Packages changed: alsa-ucm-conf alsa-utils curl erofs-utils (1.8.1 -> 1.8.2) gnutls (3.8.7 -> 3.8.8) iptables (1.8.10 -> 1.8.11) kernel-firmware (20241018 -> 20241113) kernel-source (6.11.7 -> 6.11.8) libsoup libsoup2 libxml2 libxml2-python llvm19 mariadb (11.5.2 -> 11.6.1) microos-tools (4.0+git2 -> 4.0+git6) openSUSE-release (20241114 -> 20241115) postgresql postgresql17 (17.0 -> 17.1) python311 python311-core tcpd tiff virtualbox virtualbox-kmp (7.1.4_k6.11.7_1 -> 7.1.4_k6.11.8_1) xprop (1.2.7 -> 1.2.8) yast2-iscsi-client (5.0.4 -> 5.0.5) === Details === ==== alsa-ucm-conf ==== - Backport upstream fixes for sof-hda-dsp: 0001-UCM2-Intel-sof-hda-dsp-Fix-handling-of-empty-sys_ven.patch 0002-sof-hda-dsp-Fix-the-case-where-sysfs-dmi-product_nam.patch ==== alsa-utils ==== - Fix alsactl restore error (bsc#1233353): 0001-alsactl-90-alsa-restore.rules-fix-alsa_restore_go-st.patch ==== curl ==== Subpackages: curl-zsh-completion libcurl4 - Add patch to fix libcurl when netrc parsing is enabled. curl_easy_duphandle did not init netrc which broke applications such as for example git. gh#curl/curl#15496 * 0001-duphandle-also-init-netrc.patch ==== erofs-utils ==== Version update (1.8.1 -> 1.8.2) - Update to release 1.8.2 * mkfs: Correctly skip unidentified xattrs * fsck: Support exporting xattrs optionally * mkfs: Correctly sort shared xattrs * mkfs: Allow pax headers with empty names * mkfs: Add `--sort=none` option for tarball ==== gnutls ==== Version update (3.8.7 -> 3.8.8) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit - Update to 3.8.8: - libgnutls: Experimental support for X25519MLKEM768 and SecP256r1MLKEM768 key exchange in TLS 1.3: The support for post-quantum key exchanges has been extended to cover the final standard of ML-KEM, following draft-kwiatkowski-tls-ecdhe-mlkem. The minimum supported version of liboqs is bumped to 0.11.0. - libgnutls: All records included in an OCSP response are now checked in TLS: Previously, when multiple records are provided in a single OCSP response, only the first record was considered; now all those records are examined until the server certificate matches. - libgnutls: Handling of malformed compress_certificate extension is now more standard compliant: The server behavior of receiving a malformed compress_certificate extension now more strictly follows RFC 8879; return illegal_parameter alert instead of bad_certificate, as well as overlong extension data is properly rejected. - build: More flexible library linking options for compression libraries, TPM, and liboqs support: The configure options, - -with-zstd, --with-brotli, --with-zlib, --with-tpm2, and --with-liboqs now take 4 states: yes/link/dlopen/no, to specify how the libraries are linked or loaded. * Rebase gnutls-FIPS-140-3-references.patch ==== iptables ==== Version update (1.8.10 -> 1.8.11) Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - Update to release 1.8.11 * New arptables-translate tool * ebtables-nft: support --replace and --list-rules commands * iptables-translate: support socket match and TPROXY target ==== kernel-firmware ==== Version update (20241018 -> 20241113) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 - Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 - Drop obsoleted workaround patch: copy-file-skip-check.patch - Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 - Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set ==== kernel-source ==== Version update (6.11.7 -> 6.11.8) - Linux 6.11.8 (bsc#1012628). - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1012628). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (bsc#1012628). - xtensa: Emulate one-byte cmpxchg (bsc#1012628). - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (bsc#1012628). - drm/xe/guc/tlb: Flush g2h worker in case of tlb timeout (bsc#1012628). - drm/xe/ufence: Flush xe ordered_wq in case of ufence timeout (bsc#1012628). - drm/xe: Move LNL scheduling WA to xe_device.h (bsc#1012628). - drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout (bsc#1012628). - block: fix queue limits checks in blk_rq_map_user_bvec for real (bsc#1012628). - blacklist.conf: drop it - block: rework bio splitting (bsc#1012628). - firmware: qcom: scm: suppress download mode error (bsc#1012628). - firmware: qcom: scm: Refactor code to support multiple dload mode (bsc#1012628). - Update config files. - selftests: hugetlb_dio: check for initial conditions to skip in the start (bsc#1012628). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1012628). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (bsc#1012628). - irqchip/gic-v3: Force propagation of the active state with a read-back (bsc#1012628). - staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation (bsc#1012628). - staging: vchiq_arm: Use devm_kzalloc() for drv_mgmt allocation (bsc#1012628). - thunderbolt: Fix connection issue with Pluggable UD-4VPD dock (bsc#1012628). - clk: qcom: gcc-x1e80100: Fix halt_check for pipediv2 clocks (bsc#1012628). - clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs (bsc#1012628). - USB: serial: option: add Quectel RG650V (bsc#1012628). - USB: serial: option: add Fibocom FG132 0x0112 composition (bsc#1012628). - USB: serial: qcserial: add support for Sierra Wireless EM86xx (bsc#1012628). - USB: serial: io_edgeport: fix use after free in debug printk (bsc#1012628). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (bsc#1012628). - usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier (bsc#1012628). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (bsc#1012628). - usb: musb: sunxi: Fix accessing an released usb phy (bsc#1012628). - thunderbolt: Add only on-board retimers when !CONFIG_USB4_DEBUGFS_MARGINING (bsc#1012628). - mm/thp: fix deferred split unqueue naming and locking (bsc#1012628). - mm/mlock: set the correct prev on failure (bsc#1012628). - mm/damon/core: handle zero schemes apply interval (bsc#1012628). - mm/damon/core: handle zero {aggregation,ops_update} intervals (bsc#1012628). - mm/damon/core: avoid overflow in damon_feed_loop_next_input() (bsc#1012628). - signal: restore the override_rlimit logic (bsc#1012628). - objpool: fix to make percpu slot allocation more robust (bsc#1012628). - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' (bsc#1012628). - clk: qcom: clk-alpha-pll: Fix pll post div mask when width is not set (bsc#1012628). - clk: qcom: gcc-x1e80100: Fix USB MP SS1 PHY GDSC pwrsts flags (bsc#1012628). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (bsc#1012628). - filemap: Fix bounds checking in filemap_read() (bsc#1012628). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1012628). - platform/x86/amd/pmf: Add SMU metrics table support for 1Ah family 60h model (bsc#1012628). - platform/x86/amd/pmf: Update SMU metrics table for 1AH family series (bsc#1012628). - platform/x86/amd/pmf: Relocate CPU ID macros to the PMF header (bsc#1012628). - btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1012628). - btrfs: fix per-subvolume RO/RW flags with new mount API (bsc#1012628). - btrfs: fix the length of reserved qgroup to free (bsc#1012628). - idpf: fix idpf_vc_core_init error path (bsc#1012628). - idpf: avoid vport access in idpf_get_link_ksettings (bsc#1012628). - KVM: PPC: Book3S HV: Mask off LPCR_MER for a vCPU before running it to avoid spurious interrupts (bsc#1012628). - mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create (bsc#1012628). - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard ... changelog too long, skipping 1694 lines ... - commit dd0f9f9 ==== libsoup ==== Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0 - Add 4c9e75c6.patch: fix an intermittent test failure (glgo#GNOME/libsoup#399). ==== libsoup2 ==== Subpackages: libsoup-2_4-1 libsoup2-lang - Add 4c9e75c6.patch: fix an intermittent test failure (glgo#GNOME/libsoup#399). ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - add %{?sle15allpythons} macro [jsc#PED-68] - use %python_build and %python_install for 15 ==== libxml2-python ==== - add %{?sle15allpythons} macro [jsc#PED-68] - use %python_build and %python_install for 15 ==== llvm19 ==== Subpackages: clang-tools clang19 libLLVM19 libclang-cpp19 libclang13 libclang_rt19 llvm19-gold - Enable lldb on s390x and ppc64le (bsc#1232906). ==== mariadb ==== Version update (11.5.2 -> 11.6.1) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Update to 11.6.1: https://mariadb.com/kb/en/mariadb-11-6-1-releasqe-notes/ https://mariadb.com/kb/en/mariadb-11-6-1-changelog/ - Update list of skipped tests - Refresh gcc13-fix.patch - Reduce race in %mysql_testserver_start ==== microos-tools ==== Version update (4.0+git2 -> 4.0+git6) Subpackages: selinux-autorelabel - Update to version 4.0+git6: * test: Check for AVC denials in the journal * test: More reliable output of combustion-validate * test: Remove workaround for boo#1230912 * Label /sys before selinux-autorelabel units run (bsc#1232709) ==== openSUSE-release ==== Version update (20241114 -> 20241115) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== postgresql ==== Subpackages: postgresql-contrib postgresql-llvmjit postgresql-server - Bump major to 17 for SLE. ==== postgresql17 ==== Version update (17.0 -> 17.1) Subpackages: libpq5 postgresql17-contrib postgresql17-llvmjit postgresql17-server - Upgrade to 17.1: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * obsoletes postgresql17-jsonb_jsonpath.patch * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/17.1/ ==== python311 ==== Subpackages: python311-curses python311-dbm python311-x86-64-v3 - Remove -IVendor/ from python-config boo#1231795 ==== python311-core ==== Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3 - Remove -IVendor/ from python-config boo#1231795 ==== tcpd ==== - hosts.allow/hosts.deny: remove executable bit ==== tiff ==== - make doc packages noarch. no need to have those per arch - ensure that the src rpms are named per build flavor: You might now ask why. Good question: 1. the spec file during the build get patched. `@BUILD_FLAVOR@` gets replaced with the value. which means the src rpm between build flavor builds is not identical. Also the last built src.rpm will be published. with different content and runtime requires (aka our BuildRequires). 2. for historical reasons the internal dependency tracking goes via the src.rpm package. So without having differently named src.rpms the build cycle we were trying to solve was not actually solved. So we append a suffix to the Name attribute in the preamble now. - In the previous change to enable the cmake based build we also needed python3-Sphinx to build the man pages, as unlike the autotools based build, the cmake based build does not fall back to the pre-built man pages. This causes build cycle. Split out the documentation building to break the cycle. The Tumbleweed release managers preferred this solution over a mini package. - switch build to cmake for the webp build - we need the cmake finder code ==== virtualbox ==== - Use distro-default INSTALL_MOD_DIR for both kmp and for local-built files. Add host-source.patch [boo#1231346]. ==== virtualbox-kmp ==== Version update (7.1.4_k6.11.7_1 -> 7.1.4_k6.11.8_1) - Use distro-default INSTALL_MOD_DIR for both kmp and for local-built files. Add host-source.patch [boo#1231346]. ==== xprop ==== Version update (1.2.7 -> 1.2.8) - Update to version 1.2.8 * This release contains the following change to the way icons are displayed in the terminal when COLORTERM=truecolor in the environment variables: The vast majority of monospaced fonts are roughly half as wide as they are tall; to account for this when displaying icons, `xprop` draws each pixel twice in the horizontal, which nicely evens out the proportions. This patch utilizes the Lower Half Block character (▄) to obtain the same result in a quarter of the space. By setting both a background and a foreground color, we can draw two pixels per character cell, thereby halving the apparent height of an icon rather than doubling its width. ==== yast2-iscsi-client ==== Version update (5.0.4 -> 5.0.5) - Fix typo introduced by previous change (bsc#1231385, bsc#1233351) - 5.0.5