Packages changed: MicroOS-release (20240506 -> 20240507) cyrus-sasl gdk-pixbuf gsettings-desktop-schemas harfbuzz iso-codes libarchive (3.7.2 -> 3.7.4) libxslt passt pipewire (1.0.5 -> 1.0.5+git36.60deeb2) pixman (0.43.2 -> 0.43.4) python-Jinja2 (3.1.3 -> 3.1.4) sdbootutil (1+git20240410.3325802 -> 1+git20240506.573a6a4) tpm2-0-tss (4.0.1 -> 4.1.0) wireplumber xxhash === Details === ==== MicroOS-release ==== Version update (20240506 -> 20240507) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - GCC 14: cyrus-sasl package fails (bsc#1221863) Apply upstream patch: 0001-Fix-time.h-check.patch ==== gdk-pixbuf ==== Subpackages: gdk-pixbuf-query-loaders gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 typelib-1_0-GdkPixbuf-2_0 - Pass -Dothers=enabled to meson: enable other image loaders (most notably beeded seems xpm,xbm). This is in line with upstreams recommendation for now, but won't be working past version 2.43.x. The loaders will likely be split out into a separate repo. (boo#1223903, glgo#GNOME/gdk-pixbuf!169). - Add 238893d8cd6f9c2616a05ab521a29651a17a38c2.patch: Fix test suite with other loaders enabled. ==== gsettings-desktop-schemas ==== - Move en_US and en_GB 'translations' to the main package. Do not force the -lang package on all users. ==== harfbuzz ==== Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Force higher C++ standard version for building with ICU 75. ==== iso-codes ==== - Merge iso codes-translations into the main package. iso-codes isn't particularly useful without its translations. Some KDE packages require and/or heavily rely on them. gnome-control-center also needs translations to display localized names in system config menu. ==== libarchive ==== Version update (3.7.2 -> 3.7.4) - Update to 3.7.4: * rar: Fix OOB in rar e8 filter (CVE-2024-26256, bsc#1222911) * zip: Fix out of boundary access * 7zip: Limit amount of properties * bsdtar: Fix error handling around strtol() usages * passphrase: Improve newline handling on Windows * passphrase: Never allow empty passwords * rar: Fix "File CRC Error" when extracting specific rar4 archives * xar: Avoid infinite link loop * zip: Update AppleDouble support for directories * zstd: Implement core detection - Update to 3.7.3: * PCRE2 support * add trailing letter b to bsdtar(1) substitute pattern * add support for long options "--group" and "--owner" to tar(1) * Fix possible vulnerability in tar error reporting introduced in f27c173 * ISO9660: preserve the natural order of links * rar5: fix decoding unicode filenames on Windows * rar5: fix infinite loop if during rar5 decompression the last block produced no data * xz filter: fix incorrect eof at the end of an lzip member * zip: fix end-of-data marker processing when decompressing zip archives * multiple bsdunzip(1) fixes * filetime truncation fix on Windows - Fix rpmlint warning about summary being too long ==== libxslt ==== Subpackages: libexslt0 libxslt-tools libxslt1 - Fix ftbfs with GCC14 (bsc#1220571) * correct libxslt-random-seed.patch to include time.h unconditionally * add gcc14-runtest-no-const.patch ==== passt ==== Subpackages: passt-selinux - Specify version for make_build so that passt reports its version correctly, fixes bsc#1223853 ==== pipewire ==== Version update (1.0.5 -> 1.0.5+git36.60deeb2) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.0.5+git36.60deeb2 to fix several crashes, NULL checks, format strings and other issues: * spa: libcamera: fix RGB mappings * pw-dump: destroy all objects not just those matching the pattern * pw-dump: fix string memory leak on error * json: fix high surrogate escapes * core: handle import errors better * gst/src: fix crash when current_caps is NULL * gst/src: Avoid unnecessary renegotiations during streaming * gst/src: Cleanups for src_negotiate() * pw-mon: fix type confusion in core event handler * gst: fix stream params memory leak * gst: handle some more errors * treewide: fix errno assignments * alsa-pcm: don't force quantum for iec958 formats * journal: prepend code location to messages at debug log levels * module-rt: fix compiler warning * filter-chain: fix arguments of calloc * combine-stream tag forward * Add album to tag metadata * impl-node: avoid bitfield races * treewide: fix some format string issues * conf: warn when match actions are missing * module-protocol-simple: handle 'node.name' property * module-ffado: only start after ports are configured * context: fill basic properties early * combine-stream: fix latency-compensate with resample.disabled=true * profiler: remove unused data-loop * v4l2: fix printf format * spa: v4l2: encode device id into a json array * spa: libcamera: encode device ids into a json array * impl-port: avoid doing work when the port is destroyed * impl-port: use 0 size when clearing IO * stream: log a warning when media.class and direction mismatch * module-loopback: only enable delay with valid rate and channels * alsa: fix race when updating the eventfd * audioconvert: also clamp monitor volume to min/max * combine-stream: actually make use of resample.disable ==== pixman ==== Version update (0.43.2 -> 0.43.4) - Update to version 0.43.4 + Fix incorrect compositing on big-endian architectures. + Allow building on clang/arm32. ==== python-Jinja2 ==== Version update (3.1.3 -> 3.1.4) - update to 3.1.4 (bsc#1223980, CVE-2024-34064): * The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. ==== sdbootutil ==== Version update (1+git20240410.3325802 -> 1+git20240506.573a6a4) Subpackages: sdbootutil-rpm-scriptlets sdbootutil-snapper - Update to version 1+git20240506.573a6a4: * Don't try to mess with overlayfs inside transaction * .spec - requires: dialog ==== tpm2-0-tss ==== Version update (4.0.1 -> 4.1.0) Subpackages: libtss2-esys0 libtss2-fapi-common libtss2-fapi1 libtss2-mu0 libtss2-rc0 libtss2-sys1 libtss2-tcti-device0 libtss2-tctildr0 Update to version 4.1: + Security - Fixed CVE-2024-29040 (bsc#1223690) + Fixed - fapi: Fix length check on FAPI auth callbacks - mu: Correct error message for errors - tss2-rc: fix unknown laer handler dropping bits. - fapi: Fix deviation from CEL specification (template_value was used instead of template_data). - fapi: Fix json syntax error in FAPI profiles which was ignored by json-c. - build: fix build fail after make clean. - mu: Fix unneeded size check in TPM2B unmarshaling. - fapi: Fix missing parameter encryption. - build: Fix failed build with --disable-vendor. - fapi: Fix flush of persistent handles. - fapi: Fix test provisioning with template with self generated certificate disabled. - fapi: Fix error in Fapi_GetInfo it TPM supports SHA3 hash algs. - fapi: Revert pcr extension for EV_NO_ACTION events. - fapi: Fix strange error messages if nv, ext, or policy path does not exits. - fapi: Fix segfault caused by wrong allocation of pcr policy. - esys: Fix leak in Esys_EvictControl for persistent handles. - tss2-tcti: tcti-libtpms: fix test failure on big-endian platform. - esys: Add reference counting for Esys_TR_FromTPMPublic. - esys: Fix HMAC error if session bind key has an auth value with a trailing 0. - fapi: fix usage of self signed certificates in TPM. - fapi: Usage of self signed certificates. - fapi: A segfault after the error handling of non existing keys. - fapi: Fix several leaks. - fapi: Fix error handling for policy execution. - fapi: Fix usage of persistent handles (should not be flushed) - fapi: Fix test provisioning with template (skip test without self generated certificate). - fapi: Fix pcr extension for EV_NO_ACTION - test: Fix fapi-key-create-policy-signed-keyedhash with P_ECC384 profile - tcti_spi_helper_transmit: ensure FIFO is accessed only after TPM reports commandReady bit is set - fapi: Fix read large system eventlog (> UINT16_MAX). - esys tests: Fix layer check for TPM2_RC_COMMAND_CODE (for /dev/tpmrm0) - test: unit: tcti-libtpms: fix test failed at 32-bit platforms. - fapi: Fix possible null pointer dereferencing in Fapi_List. - sys: Fix size check in Tss2_Sys_GetCapability. - esys: Fix leak in Esys_TR_FromTPMPublic. - esys: fix unchecked return value in esys crypto. - fapi: Fix wrong usage of local variable in provisioning. - fapi: Fix memset 0 in ifapi_json_TPMS_POLICYNV_deserialize. - fapi: Fix possible out of bound array access in IMA parser. - tcti device: Fix possible unmarshalling from uninitialized variable. - fapi: Fix error checking authorization of signing key. - fapi: Fix cleanup of policy sessions. - fapi: Eventlog H-CRTM events and different localities. - fapi: Fix missing synchronization of quote and eventlog. - faii: Fix invalid free in Fapi_Quote with empty eventlog. + Added - tcti: LetsTrust-TPM2Go TCTI module spi-ltt2go. - mbedtls: add sha512 hmac. - fapi: Enable usage of external keys for Fapi_Encrypt. - fapi: Support download of AMD certificates. - tcti: Add USB TPM (FTDI MPSSE USB to SPI bridge) TCTI module. - fapi: The recreation of primaries (except EK) in the owner hierarchy instead the endorsement hierarchy is fixed. - rc: New TPM return codes added. - fapi: Further Nuvoton certificates added. - tpm_types/esys: Add support for Attestable TPM changes in latest TPM spec. - tcti: Add '/dev/tcm0' to default conf - fapi: New Nuvoton certificates added. - esys: Fix leak in Esys_TR_FromTPMPublic. + Removed - Testing on Ubuntu 18.04 as it's near EOL (May 2023). - tpm2-tss.keyring: added Andreas Fuchs 0x8F4F9A45D7FFEE74 key, documented in upstream repo, which was used for signing this new release tarball. - add new sub-package libtss2-tcti-spidev0: TCTI for communicating with a TPM connected directly via SPI. - add new sub-package libtss2-tcti-i2c-helper0: TCTI for communicating with a TPM connected directly via I2C. ==== wireplumber ==== Subpackages: libwireplumber-0_5-0 wireplumber-audio - Better fix for (bsc#1223916) that basically turns the main profile into the (to be in 0.5.3) video-only profile unless wireplumber-audio is installed which now turns the main profile into exactly upstream's main profile. - Add patch from upstream to fix a json log issue: * 0001-lua-json-fix-error-ouput.patch - Add patch from upstream to add a method to merge json containers: * 0002-lua-json-add-method-to-merge-json-containers.patch - Add patch from upstream to fix merging a particular case of configuration options: * 0003-json-utils-fix-overriding-of-non-container-values-when.patch - Fix wireplumber not starting successfully when audio support is not enabled since the main profile now requires it. The best option would be to use a video-only profile but it's too late to change the way wireplumber is started in SLE/Leap, so the solution just makes audio/bluetooth optional for now (bsc#1223916) * split-config-file.py ==== xxhash ==== - Fix ftbfs with gcc14: * use correct optflags also in %check * add test-tools-do-not-override-cflags.patch - Execute more tests