Packages changed: AppStream AppStream-qt6 SVT-AV1 (2.1.2 -> 2.2.0) bash (5.2.26 -> 5.2.32) ffado (2.4.7 -> 2.4.9) flatpak (1.15.8 -> 1.15.10) gstreamer-plugins-bad libdeflate (1.20 -> 1.21) libinput (1.26.0 -> 1.26.2) libpng16 librsvg (2.58.2 -> 2.58.3) libwacom (2.11.0 -> 2.12.2) libxmlb (0.3.18 -> 0.3.19) python-SQLAlchemy (2.0.31 -> 2.0.32) readline (8.2.10 -> 8.2.13) selinux-policy (20240814 -> 20240816) systemd (256.4 -> 256.5) tiff xen (4.18.2_06 -> 4.19.0_02) === Details === ==== AppStream ==== - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== AppStream-qt6 ==== - BuildRequire gettext-devel instead of gettext: allow OBS to shortcut through gettext-runtime-mini. ==== SVT-AV1 ==== Version update (2.1.2 -> 2.2.0) - Update to release 2.2.0 * Improve the tradeoffs for the random access mode across presets: * Speedup of ~15% across presets M0 - M8 while maintaining similar quality levels * Improve the tradeoffs for the low-delay mode across presets * Increased temporal resolution setting to 6L for 4k resolutions by default * Added ARM optimizations for functions with c_only equivalent yielding an average speedup of ~13% for 4k10bit ==== bash ==== Version update (5.2.26 -> 5.2.32) Subpackages: bash-sh - Add upstream patches * bash52-027 The configure test for the presence of strtoimax(3) is inverted. * bash52-028 A DEBUG trap in an asynchronous process can steal the controlling terminal away from the calling shell, causing it to exit. * bash52-030 `wait -n' can fail to return some jobs if they exit due to signals the shell does not report to the user. * bash52-031 There is a memory leak in the code that implements the optimized $( 2.4.9) - Update to version 2.4.9 * Support compilation against musl libc. * Remove build-time checks for utilities that are not used (pyuic). * Install the ffado-mixer appdata file only if ffado-mixer has been built. * Add a DATADIR option to scons and use it in line with GNU conventions. * Update the AppStream document with more complete information and in line with current best practice. * Rename XDG files to match modern standards. * Install XDG files manually to simplify the build script and avoid depending on xdg-utils. - Changes from version 2.4.8 * Make various mixer modules work under Python 3.10 and later: Presonus Firebox, Presonus FP10, Presonus Inspire1394 and Yamaha Go. * Deal with the removal of SafeConfigParser in Python 3.12. ==== flatpak ==== Version update (1.15.8 -> 1.15.10) Subpackages: flatpak-selinux libflatpak0 system-user-flatpak - Update to version 1.15.10: + Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, version 0.10.0 is required. This version adds a new feature which is required by the security fix in this release. + Security fixes: Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (CVE-2024-42472, GHSA-7hgv-f2j8-xw87) + Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life + Other bug fixes: Fix several memory leaks + Internal changes: - Record a log file when running build-time tests with AddressSanitizer - Add initial suppressions file for AddressSanitizer ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstanalytics-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstinsertbin-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstmse-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Add 85b4fbf40b1d53a4141941abf70d2d4d83eb140e.patch: msdk: replace strcmp with g_strcmp0. Because strcmp doesn't handle NULL. ==== libdeflate ==== Version update (1.20 -> 1.21) - update to 1.21: * Fixed build error on x86 with gcc 8.1 and gcc 8.2. * Fixed build error on x86 when gcc 11 is paired with a binutils version that doesn't support AVX-VNNI e.g. as it is on RHEL 9. * Fixed build error on arm64 with gcc 6. * Fixed build error on arm64 with gcc 13.1 and later with some - mcpu options. * Enabled detection of dotprod support in Windows ARM64 builds. ==== libinput ==== Version update (1.26.0 -> 1.26.2) - Update to release 1.26.2 * Added quirks for the LG Gram 14 and the Minisvorum V3 ==== libpng16 ==== - Fix missing backslash ==== librsvg ==== Version update (2.58.2 -> 2.58.3) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.58.3: + A couple of fixes from fuzz testing: - Fix assertion failures with large Hue value in hsl() or hwb() colors. - Limit the baseFrequency for feTurbulence to avoid integer overflow. - Remove an obsolete test. ==== libwacom ==== Version update (2.11.0 -> 2.12.2) Subpackages: libwacom-data libwacom9 - update to 2.12.2 * Device Fixes: - HUION Kamvas 16 2019 - Prefix the kamvas pro 13 with Huion like all other Huion tablets - Fix the Huion Kamvas 12 file * Device Other: - Don't create a default match for fallback devices * Other Fixes: - Fix a memory leak - Set the device name in new_from_path() to override the fallback name * Tests: test: run ruff format over test_svg.py test: add support for testing new_from_path() through uinput - update to 2.12.1 * Device Fixes: - Drop the firmware match from the Huion Inspiroy 2 S * Features: - Fix off-by-one check for stripping the quote from NAME/UNIQ - Use g_clear_pointer() during libwacom_*_unref() - update to 2.12.0 * New Devices: - Huion Kamvas Pro 24 (GT-240, QHD) - Huion WH1409 - Wacom Movink - Wacom HID 49A0 (Dell latitude 5320 2-in-1) - Wacom HID 5334 Pen - XP-PEN Deco Mini 4 * Device Fixes: - Fix tablet file for the Huion Inspiroy 2S - Improve Huion Inspiroy 2 m support - Update the Inspiroy 2L - Add a dial to the Huion Inspiroy 2 L and M - Fix the Inspiroy 2S layout - Set the right PID for the Inpspiroy 2 L and M - Rename second ButtonB id in the DTI-520 svg layout - Fix Huion RTM-500 Support - Added more device names for Kamvas 13 variants - Fix buttons for Huion and Gaomon tablets - Mark huion/gaomon tablets with Dials as such - XP pen tablets have no Rings - Drop accidental comma from the Gaomon/Huion layout files * Device Other: - Auto generated HUION tablet description files - Auto generated GAOMON tablet description files - Remove layout files without buttons/strips/dials - Remove a superfluous rect from the huion mini keydial kd100 - Use NumRings instead of separate Ring/Ring2 - Switch DeviceMatch to use a pipe as separator - Add a firmware string entry to the matches - Skip over empty Layout= assignments * Features: - Rework match_from_string - Rework the match approach to prefer uniq over name - Allow to match by uniq without name - Add Gaomon S620 firmware match - Add support for relative dials - Add libwacom_new_from_builder to construct a new device * Other Fixes: - Fetch the name and uniq from udev properties, not sysfs - Keyboard devices are not ID_INPUT_TABLET_PAD - Don't mark a Mouse device as tablet or pad - Set the bustype in libwacom_new_for_path - Document touch strips * Tests: - Remove the requirement for a Layout file - Replace the SVG validity test with a pytest-based one - Add a test for unnecessary SVGs - Add some tracing to the svg validity test - Svgs for dials need to have CW and CCW labels, not Up/Down - Set proper test names for the hwdb tests - Skip errors in SVGs for autogenerated devices - Check the svg for Dial2 if we have two dials - Skip hwdb tests if the systemd commands fail - Install our hwdb file during the test - Add ids to the parametrized tablet file tests - Add a pytest wrapper for libwacom - Skip/fail with an error if the systemd commands failed - Replace the uinput-based hwdb test with a direct query - Don't reload the udev rules - Move the asan check into meson.build * Build: - Make pytest more verbose - Bump to meson 0.56.0 - More logging of the pytests - Split the pytest invocations into separate ones ==== libxmlb ==== Version update (0.3.18 -> 0.3.19) - update to 0.3.19: * Add xb_version_string() to get the runtime ABI version * - Add the runtime version as the default XMLb invalidation GUID ==== python-SQLAlchemy ==== Version update (2.0.31 -> 2.0.32) - update to 2.0.32: * https://docs.sqlalchemy.org/en/20/changelog/changelog_20.html#change-2.0.32 ==== readline ==== Version update (8.2.10 -> 8.2.13) - Add upstream patches * readline82-011 Some systems (e.g., macOS) send signals early on in interactive initialization, so readline should retry a failed open of the init file. * readline82-012 If a user happens to bind do-lowercase-version to something that isn't a capital letter, so _rl_to_lower doesn't change anything and the result is still bound to do-lowercase-version, readline can recurse infinitely. * readline82-013 When readline is accumulating bytes until it reads a complete multibyte character, reading a byte that makes the multibyte character invalid can result in discarding the bytes in the partial character. - Port patch readline-8.2.dif ==== selinux-policy ==== Version update (20240814 -> 20240816) Subpackages: selinux-policy-targeted - Update to version 20240816: * Initial policy for syslog-ng (bsc#1229153) ==== systemd ==== Version update (256.4 -> 256.5) Subpackages: libsystemd0 libudev1 systemd-boot systemd-experimental udev - Import commit bef0958f4db1b774c23505e93537ffe16f1b3894 (merge of v256.5) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/5bba1ebe17564b606cc5d1c07b14123c305019a7...bef0958f4db1b774c23505e93537ffe16f1b3894 - Make the 32bit version of libudev.so available again (bsc#1228223) The symlink for building 32bit applications was mistakenly dropped when the content of libudev-devel was merged into systemd-devel. Provide the 32bit flavor of systemd-devel again, which should restore the plug and play support in Wine for 32bit windows applications. ==== tiff ==== - security update: * CVE-2024-7006 [bsc#1228924] Fix pointer deref in tif_dirinfo.c + tiff-CVE-2024-7006.patch ==== xen ==== Version update (4.18.2_06 -> 4.19.0_02) - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) 66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) 66bb6fa5-x86-pass-through-document-as-security-unsupported.patch - Upstream bug fixes (bsc#1027519) 66a8b8ac-bunzip2-rare-failure.patch - Update to Xen 4.19.0 FCS release (jsc#PED-8907) xen-4.19.0-testing-src.tar.bz2 - New Features * On x86: - Introduce a new x2APIC driver that uses Cluster Logical addressing mode for IPIs and Physical addressing mode for external interrupts. * On Arm: - FF-A notification support. - Introduction of dynamic node programming using overlay dtbo. * Add a new 9pfs backend running as a daemon in dom0. First user is Xenstore-stubdom now being able to support full Xenstore trace capability. * libxl support for backendtype=tap with tapback. - Changed Features * Changed flexible array definitions in public I/O interface headers to not use "1" as the number of array elements. * The minimum supported OCaml toolchain version is now 4.05 * On x86: - HVM PIRQs are disabled by default. - Reduce IOMMU setup time for hardware domain. - Allow HVM/PVH domains to map foreign pages. - Declare PVH dom0 supported with caveats. * xl/libxl configures vkb=[] for HVM domains with priority over vkb_device. * Increase the maximum number of CPUs Xen can be built for from 4095 to 16383. * When building with Systemd support (./configure --enable-systemd), remove libsystemd as a build dependency. Systemd Notify support is retained, now using a standalone library implementation. * xenalyze no longer requires `--svm-mode` when analyzing traces generated on AMD CPUs * Code symbol annotations and MISRA compliance improvements. - Removed Features * caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has been superseded by the MirageOS/SOLO5 projects. * /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub" should be updated to just bootloader="pygrub". * The Xen gdbstub on x86. * xentrace_format has been removed; use xenalyze instead. - Dropped patches contained in new tarball 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch 6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch 6627a5fc-x86-MTRR-inverted-WC-check.patch 662a6a4c-x86-spec-reporting-of-BHB-clearing.patch 662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch 663090fd-x86-gen-cpuid-syntax.patch 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch 663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch 663d05b5-x86-ucode-distinguish-up-to-date.patch 663eaa27-libxl-XenStore-error-handling-in-device-creation.patch 66450626-sched-set-all-sched_resource-data-inside-locked.patch 66450627-x86-respect-mapcache_domain_init-failing.patch 6646031f-x86-ucode-further-identify-already-up-to-date.patch 6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch 666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch 666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch 666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch 666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch 666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch 667187cc-x86-Intel-unlock-CPUID-earlier.patch 66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch 6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch 6672c846-x86-xstate-initialisation-of-XSS-cache.patch 6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch xsa458.patch - Enable support for ZSTD and LZO compression formats