Packages changed: blog (2.27 -> 2.28) criu (3.18 -> 3.19) dialog distrobox (1.5.0.2 -> 1.6.0.1) firewalld (2.0.1 -> 2.0.2) fontconfig fonts-config (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c) kernel-firmware (20231127 -> 20231128) kernel-source (6.6.2 -> 6.6.3) libavif (1.0.0 -> 1.0.2) ncurses (6.4.20231111 -> 6.4.20231125) netcfg openssh polkit-default-privs (1550+20231103.3b4a82f -> 1550+20231129.269abcd) qemu (8.1.2 -> 8.1.3) unar (1.10.7 -> 1.10.8) update-alternatives (1.22.0 -> 1.22.1) usbutils vim (9.0.2103 -> 9.0.2136) === Details === ==== blog ==== Version update (2.27 -> 2.28) Subpackages: libblogger2 - Update to version 2.28 * UTMP support is gone, remove dependency also add support for initramfs at shutdown. ==== criu ==== Version update (3.18 -> 3.19) - Update to criu 3.19: New features: * LoongArch64 support * C/R membarrier() registrations * Restore THP_DISABLE prctl * prctl: Migrate prctl(NO_NEW_PRIVS) setting Bugfixes: * Many fixes and improvements from the Google team * Fix dumping hugetlb-based memfd on kernels < 4.16 * Fixes here and there Improvements: * drop python 2 support * support XSAVE on newer Intel CPUs - Refreshed criu-py-install-fix.diff; workarounds appled to both crit and lib/pycriu - Drop obsoleted patch criu-amdgpu-plugin-fix.patch ==== dialog ==== Subpackages: dialog-lang libdialog15 - don't install config file, dialog has built in defaults anyway - add support for /usr/etc (dialog-1.3-usretc.diff) ==== distrobox ==== Version update (1.5.0.2 -> 1.6.0.1) Subpackages: distrobox-bash-completion - Update to version 1.6.0.1: * Export: fix exporting desktop app. * Init: fix nvidia library integration. - Update to version 1.6.0: * Lilipod support * Improved nvidia integration, particularly for cuda * General improvements in the init process * Improve user's shell handling, so that it now always respects the chsh done inside the container * Fix tzdata/zoneinfo problems * Rootful containers now will properly setup user password for sudo * General polish in initful containers * Initful containers now support also OpenRC when present * Initful containers will now have also a proper systemd user session * New --unshare-all, --unshare-netns, --unshare-process, --unshare-devsys flags in create + Now initful + unshare-all containers can be used as playgrounds for services like LXC and Libvirt more easily * New container_additional_volumes configuration * Export fixes and improvements in multi-icon and space-in-name handling * Exported binaries will be runnable between distroboxes * Exported binaries will always run in a login shell * Assemble is now more polished and supports all of create flags * Assemble can now export apps/binaries directly from the manifest ==== firewalld ==== Version update (2.0.1 -> 2.0.2) Subpackages: firewalld-bash-completion firewalld-lang python3-firewall - update to 2.0.2: * fix(policy): runtime dispatch update if *-zone=ANY (e8b9637) * fix(nm): release NM client after a timeout (d534f07) ==== fontconfig ==== Subpackages: fontconfig-lang libfontconfig1 - Run autoreconf for Leap 15.x to fix build breakage ==== fonts-config ==== Version update (20200609+git0.42e2b1b -> 20230604+git0.630c8206607c) - Update to 20230604+git0.630c8206607c: * Fix uninitialised use of the HOME environment variable (bsc#1086804,bsc#1210700) * font match and pattern match can't put in one file. * source han are packaged nowadays, no need to give alias; just give CFF fontformat fonts in zh-/ja/ko hintfull * split 59-family-prefer-lang-specific to cjk/noto and raw, the former two may be generated by scripts in later version * emoji support(part1): add emoji family * delete 10-group-tt*.conf, since fontconfig 2.14 introduces 09-autohint-if-no-hinting.conf (bsc#1217542) * Fix fonts-config does not read user config with `-u` option given * widen comparison operator for emoji fonts - Fix typos in the configs: 0001-Fix-typos-in-32-emoji-reject.conf-and-59-family-pref.patch - Enable 09-autohint-if-no-hinting.conf from fontconfig ==== kernel-firmware ==== Version update (20231127 -> 20231128) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20231128 (git commit d9f6088f7e91): * Add a COPYOPTS variable * rtl_bt: Update RTL8852A BT USB firmware to 0xDFC8_145F ==== kernel-source ==== Version update (6.6.2 -> 6.6.3) - Linux 6.6.3 (bsc#1012628). - locking/ww_mutex/test: Fix potential workqueue corruption (bsc#1012628). - btrfs: abort transaction on generation mismatch when marking eb as dirty (bsc#1012628). - lib/generic-radix-tree.c: Don't overflow in peek() (bsc#1012628). - x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN (bsc#1012628). - perf/core: Bail out early if the request AUX area is out of bound (bsc#1012628). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (bsc#1012628). - selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config (bsc#1012628). - clocksource/drivers/timer-imx-gpt: Fix potential memory leak (bsc#1012628). - clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (bsc#1012628). - srcu: Only accelerate on enqueue time (bsc#1012628). - smp,csd: Throw an error if a CSD lock is stuck for too long (bsc#1012628). - cpu/hotplug: Don't offline the last non-isolated CPU (bsc#1012628). - workqueue: Provide one lock class key per work_on_cpu() callsite (bsc#1012628). - x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size (bsc#1012628). - wifi: plfxlc: fix clang-specific fortify warning (bsc#1012628). - wifi: ath12k: Ignore fragments from uninitialized peer in dp (bsc#1012628). - wifi: mac80211_hwsim: fix clang-specific fortify warning (bsc#1012628). - wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (bsc#1012628). - atl1c: Work around the DMA RX overflow issue (bsc#1012628). - bpf: Detect IP == ksym.end as part of BPF program (bsc#1012628). - wifi: ath9k: fix clang-specific fortify warnings (bsc#1012628). - wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() (bsc#1012628). - wifi: ath10k: fix clang-specific fortify warning (bsc#1012628). - wifi: ath12k: fix possible out-of-bound write in ath12k_wmi_ext_hal_reg_caps() (bsc#1012628). - ACPI: APEI: Fix AER info corruption when error status data has multiple sections (bsc#1012628). - net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI (bsc#1012628). - wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023) (bsc#1012628). - wifi: mt76: fix clang-specific fortify warnings (bsc#1012628). - net: annotate data-races around sk->sk_tx_queue_mapping (bsc#1012628). - net: annotate data-races around sk->sk_dst_pending_confirm (bsc#1012628). - wifi: ath12k: mhi: fix potential memory leak in ath12k_mhi_register() (bsc#1012628). - wifi: ath10k: Don't touch the CE interrupt registers after power up (bsc#1012628). - net: sfp: add quirk for FS's 2.5G copper SFP (bsc#1012628). - vsock: read from socket's error queue (bsc#1012628). - bpf: Ensure proper register state printing for cond jumps (bsc#1012628). - wifi: iwlwifi: mvm: fix size check for fw_link_id (bsc#1012628). - Bluetooth: btusb: Add date->evt_skb is NULL check (bsc#1012628). - Bluetooth: Fix double free in hci_conn_cleanup (bsc#1012628). - ACPI: EC: Add quirk for HP 250 G7 Notebook PC (bsc#1012628). - tsnep: Fix tsnep_request_irq() format-overflow warning (bsc#1012628). - gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010 (bsc#1012628). - platform/chrome: kunit: initialize lock for fake ec_dev (bsc#1012628). - of: address: Fix address translation when address-size is greater than 2 (bsc#1012628). - platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (bsc#1012628). - drm/gma500: Fix call trace when psb_gem_mm_init() fails (bsc#1012628). - drm/amdkfd: ratelimited SQ interrupt messages (bsc#1012628). - drm/komeda: drop all currently held locks if deadlock happens (bsc#1012628). - drm/amd/display: Blank phantom OTG before enabling (bsc#1012628). - drm/amd/display: Don't lock phantom pipe on disabling (bsc#1012628). - drm/amd/display: add seamless pipe topology transition check (bsc#1012628). - drm/edid: Fixup h/vsync_end instead of h/vtotal (bsc#1012628). - md: don't rely on 'mddev->pers' to be set in mddev_suspend() (bsc#1012628). - drm/amdgpu: not to save bo in the case of RAS err_event_athub (bsc#1012628). - drm/amdkfd: Fix a race condition of vram buffer unref in svm code (bsc#1012628). - drm/amdgpu: update retry times for psp vmbx wait (bsc#1012628). - drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (bsc#1012628). - drm/amd/display: use full update for clip size increase of large plane source (bsc#1012628). ... changelog too long, skipping 797 lines ... - commit 1be1eb4 ==== libavif ==== Version update (1.0.0 -> 1.0.2) - update to 1.0.2: * Update avifCropRectConvertCleanApertureBox() to the revised requirements in ISO/IEC 23000-22:2019/Amd. 2:2021 Section 7.3.6.7. * CVE-2023-6350: Out of bounds memory to alphaItemIndices (boo#1217614) * CVE-2023-6351: use-after-free in colorProperties (boo#1217615) - drop fix-gdkpixbuf.patch ==== ncurses ==== Version update (6.4.20231111 -> 6.4.20231125) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20231125 + add information about "ttycap", termcap's forerunner, to tset.1 (patch by Branden Robinson). + improve formatting/style of manpages, including section reordering (patches by Branden Robinson). + modify usage messages in configure script, bracketing optional values (report by Branden Robinson). - Add ncurses patch 20231121 + amend fix for Debian #1055882, correcting nul terminator check in waddnstr (Debian #1056340). - Add ncurses patch 20231118 + improve description of length-parameter and error-returns in several manpages: curs_addchstr.3x, curs_addstr.3x, curs_addwstr.3x, curs_in_wch.3x, curs_in_wchstr.3x, curs_inchstr.3x, curs_ins_wstr.3x, curs_insstr.3x, curs_instr.3x, curs_inwstr.3x + amend parameter check for entire string versus specific length in winsnstr() and wins_nwstr() to match Solaris. + make similar correction to wins_nwstr(). + correct loop termination condition in waddnstr() and waddnwstr() (Debian #1055882, cf: 20201205). ==== netcfg ==== - Fix syntax of localhost entries in hosts [bsc#1217355] - Remove empty netgroup example file from /etc [jsc#PED-240]. NIS, the main consumer, got already dropped. - Remove empty ethers example file, /usr/etc should not contain examples, for the format there is the manual page, does not support IPv6. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Enhanced SELinux functionality. Added * openssh-7.8p1-role-mls.patch Proper handling of MLS systems and basis for other SELinux improvements * openssh-6.6p1-privsep-selinux.patch Properly set contexts during privilege separation * openssh-6.6p1-keycat.patch Add ssh-keycat command to allow retrival of authorized_keys on MLS setups with polyinstantiation * openssh-6.6.1p1-selinux-contexts.patch Additional changes to set the proper context during privilege separation * openssh-7.6p1-cleanup-selinux.patch Various changes and putting the pieces together For now we don't ship the ssh-keycat command, but we need the patch for the other SELinux infrastructure This change fixes issues like bsc#1214788, where the ssh daemon needs to act on behalf of a user and needs a proper context for this ==== polkit-default-privs ==== Version update (1550+20231103.3b4a82f -> 1550+20231129.269abcd) - Update to version 1550+20231129.269abcd: * profiles: whitelist cinnamon-settings-daemon wacom-oled-helper (bsc#1217532) ==== qemu ==== Version update (8.1.2 -> 8.1.3) - Align to upstream stable release. It includes many of the patches we had backported ourself, to fix bugs and issues, plus more. See here for details: * https://lore.kernel.org/qemu-devel/1700589639.257680.3420728.nullmailer@tls.msk.ru/ * https://gitlab.com/qemu-project/qemu/-/commits/stable-8.1?ref_type=heads An (incomplete!) list of such backports is: * Update version for 8.1.3 release * hw/mips: LOONGSON3V depends on UNIMP device * target/arm: HVC at EL3 should go to EL3, not EL2 * s390x/pci: only limit DMA aperture if vfio DMA limit reported * target/riscv/kvm: support KVM_GET_REG_LIST * target/riscv/kvm: improve 'init_multiext_cfg' error msg * tracetool: avoid invalid escape in Python string * tests/tcg/s390x: Test LAALG with negative cc_src * target/s390x: Fix LAALG not updating cc_src * tests/tcg/s390x: Test CLC with inaccessible second operand * target/s390x: Fix CLC corrupting cc_src * tests/qtest: ahci-test: add test exposing reset issue with pending callback * hw/ide: reset: cancel async DMA operation before resetting state * target/mips: Fix TX79 LQ/SQ opcodes * target/mips: Fix MSA BZ/BNZ opcodes displacement * ui/gtk-egl: apply scale factor when calculating window's dimension * ui/gtk: force realization of drawing area * ati-vga: Implement fallback for pixman routines * ... - Backports and bugfixes: * [openSUSE] Make Sphinx build reproducible (boo#1102408) * target/s390x/arch_dump: Add arch cleanup function for PV dumps (bsc#1217227) * dump: Add arch cleanup function (bsc#1217227) * target/s390x/dump: Remove unneeded dump info function pointer init (bsc#1217227) ==== unar ==== Version update (1.10.7 -> 1.10.8) - Update to version 1.10.8 * Fix a major memory leak in CSBzip2Handle * Fix Quarantine attribute for created directories * Fix crash corrupted iso * Fix crash during unarchive sitx format with symlink on deleted file * Implement Clang modules support * [TUN-189] Add Alternarive CRC calcuation for Mac Binary format * [WARC-1] Add basic support of WARC 1.1 archives * [TUN-138] Fix case with directories in Solid RAR5 archives * [TUN-184] Fix old archives with RAR 1.5 - Update source URL - Add universal-detector as source ==== update-alternatives ==== Version update (1.22.0 -> 1.22.1) - Update to version 1.22.1. The full changelog is very large. Please check it here: https://git.dpkg.org/cgit/dpkg/dpkg.git/tree/debian/changelog?h=1.22.1 - Refresh update-alternatives-suse.patch so it applies cleanly. ==== usbutils ==== - Split out devel package, containing the .pc file: + The .pc file declares dependencies on other devel packages, which is not wanted on regular end-user systems. + Drop rpmlintrc file. ==== vim ==== Version update (9.0.2103 -> 9.0.2136) Subpackages: vim-data vim-data-common vim-small xxd - Update to version 9.0.2136 * MSVC errorformat can be improved * No test for mode() when executing Ex commands * Revise Makefile * Update syntax file * ml_get error when scrolling * Cannot detect overstrike mode in Cmdline mode * Duplicate Netbeans Error Message * not all nushell files detected * Updated German translations * add additional nginx keywords * add Make_mvc.mak file for tutor * updated Russian translations for tutorials * updated Italian translation * some errors with translation Makefiles * [security]: use-after-free in call_dfunc() * Update doc Makefiles with comments from #13567 * add indentation plugin (fixes #13574) * runtime(swig): add syntax and filetype plugins * translation Makefiles can be improved * unused assignments when checking 'listchars' * File info disappears when 'cmdheight' has decreased * INT overflow detection logic can be simplified * Problem with initializing the length of range() lists * [security]: prevent overflow in indenting * [security]: use-after-free in ex_substitute * Fix handling of very long filename on longlist style * un-used assignment in do_source_buffer_init * remove dead-condition in ex_class * [security]: avoid double-free in get_style_font_variants * [security] use-after-free in qf_free_items * expand $COMSPEC without applying 'wildignore' * Improve keymap file highlighting * include new doc-Makefiles * Fix whitespace and formatting of some help files * minor typo fixes * No test for defining sign without attribute * crash when callback function aborts because of recursiveness * overflow detection not accurate when adding digits * Coverity warns for another overflow in shift_line() * Refactor doc-Makefiles * document proper notation of gVim, document vim-security list * Update Serbian messages translation * [security]: overflow in shift_line * [security]: overflow in get_number * [security]: overflow in ex address parsing * [security]: overflow in nv_z_get_count * [security]: overflow with count for :s command * [security]: FPE in adjust_plines_for_skipcol * [security]: Use-after-free in win_close() * comment out strange error condition check * skipcol not reset when topline changed * wast filetype should be replaced by wat filetype * fix typo in pi_gzip.txt