Packages changed: SDL2 (2.30.6 -> 2.30.7) gnome-autoar (0.4.4 -> 0.4.5) gnutls (3.8.6 -> 3.8.7) kernel-firmware (20240826 -> 20240903) kwalletmanager libjxl libwebp (1.3.2 -> 1.4.0) mozilla-nss (3.102.1 -> 3.103) openssl-3 osinfo-db power-profiles-daemon (0.21 -> 0.22) procps selinux-policy xen xfsprogs (6.9.0 -> 6.10.1) xxhash zxing-cpp (2.1.0 -> 2.2.1) === Details === ==== SDL2 ==== Version update (2.30.6 -> 2.30.7) - Update to release 2.30.7 * Added support for the Retro-bit Controller in PS3 mode * Fixed the cursor becoming visible when using relative mode under XWayland * Fixed Direct Rendering Manager initialization failure on some Linux systems * Fixed a crash when the current mouse capture window is destroyed ==== gnome-autoar ==== Version update (0.4.4 -> 0.4.5) - Update to version 0.4.5: + mime-types: Add tar variant of bzip2 + extractor: Fix source string leak ==== gnutls ==== Version update (3.8.6 -> 3.8.7) - Update to 3.8.7: * libgnutls: New configure option to compile out DSA support The --disable-dsa configure option has been added to completely disable DSA algorithm support. * libgnutls: Experimental support for X25519Kyber768Draft00 key exchange in TLS. For testing purposes, the hybrid post-quantum key exchange defined in draft-tls-westerbaan-xyber768d00 has been implemented using liboqs. Since the algorithm is still not finalized, the support of this key exchange is disabled by default and can be enabled with the --with-liboqs configure option. * Rebase patches: - gnutls-FIPS-140-3-references.patch - gnutls-FIPS-HMAC-nettle-hogweed-gmp.patch ==== kernel-firmware ==== Version update (20240826 -> 20240903) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 ==== kwalletmanager ==== - Add upstream fix (kde#492138): * 0001-Fix-service-file-name.patch ==== libjxl ==== - Update libjxl.spec: Add compiler condition to fix SLE-15-SP7 ppc64le build env. (bsc#1229831) ==== libwebp ==== Version update (1.3.2 -> 1.4.0) Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Update to 1.4.0 & fix libwebp.changes header from previous commit: * further security related hardening in libwebp & examples * some minor optimizations in the lossless encoder * added WEBP_NODISCARD to report unused result warnings; enable with - DWEBP_ENABLE_NODISCARD=1 * improvements and corrections in webp-container-spec.txt and webp-lossless-bitstream-spec.txt (#611) * miscellaneous warning, bug & build fixes - Remove 0001-Fix-invalid-incremental-decoding-check.patch ==== mozilla-nss ==== Version update (3.102.1 -> 3.103) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.103 * bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList. * bmo#1899542: Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH, * bmo#1909638 - Follow-up to fix test for presence of file nspr.patch. * bmo#1903783: Adjust libFuzzer size limits * bmo#1899542: Add fuzzing support for SSL_SetCertificateCompressionAlgorithm, SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk * bmo#1899542: Add fuzzing support for SSL_ENABLE_GREASE and SSL_ENABLE_CH_EXTENSION_PERMUTATION - Add nss-reproducible-builds.patch to make the rpms reproducible, by using a hardcoded, static key to generate the checksums (*.chk-files) - Updated nss-fips-approved-crypto-non-ec.patch to enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). ==== openssl-3 ==== Subpackages: libopenssl3 - Security fix: [bsc#1229465, CVE-2024-6119] * possible denial of service in X.509 name checks * openssl-CVE-2024-6119.patch ==== osinfo-db ==== - Add support for openSUSE Leap 15.7 (jsc#PED-8910) add-opensuse-leap-15.7-support.patch - Add support for SLE-15-SP7 (jsc#PED-8910) add-sle15sp7-support.patch ==== power-profiles-daemon ==== Version update (0.21 -> 0.22) - Update to version 0.22: * power-profiles-daemon is now battery-level aware: some drivers use this value for better optimizations * AMD p-state improvements: + supports core performance boost when not in power-saver mode + uses minimum frequency to lowest non-linear frequency + more impervious to faulty firmware and kernel bugs * support for changing DPM clocks on amdgpu: explicitly set the DPM clocks down to "low" when in power-saver mode * powerprofilesctl can disable logind and upower integration * fix handling of turbo_pct, now assumed as not present by default * power-profiles-daemon.service further lockdown restrictions * start power-profiles-daemon.service after multi-user.target AND display-manager.target to avoid conflicts with module loading ==== procps ==== Subpackages: libproc2-0 - procps-ng-4.0.4-idletime-no-tty.patch: don't print idle time without tty - procps-ng-4.0.4-w-array-bounds.patch: fix array bounds violation ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Fix macros.selinux-policy (bsc#1229132) - %selinux_modules_install and %selinux_modules_uninstall will now only execute load_policy if $TRANSACTIONAL_UPDATE is not set (aka only if they are not in a transactional system) - $TRANSACTIONAL_UPDATE is set here: https://github.com/openSUSE/transactional-update/blob/bd524d3ddfcd9aeebb7b90d3e0e8eed09b796a86/lib/Transaction.cpp#L428 ==== xen ==== - Fix build on aarch64 with gcc14 (bsc#1225953) 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch ==== xfsprogs ==== Version update (6.9.0 -> 6.10.1) - update to 6.10.1 - fix C++ compilation errors in xfs_fs.h - ------------------------------------------------------------------ - update to 6.10.0 - debian: enable xfs_scrub_all systemd timer services by default - mkfs: set autofsck filesystem property - xfs_scrub: use the autofsck fsproperty to select mode - xfs_scrub: allow sysadmin to control background scrubs - xfs_property: add a new tool to administer fs properties - xfs_db: add a command to list xattrs - xfs_db: improve getting and setting extended attributes - xfs_io: edit filesystem properties - xfs_scrub: defer phase5 file scans if dirloop fails - xfs_repair: wipe ondisk parent pointers when there are none - xfs_scrub: detect and repair directory tree corruptions - xfs_repair: update ondisk parent pointer records - xfs_spaceman: report directory tree corruption in the health information - xfsprogs: support vectored scrub - man: document vectored scrub mode - man2: update ioctl_xfs_scrub_metadata.2 for parent pointers - mkfs: enable formatting with parent pointers - mkfs: Add parent pointers during protofile creation - xfs_repair: check parent pointers - xfs_db: compute hashes of parent pointers - xfs_db: add link and unlink expert commands - xfs_repair: build a parent pointer index - xfs_db: add a parents command to list the parents of a file - xfs_db: obfuscate dirent and parent pointer names consistently - xfs_db: report parent pointers embedded in xattrs - xfs_db: report parent bit on xattrs - xfs_db: report parent pointers in version command - xfs_scrub: use parent pointers to report lost file data - xfs_scrub: use parent pointers when possible to report file operations - xfs_logprint: decode parent pointers in ATTRI items fully - xfs_io: Add i, n and f flags to parent command - xfs_io: adapt parent command to new parent pointer ioctls - libfrog: report parent pointers to userspace - libfrog: add parent pointer support code - man: document the XFS_IOC_GETPARENTS ioctl - xfs_logprint: dump new attr log item fields - xfs_scrub_all: failure reporting for the xfs_scrub_all job - xfs_repair: check free space requirements before allowing upgrades - xfs_scrub_all: convert systemctl calls to dbus - xfs_scrub_all: trigger automatic media scans once per month - xfs_scrub: add an optimization-only mode - xfs_scrub_all: add CLI option for easier debugging - xfs_scrub_all: enable periodic file data scrubs automatically - xfs_scrub: automatic downgrades to dry-run mode in service mode - xfs_scrub_all: support metadata+media scans of all filesystems - xfs_scrub_all: fail fast on masked units - xfs_scrub_all: remove journalctl background process - xfs_scrub_all: only use the xfs_scrub@ systemd services in service mode - xfs_scrub: tune fstrim minlen parameter based on free space histograms - xfs_scrub: improve responsiveness while trimming the filesystem - xfs_scrub: tighten up the security on the background systemd service - xfs_scrub: don't call FITRIM after runtime errors - xfs_scrub: use dynamic users when running as a systemd service - xfs_scrub: report FITRIM errors properly - xfs_scrub.service: reduce background CPU usage to less than one core if possible - xfs_scrub: don't close stdout when closing the progress bar - xfs_scrub: fix the work estimation for phase 8 - libfrog: print cdf of free space buckets - libfrog: print wider columns for free space histogram - xfs_scrub: ignore phase 8 if the user disabled fstrim - xfs_scrub: move FITRIM to phase 8 - xfs_scrub: improve thread scheduling repair items during phase 4 - xfs_scrub: avoid potential UAF after freeing a duplicate name entry - xfs_scrub: enable users to bump information messages to warnings - xfs_scrub: retry incomplete repairs - xfs_scrub: warn about difficult repairs to rt and quota metadata - xfs_scrub: any inconsistency in metadata should trigger difficulty warnings - mkfs: add a formatting option for exchange-range - xfs_repair: add exchange-range to file systems - xfs_scrub: fix missing scrub coverage for broken inodes - xfs_scrub: log when a repair was unnecessary - libfrog: advertise exchange-range support - xfs_io: create exchangerange command to test file range exchange ioctl - xfs_fsr: skip the xattr/forkoff levering with the newer swapext implementations - xfs_fsr: convert to bulkstat v5 ioctls - xfs_logprint: support dumping exchmaps log items - xfs_db: advertise exchange-range in the version command - libfrog: add support for exchange range ioctl family - libhandle: add support for bulkstat v5 - man: document XFS_FSOP_GEOM_FLAGS_EXCHRANGE - man: document the exchange-range ioctl - xfs_repair: don't crash on -vv - xfsprogs: Remove support for split-/usr installs - libxfs: kernel sync - ------------------------------------------------------------------ ==== xxhash ==== - Add inline.patch to resolve FTBFS on gcc-14 + -Og. ==== zxing-cpp ==== Version update (2.1.0 -> 2.2.1) - Update to 2.2.1. Changes: * Fix ABI breakage from 2.2.0. - Changes from 2.2.0: * Rename DecodeHints to ReaderOptions. The old name is still available for backward API compatibility but deprecated. Since the C-API and the Qt wrapper code are not officially part of the library, they changed without backward compatibility. * WASM: bytes in ReadResult. * DataMatrix: use charset for encoding. * QRCode: Support QR Code Model1. * rMQR Code: Support Rectangular Micro QR Code. - Refresh patch: * cmake.patch