Packages changed:
Mesa (23.3.5 -> 23.3.6)
Mesa-drivers (23.3.5 -> 23.3.6)
acl (2.3.1 -> 2.3.2)
apparmor
attr (2.5.1 -> 2.5.2)
binutils (2.41 -> 2.42)
expat (2.5.0 -> 2.6.0)
gcc14 (13.2.1+git8285 -> 14.0.1+git8957)
gnome-maps
ibus-m17n (1.4.27 -> 1.4.28)
kernel-source (6.7.4 -> 6.7.5)
libapparmor
libshumate
libstorage-ng (4.5.188 -> 4.5.189)
mariadb (11.2.2 -> 11.2.3)
nodejs21 (21.6.1 -> 21.6.2)
python311
python311-core
qemu
qt6-base (6.6.1 -> 6.6.2)
qt6-declarative (6.6.1 -> 6.6.2)
qt6-imageformats (6.6.1 -> 6.6.2)
qt6-translations (6.6.1 -> 6.6.2)
qt6-wayland (6.6.1 -> 6.6.2)
rpm-config-SUSE (20240118 -> 20240214)
webkit2gtk3
webkit2gtk3-soup2
=== Details ===
==== Mesa ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libOSMesa8 libgbm1
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== Mesa-drivers ====
Version update (23.3.5 -> 23.3.6)
Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2
- Update to bugfix release 23.3.6
- -> https://docs.mesa3d.org/relnotes/23.3.6.html
==== acl ====
Version update (2.3.1 -> 2.3.2)
Subpackages: libacl1 libacl1-32bit
- Update to version 2.3.2:
+ libobj: declare s_str directly in string_obj_tag.
+ Use thread-safe getpwnam_r and getgrnam_r.
+ setfacl: preserve the failed status when processing multiple
files.
+ man: Document pitfall with negative permissions and user
namespaces.
+ tools: mark long_options static & const.
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== attr ====
Version update (2.5.1 -> 2.5.2)
Subpackages: libattr1
- update to 2.5.2:
* attr: eliminate a dead store in attr_copy_action()
* libattr: Set symbol versions for legacy syscalls via attribute
or asm
* exports: use LGPL for library code
* documentation updates
* translation updates (Polish, Dutch, Gregorian, French)
* build system updates
==== binutils ====
Version update (2.41 -> 2.42)
Subpackages: libctf-nobfd0 libctf0
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
==== expat ====
Version update (2.5.0 -> 2.6.0)
Subpackages: libexpat1
- Update keyring automatically from keyserver during OBS service run.
- Explicitly use --without-docbook (before it was implicit).
- Include missing files for documentation and examples.
- Add manpage for xmlwf, which is not available in the release tarball.
- Clean the spec file a bit.
- Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (boo#1219559)
- - Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (boo#1219561)
- - Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
==== gcc14 ====
Version update (13.2.1+git8285 -> 14.0.1+git8957)
Subpackages: libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1
- Update to trunk head, 4a1cd5560b9b545eb848eb1d1e06d345fb, git8957
* bumps libgphobos and libgdrundime SONAME
- Use %patch -P N instead of %patchN
- Refresh gcc44-rename-info-files.patch
==== gnome-maps ====
Subpackages: gnome-maps-lang
- Update license based on legaldb review
==== ibus-m17n ====
Version update (1.4.27 -> 1.4.28)
- Update to 1.4.28
* Add Russian translations
==== kernel-source ====
Version update (6.7.4 -> 6.7.5)
Subpackages: kernel-default kernel-default-devel kernel-devel kernel-macros
- Linux 6.7.5 (bsc#1012628).
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1012628).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
(bsc#1012628).
- dmaengine: ti: k3-udma: Report short packet errors
(bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the status
queue DMA (bsc#1012628).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
command DMA (bsc#1012628).
- phy: qcom-qmp-usb: fix register offsets for ipq8074/ipq6018
(bsc#1012628).
- phy: qcom-qmp-usb: fix serdes init sequence for IPQ6018
(bsc#1012628).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
(bsc#1012628).
- perf tests: Add perf script test (bsc#1012628).
- perf test: Fix 'perf script' tests on s390 (bsc#1012628).
- perf evlist: Fix evlist__new_default() for > 1 core PMU
(bsc#1012628).
- dmaengine: fix is_slave_direction() return false when
DMA_DEV_TO_DEV (bsc#1012628).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
(bsc#1012628).
- cifs: avoid redundant calls to disable multichannel
(bsc#1012628).
- cifs: failure to add channel on iface should bump up weight
(bsc#1012628).
- drm/msms/dp: fixed link clock divider bits be over written in
BPC unknown case (bsc#1012628).
- drm/msm/dp: return correct Colorimetry for
DP_TEST_DYNAMIC_RANGE_CEA case (bsc#1012628).
- drm/msm/dpu: check for valid hw_pp in
dpu_encoder_helper_phys_cleanup (bsc#1012628).
- wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig
(bsc#1012628).
- x86/efistub: Give up if memory attribute protocol returns an
error (bsc#1012628).
- x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR
(bsc#1012628).
- net: stmmac: xgmac: fix handling of DPP safety error for DMA
channels (bsc#1012628).
- wifi: cfg80211: consume both probe response and beacon IEs
(bsc#1012628).
- wifi: mac80211: fix RCU use in TDLS fast-xmit (bsc#1012628).
- wifi: mac80211: fix unsolicited broadcast probe config
(bsc#1012628).
- wifi: mac80211: fix waiting for beacons logic (bsc#1012628).
- wifi: iwlwifi: exit eSR only after the FW does (bsc#1012628).
- wifi: brcmfmac: Adjust n_channels usage for __counted_by
(bsc#1012628).
- netdevsim: avoid potential loop in nsim_dev_trap_report_work()
(bsc#1012628).
- net: atlantic: Fix DMA mapping for PTP hwts ring (bsc#1012628).
- selftests: net: cut more slack for gro fwd tests (bsc#1012628).
- selftests/net: convert unicast_extensions.sh to run it in
unique namespace (bsc#1012628).
- selftests/net: convert pmtu.sh to run it in unique namespace
(bsc#1012628).
- selftests/net: change shebang to bash to support "source"
(bsc#1012628).
- selftests: net: fix tcp listener handling in pmtu.sh
(bsc#1012628).
- selftests: net: avoid just another constant wait (bsc#1012628).
- tsnep: Fix mapping for zero copy XDP_TX action (bsc#1012628).
- tunnels: fix out of bounds access when building IPv6 PMTU error
(bsc#1012628).
- atm: idt77252: fix a memleak in open_card_ubr0 (bsc#1012628).
- octeontx2-pf: Fix a memleak otx2_sq_init (bsc#1012628).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (bsc#1012628).
- hwmon: (coretemp) Fix out-of-bounds memory access (bsc#1012628).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
(bsc#1012628).
- inet: read sk->sk_family once in inet_recv_error()
(bsc#1012628).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
(bsc#1012628).
- x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat
section (bsc#1012628).
- rxrpc: Fix generation of serial numbers to skip zero
(bsc#1012628).
- rxrpc: Fix delayed ACKs to not set the reference serial number
(bsc#1012628).
- rxrpc: Fix response to PING RESPONSE ACKs to a dead call
(bsc#1012628).
- rxrpc: Fix counting of new acks and nacks (bsc#1012628).
- selftests: net: let big_tcp test cope with slow env
(bsc#1012628).
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (bsc#1012628).
- af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC
(bsc#1012628).
- devlink: avoid potential loop in
devlink_rel_nested_in_notify_work() (bsc#1012628).
- ppp_async: limit MRU to 64K (bsc#1012628).
- selftests: cmsg_ipv6: repeat the exact packet (bsc#1012628).
- netfilter: nft_compat: narrow down revision to unsigned 8-bits
(bsc#1012628).
... changelog too long, skipping 163 lines ...
- commit 1dccf2a
==== libapparmor ====
- Add apparmor-abstractions-openssl-allow-version-specific-en.patch to
allow version specific engdef & engines openssl paths (boo#1219571)
==== libshumate ====
Subpackages: libshumate-1_0-1 libshumate-lang typelib-1_0-Shumate-1_0
- Update licenses based on legaldb review
==== libstorage-ng ====
Version update (4.5.188 -> 4.5.189)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#986
- log textdomain codeset
- 4.5.189
==== mariadb ====
Version update (11.2.2 -> 11.2.3)
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages
- Update to 11.2.3:
https://mariadb.com/kb/en/mariadb-11-2-3-release-notes/
https://mariadb.com/kb/en/mariadb-11-2-3-changelog/
- Update list of skipped tests
==== nodejs21 ====
Version update (21.6.1 -> 21.6.2)
Subpackages: npm21
- Update to 21.6.2: (security updates)
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High)
* (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High)
* (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High)
* (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3 (CVE-2024-24758, bsc#1220017)
* libuv version 1.48.0
==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
with Expat 2.6.0, gh#python/cpython#115289
==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3
- Add upstream patch libexpat260.patch, Fix tests for XMLPullParser
with Expat 2.6.0, gh#python/cpython#115289
==== qemu ====
Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-pr-helper qemu-seabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86
- Update the service file to use OBS-scm (by fvogt)
- Various fixes:
* [openSUSE][RPM] Fix enabling features on non-x86_64
* [openSUSE][RPM] Disable test-crypto-secret in linux-user build
* [openSUSE] Update ipxe submodule reference (bsc#1219733, bsc#1219722)
* [openSUSE][RPM] spec: allow building without spice
==== qt6-base ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6Sql6 libQt6Test6 libQt6Widgets6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-platformtheme-gtk3
- Update to 6.6.2
* https://www.qt.io/blog/qt-6.6.2-released
- Drop patches, merged upstream:
* 0001-QMimeDatabase-handle-buggy-type-definitions.patch
* 0001-QMimeDatabase-collect-glob-patterns-from.patch
* 0001-HPack-fix-a-Yoda-Condition.patch
* 0002-HPack-fix-incorrect-integer-overflow-check.patch
* 0001-Http2-fix-potential-overflow-in-assemble_hpack_block.patch
==== qt6-declarative ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6LabsAnimation6 libQt6LabsFolderListModel6 libQt6LabsQmlModels6 libQt6LabsSettings6 libQt6LabsSharedImage6 libQt6LabsWavefrontMesh6 libQt6Qml6 libQt6QmlCore6 libQt6QmlLocalStorage6 libQt6QmlModels6 libQt6QmlWorkerScript6 libQt6QmlXmlListModel6 libQt6Quick6 libQt6QuickControls2-6 libQt6QuickControls2Impl6 libQt6QuickDialogs2-6 libQt6QuickDialogs2QuickImpl6 libQt6QuickDialogs2Utils6 libQt6QuickEffects6 libQt6QuickLayouts6 libQt6QuickParticles6 libQt6QuickShapes6 libQt6QuickTemplates2-6 libQt6QuickTest6 qt6-declarative-imports
- Update to 6.6.2
* https://www.qt.io/blog/qt-6.6.2-released
- Add upstream changes to make build reproducible:
* 0001-QuickControls-Link-the-impl-libraries-into-the-base-.patch
* 0001-Dialogs-Depend-on-controls-styles-in-QuickDialogs2Qu.patch
==== qt6-imageformats ====
Version update (6.6.1 -> 6.6.2)
- Update to 6.6.2
* https://www.qt.io/blog/qt-6.6.2-released
==== qt6-translations ====
Version update (6.6.1 -> 6.6.2)
- Update to 6.6.2
* https://www.qt.io/blog/qt-6.6.2-released
==== qt6-wayland ====
Version update (6.6.1 -> 6.6.2)
Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6
- Update to 6.6.2
* https://www.qt.io/blog/qt-6.6.2-released
- Drop patch, merged upstream:
* client-avoid-creating-decorations-in-the-render-thread.patch
==== rpm-config-SUSE ====
Version update (20240118 -> 20240214)
- Update to version 20240214:
* set_permissions: handle chkstat failure more grateful (bsc#1219736)
==== webkit2gtk3 ====
Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Increase mem_per_process again to match what is in SLE. The build
was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
but webkitgtk uses a function added in 1.20.0, so we need to
ensure that the wayland update is pulled in (bsc#1215072).
==== webkit2gtk3-soup2 ====
Subpackages: WebKitGTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles
- Increase mem_per_process again to match what is in SLE. The build
was sporadically failing there (bsc#1198743).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
but webkitgtk uses a function added in 1.20.0, so we need to
ensure that the wayland update is pulled in (bsc#1215072).