Packages changed: Mesa Mesa-drivers MozillaFirefox (124.0.1 -> 124.0.2) aaa_base (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) coreutils (9.4 -> 9.5) coreutils-systemd (9.4 -> 9.5) kdsoap-qt6 (2.1.1 -> 2.2.0) kirigami-addons6 (1.0.1 -> 1.1.0) krb5 libbpf (1.3.0 -> 1.4.0) libdeflate (1.19 -> 1.20) liburing (2.4 -> 2.5) nghttp2 (1.60.0 -> 1.61.0) openSUSE-release (20240403 -> 20240404) openssh python-M2Crypto python-Pillow (10.2.0 -> 10.3.0) python-pyasn1 (0.5.1 -> 0.6.0) re2 (20240301 -> 20240401) systemd vim xorg-x11-server (21.1.11 -> 21.1.12) xwayland (23.2.4 -> 23.2.5) yast2-storage-ng (5.0.10 -> 5.0.11) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - fix missing free codecs in builds with non-free codecs enabled ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libxatracker2 - fix missing free codecs in builds with non-free codecs enabled ==== MozillaFirefox ==== Version update (124.0.1 -> 124.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 124.0.2 https://www.mozilla.org/en-US/firefox/124.0.2/releasenotes/ * Fixed an issue where users with a large amount of bookmarks would be unable to restore a bookmarks backup. (bmo#1884308) * Fixed an issue that would cause open Firefox windows to go blank or crash during video playback on sites such as Netflix. (bmo#1883932) * Fixed a crash that affected Linux AArch64 builds. (bmo#1866396) * Fixed an issue where some users experienced difficulties loading webpages due to changes made to the default AppArmor configuration shipping in Ubuntu 24.04. (bmo#1884347) ==== aaa_base ==== Version update (84.87+git20240202.9526d46 -> 84.87+git20240402.16596d1) Subpackages: aaa_base-extras - Update to version 84.87+git20240402.16596d1: * add alacritty to DIR_COLORS * Make sure tput it present before resetting TERM * Add mc helpers for both tcsh and bash resources * Do not overwrite escape sequences for xterm like * Check for valid TERM ==== coreutils ==== Version update (9.4 -> 9.5) Subpackages: coreutils-lang - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== coreutils-systemd ==== Version update (9.4 -> 9.5) - Update to 9.5: Bug fixes: * chmod -R now avoids a race where an attacker may replace a traversed file with a symlink, causing chmod to operate on an unintended file. [This bug was present in "the beginning".] * cp, mv, and install no longer issue spurious diagnostics like "failed to preserve ownership" when copying to GNU/Linux CIFS file systems. They do this by working around some Linux CIFS bugs. * cp --no-preserve=mode will correctly maintain set-group-ID bits for created directories. Previously on systems that didn't support ACLs, cp would have reset the set-group-ID bit on created directories. [bug introduced in coreutils-8.20] * join and uniq now support multi-byte characters better. For example, 'join -tX' now works even if X is a multi-byte character, and both programs now treat multi-byte characters like U+3000 IDEOGRAPHIC SPACE as blanks if the current locale treats them so. * numfmt options like --suffix no longer have an arbitrary 127-byte limit. [bug introduced with numfmt in coreutils-8.21] * mktemp with --suffix now better diagnoses templates with too few X's. Previously it conflated the insignificant --suffix in the error. [bug introduced in coreutils-8.1] * sort again handles thousands grouping characters in single-byte locales where the grouping character is greater than CHAR_MAX. For e.g. signed character platforms with a 0xA0 (aka  ) grouping character. [bug introduced in coreutils-9.1] * split --line-bytes with a mixture of very long and short lines no longer overwrites the heap (CVE-2024-0684). [bug introduced in coreutils-9.2] * tail no longer mishandles input from files in /proc and /sys file systems, on systems with a page size larger than the stdio BUFSIZ. [This bug was present in "the beginning".] * timeout avoids a narrow race condition, where it might kill arbitrary processes after a failed process fork. [bug introduced with timeout in coreutils-7.0] * timeout avoids a narrow race condition, where it might fail to kill monitored processes immediately after forking them. [bug introduced with timeout in coreutils-7.0] * wc no longer fails to count unprintable characters as parts of words. [bug introduced in textutils-2.1] Changes in behavior: * base32 and base64 no longer require padding when decoding. Previously an error was given for non padded encoded data. * base32 and base64 have improved detection of corrupted encodings. Previously encodings with non zero padding bits were accepted. * basenc --base16 -d now supports lower case hexadecimal characters. Previously an error was given for lower case hex digits. * cp --no-clobber, and mv -n no longer exit with failure status if existing files are encountered in the destination. Instead they revert to the behavior from before v9.2, silently skipping existing files. * ls --dired now implies long format output without hyperlinks enabled, and will take precedence over previously specified formats or hyperlink mode. * numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input, and uses lowercase 'k' when outputting such units in '--to=si' mode. * pinky no longer tries to canonicalize the user's login location by default, rather requiring the new --lookup option to enable this often slow feature. * wc no longer ignores encoding errors when counting words. Instead, it treats them as non white space. New features: * chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files with matching current OWNER and/or GROUP, as already supported by chown(1). * chmod adds support for -h, -H,-L,-P, and --dereference options, providing more control over symlink handling. This supports more secure handling of CLI arguments, and is more consistent with chown, and chmod on other systems. * cp now accepts the --keep-directory-symlink option (like tar), to preserve and follow existing symlinks to directories in the destination. * cp and mv now accept the --update=none-fail option, which is similar to the --no-clobber option, except that existing files are diagnosed, and the command exits with failure status if existing files. The -n,--no-clobber option is best avoided due to platform differences. * env now accepts the -a,--argv0 option to override the zeroth argument of the command being executed. * mv now accepts an --exchange option, which causes the source and destination to be exchanged. It should be combined with - -no-target-directory (-T) if the destination is a directory. The exchange is atomic if source and destination are on a single file system that supports atomic exchange; --exchange is not yet supported in other situations. * od now supports printing IEEE half precision floating point with -t fH, or brain 16 bit floating point with -t fB, where supported by the compiler. * tail now supports following multiple processes, with repeated --pid options. Improvements: * cp,mv,install,cat,split now read and write a minimum of 256KiB at a time. This was previously 128KiB and increasing to 256KiB was seen to increase throughput by 10-20% when reading cached files on modern systems. * env,kill,timeout now support unnamed signals. kill(1) for example now supports sending such signals, and env(1) will list them appropriately. * SELinux operations in file copy operations are now more efficient, avoiding unneeded MCS/MLS label translation. * sort no longer dynamically links to libcrypto unless -R is used. This decreases startup overhead in the typical case. * wc is now much faster in single-byte locales and somewhat faster in multi-byte locales. - coreutils-9.4.split-CVE-2024-0684.patch: Remove now-upstream patch. - gnulib-readutmp-under-gdm.patch: Likewise. - gnulib-readutmp.patch: Likewise. - coreutils-i18n.patch: Remove multi-byte patches for join and uniq, as the upstream version now handles those tests. Pull in gnulib module mbchar manually, as it is a dependency of mbfile, but dropped out of the upstream dependency chain. - coreutils-misc.patch: Remove change for gnulib-tests/test-isnanl.h. - coreutils-fix-gnulib-time_r-tests.patch: Add upstream gnulib patch to skip French test if TZ='Europe/Paris' does not work. ==== kdsoap-qt6 ==== Version update (2.1.1 -> 2.2.0) - update to 2.2.0: * buildsystem - Add co-installability of Qt5 and Qt6 headers back. Installs Qt6 headers into their own subdirectory so client code still works, but can be co-installed with Qt5 again. * Add KDSoapClientInterface::setMessageAddressingProperties() so that WS-Addressing support can be used with WSDL-generated services (issue #254) * Don't require a SOAP action in order to write addressing properties (also issue #254) * WSDL parser / code generator changes, applying to both client and server side * Improve -import-path ==== kirigami-addons6 ==== Version update (1.0.1 -> 1.1.0) Subpackages: kirigami-addons6-lang - Update to 1.1.0 * New FormCard delegate: FormColorDelegate * New delegate container: FormCardDialog * Fixed a newline bug in the AboutKDE component * The default size of MessageDialog was decreased * Fixed the autoplay of the video delegate for the maximized album component ==== krb5 ==== Subpackages: krb5-32bit krb5-client - Add crypto-policies support [bsc#1211301] * Update krb5.conf in vendor-files.tar.bz2 ==== libbpf ==== Version update (1.3.0 -> 1.4.0) - update to 1.4.0: * support for BPF token throughout low-level and high-level APIs (see also LIBBPF_BPF_TOKEN_PATH envvar) * struct_ops functionality around handling multi-kernel compatibility using BPF CO-RE principles and approaches * BPF arena map support * support __arena tagged global variables, which are automatically put into BPF arena map * BPF cookie support for raw tracepoint BPF programs in attach APIs loaded or created, respectively * add SEC("sk_skb/verdict") support * support global subprog argument tagging for for kprobe/uprobe, and perf_event BPF program with newly added __arg_ctx, __arg_nonnull, __arg_nullable, __arg_trusted, and __arg_arena annotations * add bpf_core_cast() macro, improving ergonomics of bpf_rdonly_cast() BPF helper * __long() macro added for specifying 64-bit values when declaring BTF-defined maps * better GCC-BPF support in BPF CO-RE macros in bpf_core_read.h header * show specific error messages when attempting to use struct bpf_program/bpf_map instances there were not loaded or created * fix inner map's max_entries setting logic * btf_ext__raw_data() and btf__new_split() APIs are added back * ignore DWARF sections in BPF linker sanity checks, improving handling of some corner cases * fix potential NULL dereference when handling corrupted ELF files. ==== libdeflate ==== Version update (1.19 -> 1.20) - update to 1.20: * Improved CRC-32 performance on recent x86 CPUs by adding * VPCLMULQDQ-accelerated implementations using 256-bit and 512-bit vectors. * Improved Adler-32 performance on recent x86 CPUs by adding * VNNI-accelerated implementations using 256-bit and 512-bit vectors. * Improved CRC-32 and Adler-32 performance on short inputs. * Optimized the portable implementation of Adler-32. * Added some basic optimizations for RISC-V. * Dropped support for gcc versions older than v4.9 (released in 2014) and clang versions older than v3.9 (released in 2016). * Dropped support for CRC-32 acceleration on 32-bit ARM using the ARMv8 pmull or crc32 instructions. ==== liburing ==== Version update (2.4 -> 2.5) - Update to 2.5: * Add support for io_uring_prep_cmd_sock() * Add support for application allocated ring memory, for placing rings in huge mem. Available through io_uring_queue_init_mem(). * Add support for registered ring fds * Various documentation updates * Various fixes - Remove (they are upstream) * test-io_uring_register-fix-errno-confusion-and-new-e.patch * tests-don-t-expect-multishot-recv-overflow-backloggi.patch - Add * test-recv-multishot-wait-for-the-right-amount-of-CQE.patch (to fix test errors on the 6.8.2 kernel) * test-no-mmap-inval-0-return-is-fine-too.patch (fix the test) ==== nghttp2 ==== Version update (1.60.0 -> 1.61.0) - version update to 1.61.0 * Fixes CVE-2024-28182 [bsc#1221399] * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 * Checkout with submodules by @jonaski in #2093 * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 * docker: Use copy --link by @tatsuhiro-t in #2099 * Nghttpx header idle timeout by @tatsuhiro-t in #2100 * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 * Rewrite hexdump by @tatsuhiro-t in #2102 * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 * Bump ngtcp2 by @tatsuhiro-t in #2105 * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 * Automate release process by @tatsuhiro-t in #2109 * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 * Add actions/stale by @tatsuhiro-t in #2116 * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 * No rfc7540 priority fix by @tatsuhiro-t in #2120 * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 * Bump munit by @tatsuhiro-t in #2131 * nghttpx: Fix error message by @tatsuhiro-t in #2133 * nghttpd: Fix read stall by @tatsuhiro-t in #2134 - gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206) ==== openSUSE-release ==== Version update (20240403 -> 20240404) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Use %config(noreplace) for sshd_config . In any case, it's recommended to drop a file in sshd_config.d instead of editing sshd_config (bsc#1221063) - Use %{_libexecdir} when removing ssh-keycat instead of the hardcoded path so it works in TW and SLE. - Add crypto-policies support [bsc#1211301] * Add patches: - openssh-9.6p1-crypto-policies.patch - openssh-9.6p1-crypto-policies-man.patch ==== python-M2Crypto ==== - Build for modern python stack on SLE/Leap ==== python-Pillow ==== Version update (10.2.0 -> 10.3.0) - update to 10.3.0 (bsc#1222262, CVE-2024-28219): * CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk] * Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk] * Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere] * Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk] * Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, [#7920] [radarhere] * Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere] * Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere] * Determine MPO size from markers, not EXIF data #7884 [radarhere] * Improved conversion from RGB to RGBa, LA and La #7888 [radarhere] * Support FITS images with GZIP_1 compression #7894 [radarhere] * Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere] * Raise ValueError if kmeans is negative #7891 [radarhere] * Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere] * Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere] * Added reading of JPEG2000 palettes #7870 [radarhere] * Added alpha_quality argument when saving WebP images #7872 [radarhere] * Fixed joined corners for ImageDraw rounded_rectangle() non- integer dimensions #7881 [radarhere] * Stop reading EPS image at EOF marker #7753 [radarhere] * PSD layer co-ordinates may be negative #7706 [radarhere] * Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [radarhere] * When saving GIF frame that restores to background color, do not fill identical pixels #7788 [radarhere] * Fixed reading PNG iCCP compression method #7823 [radarhere] * Allow writing IFDRational to UNDEFINED tag #7840 [radarhere] * Fix logged tag name when loading Exif data #7842 [radarhere] * Use maximum frame size in IHDR chunk when saving APNG images [#7821] [radarhere] * Prevent opening P TGA images without a palette #7797 [radarhere] * Use palette when loading ICO images #7798 [radarhere] * Use consistent arguments for load_read and load_seek #7713 [radarhere] * Turn off nullability warnings for macOS SDK #7827 [radarhere] * Fix shift-sign issue in Convert.c #7838 [r-barnes, radarhere] * Open 16-bit grayscale PNGs as I;16 #7849 [radarhere] * Handle truncated chunks at the end of PNG images #7709 [lajiyuan, radarhere] * Match mask size to pasted image size in GifImagePlugin #7779 [radarhere] * Release GIL while calling WebPAnimDecoderGetNext #7782 [evanmiller, radarhere] * Fixed reading FLI/FLC images with a prefix chunk #7804 [twolife] * Update wl-paste handling and return None for some errors in grabclipboard() on Linux #7745 [nik012003, radarhere] * Remove execute bit from setup.py #7760 [hugovk] * Do not support using test-image-results to upload images after test failures #7739 [radarhere] * Changed ImageMath.ops to be static #7721 [radarhere] * Fix APNG info after seeking backwards more than twice #7701 [esoma, radarhere] * Deprecate ImageCms constants and versions() function #7702 [nulano, radarhere] * Added PerspectiveTransform #7699 [radarhere] * Add support for reading and writing grayscale PFM images [#7696] [nulano, hugovk] * Add LCMS2 flags to ImageCms #7676 [nulano, radarhere, hugovk] * Rename x64 to AMD64 in winbuild #7693 [nulano] ==== python-pyasn1 ==== Version update (0.5.1 -> 0.6.0) - update to 0.6.0: * Added support for previously missing RELATIVE-OID construct * Updated link to Layman's Guide Now it provides a link to links to a formatted PDF version of the paper, at a stable domain (researchgate), using https * Removed support for EOL Python 2.7, 3.6, 3.7 ==== re2 ==== Version update (20240301 -> 20240401) - update to 2024-04-01: * Fix SIGSEGV if Match is called before Compile * remove unsuppressable stderr message when compiling an empty re2.Filter ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev1 systemd-32bit systemd-boot systemd-container systemd-coredump systemd-lang udev - Move systemd-repart from experimental to udev. - Add 0001-Drop-support-for-efivar-SystemdOptions.patch (bsc#1220338) Upstream deprecated it and plan to drop it in the future. Let's get ahead and drop it now as this feature is unlikely to be used on SUSE distros and it might be used to gain access to encrypted SLEM systems with unattended disk unlock and with secure boot disabled. - The following patches have been merged into SUSE/v255 branch hence removed from the OBS project. 5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch 5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch 5008-test-Add-effective-cgroup-limits-testing.patch 5009-cgroup-Restrict-effective-limits-with-global-resourc.patch 5010-cgroup-Rename-effective-limits-internal-table.patch - Import commit 56b53b17bcd8311dfb53f05b359b2812593883ab 56b53b17bc cgroup: Rename effective limits internal table (jsc#PED-5659) 7c9202317c cgroup: Restrict effective limits with global resource provision (jsc#PED-5659) da858e68eb test: Add effective cgroup limits testing (jsc#PED-5659) 2f013357a5 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659) 0a3ea7f367 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659) - Drop split_usr build conditional since both split-usr and unmerged-usr supports have been removed since v255. - Don't use the "Patch:" directive with a suffix number as since the suffix doesn't serve any purpose. ==== vim ==== Subpackages: vim-data vim-data-common xxd - spec.skeleton: add sample check section (W: no-%check-section) ==== xorg-x11-server ==== Version update (21.1.11 -> 21.1.12) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Security update 21.1.12 This release addresses the following 4 security issues: * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31082 * CVE-2024-31083 Additionally it provides a way to disable byte-swapped clients either by command line flag or config option. This allows to turn off byte swapping code that has been a source of security problems lately. ==== xwayland ==== Version update (23.2.4 -> 23.2.5) - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. ==== yast2-storage-ng ==== Version update (5.0.10 -> 5.0.11) - GuidedProposal: fixed a problem related to the :bigger_resize strategy (Agama) detected at gh#openSUSE/agama#1106. - 5.0.11