Packages changed: crypto-policies glibc (2.38 -> 2.39) gstreamer (1.22.8 -> 1.22.9) gstreamer-plugins-bad (1.22.8 -> 1.22.9) gstreamer-plugins-base (1.22.8 -> 1.22.9) gstreamer-plugins-good (1.22.8 -> 1.22.9) inxi (3.3.31 -> 3.3.32) libusb-1_0 (1.0.26 -> 1.0.27) libzio (1.08 -> 1.09) netpbm (11.2.0 -> 11.5.2) perl-gettext podman (4.9.0 -> 4.9.1) python-pip python-pytz (2023.3.post1 -> 2023.4) python-setuptools (69.0.2 -> 69.0.3) strace systemd-presets-common-SUSE xen (4.18.0_04 -> 4.18.0_06) === Details === ==== crypto-policies ==== Subpackages: crypto-policies-scripts - avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros: we only need python3-base here, we don't need the python macros as no module is being built ==== glibc ==== Version update (2.38 -> 2.39) Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base - Update to glibc 2.39 * A new tunable, glibc.cpu.plt_rewrite, can be used to enable PLT rewrite on x86-64 * Sync with Linux kernel 6.6 shadow stack interface * struct statvfs now has an f_type member, equal to the f_type statfs member * On Linux, the functions posix_spawnattr_getcgroup_np and posix_spawnattr_setcgroup_np have been added, along with the POSIX_SPAWN_SETCGROUP flag * On Linux, the pidfd_spawn and pidfd_spawp functions have been added * On Linux, the pidfd_getpid function has been added * scanf-family functions now support the wN format length modifiers for arguments pointing to types intN_t, int_leastN_t, uintN_t or uint_leastN_t * A new tunable, glibc.mem.decorate_maps, can be used to add additional information on underlying memory allocated by the glibc * The header has been added from ISO C2X * On AArch64 new symbols were added to libmvec * The ldconfig program now skips file names containing ';' or ending in ".dpkg.tmp" or ".dpkg.new" * The dynamic linker calls the malloc and free functions in more cases during TLS access if a shared object with dynamic TLS is loaded and unloaded - aarch64-rawmemchr-unwind.patch, cache-amd-legacy.patch, cache-intel-shared.patch, call-init-proxy-objects.patch, fstat-implementation.patch, gb18030-2022.patch, getaddrinfo-eai-memory.patch, getaddrinfo-memory-leak.patch, getcanonname-use-after-free.patch, iconv-error-verbosity.patch, intl-c-utf-8-like-c-locale.patch, ldconfig-process-elf-file.patch, libio-io-vtables.patch, libio-wdo-write.patch, no-aaaa-read-overflow.patch, posix-memalign-fragmentation.patch, ppc64-flock-fob64.patch, qsort-invalid-cmp.patch, sem-open-o-creat.patch, setxid-propagate-glibc-tunables.patch, syslog-buffer-overflow.patch, tls-modid-reuse.patch, tunables-string-parsing.patch: Removed - syslog-buffer-overflow.patch: syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, bsc#1218863, bsc#1218867, bsc#1218868) - qsort-invalid-cmp.patch: qsort: handle degenerated compare function (bsc#1218866) - Change minimum GCC to 13 - Split off libnsl.so.1 into a separate package ==== gstreamer ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-lang libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.22.9: + Highlighted bugfixes in 1.22.9 - More Security fixes for the AV1 video codec parser - va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 - v4l2src: Consider framerate during caps selection - v4l2codec: decoder fixes - rtspsrc: multicast fixes - camerabin viewfinder fixes - various bug fixes, build fixes, memory leak fixes, and other stability and reliability improvements + gstreamer - aggregator: fix use-after-free in queries processing - multiqueue: Ignore queue fullness for most events - Rebase reduce-required-meson.patch ==== gstreamer-plugins-bad ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstcuda-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsttranscoder-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 libgstwebrtcnice-1_0-0 - Update to version 1.22.9: + av1parser: Fix potential stack overflow during tile list parsing (CVE-2024-0444, bsc#1219453, ZDI-CAN-22300) + camerabin: Correctly relink viewfinderbin_queue + GstPlay: Fix error details parsing + h264decoder: Handle malformed avc/avc3 packets + h264decoder: h265decoder: Align with wraparound fix + vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound + vah264enc/vah264dec issues after recent upgrade to 1.22.8 from 1.22.7 + va: fixes for Mesa Gallium drivers in Mesa versions older than v23.2 + vp9parse: Fix critical warning during caps negotiation - Rebase reduce-required-meson.patch ==== gstreamer-plugins-base ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0 - Update to version 1.22.9: + audiobasesink: Don't wait on gap events + audioconvert: change gst_audio_convert_get_unit_size() log levels + glcolorconvert: Correct transform_caps direction + gloverlay: Apply updated overlay coordinates correctly + videorate: keep pool if max_buffers is unlimited - Rebase reduce-required-meson.patch ==== gstreamer-plugins-good ==== Version update (1.22.8 -> 1.22.9) Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang - Update to version 1.22.9: + rtpsession: Only warn once if configured latency needs to be known but isn't yet + rtphdrext-clientaudiolevel: Fix level value being written by the extension + rtspsrc: set multicast-iface on udpsinks and fix RTCP sink TTL + v4l2object: clear old fds when initializing poll during opening v4l2 device + v4l2src: Consider framerate during caps selection + vpxdec: Use appropriate domain and code for decoding errors - Rebase reduce-required-meson.patch ==== inxi ==== Version update (3.3.31 -> 3.3.32) - - Updated to version 3.3.32: + /usr/share/doc/packages/inxi/inxi.changelog. ==== libusb-1_0 ==== Version update (1.0.26 -> 1.0.27) - Update to version 1.0.27 * New libusb_init_context API to replace libusb_init * New libusb_get_max_alt_packet_size API * New libusb_get_platform_descriptor API (BOS) * Allow setting log callback with libusb_set_option/libusb_init_context * New WebAssembly + WebUSB backend using Emscripten * Fix regression in libusb_set_interface_alt_setting * Fix sync transfer completion race and use-after-free * Fix hotplug exit ordering * Linux: NO_DEVICE_DISCOVERY option set per context - added signature and keyring. (key received via keyserver) ==== libzio ==== Version update (1.08 -> 1.09) - Version 1.09: Allow to create files without suffix as well ==== netpbm ==== Version update (11.2.0 -> 11.5.2) Subpackages: libnetpbm11 - version update to 11.5.2 Release 11.05.02 + ppmtowinicon: fix array overrun with 4 and 8 bits per pixel. Release 11.05.01 Fix typo in ppmforge test case. Release 11.05.00 + pnmpad: Add -color, -promote, -extend-edge, -detect-background . + pnmconvol: Restore ability of convolution matrix to be a pseudo-plain-PNM with samples that exceed the maxval. Lost in 10.30 (October 2005) because maxval-checking code was added to libnetpbm. (Was fixed in 10.47.08 in November 2010, but only in the 10.47 series). + pnmindex: Improve failure mode when -size or -across is zero. + pnmindex: Make -plain work. + pnmpad: fix behavior with -left, -right, and -width together or - top, -bottom, -height together: ignores -width where it should fail. Broken in Netpbm 10.72 (September 2015). + pamtosvg: fix "zero determinant" failure. Introduced in Netpbm 11.04 (September 2023). + pjtoppm: fix crash based on uninitialized variable. Introduced in Netpbm 11.04 (September 2023). + ppmtopcxl: fix incorrect output with > 256 colors. Always broken. (Program was added in primordial Netpbm in 1990). + pbmtext: fix buffer overrun with insanely large input. + picttoppm: fix buffer overrun with insanely wide input. + ppmtoxpm: fix incorrect output with insanely large number of colors. + pnmscalefixed: fix incorrect output with really big image and - pixels option. + ppmdither: fix buffer overrun with insanely large dithering matrix. + pnmpad: no longer accept old-style options (e.g. -t50). + libnetpbm: Add pm_feed_from_file, pm_accept_to_files, pm_accept_to_filestream Standard Input feeder, Output accepter for pm_system. + libnetpbm, programs that use color maps: fix buffer overrun with insanely deep images. + merge build: Fix 'pnmcat'. Introduced in Netpbm 11.00 (September 2023). Release 11.04.00 + pamaddnoise: add -salt. + pamaddnoise: reject options that aren't meaningful for the type of noise specified rather than just ignore them. + ppmtosixel: Add -7bit, so it works on more terminals, including xterms. Thanks Scott Pakin. + g3topbm: Add -correctlong + pnmtojpeg: minor improvement to error messages about bad files. + pammixmulti: Remove disclaimer of patent license. + pamstack: Fix bug: acts like -firstmaxval specified when it wasn't. Introduced in Netpbm 11.03 (June 2023). + pamstack: Fix -lcmmaxval: chooses wrong maxval. Always broken (-lcmmaxval was new in Netpbm 11.03 (June 2023)). + pamstack: Fail gracefully when total number of planes is too large for unsigned integer. Always broken (Pamstack was new in Netpbm 10.0 (June 2002). + pamtosvg: fix hang. + ppmfade: fix "file not found" crash for most fade modes. Introduced in Netpbm 10.98 (March 2022). + ppmfade: fix incorrect block mode fade. Always broken (ppmfade was new in Netpbm 8.4 (April 2000)). + pamaddnoise: fix very incorrect noise added for all types. Introduced in Netpbm 10.94 (March 2021). + ppmrough: fix buffer overrun. Always broken (Ppmrough was new in Netpbm 10.9 (September 2002). ppmrough: fix excessive roughness. Introduced in Netpbm 10.94 (March 2021). + pgmtexture: Fix buffer overflow with maxval > 255. Always broken. Maxvals > 255 were possible starting in Netpbm 9.0 (April 2000). + pgmtexture: Fix bug: ignores -d. Introduced in Netpbm 10.56 (September 2011). + xwdtopnm Fix spurious output with really wide/deep rows. + imgtoppm: Fix spurious output with really wide/deep rows. + pbmtopgm: Fix error message for excessive -width. + pbmtoxbm: Fix spurious output with really wide rows. + tifftopnm: Fix incorrect output with insanely wide/deep rows. + thinkjettopbm: Fix incorrect output with insanely wide rows. + ybmtopbm: Fix incorrect output with insanely wide rows. + pjtoppm: Fix incorrect output with insanely large number of rows. + library: add check of maxval for computable size. + Build: Include LDFLAGS in link of shared library. * Release 11.03.00 + pamstack: Add -firstmaxval, -lcmmaxval + pnmcolormap: make result independent of how system's qsort orders records with equal keys. Affects pnmquant. + pamtopng: fix typo in error message about -chroma option. + pamtopng, pnmtopng, pngtopam: fix error message when something fails in libpng. Always broken (the programs were new in Netpbm 8.1 (March 2000)). - modified patches % netpbm-gcc-warnings.patch (refreshed) % netpbm-security-code.patch (refreshed) ==== perl-gettext ==== - Run testsuite with locale LANG=en_US.UTF. It fails otherwise with glibc 2.39 ==== podman ==== Version update (4.9.0 -> 4.9.1) - Update to version 4.9.1: * Bump to v4.9.1 * Release notes for v4.9.1 * [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2 * pkginstaller: bump Qemu version to 8.2.1 * Assign separate ports for each appleHV machine * Fix machine inspect test config * AppleHV: update LastUp time * applehv: return socket path from setupAPIForwarding * applehv: Remove unneeded cmd.ExtraFiles assignment * abi: drop check for IsRootless() * system: enhance check for re-exec into rootless userns * system: enhance check for re-exec into rootless userns * Fix `podman machine set --rootful` for applehv * applehv - fix vm lookup * rpm: use go-rpm-macros on RHEL 10 * Bump to v4.9.1-dev ==== python-pip ==== - Drop deprecated setup.py installmethod, bootstrap PEP517 with built-in pip instead - python3XX-pip-wheel can now be a regular subpackage - Drop obsolete python2 directives in specfile ==== python-pytz ==== Version update (2023.3.post1 -> 2023.4) - update to 2023.4: * Update olson to 2023d ==== python-setuptools ==== Version update (69.0.2 -> 69.0.3) - update to 69.0.3: * Bugfixes - Retain valid names with underscores in egg_info. ==== strace ==== - Enable SELinux Context Printing (--secontext). ==== systemd-presets-common-SUSE ==== - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ==== xen ==== Version update (4.18.0_04 -> 4.18.0_06) - Upstream bug fixes (bsc#1027519) 6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch 6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch 656ee5e1-x86emul-avoid-triggering-event-assertions.patch 656ee602-cpupool-adding-offline-CPU.patch 656ee6c3-domain_create-error-path.patch 6571ca95-fix-sched_move_domain.patch 6578598c-Arm-avoid-pointer-overflow-on-invalidate.patch 65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch 65a7a0a4-x86-Intel-GPCC-setup.patch 65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch 65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch 65b29e91-x86-ucode-stability-of-raw-policy-rescan.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) 65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) 65b8f9ab-VT-d-else-vs-endif-misplacement.patch - Patches dropped / replaced by newer upstream versions xsa449.patch xsa450.patch - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) xsa450.patch - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) xsa449.patch