Attachment 872501 Details for Bug 1219630

Main package updates of snapshot 20240202 compared to previous 20240131

file_1219630.txt (text/plain), 32.66 KB, created by Guillaume GARDET on 2024-02-06 13:59:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Guillaume GARDET

Created: 2024-02-06 13:59:05 UTC

Size: 32.66 KB

patch

obsolete

>Packages changed:
>  389-ds (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57)
>  AppStream (1.0.0 -> 1.0.1)
>  MozillaFirefox
>  crypto-policies
>  cups-filters (1.28.15 -> 1.28.17)
>  drkonqi5
>  emacs (29.1 -> 29.2)
>  glibc (2.38 -> 2.39)
>  gnome-remote-desktop
>  gstreamer (1.22.8 -> 1.22.9)
>  gstreamer-plugins-bad (1.22.8 -> 1.22.9)
>  gstreamer-plugins-base (1.22.8 -> 1.22.9)
>  gstreamer-plugins-good (1.22.8 -> 1.22.9)
>  gstreamer-plugins-libav (1.22.8 -> 1.22.9)
>  gstreamer-plugins-ugly (1.22.8 -> 1.22.9)
>  inxi (3.3.31 -> 3.3.32)
>  iproute2 (6.6 -> 6.7)
>  kio
>  kio-extras5
>  ksystemstats5
>  kwin5
>  libguestfs
>  libksysguard5
>  libusb-1_0 (1.0.26 -> 1.0.27)
>  libzio (1.08 -> 1.09)
>  mutter
>  netpbm (11.2.0 -> 11.5.2)
>  parted (3.5 -> 3.6)
>  perl-gettext
>  pipewire (1.0.1 -> 1.0.2)
>  plasma5-addons
>  plasma5-workspace
>  python-Twisted
>  python-jmespath
>  python-pip
>  python-pytz (2023.3.post1 -> 2023.4)
>  python-rpm
>  python-setuptools (69.0.2 -> 69.0.3)
>  salt
>  sddm
>  sendmail
>  shim (15.7 -> 15.8)
>  strace
>  systemd-presets-common-SUSE
>  virt-v2v
>  xdg-utils
>  xen (4.18.0_04 -> 4.18.0_06)
>
>=== Details ===
>
>==== 389-ds ====
>Version update (2.4.0~git126.5936946 -> 3.0.1~git1.1f95b57)
>Subpackages: lib389 libsvrcore0
>
>- Update to version 3.0.1~git1.1f95b57:
>  * Issue 6061 - Certificate lifetime displayed as NaN
>  * Bump version to 3.0.1
>  * Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045)
>  * Issue 3555 - Remove audit-ci from dependencies (#6056)
>  * Issue 6052 - Paged results test sets hostname to `localhost` on test collection
>  * Issue 6051 - Drop unused pytest markers
>  * Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050)
>  * Issue 6047 - Add a check for tagged commits
>  * Issue 6041 - dscreate ds-root - accepts relative path (#6042)
>  * Switch default backend to lmdb and bump version to 3.0 (#6013)
>  * Issue 6032 - Replication broken after backup restore (#6035)
>  * Issue 6037 - Server crash at startup in vlvIndex_delete (#6038)
>  * Issue 6034 - Change replica_id from str to int
>
>==== AppStream ====
>Version update (1.0.0 -> 1.0.1)
>Subpackages: libAppStreamQt5-3 libappstream5
>
>- Update to 1.0.1
>  Bugfixes:
>  * Fix lib name for Qt5 link target
>  * meson: Pass -D_DARWIN_C_SOURCE on darwin
>  * Fix macOS build
>  * stemmer: Resolve potential issue where stemmer may never be
>    initialized
>  * cli: Don't fail what-provides if components were found
>  * Fix query element order for what-provides queries
>  * validator: Demote developer-name-tag-deprecated to info
>    severity for now
>  * content-rating: Fix missing or wrong value descriptions for
>    rating IDs
>  * curl: Add transfer speed timeouts for HTTP downloads
>  * curl: Retry operations on potentially transient errors
>    Miscellaneous:
>  * validator: Improve hint for content-attribute-value-invalid
>  * Allow building without zstd temporarily
>- Drop patches, merged upstream:
>  * 0001-validator-Demote-developer-name-tag-deprecated-to-in.patch
>  * 0001-content-rating-Fix-missing-or-wrong-value-descriptio.patch
>  * 0001-Fix-lib-name-for-Qt5-link-target.patch
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== MozillaFirefox ====
>
>- Recommend libfido2-udev on codestreams that exist, in order to try
>  to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
>
>==== crypto-policies ====
>Subpackages: crypto-policies-scripts
>
>- avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
>  we only need python3-base here, we don't need the python
>  macros as no module is being built
>
>==== cups-filters ====
>Version update (1.28.15 -> 1.28.17)
>
>- Version upgrade to 1.28.17
>  See https://github.com/OpenPrinting/cups-filters/releases
>  Bug fix release, to more reliably discover all printer
>  capablities from driverless printers, especially borderless
>  printing, and to preferably use Apple Raster instead of
>  PWG Raster or PCLM.
>  * libcupsfilters: In PPD generator create only one *cupsFilter2:
>    line for raster. Only use the most desirable/reliable format,
>    usually Apple Raster (Issue #498).
>  * libcupsfilters: In get_printer_attributes() poll
>    media-col-database separately if needed. On some printers
>    one gets media-col-database only this way. Often it reveals
>    important functionality, like for example borderless printing
>    (Issue #492).
>  * libcupsfilters: Let PPD generator also parse media-col-ready
>    IPP attribute. media-col-ready lists the loaded media,
>    in contrary to media-ready, as list of complete descriptions
>    of the media (media-col data structure). This often lists also
>    variants like borderless (it is the same physical paper).
>    Especially useful when media-col-database is not available
>    (Issue #492).
>  * libcupsfilters: In generate_sizes() consider all
>    margin alternatives. When generating the PPD file
>    for a driverless printer, and in the
>    media-{left,right,top,bottom}-margin-supported printer
>    IPP attributes there was more than 1 value, the first value
>    (which often was the 0 for borderless printing) was not
>    considered, leaving the borderless functionality of many
>    printers undiscovered (Issue #492).
>  Issues are those at
>  https://github.com/OpenPrinting/cups-filters/issues
>- Version upgrade to 1.28.16
>  See https://github.com/OpenPrinting/cups-filters/releases
>  Bug fix release, to make images be printed in their original
>  size with "print-scaling=none" and to not use deprecated data
>  types for reading TIFF images.
>  * imagetoraster, imagetopdf, libcupsfilters: Added support
>    for reading the resolution of an image from its EXIF data
>    when loading it. This way we get the image reproduced in
>    its original size with "print-scaling=none" (Issue #362).
>  * libcupsfilters: Replaced deprecated data types uint16 and
>    uint32. The function to read TIFF image files via libtiff
>    in cupsfilters/image-tiff.c uses the deprecated types
>    uint16 and uint32. The replacements for these types are
>    uint16_t and uint32_t.
>  Issues are those at
>  https://github.com/OpenPrinting/cups-filters/issues
>
>==== drkonqi5 ====
>Subpackages: drkonqi5-lang
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== emacs ====
>Version update (29.1 -> 29.2)
>Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags
>
>- Update to GNU Emacs version 29.2
>  * Startup Changes in Emacs 29.2
>  On GNU/Linux, Emacs is now the default application for 'org-protocol'.
>  Org mode provides a way to quickly capture bookmarks, notes, and links
>  using 'emacsclient':
>    emacsclient "org-protocol://store-link?url=URL&title=TITLE"
>  * This is a bug-fix release with no new features.
>  * Changes in Specialized Modes and Packages in Emacs 29.2
>  - Tramp
>    New user option 'tramp-show-ad-hoc-proxies'.
>    When non-nil, ad-hoc definitions are kept in remote file names instead
>    of showing the shortcuts.
>  * Incompatible Lisp Changes in Emacs 29.2
>  'with-sqlite-transaction' rolls back changes if its BODY fails.
>  If the BODY of the macro signals an error, or committing the results
>  of the transaction fails, the changes will now be rolled back.
>- Port patches mainly by correcting hunk offsets
>  * emacs-24.1-ps-mule.patch
>  * emacs-24.4-ps-bdf.patch
>  * emacs-25.2-ImageMagick7.patch
>  * emacs-27.1-Xauthority4server.patch
>  * emacs-27.1-pdftex.patch
>  * emacs-29.1.dif
>  * pdump.patch
>
>==== glibc ====
>Version update (2.38 -> 2.39)
>Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd
>
>- Update to glibc 2.39
>  * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT
>    rewrite on x86-64
>  * Sync with Linux kernel 6.6 shadow stack interface
>  * struct statvfs now has an f_type member, equal to the f_type statfs
>    member
>  * On Linux, the functions posix_spawnattr_getcgroup_np and
>    posix_spawnattr_setcgroup_np have been added, along with the
>    POSIX_SPAWN_SETCGROUP flag
>  * On Linux, the pidfd_spawn and pidfd_spawp functions have been added
>  * On Linux, the pidfd_getpid function has been added
>  * scanf-family functions now support the wN format length modifiers for
>    arguments pointing to types intN_t, int_leastN_t, uintN_t or
>    uint_leastN_t
>  * A new tunable, glibc.mem.decorate_maps, can be used to add additional
>    information on underlying memory allocated by the glibc
>  * The <stdbit.h> header has been added from ISO C2X
>  * On AArch64 new symbols were added to libmvec
>  * The ldconfig program now skips file names containing ';' or ending in
>    ".dpkg.tmp" or ".dpkg.new"
>  * The dynamic linker calls the malloc and free functions in more cases
>    during TLS access if a shared object with dynamic TLS is loaded and
>    unloaded
>- aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch,
>  cache-intel-shared.patch, call-init-proxy-objects.patch,
>  fstat-implementation.patch, gb18030-2022.patch,
>  getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch,
>  getcanonname-use-after-free.patch, iconv-error-verbosity.patch,
>  intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch,
>  libio-io-vtables.patch, libio-wdo-write.patch,
>  no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch,
>  ppc64-flock-fob64.patch, qsort-invalid-cmp.patch,
>  sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch,
>  syslog-buffer-overflow.patch, tls-modid-reuse.patch,
>  tunables-string-parsing.patch: Removed
>- syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in
>  __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780,
>  bsc#1218863, bsc#1218867, bsc#1218868)
>- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
>  (bsc#1218866)
>- Change minimum GCC to 13
>- Split off libnsl.so.1 into a separate package
>
>==== gnome-remote-desktop ====
>
>- Explict require higher version of gcc on SLE/Leap.
>
>==== gstreamer ====
>Version update (1.22.8 -> 1.22.9)
>Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
>
>- Update to version 1.22.9:
>  + Highlighted bugfixes in 1.22.9
>  - More Security fixes for the AV1 video codec parser
>  - va: fixes for Mesa Gallium drivers in Mesa versions older
>    than v23.2
>  - v4l2src: Consider framerate during caps selection
>  - v4l2codec: decoder fixes
>  - rtspsrc: multicast fixes
>  - camerabin viewfinder fixes
>  - various bug fixes, build fixes, memory leak fixes, and other
>    stability and reliability improvements
>  + gstreamer
>  - aggregator: fix use-after-free in queries processing
>  - multiqueue: Ignore queue fullness for most events
>- Rebase reduce-required-meson.patch
>
>==== gstreamer-plugins-bad ====
>Version update (1.22.8 -> 1.22.9)
>Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0
>
>- Update to version 1.22.9:
>  + av1parser: Fix potential stack overflow during tile list
>    parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300)
>  + camerabin: Correctly relink viewfinderbin_queue
>  + GstPlay: Fix error details parsing
>  + h264decoder: Handle malformed avc/avc3 packets
>  + h264decoder: h265decoder: Align with wraparound fix
>  + vp8decoder: vp9decoder: av1decoder: mpeg2decoder:
>    Fix multiplication wraparound
>  + vah264enc/vah264dec issues after recent upgrade to 1.22.8
>    from 1.22.7
>  + va: fixes for Mesa Gallium drivers in Mesa versions older
>    than v23.2
>  + vp9parse: Fix critical warning during caps negotiation
>- Rebase reduce-required-meson.patch
>
>==== gstreamer-plugins-base ====
>Version update (1.22.8 -> 1.22.9)
>Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0
>
>- Update to version 1.22.9:
>  + audiobasesink: Don't wait on gap events
>  + audioconvert: change gst_audio_convert_get_unit_size() log
>    levels
>  + glcolorconvert: Correct transform_caps direction
>  + gloverlay: Apply updated overlay coordinates correctly
>  + videorate: keep pool if max_buffers is unlimited
>- Rebase reduce-required-meson.patch
>
>==== gstreamer-plugins-good ====
>Version update (1.22.8 -> 1.22.9)
>Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml
>
>- Update to version 1.22.9:
>  + rtpsession: Only warn once if configured latency needs to be
>    known but isn't yet
>  + rtphdrext-clientaudiolevel: Fix level value being written by
>    the extension
>  + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL
>  + v4l2object: clear old fds when initializing poll during
>    opening v4l2 device
>  + v4l2src: Consider framerate during caps selection
>  + vpxdec: Use appropriate domain and code for decoding errors
>- Rebase reduce-required-meson.patch
>
>==== gstreamer-plugins-libav ====
>Version update (1.22.8 -> 1.22.9)
>
>- Update to version 1.22.9:
>  + No changes, stable bump only.
>- Rebase reduce-required-meson.patch.
>
>==== gstreamer-plugins-ugly ====
>Version update (1.22.8 -> 1.22.9)
>
>- Update to version 1.22.9:
>  + No changes, stable bump only.
>- Rebase reduce-required-meson.patch.
>
>==== inxi ====
>Version update (3.3.31 -> 3.3.32)
>
>- - Updated to version 3.3.32:
>  + /usr/share/doc/packages/inxi/inxi.changelog.
>
>==== iproute2 ====
>Version update (6.6 -> 6.7)
>Subpackages: iproute2-bash-completion
>
>- Update to release 6.7
>  * devlink: Support setting port function ipsec_crypto cap and
>    ipsec_packet cap
>  * iplink: bridge: Add support for bridge FDB learning limits
>  * bridge: fdb: support match on source VNI, nexthop ID,
>    destination VNI, destination port, destination IP address and
>    [no]router flag in the flush command
>  * bridge: mdb: Add get support
>
>==== kio ====
>Subpackages: kio-core
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== kio-extras5 ====
>Subpackages: libkioarchive5
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== ksystemstats5 ====
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== kwin5 ====
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== libguestfs ====
>Subpackages: libguestfs-appliance libguestfs-xfs libguestfs0
>
>- BuildRequire pkgconfig(libzstd) additionaly to zstd: we need the
>  devel package. In the past, it was pulled in by indirect deps.
>
>==== libksysguard5 ====
>Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-plugins
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== libusb-1_0 ====
>Version update (1.0.26 -> 1.0.27)
>
>- Update to version 1.0.27
>  * New libusb_init_context API to replace libusb_init
>  * New libusb_get_max_alt_packet_size API
>  * New libusb_get_platform_descriptor API (BOS)
>  * Allow setting log callback with libusb_set_option/libusb_init_context
>  * New WebAssembly + WebUSB backend using Emscripten
>  * Fix regression in libusb_set_interface_alt_setting
>  * Fix sync transfer completion race and use-after-free
>  * Fix hotplug exit ordering
>  * Linux: NO_DEVICE_DISCOVERY option set per context
>- added signature and keyring. (key received via keyserver)
>
>==== libzio ====
>Version update (1.08 -> 1.09)
>
>- Version 1.09: Allow to create files without suffix as well
>
>==== mutter ====
>
>- Drop mutter-SLE-bsc984738-grab-display.patch: It blocks non-CSD
>  apps with GNOME 45, and the latest LTS Oracle Installer works
>  fine without it, the original bug is not a problem (bsc#1218935).
>
>==== netpbm ====
>Version update (11.2.0 -> 11.5.2)
>Subpackages: libnetpbm11
>
>- version update to 11.5.2
>  Release 11.05.02
>  + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel.
>  Release 11.05.01
>  Fix typo in ppmforge test case.
>  Release 11.05.00
>  + pnmpad: Add -color, -promote, -extend-edge, -detect-background .
>  + pnmconvol: Restore ability of convolution matrix to be a
>    pseudo-plain-PNM with samples that exceed the maxval.  Lost in
>    10.30 (October 2005) because maxval-checking code was added to
>    libnetpbm.  (Was fixed in 10.47.08 in November 2010, but only in
>    the 10.47 series).
>  + pnmindex: Improve failure mode when -size or -across is zero.
>  + pnmindex: Make -plain work.
>  + pnmpad: fix behavior with -left, -right, and -width together or
>  - top, -bottom, -height together: ignores -width where it should
>    fail.  Broken in Netpbm 10.72 (September 2015).
>  + pamtosvg: fix "zero determinant" failure.  Introduced in
>    Netpbm 11.04 (September 2023).
>  + pjtoppm: fix crash based on uninitialized variable.
>    Introduced in Netpbm 11.04 (September 2023).
>  + ppmtopcxl: fix incorrect output with > 256 colors.  Always
>    broken.  (Program was added in primordial Netpbm in 1990).
>  + pbmtext: fix buffer overrun with insanely large input.
>  + picttoppm: fix buffer overrun with insanely wide input.
>  + ppmtoxpm: fix incorrect output with insanely large number of
>    colors.
>  + pnmscalefixed: fix incorrect output with really big image and
>  - pixels option.
>  + ppmdither: fix buffer overrun with insanely large dithering
>    matrix.
>  + pnmpad: no longer accept old-style options (e.g. -t50).
>  + libnetpbm: Add pm_feed_from_file, pm_accept_to_files,
>    pm_accept_to_filestream Standard Input feeder, Output accepter
>    for pm_system.
>  + libnetpbm, programs that use color maps: fix buffer overrun
>    with insanely deep images.
>  + merge build: Fix 'pnmcat'.  Introduced in Netpbm 11.00
>    (September 2023).
>  Release 11.04.00
>  + pamaddnoise: add -salt.
>  + pamaddnoise: reject options that aren't meaningful for the type
>    of noise specified rather than just ignore them.
>  + ppmtosixel: Add -7bit, so it works on more terminals, including
>    xterms.  Thanks Scott Pakin.
>  + g3topbm: Add -correctlong
>  + pnmtojpeg: minor improvement to error messages about bad files.
>  + pammixmulti: Remove disclaimer of patent license.
>  + pamstack: Fix bug: acts like -firstmaxval specified when it
>    wasn't.  Introduced in Netpbm 11.03 (June 2023).
>  + pamstack: Fix -lcmmaxval: chooses wrong maxval.  Always
>    broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)).
>  + pamstack: Fail gracefully when total number of planes is too
>    large for unsigned integer.  Always broken (Pamstack was new in
>    Netpbm 10.0 (June 2002).
>  + pamtosvg: fix hang.
>  + ppmfade: fix "file not found" crash for most fade modes.
>    Introduced in Netpbm 10.98 (March 2022).
>  + ppmfade: fix incorrect block mode fade.  Always broken
>    (ppmfade was new in Netpbm 8.4 (April 2000)).
>  + pamaddnoise: fix very incorrect noise added for all types.
>    Introduced in Netpbm 10.94 (March 2021).
>  + ppmrough: fix buffer overrun.  Always broken (Ppmrough was new
>    in Netpbm 10.9 (September 2002).
>    ppmrough: fix excessive roughness.  Introduced in Netpbm 10.94
>    (March 2021).
>  + pgmtexture: Fix buffer overflow with maxval > 255.  Always
>    broken.  Maxvals > 255 were possible starting in Netpbm 9.0
>    (April 2000).
>  + pgmtexture: Fix bug: ignores -d.  Introduced in Netpbm 10.56
>    (September 2011).
>  + xwdtopnm Fix spurious output with really wide/deep rows.
>  + imgtoppm: Fix spurious output with really wide/deep rows.
>  + pbmtopgm: Fix error message for excessive -width.
>  + pbmtoxbm: Fix spurious output with really wide rows.
>  + tifftopnm: Fix incorrect output with insanely wide/deep rows.
>  + thinkjettopbm: Fix incorrect output with insanely wide rows.
>  + ybmtopbm: Fix incorrect output with insanely wide rows.
>  + pjtoppm: Fix incorrect output with insanely large number of rows.
>  + library: add check of maxval for computable size.
>  + Build: Include LDFLAGS in link of shared library.
>  * Release 11.03.00
>  + pamstack: Add -firstmaxval, -lcmmaxval
>  + pnmcolormap: make result independent of how system's qsort
>    orders records with equal keys.  Affects pnmquant.
>  + pamtopng: fix typo in error message about -chroma option.
>  + pamtopng, pnmtopng, pngtopam: fix error message when something
>    fails in libpng.  Always broken (the programs were new in Netpbm
>    8.1 (March 2000)).
>- modified patches
>  % netpbm-gcc-warnings.patch (refreshed)
>  % netpbm-security-code.patch (refreshed)
>
>==== parted ====
>Version update (3.5 -> 3.6)
>Subpackages: libparted-fs-resize0 libparted2
>
>- update to version 3.6:
>  - Support GPT partition attribute bit 63 as no_automount flag
>  - Add type commands to set type-id on MS-DOS and type-uuid on GPT
>  - Add swap flag support to the dasd disklabel
>  - Add display of GPT disk and partition UUIDs in JSON output
>  refreshed patches:
>  - parted-mac.patch
>  - libparted-dasd-implicit-partition-disk-flag.patch
>  - tests-disable.patch
>  removed patches:
>  - direct-handling-of-partition-type-id-and-uuid.patch
>  - type-command.patch
>  - libparted-dasd-improve-lvm-raid-flag-handling.patch
>  - libparted-dasd-add-swap-flag-handling-for-DASD-CDL.patch
>
>==== perl-gettext ====
>
>- Run testsuite with locale LANG=en_US.UTF. It fails otherwise with
>  glibc 2.39
>
>==== pipewire ====
>Version update (1.0.1 -> 1.0.2)
>Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
>
>- Update to version 1.0.2:
>  * Highlights
>  - Fix v4l2 enumeration with filter. This should fix negotiation
>    in some GStreamer pipelines with capsfilter. Also probe for
>    EXPBUF support before using it.
>  - Fix max-latency property and Buffer param when dealing with
>    small ALSA device buffers. This should fix stuttering with
>    some AMD based soundcards.
>  - More small cleanups an improvements.
>  * Modules
>  - Improve netjack2 channel positions.
>  - Improve RAOP module state after suspend/resume. (#3778)
>  - Avoid crash in some LV2 plugins by configuring the Atom
>    ports. (#3815)
>  * SPA
>  - Bump libcamera requirements to 0.2.0.
>  - Try to avoid unaligned load exceptions. (#3790)
>  - Fix v4l2 enumeration with filter. (#1793)
>  - Fix max-latency property and Buffer param when dealing with
>    small ALSA device buffers. This should fix stuttering with
>    some AMD based soundcards. (#3744,#3622)
>  - Add a resync.ms option to node.driver to make it possible to
>    resync fast to clock jumps.
>  - Probe for EXPBUF support in v4l2 before using it. (#3821)
>  * pulse-server
>  - Also emit change events when the port list change.
>  * Bluetooth
>  - Log a more verbose explanation when other soundservers seem
>    to be interfering with bluetooth.
>  - Add quirks for Rockbox Brick. (#3786)
>  - Add quirks for SoundCore mini2. (#2927)
>  * JACK
>  - Improve check for the running state of clients. (#3794)
>- Drop patches already included by upstream:
>  * 0001-spa-libcamera-use-CameraConfigurationorientation.patch
>  * 0002-spa-libcamera-bump-minimum-supported-version-to-0.2.0.patch
>
>==== plasma5-addons ====
>Subpackages: plasma5-addons-lang
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== plasma5-workspace ====
>Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-libs xembedsniproxy
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== python-Twisted ====
>Subpackages: python311-Twisted python311-Twisted-tls
>
>- Add stop-using-3-arg-throw.patch:
>  * Avoid 3-arg throw to fix a DeprecationWarning in Python 3.12.
>
>==== python-jmespath ====
>
>- switch to PEP517 / wheel build
>
>==== python-pip ====
>
>- Drop deprecated setup.py installmethod, bootstrap PEP517 with
>  built-in pip instead
>- python3XX-pip-wheel can now be a regular subpackage
>- Drop obsolete python2 directives in specfile
>
>==== python-pytz ====
>Version update (2023.3.post1 -> 2023.4)
>
>- update to 2023.4:
>  * Update olson to 2023d
>
>==== python-rpm ====
>
>- buildrequire setuptools
>
>==== python-setuptools ====
>Version update (69.0.2 -> 69.0.3)
>
>- update to 69.0.3:
>  * Bugfixes - Retain valid names with underscores in egg_info.
>
>==== salt ====
>Subpackages: python3-salt salt-master salt-minion salt-transactional-update
>
>- Prevent directory traversal when creating syndic cache directory
>  on the master (CVE-2024-22231, bsc#1219430)
>- Prevent directory traversal attacks in the master's serve_file
>  method (CVE-2024-22232, bsc#1219431)
>- Added:
>  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
>
>==== sddm ====
>Subpackages: sddm-branding-openSUSE sddm-greeter-qt5
>
>- Switch to the latest GCC version available in Leap for packages
>  that can't build with the default compiler
>
>==== sendmail ====
>Subpackages: libmilter1_0
>
>- Correct permisson files path to /usr/share/permissions/permissions.d/ (boo#1219339)
>- Fix file provides of openssl and timeout
>- Avoid error messages of chkstat as this tools does not
>  accept slashes at the end of directory paths!
>- Move sendmails permissions files to /usr/share/permissions/
>- Work on certificates usage of smart and relay host
>- Work on certificates for running sendmail
>
>==== shim ====
>Version update (15.7 -> 15.8)
>
>-- Update to version 15.8
>  - Various CVE fixes are already merged into this version
>    mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
>    avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
>    Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
>    Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
>    pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
>    pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
>  - remove shim-Enable-the-NX-compatibility-flag-by-default.patch
>    The codes in this patch are already existing in shim-15.8
>    The NX flag is disable which is same as the default value of shim-15.8,
>    hence, not need to enable it by this patch now.
>  - Patches (git log --oneline --reverse 15.7..15.8)
>    657b248 Make sbat_var.S parse right with buggy gcc/binutils
>    7c76425 Enable the NX compatibility flag by default.
>    89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
>    c7b3051 pe: Align section size up to page size for mem attrs
>    e4f40ae pe: Add IS_PAGE_ALIGNED macro
>    f23883c Don't loop forever in load_certs() with buggy firmware
>    1f38cb3 Optionally allow to keep shim protocol installed
>    102a658 Drop invalid calls to `CRYPTO_set_mem_functions`
>    aae3df0 test-sbat: Fix exit code
>    cca3933 Block Debian grub binaries with SBAT < 4
>    cf59f34 Further improve load_certs() for non-compliant drivers/firmwares
>    0601f44 SBAT-related documents formatting and spelling
>    0640e13 Add a security contact email address in README.md
>    0bfc397 Work around malformed path delimiters in file paths from DHCP
>    a8b0b60 pe: only process RelocDir->Size of reloc section
>    f7a4338 Skip testing msleep()
>    549d346 Rename 'msecs' to 'usecs' to avoid potential confusion
>    908c388 Change type of fallback_verbose_wait from int to unsigned long
>    05eae92 Add SbatLevel_Variable.txt to document the various revocations
>    243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL
>    89d25a1 Add a make rule for compile_commands.json
>    118ff87 Add gnu-stack notes
>    f132655 test: Make our fake dprintf be a statement.
>    be00279 Remove CentOS 7 test builds.
>    9964960 Split pe.c up even more.
>    569270d Test (and fix) ImageAddress()
>    61e9894 Verify signature before verifying sbat levels
>    1578b55 Add libFuzzer support for csv.c
>    a0673e3 Fix a 1-byte memory leak in .sbat parsing.
>    e246812 Add libFuzzer support to the .sbat parser.
>    fd43eda Work around ImageAddress() usage mistake
>    1e985a3 Correctly free memory allocated in handle_image()
>    dbbe3c8 mok: Avoid underflow in maximum variable size calculation
>    04111d4 Make some of the static analysis tools a little easier to run
>    7ba7440 compile_commands.json: remove stuff clang doesn't like
>    66e6579 CVE-2023-40546 mok: fix LogError() invocation
>    f271826 Add primitives for overflow-checked arithmetic operations.
>    8372147 pe-relocate: Add a fuzzer for read_header()
>    5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
>    e912071 pe-relocate: make read_header() use checked arithmetic operations.
>    93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
>    e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550
>    afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
>    96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
>    dae82f6 Further mitigations against CVE-2023-40546 as a class
>    ea0f9df Allow SbatLevel data from external binary
>    b078ef2 Always clear SbatLevel when Secure Boot is disabled
>    7dfb687 BS Variables for bootmgr revocations
>    a967c0e shim should not self revoke
>    577cedd Print message when refusing to apply SbatLevel
>    e801b0d sbat revocations: check the full section name
>    0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers
>    6f0c8d2 Print errors when setting/clearing memory attrs
>    57c0eed Updated Revocations for January 2024 CVEs
>    49c6d95 Fix some minor ia32 build issues.
>    be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all.
>    13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5
>    c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist
>    30a4f37 Rename "previous" revocations to "automatic"
>    6f395c2 Build time selectable automatic SBATLevel revocations
>    a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER
>    993a345 Try to load revocations.efi even if directory read fails
>    1770a03 gitmodules: use shim-15.8 for gnu-efi branch
>    5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8
>
>==== strace ====
>
>- Enable SELinux Context Printing (--secontext).
>
>==== systemd-presets-common-SUSE ====
>
>- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
>  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
>  Support both the old and new service to avoid complex version interdependency.
>
>==== virt-v2v ====
>Subpackages: virt-v2v-bash-completion
>
>- Relax the openssh requirement. Options passed to scp are known
>  by openssh 8.4
>- Move autoreconf from prep to build, to simplify quilt setup.
>
>==== xdg-utils ====
>
>- Update to version 1.2.0+20240130:
>  * xdg-icon-resource: unbreak syntax by removing stray grave accent
>    (boo#1219420)
>
>==== xen ====
>Version update (4.18.0_04 -> 4.18.0_06)
>Subpackages: xen-libs xen-tools-domU
>
>- Upstream bug fixes (bsc#1027519)
>  6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
>  6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
>  656ee5e1-x86emul-avoid-triggering-event-assertions.patch
>  656ee602-cpupool-adding-offline-CPU.patch
>  656ee6c3-domain_create-error-path.patch
>  6571ca95-fix-sched_move_domain.patch
>  6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch
>  65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
>  65a7a0a4-x86-Intel-GPCC-setup.patch
>  65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
>  65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
>  65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch
>- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
>  assigned to incorrect contexts (XSA-449)
>  65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
>- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
>  quarantine devices in !HVM builds (XSA-450)
>  65b8f9ab-VT-d-else-vs-endif-misplacement.patch
>- Patches dropped / replaced by newer upstream versions
>  xsa449.patch
>  xsa450.patch
>- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
>  quarantine devices in !HVM builds (XSA-450)
>  xsa450.patch
>- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
>  assigned to incorrect contexts (XSA-449)
>  xsa449.patch

Actions: View

Attachments on bug 1219630: 872501