Packages changed: 389-ds (3.0.1~git39.e24615f -> 3.1.1~git0.aef1668) ImageMagick (7.1.1.34 -> 7.1.1.35) Imath (3.1.9 -> 3.1.11) Mesa (24.1.2 -> 24.1.3) Mesa-drivers (24.1.2 -> 24.1.3) MozillaFirefox (127.0 -> 128.0.3) NetworkManager (1.48.2 -> 1.48.6) SVT-AV1 (2.1.1 -> 2.1.2) aaa_base (84.87+git20240620.57ee9e1 -> 84.87+git20240805.7513b28) aalib abseil-cpp akonadi (24.05.1 -> 24.05.2) akonadi-calendar (24.05.1 -> 24.05.2) akonadi-calendar-tools (24.05.1 -> 24.05.2) akonadi-contacts (24.05.1 -> 24.05.2) akonadi-import-wizard (24.05.1 -> 24.05.2) akonadi-mime (24.05.1 -> 24.05.2) akonadi-notes (24.05.1 -> 24.05.2) akonadi-search (24.05.1 -> 24.05.2) akregator (24.05.1 -> 24.05.2) amarok (3.0.1 -> 3.1.0) analitza (24.05.1 -> 24.05.2) apache2 (2.4.59 -> 2.4.62) apache2-manual (2.4.59 -> 2.4.62) apache2-mod_php8 (8.3.8 -> 8.3.9) apache2-prefork (2.4.59 -> 2.4.62) apache2-utils (2.4.59 -> 2.4.62) apparmor (4.0.1 -> 4.0.2) ark (24.05.1 -> 24.05.2) b43-fwcutter baloo-widgets (24.05.1 -> 24.05.2) bind (9.18.27 -> 9.20.0) blinken (24.05.1 -> 24.05.2) bluedevil6 (6.1.1 -> 6.1.4) blueman (2.3.5 -> 2.4.2) bolt boost-base boost-extra breeze6 (6.1.1 -> 6.1.4) breeze6-gtk (6.1.1 -> 6.1.4) brltty btrfsmaintenance (0.5 -> 0.5.2) btrfsprogs (6.9 -> 6.10) ca-certificates-mozilla (2.66 -> 2.68) calendarsupport (24.05.1 -> 24.05.2) certmonger cfitsio (4.3.1 -> 4.4.0) checkpolicy (3.6 -> 3.7) chrony clamav (0.103.11 -> 1.3.1) clazy (1.11git.20240520T014559~87b83e3 -> 1.12git.20240630T203330~f3fb82c) clucene-core colord container-selinux (2.228.0 -> 2.232.1) coreutils coreutils-systemd cronie cryptsetup (2.7.2 -> 2.7.4) cups (2.4.8 -> 2.4.10) curl (8.8.0 -> 8.9.0) discover6 (6.1.1 -> 6.1.4) dolphin (24.05.1 -> 24.05.2) dracut (059+suse.598.gfe80dac7 -> 059+suse.628.g20b345b4) drkonqi6 (6.1.1 -> 6.1.4) ell (0.66 -> 0.67) emacs emacs-compat (29.1.4.5 -> 30.0.0.0) emacs-jinx (1.8 -> 1.10) eog (45.3 -> 45.4) espeak-ng (1.51 -> 1.51.1) eventviews (24.05.1 -> 24.05.2) evince (46.3 -> 46.3.1) evolution (3.52.2 -> 3.52.4) evolution-data-server (3.52.2 -> 3.52.4) evolution-ews (3.52.2 -> 3.52.4) exiv2 (0.28.2 -> 0.28.3) fdupes (2.3.0 -> 2.3.1) ffmpeg-4 ffmpeg-6 ffmpegthumbs (24.05.1 -> 24.05.2) flatpak-kcm6 (6.1.1 -> 6.1.4) fontconfig fprintd (1.94.2 -> 1.94.3) freecell-solver (6.10.0 -> 6.12.0) freerdp (3.5.1 -> 3.6.3) frei0r-plugins (2.3.1 -> 2.3.3) fribidi (1.0.14 -> 1.0.15) fwupd (1.9.21 -> 1.9.23) gcc14 (14.1.1+git10335 -> 14.2.0+git10526) gdm gegl gettext-runtime ghostscript (10.03.0 -> 10.03.1) git (2.45.2 -> 2.46.0) glib2 (2.80.3 -> 2.80.4) glslang (14.2.0 -> 14.3.0) gnome-control-center (46.2 -> 46.3) gnome-keyring (46.1 -> 46.2) gnome-music (46.0 -> 46.1) gnome-online-accounts (3.50.2 -> 3.50.4) gnome-remote-desktop (46.2 -> 46.3) gnome-shell (46.2 -> 46.4) gnome-software (46.2 -> 46.3) gnome-sudoku (46.2 -> 46.3) gnutls (3.8.5 -> 3.8.6) gom (0.5.1 -> 0.5.2) google-noto-fonts (20240601 -> 20240801) grantleetheme (24.05.1 -> 24.05.2) graphviz grub2 gsettings-desktop-schemas (46.0 -> 46.1) gstreamer (1.24.0 -> 1.24.6) gstreamer-plugins-bad (1.24.0 -> 1.24.6) gstreamer-plugins-base (1.24.0 -> 1.24.6) gstreamer-plugins-good (1.24.0 -> 1.24.5) gstreamer-plugins-libav (1.24.0 -> 1.24.6) gstreamer-plugins-ugly (1.24.0 -> 1.24.6) gtk2 gtk3 (3.24.42 -> 3.24.43) gtk4 (4.14.4 -> 4.15.4) guestfs-tools (1.52.0 -> 1.53.1) gvfs (1.54.1 -> 1.54.2) gwenview (24.05.1 -> 24.05.2) harfbuzz (8.5.0 -> 9.0.0) hplip hwdata (0.383 -> 0.384) ibus (1.5.29 -> 1.5.30) imlib2 (1.12.2 -> 1.12.3) incidenceeditor (24.05.1 -> 24.05.2) inkscape irqbalance java-21-openjdk (21.0.3.0 -> 21.0.4.0) javapackages-tools kaccounts-integration (24.05.1 -> 24.05.2) kaccounts-integration-kf5 (24.05.1 -> 24.05.2) kaccounts-providers (24.05.1 -> 24.05.2) kactivitymanagerd6 (6.1.1 -> 6.1.4) kaddressbook (24.05.1 -> 24.05.2) kalgebra (24.05.1 -> 24.05.2) kamera (24.05.1 -> 24.05.2) kanagram (24.05.1 -> 24.05.2) kapptemplate (24.05.1 -> 24.05.2) kate (24.05.1 -> 24.05.2) kbruch (24.05.1 -> 24.05.2) kcachegrind (24.05.1 -> 24.05.2) kcalc (24.05.1 -> 24.05.2) kcalutils (24.05.1 -> 24.05.2) kcharselect (24.05.1 -> 24.05.2) kcolorchooser (24.05.1 -> 24.05.2) kde-cli-tools6 (6.1.1 -> 6.1.4) kde-dev-utils (24.05.1 -> 24.05.2) kde-gtk-config6 (6.1.1 -> 6.1.4) kdecoration6 (6.1.1 -> 6.1.4) kdeedu-data (24.05.1 -> 24.05.2) kdegraphics-mobipocket (24.05.1 -> 24.05.2) kdegraphics-thumbnailers (24.05.1 -> 24.05.2) kdenetwork-filesharing (24.05.1 -> 24.05.2) kdepim-addons (24.05.1 -> 24.05.2) kdepim-runtime (24.05.1 -> 24.05.2) kdeplasma6-addons (6.1.1 -> 6.1.4) kdevelop5 (24.05.1 -> 24.05.2) kdialog (24.05.1 -> 24.05.2) kdump (2.0.7 -> 2.0.9) kernel-firmware (20240618 -> 20240728) kernel-firmware-nvidia-gspx-G06 (550.90.07 -> 550.100) kernel-source (6.9.7 -> 6.10.3) kf6-attica (6.3.0 -> 6.4.0) kf6-baloo (6.3.0 -> 6.4.0) kf6-bluez-qt (6.3.0 -> 6.4.0) kf6-breeze-icons (6.3.0 -> 6.4.0) kf6-frameworkintegration (6.3.0 -> 6.4.0) kf6-karchive (6.3.0 -> 6.4.0) kf6-kauth (6.3.0 -> 6.4.0) kf6-kbookmarks (6.3.0 -> 6.4.0) kf6-kcalendarcore (6.3.0 -> 6.4.0) kf6-kcmutils (6.3.0 -> 6.4.0) kf6-kcodecs (6.3.0 -> 6.4.0) kf6-kcolorscheme (6.3.0 -> 6.4.0) kf6-kcompletion (6.3.0 -> 6.4.0) kf6-kconfig (6.3.0 -> 6.4.0) kf6-kconfigwidgets (6.3.0 -> 6.4.0) kf6-kcontacts (6.3.0 -> 6.4.0) kf6-kcoreaddons (6.3.0 -> 6.4.0) kf6-kcrash (6.3.0 -> 6.4.0) kf6-kdav (6.3.0 -> 6.4.0) kf6-kdbusaddons (6.3.0 -> 6.4.0) kf6-kdeclarative (6.3.0 -> 6.4.0) kf6-kded (6.3.0 -> 6.4.0) kf6-kdesu (6.3.0 -> 6.4.0) kf6-kdnssd (6.3.0 -> 6.4.0) kf6-kdoctools (6.3.0 -> 6.4.0) kf6-kfilemetadata (6.3.0 -> 6.4.0) kf6-kglobalaccel (6.3.0 -> 6.4.0) kf6-kguiaddons (6.3.0 -> 6.4.0) kf6-kholidays (6.3.0 -> 6.4.0) kf6-ki18n (6.3.0 -> 6.4.0) kf6-kiconthemes (6.3.0 -> 6.4.0) kf6-kidletime (6.3.0 -> 6.4.0) kf6-kimageformats (6.3.0 -> 6.4.0) kf6-kio (6.3.0 -> 6.4.0) kf6-kirigami (6.3.0 -> 6.4.0) kf6-kitemmodels (6.3.0 -> 6.4.0) kf6-kitemviews (6.3.0 -> 6.4.0) kf6-kjobwidgets (6.3.0 -> 6.4.0) kf6-knewstuff (6.3.0 -> 6.4.0) kf6-knotifications (6.3.0 -> 6.4.0) kf6-knotifyconfig (6.3.0 -> 6.4.0) kf6-kpackage (6.3.0 -> 6.4.0) kf6-kparts (6.3.0 -> 6.4.0) kf6-kplotting (6.3.0 -> 6.4.0) kf6-kpty (6.3.0 -> 6.4.0) kf6-kquickcharts (6.3.0 -> 6.4.0) kf6-krunner (6.3.0 -> 6.4.0) kf6-kservice (6.3.0 -> 6.4.0) kf6-kstatusnotifieritem (6.3.0 -> 6.4.0) kf6-ksvg (6.3.0 -> 6.4.0) kf6-ktexteditor (6.3.0 -> 6.4.0) kf6-ktexttemplate (6.3.0 -> 6.4.0) kf6-ktextwidgets (6.3.0 -> 6.4.0) kf6-kunitconversion (6.3.0 -> 6.4.0) kf6-kuserfeedback (6.3.0 -> 6.4.0) kf6-kwallet (6.3.0 -> 6.4.0) kf6-kwidgetsaddons (6.3.0 -> 6.4.0) kf6-kwindowsystem (6.3.0 -> 6.4.0) kf6-kxmlgui (6.3.0 -> 6.4.0) kf6-modemmanager-qt (6.3.0 -> 6.4.0) kf6-networkmanager-qt (6.3.0 -> 6.4.0) kf6-prison (6.3.0 -> 6.4.0) kf6-purpose (6.3.0 -> 6.4.0) kf6-qqc2-desktop-style (6.3.0 -> 6.4.0) kf6-solid (6.3.0 -> 6.4.0) kf6-sonnet (6.3.0 -> 6.4.0) kf6-syndication (6.3.0 -> 6.4.0) kf6-syntax-highlighting (6.3.0 -> 6.4.0) kf6-threadweaver (6.3.0 -> 6.4.0) kgamma6 (6.1.1 -> 6.1.4) kgeography (24.05.1 -> 24.05.2) kglobalacceld6 (6.1.1 -> 6.1.4) khangman (24.05.1 -> 24.05.2) khelpcenter (24.05.1 -> 24.05.2) kidentitymanagement (24.05.1 -> 24.05.2) kig (24.05.1 -> 24.05.2) kimap (24.05.1 -> 24.05.2) kinfocenter6 (6.1.1 -> 6.1.4) kio-extras (24.05.1 -> 24.05.2) kio_audiocd (24.05.1 -> 24.05.2) kipi-plugins (24.05.1 -> 24.05.2) kirigami-addons6 (1.3.0 -> 1.4.0) kiten (24.05.1 -> 24.05.2) kitinerary (24.05.1 -> 24.05.2) kldap (24.05.1 -> 24.05.2) kleopatra (24.05.1 -> 24.05.2) kmag (24.05.1 -> 24.05.2) kmahjongg (24.05.1 -> 24.05.2) kmail (24.05.1 -> 24.05.2) kmail-account-wizard (24.05.1 -> 24.05.2) kmailtransport (24.05.1 -> 24.05.2) kmbox (24.05.1 -> 24.05.2) kmenuedit6 (6.1.1 -> 6.1.4) kmime (24.05.1 -> 24.05.2) kmines (24.05.1 -> 24.05.2) kmousetool (24.05.1 -> 24.05.2) kmplot (24.05.1 -> 24.05.2) knotes (24.05.1 -> 24.05.2) konsole (24.05.1 -> 24.05.2) kontact (24.05.1 -> 24.05.2) kontactinterface (24.05.1 -> 24.05.2) konversation (24.05.1 -> 24.05.2) korganizer (24.05.1 -> 24.05.2) kpat (24.05.1 -> 24.05.2) kpimtextedit (24.05.1 -> 24.05.2) kpipewire6 (6.1.1 -> 6.1.4) kpkpass (24.05.1 -> 24.05.2) kqtquickcharts (24.05.1 -> 24.05.2) krb5 (1.21.2 -> 1.21.3) kreversi (24.05.1 -> 24.05.2) ksanecore (24.05.1 -> 24.05.2) kscreen6 (6.1.1 -> 6.1.4) kscreenlocker6 (6.1.1 -> 6.1.4) ksmtp (24.05.1 -> 24.05.2) ksshaskpass6 (6.1.1 -> 6.1.4) ksudoku (24.05.1 -> 24.05.2) ksystemstats6 (6.1.1 -> 6.1.4) ktnef (24.05.1 -> 24.05.2) ktouch (24.05.1 -> 24.05.2) kwayland-integration6 (6.1.1 -> 6.1.4) kwayland6 (6.1.1 -> 6.1.4) kwin6 (6.1.1.2 -> 6.1.4) kwordquiz (24.05.1 -> 24.05.2) kwrited6 (6.1.1 -> 6.1.4) lapack layer-shell-qt6 (6.1.1 -> 6.1.4) ldb (2.9.0 -> 2.9.1) ldns less (656 -> 661) libX11 (1.8.9 -> 1.8.10) libXfont2 (2.0.6 -> 2.0.7) libXtst (1.2.4 -> 1.2.5) libadwaita (1.5.1 -> 1.5.2) libapparmor (4.0.1 -> 4.0.2) libblockdev (3.1.0 -> 3.1.1) libbpf (1.4.3 -> 1.4.5) libcdio libdb-4_8 libdecor (0.2.0 -> 0.2.2) libdv libgcrypt (1.10.3 -> 1.11.0) libgee libgexiv2 (0.14.2 -> 0.14.3) libgnomesu (2.0.7 -> 2.0.8) libgpod libgravatar (24.05.1 -> 24.05.2) libguestfs (1.52.1 -> 1.53.5) libgusb (0.4.8 -> 0.4.9) libheif (1.17.6 -> 1.18.1) libjxl (0.10.2 -> 0.10.3) libjxl-gtk (0.10.2 -> 0.10.3) libkcddb-qt6 (24.05.1 -> 24.05.2) libkcompactdisc-qt6 (24.05.1 -> 24.05.2) libkdcraw-qt6 (24.05.1 -> 24.05.2) libkdegames (24.05.1 -> 24.05.2) libkdepim (24.05.1 -> 24.05.2) libkeduvocdocument (24.05.1 -> 24.05.2) libkexiv2-qt6 (24.05.1 -> 24.05.2) libkgapi6 (24.05.1 -> 24.05.2) libkipi (24.05.1 -> 24.05.2) libkleo (24.05.1 -> 24.05.2) libkmahjongg (24.05.1 -> 24.05.2) libksane (24.05.1 -> 24.05.2) libksba (1.6.6 -> 1.6.7) libkscreen6 (6.1.1 -> 6.1.4) libksieve (24.05.1 -> 24.05.2) libksysguard6 (6.1.1 -> 6.1.4) libmaxminddb (1.9.1 -> 1.10.0) libnbd (1.18.4 -> 1.20.2) libndp libnl3 (3.9.0 -> 3.10.0) libnvme (1.9+0.g80c5cf2 -> 1.10+0.gdd51fa8) libopenmpt (0.7.8 -> 0.7.9) liborcus libostree (2024.6 -> 2024.7) libphonenumber (8.13.30 -> 8.13.40) libplasma6 (6.1.1 -> 6.1.4) libqt5-qtbase (5.15.14+kde140 -> 5.15.14+kde143) libreoffice (24.2.4.2 -> 24.2.5.2) librsvg (2.58.1 -> 2.58.2) libselinux (3.6 -> 3.7) libselinux-bindings (3.6 -> 3.7) libsemanage (3.6 -> 3.7) libsepol (3.6 -> 3.7) libsolv (0.7.29 -> 0.7.30) libstorage-ng (4.5.215 -> 4.5.219) liburing (2.5 -> 2.6) libva (2.21.0 -> 2.22.0) libva-gl (2.21.0 -> 2.22.0) libvirt (10.4.0 -> 10.6.0) libvisual libvpx (1.14.0 -> 1.14.1) libxml2 (2.12.8 -> 2.12.9) libxml2-python (2.12.8 -> 2.12.9) libyui (4.6.1 -> 4.6.2) libyui-ncurses (4.6.1 -> 4.6.2) libyui-ncurses-pkg (4.6.1 -> 4.6.2) libyui-qt (4.6.1 -> 4.6.2) libyui-qt-graph (4.6.1 -> 4.6.2) libyui-qt-pkg (4.6.1 -> 4.6.2) libzypp (17.34.1 -> 17.35.9) lightdm linux-atm linux-glibc-devel (6.9 -> 6.10) live555 (2023.11.30 -> 2024.06.26) llvm18 (18.1.6 -> 18.1.8) lokalize (24.05.1 -> 24.05.2) lua54 (5.4.6 -> 5.4.7) lvm2 lvm2-device-mapper lz4 (1.9.4 -> 1.10.0) mailcommon (24.05.1 -> 24.05.2) mailimporter (24.05.1 -> 24.05.2) makedumpfile mariadb mariadb-connector-c (3.3.8 -> 3.3.10) markdownpart (24.05.1 -> 24.05.2) mbox-importer (24.05.1 -> 24.05.2) messagelib (24.05.1 -> 24.05.2) microos-tools (2.21+git12 -> 2.21+git13) milou6 (6.1.1 -> 6.1.4) mimetreeparser (24.05.1 -> 24.05.2) mozilla-nss (3.100 -> 3.102.1) mpg123 (1.32.6 -> 1.32.7) mtools (4.0.43 -> 4.0.44) multipath-tools (0.9.9+90+suse.f1d2f20 -> 0.9.9+161+suse.0c835ef) mutter (46.2 -> 46.4) nano (8.0 -> 8.1) nbdkit (1.36.5 -> 1.40.1) ncurses (6.5.20240608 -> 6.5.20240713) netpbm (11.5.2 -> 11.7.0) newt nvidia-open-driver-G06-signed (550.90.07_k6.9.7_1 -> 550.100_k6.10.3_1) nvme-cli (2.9.1 -> 2.10) ocean-sound-theme6 (6.1.1 -> 6.1.4) okular (24.05.1 -> 24.05.2) open-vm-tools (12.4.0 -> 12.4.5) openSUSE-release (20240629 -> 20240808) openblas_openmp openblas_pthreads openldap2 (2.6.7 -> 2.6.8) openldap2-contrib-src (2.6.7 -> 2.6.8) openssh openssl-3 orc (0.4.38 -> 0.4.39) orca (46.1 -> 46.2) osinfo-db (20240510 -> 20240701) ovmf (202311 -> 202402) p11-kit pam pam-full-src pam_kwallet6 (6.1.1 -> 6.1.4) parley (24.05.1 -> 24.05.2) pciutils (3.12.0 -> 3.13.0) perl (5.38.2 -> 5.40.0) perl-Bootloader (1.13 -> 1.14) perl-HTML-Parser (3.820.0 -> 3.830.0) perl-IO-Socket-SSL (2.85.0 -> 2.88.0) php8 (8.3.8 -> 8.3.9) pim-data-exporter (24.05.1 -> 24.05.2) pim-sieve-editor (24.05.1 -> 24.05.2) pimcommon (24.05.1 -> 24.05.2) pinentry (1.2.1 -> 1.3.1) pinentry-gui (1.2.1 -> 1.3.1) pipewire (1.2.0 -> 1.2.1) plasma5support6 (6.1.1 -> 6.1.4) plasma6-activities (6.1.1 -> 6.1.4) plasma6-activities-stats (6.1.1 -> 6.1.4) plasma6-browser-integration (6.1.1 -> 6.1.4) plasma6-desktop (6.1.1 -> 6.1.4) plasma6-disks (6.1.1 -> 6.1.4) plasma6-integration (6.1.1 -> 6.1.4) plasma6-nm (6.1.1 -> 6.1.4) plasma6-openSUSE plasma6-pa (6.1.1 -> 6.1.4) plasma6-print-manager (6.1.1 -> 6.1.4) plasma6-systemmonitor (6.1.1 -> 6.1.4) plasma6-thunderbolt (6.1.1 -> 6.1.4) plasma6-workspace (6.1.1 -> 6.1.4) polari policycoreutils (3.6 -> 3.7) polkit polkit-default-privs (1550+20240620.095c860 -> 1550+20240708.7e0e3f4) polkit-kde-agent-6 (6.1.1 -> 6.1.4) poppler (24.03.0 -> 24.07.0) poppler-qt6 (24.03.0 -> 24.07.0) postfix powerdevil6 (6.1.1 -> 6.1.4) ppp procps publicsuffix (20240603 -> 20240722) python-Babel (2.14.0 -> 2.15.0) python-Jinja2 python-Pillow (10.3.0 -> 10.4.0) python-PyYAML python-Twisted (23.10.0 -> 24.3.0) python-argcomplete (3.3.0 -> 3.4.0) python-certifi (2023.11.17 -> 2024.7.4) python-cffi python-cryptography (42.0.8 -> 43.0.0) python-libvirt-python (10.4.0 -> 10.6.0) python-msgpack (1.0.7 -> 1.0.8) python-psutil (5.9.7 -> 6.0.0) python-ptyprocess python-pyOpenSSL (24.1.0 -> 24.2.1) python-pycairo (1.26.0 -> 1.26.1) python-pygit2 (1.15.0 -> 1.15.1) python-semanage (3.6 -> 3.7) python-setuptools (70.0.0 -> 70.1.1) python-tornado6 (6.4 -> 6.4.1) python311 python311-core qalculate (4.9.0 -> 5.2.0) qemu (9.0.0 -> 9.0.2) qqc2-breeze-style6 (6.1.1 -> 6.1.4) qt6-base qt6-sensors qt6-wayland re2 (20240601 -> 20240702) redland restorecond (3.6 -> 3.7) rng-tools (6.16 -> 6.17) rsyslog (8.2306.0 -> 8.2406.0) ruby3.3 (3.3.3 -> 3.3.4) rubygem-nokogiri (1.15.5 -> 1.16.7) rubygem-ruby-augeas salt samba (4.20.1+git.339.cf6e153bb2 -> 4.20.2+git.350.4cfcde9cdb) sddm-kcm6 (6.1.1 -> 6.1.4) selinux-policy (20240617 -> 20240802) sensors shim signon-kwallet-extension (24.05.1 -> 24.05.2) skanlite (24.05.1 -> 24.05.2) snapper (0.11.0 -> 0.11.1) spectacle (24.05.1 -> 24.05.2) speech-dispatcher sssd step (24.05.1 -> 24.05.2) strace (6.9 -> 6.10) sudo supermin (5.3.3 -> 5.3.4) suse-module-tools (16.0.45 -> 16.0.48) svgpart (24.05.1 -> 24.05.2) swtpm (0.8.1 -> 0.9.0) system-config-printer systemd (255.7 -> 256.4) systemd-presets-branding-Aeon systemsettings6 (6.1.1 -> 6.1.4) sysuser-tools (3.2 -> 3.3) taglib (2.0 -> 2.0.1) tar telepathy-logger thin-provisioning-tools (1.0.12 -> 1.0.13) thunar (4.18.10 -> 4.18.11) transactional-update (4.6.8 -> 4.7.0) umbrello (24.05.1 -> 24.05.2) upower (1.90.2+15 -> 1.90.4) util-linux util-linux-systemd vde2 vim (9.1.0512 -> 9.1.0636) virt-manager virt-v2v (2.4.0 -> 2.5.5) vte vulkan-loader (1.3.283.0 -> 1.3.290) vulkan-tools (1.3.283.0 -> 1.3.290) wacomtablet-kcm6 (6.1.1 -> 6.1.4) webkit2gtk3 wicked (0.6.75 -> 0.6.76) wireplumber (0.5.4+git2.96dc045 -> 0.5.5) wol wtmpdb (0.12.0+git.20240508 -> 0.13.0+git.20240726) xclip (0.13 -> 0.13+git20220129) xdg-desktop-portal-kde6 (6.1.1 -> 6.1.4) xdg-utils xen xf86-video-nouveau xfce4-kbdleds-plugin (0.2.5 -> 0.3.0) xfce4-screenshooter (1.10.6 -> 1.11.1) xfsprogs (6.8.0 -> 6.9.0) xinit xmlsec1 (1.2.38 -> 1.2.40) xorg-x11-server xterm (389 -> 393) xwayland (24.1.0 -> 24.1.1) yast2 (5.0.8 -> 5.0.9) yast2-kdump (5.0.0 -> 5.0.1) yast2-trans (84.87.20240624.0295c6c7b8 -> 84.87.20240801.d54b6ae08f) zchunk (1.4.0 -> 1.5.1) zenity (4.0.1 -> 4.0.2) zsh zypp-plugin (0.6.3 -> 0.6.4) zypper (1.14.74 -> 1.14.76) === Details === ==== 389-ds ==== Version update (3.0.1~git39.e24615f -> 3.1.1~git0.aef1668) Subpackages: lib389 libsvrcore0 - dirsrv-user.conf: Remove explicit dirsrv group definition, it's already specified implicit with "u dirsrv" and not all tools like duplicate group entries. - Update to version 3.1.1~git0.aef1668: * Bump version to 3.1.1 * Issue 6256 - nsslapd-numlisteners limit is not enforced (#6257) * Issue 5327 - Fix test metadata * Security fix for CVE-2024-6237 * Security fix for CVE-2024-5953 * Security fix for CVE-2024-3657 * Security fix for CVE-2024-2199 * Issue 6256 - nsslapd-numlisteners limit is not enforced * Issue 6265 - lmdb - missing entries in range searches (#6266) * Issue 5853 - Update Cargo.lock * Bump openssl from 0.10.64 to 0.10.66 in /src * Issue 6245 - Revert __COVERITY__ ifndef (#6268) * Issue 6248 - fix fanalyzer warnings (#6253) * Issue 6238 - Fix test_audit_json_logging CI test regression (#6264) * Issue 6254 - Enabling replication for a sub suffix crashes browser (#6255) * Issue 6155 - ldap-agent fails to start because of permission error (#6179) * Issue 6238 - RFE - add option to write audit log in JSON format * Issue 6216 - CI test_fast_slow_import sometime fail (#6247) * Issue 6245 - covscan fixes (#6246) * Issue 6241 - Add support for CRYPT-YESCRYPT (#6242) * Issue 6229 - After an initial failure, subsequent online backups fail (#6230) * Issue 6236 - rpm: fix compatibility with RPM 4.20 * Issue 6227 - dsconf schema does not show inChain matching rule (#6228) * Issue 6233 - CI test wait_for_async_feature_test sometime fails (#6234) * Bump ws from 7.5.9 to 7.5.10 in /src/cockpit/389-console * Issue 6224 - d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes (#6225) * Issue 6222 - CI test acl/test_timeofday_keyword sometime fails (#6223) * Issue 6120 - /usr/lib64/dirsrv/plugins/libback-bdb.so has an invalid-looking DT_RPATH: /usr/lib/dirsrv * Issue 5772 - ONE LEVEL search fails to return sub-suffixes (#6219) * Issue 6183 - Slow ldif2db import on a newly created BDB backend (#6208) * Issue 6207 - Random crash in test_long_rdn CI test (#6215) * Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console * Issue 6191 - Node.js 16 actions are deprecated * Issue 6199 - unprotected search query during certificate based authentication (#6205) * Issue 6200 - Disable WebUI CI tests * Issue 6192 - Test failure: test_match_large_valueset * Issue 6181 - RFE - Allow system to manage uid/gid at startup * Issue 6188 - Add nsslapd-haproxy-trusted-ip to cn=schema (#6201) * Issue 6181 - RFE - Allow system to manage uid/gid at startup (#6182) * Issue 6170 - audit log buffering doesn't handle large updates * Issue 6193 - Test failure: test_tls_command_returns_error_text * Issue 6177 - Spec file cleanup * Issue 6189 - CI tests fail with `[Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'` * Issue 6175 - Referential integrity plugin - in referint_thread_func does not handle null from ldap_utf8strtok (#6168) * Change default salt sizes generated in crypt_pwd (#6185) * Issue 6123 - Allow DNA plugin to reuse global config for bind method and connection protocol (#6124) * Issue 6159 - Add a test to check URP add and delete conflict (#6160) * Issue 6151 - Use %bcond macro for conditional builds in the spec file * Issue 6172 - RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) (#6173) * Bump version to 3.1.0 * fix issue6165 (#6167) ==== ImageMagick ==== Version update (7.1.1.34 -> 7.1.1.35) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.35 * Also set dpi-x and dpi-y when running rsvg-convert. eac001f * convert sub-command is deprecated d67039e * only operators should disable "identify ping" (ImageMagick/ImageMagick#7441) a262192 * fix compiler error ecc21c7 * -outdir deprecated 9980efa * Get the correct width and height when heic:preserve-orientation is set to true. ed3a0dd * Set heic image orientation using transform information. ba470aa * Exit earlier when the symlink could not be created when invoking the svg:decode delegate. 8a48edd * Fixed MSYS2 build error. 3b22378 * Also set the DNG properties when pinging the image. fc1c61b * Silence warning when lqr delegate is disabled. ae0d69a * Added version check for the heif_properties.h include. 656b4d2 * Make sure we always use the i64 version of the "file methods" on Windows. b3e8a78 * Changed defines to use method instead of a define. 75b66c4 * Changes due to upgrade of libheif. 841f033 * smooth the rendering of an ellipse (ImageMagick/ImageMagick#7465) 1bfce2a ==== Imath ==== Version update (3.1.9 -> 3.1.11) - update to 3.1.11: * Fix a problem where downstream projects using Imath would build python bindings even if they weren't requested. * Fix for missing `std::bit_cast` * Fix missing/necessary use of IMATH_HOSTDEVICE * IMATH_INSTALL_PKG_CONFIG is now on by default, even on Windows * Fix calling default constructor by uniform init in TypeTraits * Fix redundant PYIMATH_EXPORTS causing compile issues on Windows Clang * Update to SO versioning policy: * succ()/pred() now use std::nextafter(). * Expand epsilon bounds for m44x pyImath test. * Rename "docs" to "website". * Add missing copyright/license identifiers. ==== Mesa ==== Version update (24.1.2 -> 24.1.3) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to bugfix release 24.1.3 - -> https://docs.mesa3d.org/relnotes/24.1.3 - supersedes the following patches: * u_dri-Fix-BGR-format-exclusion.patch * u_egl-gbm-Enable-RGBA-configs.patch * u_egl-surfaceless-Enable-RGBA-configs.patch * boo1226725-test-fix1.patch - use gcc-13 on SLE 15/Leap 15.x in order to fix build; credits go to "Friedrich Haubensak" to figure this out! ==== Mesa-drivers ==== Version update (24.1.2 -> 24.1.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - Update to bugfix release 24.1.3 - -> https://docs.mesa3d.org/relnotes/24.1.3 - supersedes the following patches: * u_dri-Fix-BGR-format-exclusion.patch * u_egl-gbm-Enable-RGBA-configs.patch * u_egl-surfaceless-Enable-RGBA-configs.patch * boo1226725-test-fix1.patch - use gcc-13 on SLE 15/Leap 15.x in order to fix build; credits go to "Friedrich Haubensak" to figure this out! ==== MozillaFirefox ==== Version update (127.0 -> 128.0.3) - Firefox 128.0.3 Release * Fixed: Fixed an issue causing some sites to not load when connecting via HTTP/2. (bmo#1908161, bmo#1909666) * Fixed: Fixed collapsed table rows not appearing when expected in some situations. (bmo#1907789) * Fixed: Fixed the Windows on-screen keyboard potentially concealing the webpage when displayed. (bmo#1907766) - Firefox 128.0.2 Release * Fixed: Fixed an audio echo in video calls on macOS under certain conditions. (bmo#1908539) * Fixed: Fixed an issue where the Adguard extension popup was not displaying. (bmo#1906132) * Fixed: Fixed an issue causing some screen readers to fail to read when navigating by character in rich text editors. (Bug 1905021) * Fixed: Fixed visual glitches when dark mode is enabled in Windows ARM devices. (bmo#1897444) * Fixed: Fixed an issue causing NTLM authentication failure. (bmo#1908115) * Fixed: Fixed an issue where content displayed on mouseover was not captured in a screenshot. (bmo#1905468) * Fixed: Various stability fixes. - renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch to conform with patch structure and naming for the package - Add firefox-3781e3117706.patch to fix boo#1227856 aka bmo#1905018 where an incompatible pointer assignment is not accepted in C by GCC 14. - Mozilla Firefox 128.0 https://www.mozilla.org/en-US/firefox/128.0/releasenotes MFSA 2024-29 (bsc#1226316) * CVE-2024-6605 (bmo#1836786) Firefox Android missed activation delay to prevent tapjacking * CVE-2024-6606 (bmo#1902305) Out-of-bounds read in clipboard component * CVE-2024-6607 (bmo#1694513) Leaving pointerlock by pressing the escape key could be prevented * CVE-2024-6608 (bmo#1743329) Cursor could be moved out of the viewport using pointerlock. * CVE-2024-6609 (bmo#1839258) Memory corruption in NSS * CVE-2024-6610 (bmo#1883396) Form validation popups could block exiting full-screen mode * CVE-2024-6600 (bmo#1888340) Memory corruption in WebGL API * CVE-2024-6601 (bmo#1890748) Race condition in permission assignment * CVE-2024-6602 (bmo#1895032) Memory corruption in NSS * CVE-2024-6603 (bmo#1895081) Memory corruption in thread creation * CVE-2024-6611 (bmo#1844827) Incorrect handling of SameSite cookies * CVE-2024-6612 (bmo#1880374) CSP violation leakage when using devtools * CVE-2024-6613 (bmo#1900523) Incorrect listing of stack frames * CVE-2024-6614 (bmo#1902983) Incorrect listing of stack frames * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 * CVE-2024-6615 (bmo#1892875, bmo#1894428, bmo#1898364) Memory safety bugs fixed in Firefox 128 - requires NSS 3.101.1 rust >= 1.78 - update create-tar.sh - add wayland upstream fixes (bmo#1907511, bmo#1898476) (mozilla-bmo1898476.patch and mozilla-bmo1907511.patch) - Mozilla Firefox 127.0.2 * Fixed an issue where YouTube playback may experience stalling under certain conditions (bmo#1900191, bmo#1878510). * Fixed an issue where the Private Window icon was displayed in the taskbar on Windows when browser.privateWindowSeparation.enabled was set to false (bmo#1901840). - Mozilla Firefox 127.0.1 * Fixed an issue where users with a primary password set on their profile could lose their previous session of tabs upon upgrading if they dismissed the primary password prompt (bmo#1901899). * Fixed an issue where Linux users with accessibility.monoaudio.enable set to true were experiencing slow audio speeds (bmo#1900972). * Fixed an issue where, in some circumstances, the Firefox installer on Windows failed to complete the installation (bmo#1896868). * Fixed an issue causing Firefox to incorrectly reject cookies for certain websites (bmo#1901325). - Fix GNOME search provider (boo#1225278) ==== NetworkManager ==== Version update (1.48.2 -> 1.48.6) Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Add NetworkManager-dont-renew-bridge-dhcp-if-no-mac-on-wakeup.patch: manager: don't renew dhcp lease when software devices' MAC is empty (bsc#1225498, glfd#NetworkManager/NetworkManager#1587). - Update to version 1.48.6: + activation: Allow changing controller of exposed active connection + ovs: wait for the link to be ready before activating + policy: assert that the auto-activate list is empty on dispose - Update to version 1.48.4: + Support matching a OVS system interface by MAC address. + When looking up the system hostname from the reverse DNS lookup of addresses configured on interfaces, NetworkManager now takes into account the content of /etc/hosts. ==== SVT-AV1 ==== Version update (2.1.1 -> 2.1.2) - update to 2.1.2: * Cleanup, bug fixes: * Fixed profile-guided-optimization build by removing the remaining decoder path ==== aaa_base ==== Version update (84.87+git20240620.57ee9e1 -> 84.87+git20240805.7513b28) Subpackages: aaa_base-extras - Update to version 84.87+git20240805.7513b28: * Remove obsolete resolv+ manual page * Remove obsolete defaultdomain.5 manual page * Move /etc/skel to /usr/etc/skel (hermetic-usr) * Remove obsolete refresh_initrd * Add deprecation notice for service [jsc#PED-266] - Update to version 84.87+git20240801.75f05dd: * sysctl: Don't set kernel.pid_max on 32b archs (bsc#1227117) ==== aalib ==== - Add -fpermissive to the remaining uses of optflags. [boo#1223910] ==== abseil-cpp ==== Subpackages: libabsl_2401_0_0 libabsl_lite_2401_0_0 - Add upstream patch abseil-cmake-gtest-testonly.patch to fix issue with GTest and CMake 3.30 ==== akonadi ==== Version update (24.05.1 -> 24.05.2) Subpackages: libKPim6AkonadiAgentBase6 libKPim6AkonadiCore6 libKPim6AkonadiPrivate6 libKPim6AkonadiWidgets6 libKPim6AkonadiXml6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-calendar ==== Version update (24.05.1 -> 24.05.2) Subpackages: akonadi-plugin-calendar kalendarac libKPim6AkonadiCalendar6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - Changes since 24.05.1: * Add missing change notification for initial calendar loading ==== akonadi-calendar-tools ==== Version update (24.05.1 -> 24.05.2) - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-contacts ==== Version update (24.05.1 -> 24.05.2) Subpackages: akonadi-plugin-contacts libKPim6AkonadiContactCore6 libKPim6AkonadiContactWidgets6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-import-wizard ==== Version update (24.05.1 -> 24.05.2) Subpackages: libKPim6ImportWizard6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-mime ==== Version update (24.05.1 -> 24.05.2) Subpackages: akonadi-plugin-mime libKPim6AkonadiMime6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-notes ==== Version update (24.05.1 -> 24.05.2) - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akonadi-search ==== Version update (24.05.1 -> 24.05.2) Subpackages: libKPim6AkonadiSearch6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== akregator ==== Version update (24.05.1 -> 24.05.2) - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== amarok ==== Version update (3.0.1 -> 3.1.0) - Update to 3.1.0 https://blogs.kde.org/2024/08/02/amarok-3.1-tricks-of-the-light-released/ New features: * Last.fm plugin updated to use token-based authentication (kde#414826, kde#327547) * Reintroducing Last.fm Similar Artists context applet * Remember the previous destination provider when saving playlist (kde#216528) ==== analitza ==== Version update (24.05.1 -> 24.05.2) Subpackages: libAnalitza9 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== apache2 ==== Version update (2.4.59 -> 2.4.62) - Update to 2.4.62 * ) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) [boo#1228098] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) * ) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1228097] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. * ) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] * ) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] * ) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] * ) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki ] * ) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] * ) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic] - Update to 2.4.61 * ) SECURITY: CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1227353] A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. - Update to 2.4.60 * ) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution (cve.mitre.org) [boo#1227271] Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (cve.mitre.org) [boo#1227270] null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (cve.mitre.org) [boo#1227269] Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'AddHandler' after this fix. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (cve.mitre.org) [boo#1227268] Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences (cve.mitre.org) [boo#1227278] Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Note: Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding problem (cve.mitre.org) [boo#1227276] Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent ... changelog too long, skipping 49 lines ... - apache2-issue-444.patch ==== apache2-manual ==== Version update (2.4.59 -> 2.4.62) - Update to 2.4.62 * ) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) [boo#1228098] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) * ) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1228097] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. * ) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] * ) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] * ) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] * ) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki ] * ) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] * ) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic] - Update to 2.4.61 * ) SECURITY: CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1227353] A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. - Update to 2.4.60 * ) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution (cve.mitre.org) [boo#1227271] Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (cve.mitre.org) [boo#1227270] null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (cve.mitre.org) [boo#1227269] Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'AddHandler' after this fix. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (cve.mitre.org) [boo#1227268] Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences (cve.mitre.org) [boo#1227278] Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Note: Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding problem (cve.mitre.org) [boo#1227276] Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent ... changelog too long, skipping 49 lines ... - apache2-issue-444.patch ==== apache2-mod_php8 ==== Version update (8.3.8 -> 8.3.9) - version update to 8.3.9 Core: Fixed bug GH-14315 (Incompatible pointer type warnings). Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon). Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()). Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor). Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call). Fixed bug GH-14549 (Incompatible function pointer type for fclose). BCMatch: Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). Curl: Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). DOM: Fixed bug GH-14343 (Memory leak in xml and dom). FPM: Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool). GD: Fix parameter numbers for imagecolorset(). Intl: Fix reference handling in SpoofChecker. MySQLnd: Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection). Opcache: Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). Fixed TLS access in JIT on FreeBSD/amd64. Fixed bug GH-11188 (Error when building TSRM in ARM64). PDO ODBC: Fixed bug GH-14367 (incompatible SDWORD type with iODBC). PHPDBG: Fixed bug GH-13681 (segfault on watchpoint addition failure). Soap: Fixed bug #47925 (PHPClient can't decompress response). Fix missing error restore code. Fix memory leak if calling SoapServer::setObject() twice. Fix memory leak if calling SoapServer::setClass() twice. Fix reading zlib ini settings in ext-soap. Fix memory leaks with string function name lookups. Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name). Fixed bug #76232 (SoapClient Cookie Header Semicolon). Fixed memory leaks when calling SoapFault::__construct() twice. Sodium: Fix memory leaks in ext/sodium on failure of some functions. SPL: Fixed bug GH-14290 (Member access within null pointer in extension spl). Standard: Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets). Streams: Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). ==== apache2-prefork ==== Version update (2.4.59 -> 2.4.62) - Update to 2.4.62 * ) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) [boo#1228098] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) * ) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1228097] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. * ) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] * ) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] * ) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] * ) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki ] * ) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] * ) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic] - Update to 2.4.61 * ) SECURITY: CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1227353] A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. - Update to 2.4.60 * ) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution (cve.mitre.org) [boo#1227271] Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (cve.mitre.org) [boo#1227270] null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (cve.mitre.org) [boo#1227269] Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'AddHandler' after this fix. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (cve.mitre.org) [boo#1227268] Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences (cve.mitre.org) [boo#1227278] Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Note: Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding problem (cve.mitre.org) [boo#1227276] Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent ... changelog too long, skipping 49 lines ... - apache2-issue-444.patch ==== apache2-utils ==== Version update (2.4.59 -> 2.4.62) - Update to 2.4.62 * ) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (cve.mitre.org) [boo#1228098] SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. Credits: Smi1e (DBAPPSecurity Ltd.) * ) SECURITY: CVE-2024-40725: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1228097] A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. * ) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] * ) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs. PR 69160 [Yann Ylavic] * ) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2. [Joe Orton] * ) mod_ssl: Add support for loading certs/keys from pkcs11: URIs via OpenSSL 3.x providers. [Ingo Franzki ] * ) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0. [Ruediger Pluem, Yann Ylavic] * ) mpm_worker: Fix possible warning (AH00045) about children processes not terminating timely. [Yann Ylavic] - Update to 2.4.61 * ) SECURITY: CVE-2024-39884: Apache HTTP Server: source code disclosure with handlers configured via AddType (cve.mitre.org) [boo#1227353] A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.61, which fixes this issue. - Update to 2.4.60 * ) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy handler substitution (cve.mitre.org) [boo#1227271] Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38477: Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request (cve.mitre.org) [boo#1227270] null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38476: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect (cve.mitre.org) [boo#1227269] Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Note: Some legacy uses of the 'AddType' directive to connect a request to a handler must be ported to 'AddHandler' after this fix. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38475: Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. (cve.mitre.org) [boo#1227268] Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38474: Apache HTTP Server weakness with encoded question marks in backreferences (cve.mitre.org) [boo#1227278] Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Note: Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. Credits: Orange Tsai (@orange_8361) from DEVCORE * ) SECURITY: CVE-2024-38473: Apache HTTP Server proxy encoding problem (cve.mitre.org) [boo#1227276] Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent ... changelog too long, skipping 49 lines ... - apache2-issue-444.patch ==== apparmor ==== Version update (4.0.1 -> 4.0.2) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - update to AppArmor 4.0.2 - bugfix release with lots of fixes in all areas - add new userns profiles for balena-etcher, chromium and wike - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_4.0.2 for the detailed upstream changelog - drop upstream(ed) patches: - aa-remove-unknown-fix-unconfined.diff - logprof-mount-empty-source.diff - plasmashell.diff - sampa-rpcd-witness.diff - sddm-xauth.diff - teardown-unconfined.diff - test-aa-notify.diff - tools-fix-redefinition.diff - utils-relax-mount-rules-2.diff - utils-relax-mount-rules.diff - refresh GPG key (was expired) ==== ark ==== Version update (24.05.1 -> 24.05.2) Subpackages: libkerfuffle24 - Add patch to fix tmp folder cleanup (kde#487229): * 0001-cliinterface-adapt-to-behavior-change-in-QTemporaryD.patch - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - Changes since 24.05.1: * Tests: Comment out test that fails to pass ==== b43-fwcutter ==== - Provide fallback in case %_firmwaredir is not defined ==== baloo-widgets ==== Version update (24.05.1 -> 24.05.2) - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - Changes since 24.05.1: * Fix FileMetadataItemCountTest::testItemCount ==== bind ==== Version update (9.18.27 -> 9.20.0) Subpackages: bind-doc bind-utils - Update to new major version 9.20.0 For a complete list of all changes see: * https://bind9.readthedocs.io/en/v9.20.0/notes.html * The CHANGES file in the source RPM Some noteworthy changes: * Added new BuildRequires liburcu for lock free data structures. * A new DNSSEC tool dnssec-ksr has been added to create Key Signing Request (KSR) and Signed Key Response (SKR) files. * /etc/bind.keys and /var/lib/named/named.root.key have been removed as the correct defaults are pre-compiled and there is no need to configure bind.keys manually. * The functions that were in the libbind9 shared library have been moved to the libisc and libisccfg libraries. The now-empty libbind9 has been removed and is no longer installed. * The irs_resconf module has been moved to the libdns shared library. The now-empty libirs library has been removed and is no longer installed. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) [bsc#1228255] * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) [bsc#1228256] * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) [bsc#1228257] * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) [bsc#1228258] ==== blinken ==== Version update (24.05.1 -> 24.05.2) - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== bluedevil6 ==== Version update (6.1.1 -> 6.1.4) - Update to 6.1.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.4 - Changes since 6.1.3: * update version for new release - Update to 6.1.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.3 - Changes since 6.1.2: * update version for new release - Update to 6.1.2: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.2 - Changes since 6.1.1: * update version for new release ==== blueman ==== Version update (2.3.5 -> 2.4.2) Subpackages: thunar-sendto-blueman - Update to version 2.4.2: * Broken audio profile applet menu items * Missing manager window title * Teardown of DBus mock server in tests * Only a single battery notification * Renamed recent connections header in applet menu * Translation updates * An option to toggle the manager window with the tray icon (the 2.3 behavior useful when there are no window decorations for closing it) - Update to version 2.4.1: * Fallback for missing icons * Correct Bluetooth state tracking in manager window * Sporadic error on battery data (Note that there was a regression in Linux 6.8.2, 6.7.11 and 6.6.23 that causes it and lots of other trouble) * Active state on tray icon * Broken markup in tray menu * Translation updates * Handle incompabilities with kded6 running on desktops without StatusNotifierItem support - Update to version 2.4: * Fix device-selected handlers * Fix deprecations in tests * Fix showing -1 seconds when discovering @kuraga * Tray: Let dbus call end and reply to caller * Get the image-missing icon if lookup failed to avoid crash * Raise minimum Python version to 3.8 * Raise minumum Gtk+ version to 3.24 * Hide recent connections associated with unavailable adapters * Store network configuration in GSettings instead of /var/lib/blueman/network.state. * Replace custom MessageArea widget with regular Gtk.InfoBar * Drop auto-power feature. BlueZ now has the AutoEnable setting for even better auto-powering. * Do not use pointless link quality value * Recent connections in toplevel applet menu * Never hide keyboard and combos, see #1954 for more info * Do not close blueman-manager from applet * Add Switch to blueman-manager to set bluetooth on/off * Remove broken check for bluetooth status * PluginDialog: Replace custom list with Gtk.ListBox * Ignore double-click for connect when unpowered * Drop homgeneous from statusbar * PulseAudioUtils: Use python enums in several places * Use operator convenience functions * Cleanup PluginDialog UI * Show HCI device in blueman-adapers tabs * Show different icon for the active audio profile @localevil * Make blueman-services a notebook * Use the TypedDict as constructor * Audio profile switcher in applet menu (@abhijeetviswa) * Set router address as DNS server instead of loopback addresses * Enable dnsmasq DNS service if possible and add DNS servers otherwise * Reconfigure DHCP service on local nameserver changes * Support for systemd-resolved for getting nameservers for NAP clients * List connected devices in status icon tooltip * Support for nautilus 43 and later * Copy bleutooth address to clipboard in devicelist * Add battery levels to status icon tooltip ==== bolt ==== - Edit license: LGPL-2.1-or-later - Add BuildRequires: asciidoc to produce manpages: * boltd.8 boltctl.1 - Switch dependencies to provided pkgconfig - Update meson required version 0.60 - Use autosetup ==== boost-base ==== Subpackages: boost-license1_85_0 libboost_filesystem1_85_0 libboost_iostreams1_85_0 libboost_locale1_85_0 libboost_program_options1_85_0 libboost_thread1_85_0 - add patch boost-1.85.0-python-numpy-2.patch from upstream ==== boost-extra ==== - add patch boost-1.85.0-python-numpy-2.patch from upstream ==== breeze6 ==== Version update (6.1.1 -> 6.1.4) Subpackages: breeze6-cursors breeze6-decoration breeze6-style - Update to 6.1.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.4 - Changes since 6.1.3: * update version for new release - Update to 6.1.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.3 - Changes since 6.1.2: * update version for new release - Update to 6.1.2: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.2 - Changes since 6.1.1: * update version for new release ==== breeze6-gtk ==== Version update (6.1.1 -> 6.1.4) Subpackages: gtk2-metatheme-breeze6 gtk3-metatheme-breeze6 gtk4-metatheme-breeze6 metatheme-breeze6-common - Update to 6.1.4: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.4 - Changes since 6.1.3: * update version for new release - Update to 6.1.3: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.3 - Changes since 6.1.2: * update version for new release - Update to 6.1.2: * New bugfix release * For more details see https://kde.org/announcements/plasma/6/6.1.2 - Changes since 6.1.1: * update version for new release ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Add %python3_fix_shebang_path to fix binaries dependency on /usr/bin/python3 ==== btrfsmaintenance ==== Version update (0.5 -> 0.5.2) - update to version 0.5.2 - fix syntax error in run_task, preventing jobs to start - start scrub jobs sequentially if RAID5 or RAID6 data profile is found - fix btrfsmaintenance-refresh.service description - fix bsc#1224364 - update to version 0.5.1 - fix handling of OnCalendar timer directive in the drop-in configuration file that reads the periods from the sysconfig - fix use of --verbose option of fstrim, not available on util-linux < 2.27 - ship manual page of README, also available as 'systemctl help servicename' ==== btrfsprogs ==== Version update (6.9 -> 6.10) Subpackages: btrfsprogs-bash-completion btrfsprogs-udev-rules libbtrfs0 libbtrfsutil1 - update to 6.10 * inspect: * list-chunks: new command to print information about chunks (i.e. the physical chunks as stored on devices), sortable; requires root as it's using SEARCH_TREE ioctl * tree-stats: * new option -t to print only the given tree * add long options for size units * filesystem df: with increased verbosity print per-type information from sysfs * version: print a line with built-in features or options (+FEATURE1 -FEATURE2) * image: document option -s and its potential problems * fixes: * scrub status: user selected base for Rate values * receive: escape special characters in paths and xattrs * dump-tree: escape special characters in paths and xattrs * image: sanitizing filenames did not work properly in all cases * convert: fix displayed restored image path on rollback * tune change csum: do conversion in smaller batches * other: * build fixes for uClibc * build fix for python 3.13 * documentation updates - update to 6.9.2 * subvol list: fix accidental trimming of subvolume name * check: revert checking file extent item 'ram_bytes' * libbtrfsutil: * patchlevel version update 1.3.2 * fix accidentally closing fd passed to subvolume iterator - update to 6.9.1 * fix detection of intermediate super block flags (e.g. csum change and other conversions) * raid-stripe-tree support (still experimental): * moved under experimental build flags (mkfs, convert) * format change, removed encoding type; backward incompatible * receive dump: escape special chars in xattr names and values, and clone source path * tune change csum: fix reservation size when starting a transaction * other: * new and updated tests * updated CI images, new reference build targets * cleanups and refactoring ==== ca-certificates-mozilla ==== Version update (2.66 -> 2.68) - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 ==== calendarsupport ==== Version update (24.05.1 -> 24.05.2) Subpackages: libKPim6CalendarSupport6 - Update to 24.05.2 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/24.05.2/ - No code change since 24.05.1 ==== certmonger ==== - Add cm_dont_restart_external.patch (a SUSE specific patch) which prevents the restart of the cert request for an external ca (bsc#1221406). ==== cfitsio ==== Version update (4.3.1 -> 4.4.0) - Update to version 4.4.0: * Reorganization of helper utility code; added fitsverify * CMakeLists.txt: Changed install location of cfitsio-targets.cmake to conform with the one listed in cfitsio-config.cmake.in (i.e. including the extra "cfitsio" subdir of lib/cmake). * calculator functions that read GTIs do more correct validity checking of GTI input files * fits_insert_rows now works if input table starts with both no rows and no columns * Can now write internal memory files of size > 2^32 directly to a gzip-compressed output file. * Added support for unsigned long long types to fits_update_key. * Added ability for Windows builds to handle UTF-8 needed for reading filenames with non-ASCII characters. * Added 2-byte int test to speed.c utility. * Made fix to http file handler to expand the allowed URL length. - Change License tag to NASA-1.3 in keeping with upstream. - Switch to cmake+ninja for build. - Switch BuildRequires to pkgconfig based packages where possible. - Add a bunch of cmake build related patches to make the output close to that generated by autotools: * cfitsio-cmake-devel-scripts-destination.patch: Fix destination of pkgconfig and cmake scripts from /usr/lib to %{_libdir}. * cfitsio-cmake-allow-user-specified-incdir.patch: Allow specifying user-defined include dir into which to install header files. * cfitsio-cmake-lowercase-util-names.patch: Use lowercase names for utility binaries when building using cmake (same as autotools) * cfitsio-cmake-match-autotools-soversion.patch: Same so number as used in configure.in. ==== checkpolicy ==== Version update (3.6 -> 3.7) - Update to version 3.7 https://github.com/SELinuxProject/selinux/releases/tag/3.7 * User-visible changes: * checkpolicy: support CIDR notation for nodecon statements * checkpolicy: provide more descriptive error messages and improve error handling * Bugfixes: * checkpolicy: handle unprintable token * checkpolicy: avoid assigning garbage values * checkpolicy: free temporary bounds type * checkpolicy: perform contiguous check in host byte order * checkpolicy: include for isprint(3) * oss-fuzz fixes: * checkpolicy: add libfuzz based fuzzer * checkpolicy: free complete role_allow_rule on error * checkpolicy: free identifiers on invalid typebounds * checkpolicy: return YYerror on invalid character * checkpolicy: clone level only once ==== chrony ==== Subpackages: chrony-pool-openSUSE - Update clknetsim to snapshot 633a0be: fix missing stat/fstat with latest glibc. ==== clamav ==== Version update (0.103.11 -> 1.3.1) - Add upstream 1305.patch to fix tests (boo#1102840, https://github.com/Cisco-Talos/clamav/issues/1300) - New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL Freshclam config option to be pruned and then re-downloaded with every update. * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - New version: 1.3.0: * Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default, but may be optionally disabled. * Added file type recognition for compiled Python (`.pyc`) files. * Improved support for decrypting PDFs with empty passwords. * Fixed a warning when scanning some HTML files. * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan. - New version: 1.2.0: * Added support for extracting Universal Disk Format (UDF) partitions. * Added an option to customize the size of ClamAV's clean file cache. * Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes. * Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror. * Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree. * PID and socket are now located under /run/clamav/clamd.pid and /run/clamav/clamd.sock . * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature. - New version 1.1.0: * https://blog.clamav.net/2023/05/clamav-110-released.html * Added the ability to extract images embedded in HTML CSS