scm source service: allow for easier maintenance. ==== libvirt ==== Version update (10.10.0 -> 11.0.0) Subpackages: libvirt-client libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-plugin-lockd libvirt-daemon-qemu libvirt-libs - Update to libvirt 11.0.0 - jsc#PED-5899, jsc#PED-8909, jsc#PED-9543, jsc#PED-9854, jsc#PED-9855 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v11-0-0-2025-01-15 ==== libwnck ==== Version update (43.1 -> 43.2) Subpackages: libwnck-3-0 typelib-1_0-Wnck-3_0 - Update to version 43.2: + Add WnckHandle to the docs. + Add missing build dependency. + Do not restore original event mask. - Switch to source service for tarball/source. ==== libxcrypt ==== Version update (4.4.37 -> 4.4.38) Subpackages: libcrypt1 libxcrypt-devel - Update to 4.4.38 * Fix several "-Wunterminated-string-initialization", which are seen by upcoming GCC 15.x (issue #194). * Fix "-Wmaybe-uninitialized" in crypt.c, which is seen by GCC 13.3.0. * Skip test/explicit-bzero if compiling with ASAN. * Drop hard requirement for the pkg-config binary (issue #198). - Use %ldconfig_scriptlets ==== llvm19 ==== Version update (19.1.6 -> 19.1.7) Subpackages: clang-tools clang19 libLLVM19 libclang-cpp19 libclang13 libclang_rt19 llvm19-gold - Update to version 19.1.7. * This release contains bug-fixes for the LLVM 19.1.0 release. This release is API and ABI compatible with 19.1.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== meson ==== Subpackages: meson-vim - Drop the bcond on setuptools, its primary flavor will live in Ring 0. - Drop patch meson-distutils.patch, not required. - Instruct autosetup macro to apply all patches. ==== mutter ==== Version update (47.3 -> 47.4) - Update to version 47.4: + Use BT709 coefficients and limited range for YUV conversion by defaults + Also request high priority secondary EGL context + Fix Xwayland DND coordinates when using fractional scaling + Fix applying initial _NET_WM_WINDOW_OPACITY on Xwayland + Implement wp_viewport support for cursor surfaces + Improve input → output latency of cursor movements + Improve frame rate on monitors attached to secondary GPUs in copy mode + Send preferred scales to all surface roles + Misc. bug fixes and cleanups + Updated translations. ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Drop all ghostty terminfo entries as ghostty read also its own termcap files even with terminfo (boo#1235689) ==== nvidia-open-driver-G06-signed-cuda ==== Version update (565.57.01_k6.12.8_2 -> 565.57.01_k6.12.9_1) - Update to 550.144.03 (bsc#1235461, boo#1235871) * fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869 ==== openSUSE-release ==== Version update (20250114 -> 20250119) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== opensc ==== Version update (0.26.0 -> 0.26.1) Subpackages: opensc-bash-completion - Update to version 0.26.1 General improvements * Align allocations of sc_mem_secure_alloc (#3281). * Fix -O3 gcc optimization failure on amd64 and ppc64el (#3299). pkcs11-spy * Avoid crash while spying C_GetInterface() (#3275). TCOS * Fix reading certificate (#3296). ==== pango ==== Version update (1.56.0 -> 1.56.0+12) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Update to version 1.56.0+12: * Deal with FC_FONT_WRAPPER more graciously * itemize: Limp along harder * build: Reshuffle docs build * build: Move gir to toplevel meson.build * build: Generate glib deprecation defines * build: Sync naming with gtk ==== pangomm ==== Version update (2.54.0 -> 2.56.1) - Update to version 2.56.1: + Add new API from pango 1.56.0 + Regenerate docs.xml and .defs files, using files from pango 1.56.0 + Replace gtkmm.org by gtkmm.gnome.org + AttrList: Update the documentation + docs/reference/Doxyfile.in: Remove unsupported entries - Update URL with new home. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - selinux: Turn recommends for container-selinux into a hard but conditional dependency ==== perl-XML-Twig ==== Version update (3.52 -> 3.530.0) - Also provide perl(XML::Twig::XPath), as provided by the file /usr/lib/perl5/vendor_perl/*/XML/Twig/XPath.pm. - Update perl-XML-Twig-CVE-2016-9180.patch - updated to 3.530.0 (3.53) see /usr/share/doc/packages/perl-XML-Twig/Changes 3.53 - 2024-12-10 - minor maintenance release - fixed warning from recent perl version See RT#155759 https://rt.cpan.org/Public/Bug/Display.html?id=155759 - fixed bug with namespaced elements in navigation - added multiclass selectors in navigation and handler triggers (css style, eg elt.class1.class2) - fixed bug with dots in element names confusing navigation conditions in some cases - fixed output when a CDATA section includes a CDATA end marker spotted by Djibril ==== php8 ==== Version update (8.3.15 -> 8.3.16) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.3.16 Core: Fixed bug GH-17106 (ZEND_MATCH_ERROR misoptimization). Fixed bug GH-17162 (zend_array_try_init() with dtor can cause engine UAF). Fixed bug GH-17101 (AST->string does not reproduce constructor property promotion correctly). Fixed bug GH-17211 (observer segfault on function loaded with dl()). Fixed bug GH-17216 (Trampoline crash on error). Date: Fixed bug GH-14709 DatePeriod::__construct() overflow on recurrences. DBA: Skip test if inifile is disabled. DOM: Fixed bug GH-17224 (UAF in importNode). Embed: Make build command for program using embed portable. FFI: Fixed bug #79075 (FFI header parser chokes on comments). Fix memory leak on ZEND_FFI_TYPE_CHAR conversion failure. Fixed bug GH-16013 and bug #80857 (Big endian issues). Filter: Fixed bug GH-16944 (Fix filtering special IPv4 and IPv6 ranges, by using information from RFC 6890). FPM: Fixed bug GH-13437 (FPM: ERROR: scoreboard: failed to lock (already locked)). Fixed bug GH-17112 (Macro redefinitions). Fixed bug GH-17208 (bug64539-status-json-encoding.phpt fail on 32-bits). GD: Fixed bug GH-16255 (Unexpected nan value in ext/gd/libgd/gd_filter.c). Ported fix for libgd bug 276 (Sometimes pixels are missing when storing images as BMPs). Gettext: Fixed bug GH-17202 (Segmentation fault ext/gettext/gettext.c bindtextdomain()). Iconv: Fixed bug GH-17047 (UAF on iconv filter failure). LDAP: Fixed bug GH-17280 (ldap_search() fails when $attributes array has holes). LibXML: Fixed bug GH-17223 (Memory leak in libxml encoding handling). MBString: Fixed bug GH-17112 (Macro redefinitions). Opcache: opcache_get_configuration() properly reports jit_prof_threshold. Fixed bug GH-17246 (GC during SCCP causes segfault). PCNTL: Fix memory leak in cleanup code of pcntl_exec() when a non stringable value is encountered past the first entry. PgSql: Fixed bug GH-17158 (pg_fetch_result Shows Incorrect ArgumentCountError Message when Called With 1 Argument). Fixed further ArgumentCountError for calls with flexible number of arguments. Phar: Fixed bug GH-17137 (Segmentation fault ext/phar/phar.c). SimpleXML: Fixed bug GH-17040 (SimpleXML's unset can break DOM objects). Fixed bug GH-17153 (SimpleXML crash when using autovivification on document). Sockets: Fixed bug GH-16276 (socket_strerror overflow handling with INT_MIN). Fixed overflow on SO_LINGER values setting, strengthening values check on SO_SNDTIMEO/SO_RCVTIMEO for socket_set_option(). SPL: Fixed bug GH-17225 (NULL deref in spl_directory.c). Streams: Fixed bug GH-17037 (UAF in user filter when adding existing filter name due to incorrect error handling). Fixed bug GH-16810 (overflow on fopen HTTP wrapper timeout value). Fixed bug GH-17067 (glob:// wrapper doesn't cater to CWD for ZTS builds). Windows: Hardened proc_open() against cmd.exe hijacking. XML: Fixed bug GH-1718 (unreachable program point in zend_hash). - modified patches % php-build-reproducible-phar.patch (refreshed) - obsolete php7 to smooth the migration [bsc#1234788] ==== polkit-default-privs ==== Version update (1550+20241129.21d7d0b -> 1550+20250117.6b45c52) - Update to version 1550+20250117.6b45c52: * profiles: whitelist fwupd 2.0 major update actions (bsc#1235659) ==== postgresql17 ==== Subpackages: libpq5 postgresql17-contrib postgresql17-llvmjit postgresql17-server - Disable LLVM JIT on loongarch64 ==== power-profiles-daemon ==== Version update (0.22 -> 0.23) Subpackages: powerprofilesctl-bash-completion powerprofilesctl-zsh-completion - Introduce ppd-service as done by tuned-ppd and conflict with it compare with fedora commit: https://src.fedoraproject.org/rpms/power-profiles-daemon/c/ f6921ff236aecdf9726119ded97cb93215aa0232?branch=rawhide - Update to version 0.23: * Bugfix release for a performance regression with users who manually adjusted AMD dGPU settings using other software. - Drop respect-dpm-manual.patch: incorporated upstream. ==== python-charset-normalizer ==== - Use libalternatives instead of update-alternatives, bsc#1235781 ==== python-httpx ==== - Use libalternatives instead of update-alternatives, bsc#1235784 - don't run tests in strict async mode, upstream doesn't either - disable flaky test ==== python-libvirt-python ==== Version update (10.10.0 -> 11.0.0) - Update to 11.0.0 - Add all new APIs and constants in libvirt 11.0.0 - jsc#PED-5899, jsc#PED-8909, jsc#PED-9543, jsc#PED-9854, jsc#PED-9855 ==== python-pyOpenSSL ==== - Do not build tests noarch: they refer to %__isa, which differs per architecture, invalidating the noarch option. Fixes build with rpm 4.20. ==== python311-setuptools ==== - Also provide python3-setuptools-wheel for the primary flavor. - Explicitly BuildRequire python-rpm-packaging: when primary flavor is added, this is auto-installed by dependencies. But as we now build the primary flavor separated, we have to ensure to also have it present in the other cases, in order to get the python(abi) dependencies added. - Split out the primary Python build. ==== qalculate ==== Version update (5.4.0 -> 5.5.0) Subpackages: libqalculate23 qalculate-data - update to 5.5.0: - a(i) and a[i] syntax (the latter with support for functions) for element in vector - Set ans variable to solution(s) of equation (as if solve() function were used) - New function: factor() - Use hours or minutes as default unit for conversion to time unit of expression with time format but no units (e.g. "0:00:12 to s") - Always use four digits for year in date (e.g. "0064-07-18" instead of "64-07-18"), and support input of date using DD-MM-YYYY format - Fix solving of x^4-4x^3+10x^2-12x+1=0, and similar, in exact mode - Fix dual/auto approximation when unable to find exact solution to equation - Fix rounding in 1/# conversion to integer (e.g. "1/2 to 0.99") - Fix unability to find approximate solutions to some high degree equations - Fix automatic variable detection in select() - Fix terminal columns and rows when piping/redirecting input - Fix ans variables with calculate as you type activated - Fix compilation without readline - Minor bug fixes and feature enhancements ==== rsync ==== Version update (3.3.0 -> 3.4.1) - Update to 3.4.1 * BUG FIXES: - fixed handling of -⁠H flag with conflict in internal flag values - fixed a user after free in logging of failed rename - fixed build on systems without openat() - removed dependency on alloca() in bundled popt * DEVELOPER RELATED: - fix to permissions handling in the developer release script - Drop 705.patch, because now in upstream. - update to 3.4.1 * fixed handling of -H flag with conflict in internal flag values (replaces 705.patch) * fixed a user after free in logging of failed rename * fixed build on systems without openat() * removed dependency on alloca() in bundled popt - Backport patch from PR 705 to fix broken handling of hashes and hard links: * Add 705.patch - Update to 3.4 * Bump to protocol 32 Drop CVE patches: * Drop rsync-gcc14.patch * Removed rsync-CVE-2024-12084-overflow-01.patch * Removed rsync-CVE-2024-12084-overflow-02.patch * Removed rsync-CVE-2024-12085.patch * Removed rsync-CVE-2024-12086_01.patch * Removed rsync-CVE-2024-12086_02.patch * Removed rsync-CVE-2024-12086_03.patch * Removed rsync-CVE-2024-12086_04.patch * Removed rsync-CVE-2024-12087_01.patch * Removed rsync-CVE-2024-12087_02.patch * Removed rsync-CVE-2024-12088.patch * Removed rsync-CVE-2024-12747.patch - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links * Added rsync-CVE-2024-12747.patch - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass * Added rsync-CVE-2024-12084-overflow-01.patch * Added rsync-CVE-2024-12084-overflow-02.patch * Added rsync-CVE-2024-12085.patch * Added rsync-CVE-2024-12086_01.patch * Added rsync-CVE-2024-12086_02.patch * Added rsync-CVE-2024-12086_03.patch * Added rsync-CVE-2024-12086_04.patch * Added rsync-CVE-2024-12087_01.patch * Added rsync-CVE-2024-12087_02.patch * Added rsync-CVE-2024-12088.patch ==== samba ==== Version update (4.21.2+git.382.df546a2d31b -> 4.21.3+git.385.dab50f14578) Subpackages: libldb2 python3-ldb samba-ad-dc-libs samba-client samba-client-libs samba-dcerpc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs - Update to 4.21.3 * More possible replication loops against Azure AD; (bso#15701). * Compound rename from Mac clients can fail with NT_STATUS_INTERNAL_ERROR if the file has a lease; (bso#15697). * vfs crossrename seems not work correctly; (bso#15724). * After 'machine password timeout' /etc/krb5.keytab is not updated; (bso#6750). * Memory leak wbcCtxLookupSid; (bso#15771). * Fix heap-user-after-free with association groups; (bso#15765). * Segfault in vfs_btrfs; (bso#15758). * Avoid event failure race when disabling an event script; (bso#15755). ==== sqlite3 ==== Version update (3.47.2 -> 3.48.0) Subpackages: libsqlite3-0 sqlite3-tcl - Re-enable SONAME which got disabled by default in 3.48.0. * https://www.sqlite.org/src/forumpost/5a3b44f510df8ded * https://sqlite.org/forum/forumpost/ab8f15697a - Update to release 3.48.0: * Improved EXPLAIN QUERY PLAN output for covering indexes. * Allow a two-argument version of the iif() SQL function. * Also allow if() as an alternative spelling for iif(). * Add the ".dbtotxt" command to the CLI. * Add the SQLITE_IOCAP_SUBPAGE_READ property to the xDeviceCharacteristics method of the sqlite3_io_methods object. * Add the SQLITE_PREPARE_DONT_LOG option to sqlite3_prepare_v3() that prevents warning messages being sent to the error log if the SQL is ill-formed. This allows sqlite3_prepare_v3() to be used to do test compiles of SQL to check for validity without polluting the error log with false messages. * Increase the minimum allowed value of SQLITE_LIMIT_LENGTH from 1 to 30. * Added the SQLITE_FCNTL_NULL_IO file control. * Extend the FTS5 auxiliary API xInstToken() to work with prefix queries via the insttoken configuration option and the fts5_insttoken() SQL function. * Increase the maximum number of arguments to an SQL function from 127 to 1000. * Obsoletes sqlite3-6216bfcb.patch . ==== suse-module-tools ==== Version update (16.0.55 -> 16.0.56) Subpackages: suse-module-tools-scriptlets - Update to version 16.0.56: * rpm-script: create /boot/vmlinuz and /boot/initrd in kiwi environment (bsc#1234275, bsc#1234759) ==== susepaste ==== Version update (0.7 -> 20241225) Subpackages: susepaste-screenshot - Update to Version 20241225 * Update the update.patch - Updated to version 20241207 * Repair susepaste-screenshot * handle multiple login sessions * Update manpage ==== systemd-presets-common-SUSE ==== - Remove enable nscd, nscd doesn't work anymore with systemd 257 [bsc#1234904] ==== tree-sitter ==== Version update (0.24.6 -> 0.24.7) - update to 0.24.7: * lib: Use inclusive range check for non-empty nodes in next sibling computation ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Add support for orangepi-zero2w ==== util-linux ==== Version update (2.40.2 -> 2.40.4) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Update to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818, drop util-linux-agetty-prevent-cursor-escape.patch) add "systemd" to --version output\ * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476, drop util-linux-lscpu-skip-aarch64-decode.patch) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034, drop util-linux-umount-losetup-lazy-destruction.patch, util-linux-umount-losetup-lazy-destruction-generated.patch). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf * Many other fixes, improvements and code cleanup. For the complete list see https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.3-ReleaseNotes https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.4-ReleaseNotes - Refresh util-linux.keyring. Key validity was extended. ==== util-linux-systemd ==== Version update (2.40.2 -> 2.40.4) Subpackages: lastlog2 liblastlog2-2 - Update to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818, drop util-linux-agetty-prevent-cursor-escape.patch) add "systemd" to --version output\ * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476, drop util-linux-lscpu-skip-aarch64-decode.patch) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034, drop util-linux-umount-losetup-lazy-destruction.patch, util-linux-umount-losetup-lazy-destruction-generated.patch). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf * Many other fixes, improvements and code cleanup. For the complete list see https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.3-ReleaseNotes https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/v2.40.4-ReleaseNotes - Refresh util-linux.keyring. Key validity was extended. ==== xfce4-terminal ==== Subpackages: xfce4-terminal-lang - Disable libutempter, it doesn't work anymore with the switch from utmp to systemd-logind ==== xterm ==== Subpackages: xterm-bin xterm-resize - Disable libutempter, it doesn't work anymore with the switch from utmp to systemd-logind