Packages changed: MozillaFirefox (129.0.1 -> 130.0.1) apr (1.7.4 -> 1.7.5) bind (9.20.1 -> 9.20.2) cairo git (2.46.0 -> 2.46.1) kernel-firmware-nvidia-gspx-G06-cuda kernel-source (6.10.9 -> 6.10.11) libdovi (3.2.0 -> 3.3.1) libeconf (0.7.2 -> 0.7.3) libsamplerate mdadm nbdkit (1.40.2 -> 1.40.3) nvidia-open-driver-G06-signed-cuda (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1) openSUSE-release (20240918 -> 20240923) osinfo-db patterns-media postgresql (16 -> 17) postgresql17 (16.3 -> 17~rc1) setools shim-leap swtpm usbutils virt-manager virt-v2v (2.5.9 -> 2.5.10) vte (0.76.3 -> 0.76.4) wpa_supplicant xml-commons-apis yast2-kdump (5.0.1 -> 5.0.2) yast2-storage-ng (5.0.17 -> 5.0.18) === Details === ==== MozillaFirefox ==== Version update (129.0.1 -> 130.0.1) - Firefox 130.0.1 Release https://www.mozilla.org/en-US/firefox/130.0.1/releasenotes * Enterprise: Added an enterprise policy to disable the * Firefox Labs* section in *Settings*. (bmo#1911826) * Fixed a recent regression causing some UI elements to be rendered as left-to-right instead of right-to-left for users of our Saraiki localization. (bmo#1917175) * Linux: Fixed black rendering of AVIF images when Firefox is built with GCC. (bmo#1916038) - removed obsolete patches mozilla-bmo1916038.patch - Mozilla Firefox 130.0 https://www.mozilla.org/en-US/firefox/130.0/releasenotes MFSA 2024-39 (bsc#1229821) * CVE-2024-8385 (bmo#1911909) WASM type confusion involving ArrayTypes * CVE-2024-8381 (bmo#1912715) Type confusion when looking up a property name in a "with" block * CVE-2024-8388 (bmo#1902996, bmo#1839074, bmo#1865413, bmo#1868970, bmo#1873367, bmo#1877820, bmo#1884642, bmo#1886469, bmo#1894326, bmo#1894891, bmo#1897648) Fullscreen notice on Android could be hidden under various panels and OS prompts * CVE-2024-8382 (bmo#1906744) Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran * CVE-2024-8383 (bmo#1908496) Firefox did not ask before openings news: links in an external application * CVE-2024-8384 (bmo#1911288) Garbage collection could mis-color cross-compartment objects in OOM conditions * CVE-2024-8386 (bmo#1907032, bmo#1909163, bmo#1909529) SelectElements could be shown over another site if popups are allowed * CVE-2024-8387 (bmo#1857607, bmo#1911858, bmo#1914009) Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 * CVE-2024-8389 (bmo#1907230, bmo#1909367) Memory safety bugs fixed in Firefox 130 - requires NSS 3.103 - removed obsolete patches mozilla-bmo1898476.patch mozilla-bmo1907511.patch - added mozilla-bmo1916038.patch to fix AVIF decoding (bsc#1230500) - Update dependency on clang-devel from LLVM15 to LLVM18 - Added mozilla-bmo1746799.patch to fix incorrect audio volume scaling ==== apr ==== Version update (1.7.4 -> 1.7.5) - version update to 1.7.5 [bsc#1229783] CVE-2023-49582 * ) Unix: Implement apr_shm_perms_set() for the "POSIX shm_open()" and "classic mmap" shared memory implementations. [Joe Orton, Ruediger Pluem] * ) Fix missing ';' for XML/HTML hex entities from apr_escape_entity(). [Yann Ylavic] * ) Fix crash in apr_pool_create() with --enable-pool-debug=all|owner. [Yann Ylavic] * ) Improve platform detection by updating config.guess and config.sub. [Rainer Jung] * ) CMake: Add support for CMAKE_WARNING_AS_ERROR. [Ivan Zhakov] * ) CMake: Enable support for MSVC runtime library selection by abstraction. [Ivan Zhakov] * ) CMake: Export installed targets (libapr-1, apr-1, libaprapp-1, aprapp-1) to apr:: namespace. [Ivan Zhakov] - modified patches % apr-visibility.patch (refreshed) % reproducible.patch (refreshed) ==== bind ==== Version update (9.20.1 -> 9.20.2) Subpackages: bind-doc bind-utils - Update to release 9.20.2 New Features: * Support for Offline KSK implemented. * Add a new configuration option offline-ksk to enable Offline KSK key management. Signed Key Response (SKR) files created with dnssec-ksr (or other programs) can now be imported into named with the new rndc skr -import command. Rather than creating new DNSKEY, CDS, and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR. * The implementation is loosely based on draft-icann-dnssec-keymgmt-01.txt. * Print the full path of the working directory in startup log messages. * named now prints its initial working directory during startup, and the changed working directory when loading or reloading its configuration file, if it has a valid directory option defined. * Support a restricted key tag range when generating new keys. * When multiple signers are being used to sign a zone, it is useful to be able to specify a restricted range of key tags to be used by an operator to sign the zone. The range can be specified with tag-range in dnssec-policy’s keys (for named and dnssec-ksr) and with the new options dnssec-keyfromlabel -M and dnssec-keygen -M. Feature Changes: * Exempt prefetches from the fetches-per-zone and fetches-per-server quotas. * Fetches generated automatically as a result of prefetch are now exempt from the fetches-per-zone and fetches-per-server quotas. This should help in maintaining the cache from which query responses can be given. * Follow the number of CPUs set by taskset/cpuset. * Administrators may wish to constrain the set of cores that named runs on via the taskset, cpuset, or numactl programs (or equivalents on other OSes). * If the admin has used taskset, named now automatically uses the given number of CPUs rather than the system-wide count. Bug Fixes: * Delay the release of root privileges until after configuring controls. * Delay relinquishing root privileges until the control channel has been configured, for the benefit of systems that require root to use privileged port numbers. This mostly affects systems without fine- grained privilege systems (i.e., other than Linux). * Fix a rare assertion failure when shutting down incoming transfer. * A very rare assertion failure could be triggered when the incoming transfer was either forcefully shut down, or it finished during the printing of the details about the statistics channel. This has been fixed. * Fix algorithm rollover bug when there are two keys with the same keytag. * If there was an algorithm rollover and two keys of different algorithms shared the same keytags, there was the possibility that the check of whether the key matched a specific state could be performed against the wrong key. This has been fixed by not only checking for the matching key tag but also the key algorithm. * Fix an assertion failure in validate_dnskey_dsset_done(). * Under rare circumstances, named could terminate unexpectedly when validating a DNSKEY resource record if the validation had been canceled in the meantime. This has been fixed. Known Issues: * Long-running tasks in offloaded threads (e.g. the loading of RPZ zones or processing zone transfers) may block the resolution of queries during these operations and cause the queries to time out. To work around the issue, the UV_THREADPOOL_SIZE environment variable can be set to a larger value before starting named. The recommended value is the number of RPZ zones (or number of transfers) plus the number of threads BIND should use, which is typically the number of CPUs. ==== cairo ==== Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Add b9eed915f9a67380e7ef9d8746656455c43f67e2.patch: cff: Don't fail if no local subs. Fix regression when writing PDFs with fonts. ==== git ==== Version update (2.46.0 -> 2.46.1) Subpackages: git-core git-email git-svn git-web perl-Git - Update to version 2.46.1; * "git checkout --ours" (no other arguments) complained that the option is incompatible with branch switching, which is technically correct, but found confusing by some users. It now says that the user needs to give pathspec to specify what paths to checkout. * It has been documented that we avoid "VAR=VAL shell_func" and why. * "git add -p" by users with diff.suppressBlankEmpty set to true failed to parse the patch that represents an unmodified empty line with an empty line (not a line with a single space on it), which has been corrected. * "git rebase --help" referred to "offset" (the difference between the location a change was taken from and the change gets replaced) incorrectly and called it "fuzz", which has been corrected. * "git notes add -m '' --allow-empty" and friends that take prepared data to create notes should not invoke an editor, but it started doing so since Git 2.42, which has been corrected. * An expensive operation to prepare tracing was done in re-encoding code path even when the tracing was not requested, which has been corrected. * Perforce tests have been updated. * The credential helper to talk to OSX keychain sometimes sent garbage bytes after the username, which has been corrected. * A recent update broke "git ls-remote" used outside a repository, which has been corrected. * "git config --value=foo --fixed-value section.key newvalue" barfed when the existing value in the configuration file used the valueless true syntax, which has been corrected. * "git reflog expire" failed to honor annotated tags when computing reachable commits. * A flakey test and incorrect calls to strtoX() functions have been fixed. * Follow-up on 2.45.1 regression fix. * "git rev-list ... | git diff-tree -p --remerge-diff --stdin" should behave more or less like "git log -p --remerge-diff" but instead it crashed, forgetting to prepare a temporary object store needed. * The patch parser in "git patch-id" has been tightened to avoid getting confused by lines that look like a patch header in the log message. * "git bundle unbundle" outside a repository triggered a BUG() unnecessarily, which has been corrected. * The code forgot to discard unnecessary in-core commit buffer data for commits that "git log --skip=" traversed but omitted from the output, which has been corrected. * "git verify-pack" and "git index-pack" started dying outside a repository, which has been corrected. * A corner case bug in "git stash" was fixed. ==== kernel-firmware-nvidia-gspx-G06-cuda ==== - Update to 550.120 (boo#1230779) ==== kernel-source ==== Version update (6.10.9 -> 6.10.11) - Linux 6.10.11 (bsc#1012628). - usb: typec: ucsi: Always set number of alternate modes (bsc#1012628). - usb: typec: ucsi: Fix cable registration (bsc#1012628). - drm/mediatek: Set sensible cursor width/height values to fix crash (bsc#1012628). - ksmbd: override fsids for share path check (bsc#1012628). - ksmbd: override fsids for smb2_query_info() (bsc#1012628). - usbnet: ipheth: remove extraneous rx URB length check (bsc#1012628). - usbnet: ipheth: drop RX URBs with no payload (bsc#1012628). - usbnet: ipheth: do not stop RX on failing RX callback (bsc#1012628). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (bsc#1012628). - net: ethernet: use ip_hdrlen() instead of bit shift (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (bsc#1012628). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (bsc#1012628). - net: phy: vitesse: repair vsc73xx autonegotiation (bsc#1012628). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1012628). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (bsc#1012628). - drm/amdgpu: Update kmd_fw_shared for VCN5 (bsc#1012628). - net: hns3: use correct release function during uninitialization (bsc#1012628). - btrfs: update target inode's ctime on unlink (bsc#1012628). - Input: ads7846 - ratelimit the spi_sync error message (bsc#1012628). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (bsc#1012628). - hid-asus: add ROG Ally X prod ID to quirk list (bsc#1012628). - HID: multitouch: Add support for GT7868Q (bsc#1012628). - Input: edt-ft5x06 - add support for FocalTech FT8201 (bsc#1012628). - cgroup/cpuset: Eliminate unncessary sched domains rebuilds in hotplug (bsc#1012628). - scripts: kconfig: merge_config: config files: add a trailing newline (bsc#1012628). - platform/x86: asus-wmi: Add quirk for ROG Ally X (bsc#1012628). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop Studio 2 (bsc#1012628). - platform/surface: aggregator_registry: Add fan and thermal sensor support for Surface Laptop 5 (bsc#1012628). - platform/surface: aggregator_registry: Add support for Surface Laptop 6 (bsc#1012628). - spi: zynqmp-gqspi: Scale timeout by data size (bsc#1012628). - drm/msm/adreno: Fix error return if missing firmware-name (bsc#1012628). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1012628). - drm/xe/xe2lpm: Extend Wa_16021639441 (bsc#1012628). - drm/xe: fix WA 14018094691 (bsc#1012628). - drm/xe: use devm instead of drmm for managed bo (bsc#1012628). - s390/mm: Pin identity mapping base to zero (bsc#1012628). - smb/server: fix return value of smb2_open() (bsc#1012628). - NFSv4: Fix clearing of layout segments in layoutreturn (bsc#1012628). - NFS: Avoid unnecessary rescanning of the per-server delegation list (bsc#1012628). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (bsc#1012628). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (bsc#1012628). - mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1012628). - selftests: mptcp: join: restrict fullmesh endp on 1st sf (bsc#1012628). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (bsc#1012628). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (bsc#1012628). - minmax: reduce min/max macro expansion in atomisp driver (bsc#1012628). - net: tighten bad gso csum offset check in virtio_net_hdr (bsc#1012628). - net: libwx: fix number of Rx and Tx descriptors (bsc#1012628). - dm-integrity: fix a race condition when accessing recalc_sector (bsc#1012628). - clocksource: hyper-v: Use lapic timer in a TDX VM without paravisor (bsc#1012628). - x86/hyperv: fix kexec crash due to VP assist page corruption (bsc#1012628). - mm: avoid leaving partial pfn mappings around in error case (bsc#1012628). - bcachefs: Fix bch2_extents_match() false positive (bsc#1012628). - bcachefs: Revert lockless buffered IO path (bsc#1012628). - bcachefs: Don't delete open files in online fsck (bsc#1012628). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (bsc#1012628). - firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() (bsc#1012628). - riscv: dts: starfive: jh7110-common: Fix lower rate of CPUfreq ... changelog too long, skipping 766 lines ... - commit e9c5fe9 ==== libdovi ==== Version update (3.2.0 -> 3.3.1) - Update to 3.3.1: * Changed AV1 function signatures to take slices as input and return a Vec. * Added write_av1_rpu_metadata_obu_t35_complete function to encode RPUs in complete metadata OBU payloads. * XML parser: support decimals when parsing Level6 MaxCLL/MaxFALL values. * Added DoviRpu::parse_itu_t35_dovi_metadata_obu and deprecated av1::parse_itu_t35_dovi_metadata_obu. * Fixed encoding AV1 payloads with trailing bytes. They are now discarded. * Added dovi_write_av1_rpu_metadata_obu_t35_{payload,complete} functions. * Added dovi_parse_itu_t35_dovi_metadata_obu function. * Added support for parsing ext_mapping_idc in RpuDataHeader. ==== libeconf ==== Version update (0.7.2 -> 0.7.3) - Update to version 0.7.3: * Groups handled in an own list (#218) * Add econftool as dependency of its tests * Simplify snprintf call * Remove unused functions and reduce variable visibility (#213) * Fix typos (#212) ==== libsamplerate ==== - Use a constant profile dir for reproducible builds (boo#1062303) ==== mdadm ==== - Detail: remove duplicated code (bsc#1226413) 0008-Detail-remove-duplicated-code.patch - mdadm: Fix native --detail --export (bsc#1226413) 0009-mdadm-Fix-native-detail-export.patch ==== nbdkit ==== Version update (1.40.2 -> 1.40.3) Subpackages: nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin - Update to version 1.40.3: * Version 1.40.3. * ip: Do late filtering in list_exports as well as open * docs/nbdkit_shutdown.pod: Minor copyediting * docs/nbdkit_error.pod: Typo 'thre' -> 'there' * podwrapper: Check cross-references to C API pages * docs: Fix cross-reference to nbdkit_stdio_safe(3) * ocaml: Use thread-local key to register & unregister the thread * ocaml: Reinitialize the OCaml runtime after fork * tests: Refactor ocaml errorcodes plugin used in testing - Move nbdkit-null-plugin to the nbdkit-server package ==== nvidia-open-driver-G06-signed-cuda ==== Version update (555.42.06_k6.10.9_1 -> 555.42.06_k6.10.11_1) - Update to 550.120 (boo#1230779) * Fixed a bug that could cause kernel crashes upon attempting KMS operations through DRM when nvidia_drm was loaded with modeset=0. - aarch64-TW-buildfix.patch * fixes build on aarch64 with latest TW kernel ==== openSUSE-release ==== Version update (20240918 -> 20240923) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== osinfo-db ==== - Add support for SLE Micro 6.1 (jsc#PED-8910) add-slem6.1-support.patch - Drop support for Leap 15.7. Next major version is Leap 16 add-opensuse-leap-15.7-support.patch - Adjust place holder release-date for sle15sp7 add-sle15sp7-support.patch ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - pam-extra needs to be present for upgraders, as pam_limits.so moved from pam to pam-extra. Ensure it's added to the DVD. ==== postgresql ==== Version update (16 -> 17) Subpackages: postgresql-contrib postgresql-server - Bump major and default to 17 for Factory and TW. ==== postgresql17 ==== Version update (16.3 -> 17~rc1) - Upgrade to 17rc1 https://www.postgresql.org/about/news/postgresql-17-rc1-released-2926/ - Upgrade to 17beta3 (bsc#1229013): * bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement during pg_dump executes arbitrary SQL * https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/ - Upgrade to 17beta2. - Upgrade to 17beta1. - Allow LLVM <= 18 ==== setools ==== Subpackages: python311-setools setools-console - Add upstream tarball signature - Add key 85649089C9F385B35F40568D21698FD29D4355A4 to setools.keyring ==== shim-leap ==== - RelEng emergency fix: fux source number to install shim-install. ==== swtpm ==== Subpackages: swtpm-selinux - Fix swtpm custom module (bsc#1229131) - Add patch: 1229131-fix-swtpm-selinux-policy-mismatch.patch - this can be removed once swtpm upstream sorts out their custom selinux module. see: https://github.com/stefanberger/swtpm/issues/885 there were a couple changes in the selinux-policy libvirt handling which causes the logfile in /var/log/swtpm/libvirt/qemu/*.log to be labeled virt_log_t instead of var_log_t. this patch allows swtpm_t to open the virt_log_t ==== usbutils ==== - enable usbreset ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Fix SUSE SL Micro detection virtinst-add-slem60-detection-support.patch - Solve bsc#1228384 --dry-run creating pools in a different way virtinst-dont-create-storage-pool-for-dryrun.patch - Upstream bug fixes (bsc#1027942) (jsc#PED-8910) 094-uitests-handle-newer-libvirt-test-driver-UpdateDevice-support.patch 095-uitests-force-internal-snapshots-in-test_snapshot.py.patch ==== virt-v2v ==== Version update (2.5.9 -> 2.5.10) Subpackages: virt-v2v-bash-completion - Update to virt-v2v 2.5.10 (jsc#PED-8910) * convert: Display osinfo in "Converting ..." message * Updated language translations * Fix the bugs in YAML generator * output: -o kubevirt: Fix firmware section to match specification ==== vte ==== Version update (0.76.3 -> 0.76.4) Subpackages: libvte-2_91-0 typelib-1_0-Vte-2_91 - Update to version 0.76.4: * fonts: ensure ref of font from glyph item analysis * build: Post release version bump ==== wpa_supplicant ==== - Revert "Mark authorization completed on driver indication during 4-way HS offload" because of WPA2-PSK/WPA-SAE connection problems with brcmfmac wifi hardware. (bsc#1230797) [+ Revert-Mark-authorization-completed-on-driver-indica.patch] ==== xml-commons-apis ==== - Use SOURCE_DATE_EPOCH for reproducible builds ==== yast2-kdump ==== Version update (5.0.1 -> 5.0.2) - Don't write empty fadump="" kernel parameter (bsc#1230359) - 5.0.2 ==== yast2-storage-ng ==== Version update (5.0.17 -> 5.0.18) - Extend the API to resize partitions during a proposal (required by gh#openSUSE/agama#1599). - 5.0.18