Packages changed: ImageMagick Mesa Mesa-drivers MozillaFirefox (123.0.1 -> 124.0.1) bash-completion distrobox (1.7.0.1_g7a56b6e -> 1.7.1) ffado ffmpeg-6 file-roller (44.beta -> 44) ghostscript (10.02.1 -> 10.03.0) gjs (1.80.0 -> 1.80.2) glibmm2 (2.78.1 -> 2.80.0) kernel-firmware (20240312 -> 20240322) libinput libksysguard6 libnfs (5.0.2 -> 5.0.3) libunwind libwacom lvm2 lvm2-device-mapper malcontent open-vm-tools (12.3.5 -> 12.4.0) openSUSE-build-key opensuse-welcome patterns-gnome patterns-microos pcr-oracle pipewire polkit-default-privs (1550+20240311.559e6ac -> 1550+20240325.eddbe04) python-httpx (0.26.0 -> 0.27.0) python-psutil qt6-base thin-provisioning-tools vulkan-loader (1.3.275.0 -> 1.3.280.0) vulkan-tools (1.3.275.0 -> 1.3.280.0) wireplumber xen (4.18.0_06 -> 4.18.1_02) yast2-storage-ng (5.0.9 -> 5.0.10) === Details === ==== ImageMagick ==== Subpackages: libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - allow stdin/stdout - modified patches % ImageMagick-configuration-SUSE.patch ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - enable vulkan-beta meson flag for vulkan video support (suggested by "llyyr" ; adding C flag - Wno-error=missing-prototypes for this wasn't necessary) - Add zink driver by default ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - enable vulkan-beta meson flag for vulkan video support (suggested by "llyyr" ; adding C flag - Wno-error=missing-prototypes for this wasn't necessary) - Add zink driver by default ==== MozillaFirefox ==== Version update (123.0.1 -> 124.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 124.0.1 https://www.mozilla.org/en-US/firefox/124.0.1/releasenotes/ MFSA 2024-15 (bsc#1221850) * CVE-2024-29943 (bmo#1886849) Out-of-bounds access via Range Analysis bypass * CVE-2024-29944 (bmo#1886852) Privileged JavaScript Execution via Event Handlers Mozilla Firefox 124.0 https://www.mozilla.org/en-US/firefox/124.0/releasenotes/ MFSA 2024-12 (bsc#1221327) * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2613 (bmo#1875701) Improper handling of QUIC ACK frame data could have led to OOM * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 * CVE-2024-2615 (bmo#1881074, bmo#1881650, bmo#1882438) Memory safety bugs fixed in Firefox 124 - requires NSS = 3.98 rust-cbindgen >= 0.26 ==== bash-completion ==== - Add patch boo1221414-scp.patch * Do not replace the asignment of the array COMPREPLY with the shell function _comp_compgen_split (boo#1221414) ==== distrobox ==== Version update (1.7.0.1_g7a56b6e -> 1.7.1) Subpackages: distrobox-bash-completion - Update to 1.7.1 * all: ensure no side effects on global variables * create the binary export path if it doesn't exist (#1291) * docs: Add info on upgrading package on steamdeck (#1271) * docs: remove extra ` from xhost command by (#1284) * enter: Add option to run with clean PATH (#1299) * fix: missing .fifo logfile in distrobox-enter (#1307) * init: ignore findmnt error in routine remounting (#1289) (#1296) * init: mask suspend/hibernate/hybrid-sleep * init: massively speed up apk deps install by @JamiKettunen in (#1298) * rm: do not block container removal if we cannot start it ==== ffado ==== - Remove unnecessary BuildRequires on xdg-utils and update-desktop-files ==== ffmpeg-6 ==== Subpackages: libavcodec60 libavfilter9 libavformat60 libavutil58 libpostproc57 libswresample4 libswscale7 - Add 0001-avcodec-tests-rename-the-bundled-Mesa-AV1-vulkan-vid.patch ==== file-roller ==== Version update (44.beta -> 44) Subpackages: file-roller-lang - Update to version 44: + Fixes compilation when native app chooser is disabled. + Updated translations. ==== ghostscript ==== Version update (10.02.1 -> 10.03.0) Subpackages: ghostscript-x11 - Version upgrade to 10.03.0: For openSUSE and SUSE Ghostscript is built '--without-tesseract' (see the entry below dated 'Mon Jul 18 07:28:54 UTC 2022'). Highlights in this release include: See 'Recent Changes in Ghostscript' at Ghostscript upstream https://ghostscript.readthedocs.io/en/gs10.03.0/News.html * As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices https://ghostscript.readthedocs.io/en/latest/VectorDevices.html for more details. * Ghostscript/pdfwrite now supports passing through PDF "Optional Content". * Our efforts in code hygiene and maintainability continue. * The usual round of bug fixes, compatibility changes, and incremental improvements. Incompatible changes (the release is listed in parentheses): * (10.03.0) Almost all the "internal" PostScript procedures defined during the interpreter startup are now "executeonly", further reducing the attack surface of the interpreter. The nature of these procedures means there should be no impact for legitimate usage, but it is possible it will impact uses which abuse the previous accessibility (even for legitimate reasons). Such cases may now require "DELAYBIND", See DELAYBIND https://ghostscript.readthedocs.io/en/latest/Use.html#ddelaybind * (10.03.0) The "makeimagedevice" non-standard operator has been removed. It allowed low level access to the graphics library in a way that was, essentially impossible to secure. * (10.03.0) The "putdeviceprops", "getdeviceprops", "finddevice", "copydevice", "findprotodevice" non-standard operators have all been removed. They provided functionality that is either accessible through standard operators, or should not be used by user PostScript. * (10.03.0) The process of "tidying" the PostScript namespace should have removed only non-standard and undocumented operators. Nevertheless, it is possible that any integrations or utilities that rely on those non-standard and undocumented operators may stop working or may change behaviour. If you encounter such a case, please contact us (Discord https://discord.gg/H9GXKwyPvY [#]ghostscript IRC channel https://web.libera.chat/#ghostscript or the gs-devel mailing list https://www.ghostscript.com/mailman/index.html would be best), but remember that free versions of Ghostscript come with with NO WARRANTY and NO SUPPORT. - Ghostscript 10.03.0 contains the fix to build with GCC 14 (boo#1221687) ==== gjs ==== Version update (1.80.0 -> 1.80.2) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.80.2: + Quick follow-up release to fix crash on ppc64. - Update to version 1.80.1: + Quick follow-up release to fix build failure on MacPorts and Homebrew. ==== glibmm2 ==== Version update (2.78.1 -> 2.80.0) Subpackages: libgiomm-2_68-1 libglibmm-2_68-1 - Update to version 2.80.0: + Glib: - Add wide_from_utf8() and wide_to_utf8() - DateTime: Add create_from_local_usec(), create_from_utc_usec() and to_unix_usec(). + Gio: - Application: Add get/set/property_version(). - ApplicationCommandLine: Add done(). - DBus::Message: Add get_arg0_path(). - Socket: Add receive_bytes() and receive_bytes_from(). - content_type_guess(): Remove most of an unnecessary overload. ==== kernel-firmware ==== Version update (20240312 -> 20240322) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20240322 (git commit 9a6a0cc195c1): * mekdiatek: Update mt8186 SOF firmware to v2.0.1 * linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops * Montage: update firmware for Mont-TSSE * WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B * Intel Bluetooth: Update firmware file for Intel Bluetooth BE200 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX200 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX201 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9560 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9260 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8 * imx: sdma: update firmware to v3.6/v4.6 - Update aliases from 6.8 kernels ==== libinput ==== Subpackages: libinput-udev libinput10 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== libksysguard6 ==== Subpackages: ksysguardsystemstats6-data libKSysGuardSystemStats2 libksysguard6-imports libksysguard6-lang libksysguard6-plugins - Drop meanwhile unnecessary BuildRequires on WebEngine and WebChannel ==== libnfs ==== Version update (5.0.2 -> 5.0.3) - update to 5.0.3: * final release of the old API * Support NLM Share * Improved handling of PDUs * multithreading: do not wake up immediately if there are no events to process * Reduced memory allocations * Expose further configuration options * Bug fixes and developer visible fixes ==== libunwind ==== - Drop BuildRequires on latex2man, the tarball has manpages already. This avoids a large dependency chain: * Add dont-disable-documentation-without-latex2man.patch ==== libwacom ==== Subpackages: libwacom-data libwacom9 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== malcontent ==== Subpackages: libmalcontent-0-0 malcontent-lang typelib-1_0-Malcontent-0 - remove dependency on /usr/bin/python3 using %python3_fix_shebang macro, [bsc#1212476] ==== open-vm-tools ==== Version update (12.3.5 -> 12.4.0) Subpackages: libvmtools0 open-vm-tools-desktop - update to 12.4.0: https://github.com/vmware/open-vm-tools/blob/stable-12.4.0/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.4.0/open-vm-tools/ChangeLog There are no new features in the open-vm-tools 12.4.0 release. This is primarily a maintenance release that addresses a few critical problems, including: * A Github pull request has been handled. Please see the Resolved Issues section of the Release Notes. * A number of issues flagged by Coverity have been addressed. * For issues resolved in this release, see the Resolved Issues section of the Release Notes. ==== openSUSE-build-key ==== - Fix import-openSUSE-build-key:set proper timer name to try to stop (openSUSE-build-key-import.timer, not suse-build-key-import.timer) (boo#1221948). ==== opensuse-welcome ==== - remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro, [bsc#1212476] ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-sw_management_gnome - Keep gedit instead of gnome-text-editor on SLE and Leap (bsc#1219646). ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Adjust KDE pattern to switch everything to Plasma6/Qt6 ==== pcr-oracle ==== - Add fix_grub_bls_cmdline.patch to include the measurements of the cmdline and the linux and initrd grub commands ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Avoid %if %{pkg_vcmp gcc < 8}, instead replicate the condition from the BuildRequires section. ==== polkit-default-privs ==== Version update (1550+20240311.559e6ac -> 1550+20240325.eddbe04) - Update to version 1550+20240325.eddbe04: * profiles: power-profiles-daemon (bsc#1219957) ==== python-httpx ==== Version update (0.26.0 -> 0.27.0) - Update to 0.27.0 * The app=... shortcut has been deprecated. Use the explicit style of transport=httpx.WSGITransport() or transport=httpx.ASGITransport() instead. * Respect the http1 argument while configuring proxy transports. (#3023) * Fix RFC 2069 mode digest authentication. (#3045) ==== python-psutil ==== - BuildRequire pkgconfig(libsystemd) instead of full systemd ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3 qt6-printsupport-cups qt6-sql-sqlite - Replace the postgresql-server build dependency with the client library ==== thin-provisioning-tools ==== - Enable test execution during build - Modernise cargo packaging usage in spec file ==== vulkan-loader ==== Version update (1.3.275.0 -> 1.3.280.0) - Update to release SDK-1.3.280.0 * Bugfixes for Windows ==== vulkan-tools ==== Version update (1.3.275.0 -> 1.3.280.0) - Update to release SDK-1.3.280.0 * icd: Add AV1 decode support * Update linmath to upstream and add degreestoradians definition. This fixes bug in linmath function: quat_mul_vec3 ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-audio wireplumber-lang - Add patch from upstream to fix all input sources only working when bluetooth profile is set to HSF/HFP, which was a regression in 0.5.0 (glfo#pipewire/wireplumber#598): * 0001-filter-utils-fix-handling-of-targetless-smart-filters.patch - Avoid %if %{pkg_vcmp gcc < 8}, instead replicate the condition from the BuildRequires section. ==== xen ==== Version update (4.18.0_06 -> 4.18.1_02) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) 65f83951-x86-mm-use-block_lock_speculation-in.patch - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Dropped patches included in new tarball 654370e2-x86-x2APIC-remove-ACPI_FADT_APIC_CLUSTER-use.patch 65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch 655b2ba9-fix-sched_move_domain.patch 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch 65b8f9ab-VT-d-else-vs-endif-misplacement.patch xsa451.patch ==== yast2-storage-ng ==== Version update (5.0.9 -> 5.0.10) - GuidedProposal: internal settings to control the configuration of boot-related partitions and the usage of adjust_by_ram. - Needed for gh#openSUSE/agama#1111 - 5.0.10