Packages changed: 389-ds (3.1.1~git13.a9c7ff9 -> 3.1.1~git57.65773c3) avahi avahi-glib2 cairo container-selinux (2.232.1 -> 2.233.0) cppcheck (2.16.0 -> 2.16.1) file (5.45 -> 5.46) gimp glib2 google-noto-fonts (20240901 -> 20241201) gpgme gpgmeqt6 grub2 libHX libssh (0.10.6 -> 0.11.1) m4 mcelog (200 -> 201) openSUSE-release (20241129 -> 20241202) python-gobject python-setuptools qt6-wayland sqlite3 (3.46.1 -> 3.47.1) system-config-printer yast2-storage-ng (5.0.21 -> 5.0.22) yast2-trans (84.87.20241123.891024d88b -> 84.87.20241201.a42621795a) === Details === ==== 389-ds ==== Version update (3.1.1~git13.a9c7ff9 -> 3.1.1~git57.65773c3) Subpackages: lib389 libsvrcore0 - Remove 389-ds-link-icu-uc.patch - upstreamed - Update to version 3.1.1~git57.65773c3: * Issue 6340 - RFE - extract keys once (#6413) * Issue 6415 - BUG - Incorrect icu linking (#6416) * Issue 6420 - Update dsidm user get_dn test (#6421) * Issue 6258 - Resolve race condition for two tests in health_config.py * Bump cross-spawn from 7.0.3 to 7.0.6 in /src/cockpit/389-console (#6407) * Issue 6386 - backup/restore broken after db log rotation (#6406) * Issue 6401 - Remove logging macros * Issue 6404 - UI - Add npm pretter package * Issue 6374 - nsslapd-mdb-max-dbs autotuning doesn't work properly (#6400) * Issue 5842 - Add log buffering for error log * Issue 6397 - Remove deprecated setting for HR time stamps in logs * Issue 6390 - Adjust cleanAllRUV max per txn and interval limits * Issue 6349 - RFE - extract keys once (#6363) (#6394) * Issue 6387 - Use make macro in the spec file * Issue 6359 - Add exception to GPL license in license tag * Issue 6381 - CleanAllRUV - move changelog purging to the very end of the task * Issue 5920 - pamModuleIsThreadSafe is missing in the schema * Issue 6377 - syntax error in setup.py (#6378) * Issue 6349 - RFE - Use previously extracted key path (#6363) * Issue 6067 - Update dsidm to prioritize basedn from .dsrc over interactive input (#6362) * Issue 6347 - better fix for desyncronized vlv cache (#6358) * Issue 6243 - dsctl bdb2mdb should cleanly fail if bundled libdb is not available (#6351) * Issue 6331 - UI - Instance fails to load when DB backup directory doesn't exist (#6332) * Issue 6356 - On LMDB, after an update the impact VLV index, the vlv recno cache is not systematically cleared (#6357) * Issue 6056 - WebUI supports only instances with BDB (#6299) * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6328 - vlv control may not be logged (#6354) * Issue 6347 - VLV search sometime fails with operation error (#6349) * Issue 6343 - Improve online import robustness when the server is under load * Issue 6345 - Ensure all slapi_log_err calls end format strings with newline character \n (#6346) * Issue 6064 - bdb2mdb shows errors (#6341) * Issue 6336 - Fix failing CI tests (roles) due to slow import (#6337) * Fix duplicate detection logic by ensuring exact match on string length (#6333) * Issue 6304 - RFE when memberof is enabled, defer updates of members from the update of the group (#6305) * Issue 6329 - lmdb typo in error log notice message (#6330) * Issue 6324 - Provide more information in the error message during setup_ol_tls_conn() (#6325) * Issue 5965 - UI, CLI - Fix Account Policy Plugin functionality issues (#6323) * Issue 6188 - Check if nsslapd-haproxy-trusted-ip attribute is returned in default schema * Issue 6319 - bdb subpackage has `%description` in the wrong place * Issue 6321 - lib389 get_db_lib function may returns the wrong db type (#6322) * Issue 6245 - Fix some other coverity scan regressions (#6273) * Issue 6316 - lmdb reindex is broken if index type is specified (#6318) * Issue 6090 - Fix dbscan options and man pages (#6315) * Issue 6307 - Wrong set of entries returned for some search filters (#6308) ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 - Add avahi-CVE-2024-52616.patch: Backporting 1dade81c from upstream: Properly randomize query id of DNS packets. (CVE-2024-52616, bsc#1233420) ==== avahi-glib2 ==== Subpackages: libavahi-glib1 libavahi-gobject0 libavahi-ui-gtk3-0 - Add avahi-CVE-2024-52616.patch: Backporting 1dade81c from upstream: Properly randomize query id of DNS packets. (CVE-2024-52616, bsc#1233420) ==== cairo ==== Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Convert to source service: allows for easier upgrades by the GNOME team. ==== container-selinux ==== Version update (2.232.1 -> 2.233.0) - Update to version 2.233.0: * container_engine_t: small change to allow non root exec in a container * RPM: explicitly list ghosted paths and skip mode verification * container-selinux install on non selinux-policy-targeted systems (#332) * set container_log_t type for /var/log/kube-apiserver * Allow kubelet_t to create a sock file kubelet_var_lib_t * dontaudit spc_t to mmap_zero * Packit: update targets (#330) * container_engine_t: another round of small improvements (#327) * Allow container_device_plugin_t to use the network (#325) * RPM: cleanup changelog (#324) * TMT: Simplify tests ==== cppcheck ==== Version update (2.16.0 -> 2.16.1) - update to 2.16.1 * SymbolDatabase: does not select l-value method properly ==== file ==== Version update (5.45 -> 5.46) Subpackages: file-magic libmagic1 - Update to 5.46: * Add OFFPOSITIVE * avoid leaking symbols in libmagic * PR/562: jsummers: Search/regex offsets are absolute to the beginning of the file, so adjust them by subtracting the offset that the "use" starts so that we don't double-count it. * PR/543: matshch: bump nbuf so we can get the flags into the buffer. * Add Android elf notes (enh) * Add limit for number of magic warnings allowed * check regex bounds (found by clusterfuzz) - Remove patch file-5.45-type_t.dif now upstream - Port patches * file-4.24-autoconf.dif * file-5.17-option.dif * file-5.18-javacheck.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.22-elf.dif * file-5.28-btrfs-image.dif * file-5.45-type_t.dif * file-secure_getenv.patch - Port patch file-5.45.dif and rename it to file-5.46.dif * Note that our kernel magics do not fit anymore as upstream now has a huge rework and extended features ==== gimp ==== Subpackages: gimp-plugin-aa libgimp-2_0-0 libgimpui-2_0-0 - Fix jpeg-xl disabling, use proper with/without - Disable jpeg-xl support on SLES < 16.0 (SP6, SP7) libjxl is only in Leap/PackageHUB but not in SLES. Leap gets gimp binary rpms from SLES. (helps to fix bsc#1233157) - Re-adding dropped references compared to SLES 15 SP6 changelog CVE-2022-32990 CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 bsc#1201192 bsc#1217160 bsc#1217161 bsc#1217162 bsc#1217163 ==== glib2 ==== Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Have the glib2-tools postun trigger exit normally if glib2-compile-schemas can't be run. Fixes error when uninstalling if libgio is uninstalled first (bsc#1231463). ==== google-noto-fonts ==== Version update (20240901 -> 20241201) Subpackages: google-noto-sans-fonts google-noto-sans-symbols-fonts google-noto-sans-symbols2-fonts - Update to 20241201 * Base Noto Sans and Noto Serif is updated ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 - Add gpgme-fix-python-install.patch: Fix the installation of the python bindings without having to move them around manually. ==== gpgmeqt6 ==== - Add gpgme-fix-python-install.patch: Fix the installation of the python bindings without having to move them around manually. ==== grub2 ==== Subpackages: grub2-common grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Support s390x Secure Execution (jsc#PED-9531) * grub2-s390x-secure-execution-support.patch - Update grub2-s390x-set-hostonly.patch to add the patch header and the description ==== libHX ==== - keyring update ==== libssh ==== Version update (0.10.6 -> 0.11.1) Subpackages: libssh-config libssh4 - Update to version 0.11.1: * Fixed default TTY modes that are set when stdin is not connected to tty. * Fixed zlib cleanup procedure, which could crash on i386. * Various test fixes improving their stability. * Remove 0001-disable-timeout-test-on-slow-buildsystems.patch to enable slow tests also in s390 s390x ppc64le. - Set BuildArch: noarch for the config package as it only ships configuration files. - Update to version 0.11.0 https://www.libssh.org/2024/08/08/libssh-0-11-0-release/ - Updated 0001-disable-timeout-test-on-slow-buildsystems.patch - Removed libssh-fix-ipv6-hostname-regression.patch ==== m4 ==== - fix build for loongarch64 ==== mcelog ==== Version update (200 -> 201) - Update to version 201: * add listen backlog config for mcelog server * mcelog: Add basic support for Diamond Rapids * mcelog: Add support for other CPU families ==== openSUSE-release ==== Version update (20241129 -> 20241202) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-gobject ==== Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo - Add python-pygobject provides: help packages to eliminate rpmlint warnings when comparing requrements.txt vs the packages depdency. 'pygobject' is the proper upstream name. ==== python-setuptools ==== - remove duplicated "uses_network" skip ==== qt6-wayland ==== Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Add patch to fix crash when unplugging a graphics tablet: * 0001-client-Redo-management-of-tablet-object-proxies.patch ==== sqlite3 ==== Version update (3.46.1 -> 3.47.1) Subpackages: libsqlite3-0 libsqlite3-0-x86-64-v3 sqlite3-tcl - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the "install" target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like "SELECT func(a) FROM tab GROUP BY 1" only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the "order-by-subquery" optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The "indexed-subtype-expr" optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the "long double" data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript "opfs" VFS. Correct "mode=ro" handling for the "opfs" VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-applet system-config-printer-common system-config-printer-common-lang system-config-printer-dbus-service udev-configure-printer - Add installation-root-dir-from-setup.patch gh#OpenPrinting/system-config-printer#361 to fix cupshelpers installation. ==== yast2-storage-ng ==== Version update (5.0.21 -> 5.0.22) - Mount '/mnt/run' as private to avoid mount points propagation (gh#yast/yast-storage-ng#1395) - 5.0.22 ==== yast2-trans ==== Version update (84.87.20241123.891024d88b -> 84.87.20241201.a42621795a) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20241201.a42621795a: * Translated using Weblate (Finnish) * New POT for text domain 'storage'. * Translated using Weblate (Georgian)