Packages changed: apache2-mod_php8 (8.3.12 -> 8.3.13) gpg2 (2.4.5 -> 2.5.1) gpgme gpgmeqt6 gstreamer-plugins-good kbd less libcryptui mailutils (3.16 -> 3.17) openSUSE-release (20241024 -> 20241025) patterns-base php8 (8.3.12 -> 8.3.13) pipewire (1.2.5 -> 1.2.6) python-gevent (24.10.1 -> 24.10.3) python-idna (3.8 -> 3.10) python-immutables (0.20 -> 0.21) python-numpy python-requests rubygem-ruby-augeas (0.5.0 -> 0.6.0) subversion usbutils (017 -> 018) zenity (4.0.2 -> 4.0.3) === Details === ==== apache2-mod_php8 ==== Version update (8.3.12 -> 8.3.13) - version update to 8.3.13 Calendar: Fixed GH-16240: jdtounix overflow on argument value. Fixed GH-16241: easter_days/easter_date overflow on year argument. Fixed GH-16263: jddayofweek overflow. Fixed GH-16234: jewishtojd overflow. CLI: Fixed bug GH-16137: duplicate http headers when set several times by the client. Core: Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator list while adding). Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception). Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame). Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline). DOM: Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c). Fixed bug GH-16149 (Null pointer dereference in DOMElement->getAttributeNames()). Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). Fixed bug GH-16150 (Use after free in php_dom.c). Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument). JSON: Fixed bug GH-15168 (stack overflow in json_encode()). GD: Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream). Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value) (David Carlier) Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream). LDAP: Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list). Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.). Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary). MBString: Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()). OpenSSL: Fixed stub for openssl_csr_new. PCRE: Fixed bug GH-16189 (underflow on offset argument). Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c). PHPDBG: Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error). Reflection: Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c). SAPI: Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request). SimpleXML: Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c). Sockets: Fixed bug GH-16267 (socket_strerror overflow on errno argument). SOAP: Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form). Fixed bug #62900 (Wrong namespace on xsd import error message). Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value). Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). Fix Soap leaking http_msg on error. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460). Fixed bug GH-16259 (Soap segfault when classmap instantiation fails). SPL: Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c). Standard: Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). Fixed bug GH-15169 (stack overflow when var serialization in ext/standard/var). Streams: Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c). Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c). TSRM: Prevent closing of unrelated handles. ==== gpg2 ==== Version update (2.4.5 -> 2.5.1) Subpackages: dirmngr gpg2-lang - Update to 2.5.1: * gpg: The support for composite Kyber+ECC public key algorithms does now use the final FIPS-203 and LibrePGP specifications. The experimental keys from 2.5.0 are no longer supported. [T6815] * gpg: New commands --add-recipients and --change-recipients. [T1825] * gpg: New option --proc-all-sigs. [T7261] * gpg: Fix a regression in 2.5.0 in gpgme's tests. [T7195] * gpg: Make --no-literal work again for -c and --store. [T5852] * gpg: Improve detection of input data read errors. [T6528] * gpg: Fix getting key by IPGP record (rfc-4398). [T7288] * gpgsm: New option --assert-signer. [T7286] * gpgsm: More improvements to PKCS#12 parsing to cope with latest IVBB changes. [T7213] * agent: Fix KEYTOCARD command when used with a loopback pinentry. [T7283] * gpg-mail-tube: Make sure GNUPGHOME is set in vsd mode. New option - -as-attach. [rG4511997e9e1b] * Now uses the process spawn API from libgpg-error. [T7192,T7194] * Removed the --enable-gpg-is-gpg2 configure time option. [rG2125f228d36c] * Rebase patches: - gnupg-add_legacy_FIPS_mode_option.patch - gnupg-revert-rfc4880bis.patch - gnupg-nobetasuffix.patch ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 - add python313.patch to enable python 3.13 building ==== gpgmeqt6 ==== - add python313.patch to enable python 3.13 building ==== gstreamer-plugins-good ==== Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang - Drop pkgconfig(libsoup-2.4) and pkgconfig(libsoup-gnome-2.4) BuildRequires: Build soup plugin linking only to libsoup-3.0. ==== kbd ==== - Enable libkfont - Rename libkeymap-devel to just kbd-devel (the recommendation is to reuse the SRPM base name) - Fix subpackage names and their dependencies. - Add missing ldconfig scriptlets. - Build libkeymap and create additional subpackages. ==== less ==== - Change preprocessor dependencies from Requires to Recommends. It's disabled by default and they are not necessary for less. ==== libcryptui ==== Subpackages: libcryptui-data libcryptui-lang libcryptui0 seahorse-daemon - Add GnuPG 2.5.x to the list of supported GnuPG versions. ==== mailutils ==== Version update (3.16 -> 3.17) Subpackages: libmailutils9 - Add patch MALLOC_PERTURB_.patch * Fix memory pool handling which otherwise cause failing mimeview due missing mime types due set MALLOC_PERTURB_ environment variable - Update to mailutils 3.17: * Use of TLS in pop3d and imap4d If not explicitly specified, the TLS mode to use (ondemand, connect, etc.) is derived from the configured port. E.g., for imap4d, port 143 implies ondemand mode, and port 993 implies connection mode. The global tls-mode setting is used only when the mode cannot be detemined otherwise, i.e. neither per-server tls-mode is given nor the port gives any clues as to the TLS mode to use. * Bugfixes + movemail: fix handling of -P option. + pop3d, imap4d: fix global timeout and transcript configuration statements + pop3d, imap4d: global tls-mode is used only when the mode to use cannot be determined otherwise. + pop3d, imap4d: if not set explicitly, derive tls mode from the port used. + Improve file safety checking routine. + Fix compilation with new gcc versions. - There is no mu-mailx ... only a mailx from package mailx ==== openSUSE-release ==== Version update (20241024 -> 20241025) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Remove openssl 1.0 related fips dependencies: openssl 1.0 is EOL and removed from Factory. ==== php8 ==== Version update (8.3.12 -> 8.3.13) Subpackages: php8-ctype php8-dom php8-iconv php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.3.13 Calendar: Fixed GH-16240: jdtounix overflow on argument value. Fixed GH-16241: easter_days/easter_date overflow on year argument. Fixed GH-16263: jddayofweek overflow. Fixed GH-16234: jewishtojd overflow. CLI: Fixed bug GH-16137: duplicate http headers when set several times by the client. Core: Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator list while adding). Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception). Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame). Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline). DOM: Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c). Fixed bug GH-16149 (Null pointer dereference in DOMElement->getAttributeNames()). Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). Fixed bug GH-16150 (Use after free in php_dom.c). Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument). JSON: Fixed bug GH-15168 (stack overflow in json_encode()). GD: Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream). Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value) (David Carlier) Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream). LDAP: Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list). Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.). Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary). MBString: Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()). OpenSSL: Fixed stub for openssl_csr_new. PCRE: Fixed bug GH-16189 (underflow on offset argument). Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c). PHPDBG: Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error). Reflection: Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c). SAPI: Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request). SimpleXML: Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c). Sockets: Fixed bug GH-16267 (socket_strerror overflow on errno argument). SOAP: Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form). Fixed bug #62900 (Wrong namespace on xsd import error message). Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value). Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). Fix Soap leaking http_msg on error. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460). Fixed bug GH-16259 (Soap segfault when classmap instantiation fails). SPL: Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c). Standard: Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). Fixed bug GH-15169 (stack overflow when var serialization in ext/standard/var). Streams: Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c). Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c). TSRM: Prevent closing of unrelated handles. ==== pipewire ==== Version update (1.2.5 -> 1.2.6) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-jack pipewire-lang pipewire-libjack-0_3 pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 1.2.6: + Highlights - The filter-chain param changes were not aggregated correctly, causing some param changes to be ignored. (#4331) - Clear the JACK io ports correctly when stopping to avoid crashes. (#4337) - Some more small fixes and improvements. + PipeWire - Stream states are now updated based on the underlying node state. - Exported nodes now have their state change done synchronously so that the server can immediately start the driver and avoid some initial xruns. - Improve stream flush handling and improve the docs. - Don't send mix_info to destroyed ports to avoid some errors in the JACK clients. + Modules - The filter-chain param changes were not aggregated correctly, causing some param changes to be ignored. (#4331) - The filter-chain now correctly optimizes unlinked nodes in all cases. + SPA - ALSA PCM node properties are now no longer overwritten with card properties. (#4135) - Increase the adapter retry count to avoid xruns in some cases. (#4334) - Fix potential crash in cleanup of ALSA nodes. + Bluetooth - Fix a crash with broadcast sinks. - Improve compatibility with Phonak hearing aids. - Don't exit when DBus goes down. + JACK - Clear the io ports correctly when stopping to avoid crashes. (#4337) + Docs - Backport docs from master. - Drop patches already included in upstream: * 0001-bluez5-fix-crash-with-broadcast-sinks.patch * 0002-jack-actually-clear-the-mix-io.patch ==== python-gevent ==== Version update (24.10.1 -> 24.10.3) - Update to 24.10.3 * Fix clearing stack frames on Python 3.13. This is invoked when you fork after having used the thread pool. * Distribute manylinux2014 wheels for x86_64. * Stop switching to the hub in the after fork hook in a child process. This could lead to strange behaviour, and is different than what all other versions of Python do. - from version 24.10.2 * Workaround a Cython bug compiling on GCC14. - Drop gh-2031-cython-workaround.patch, merged upstream ==== python-idna ==== Version update (3.8 -> 3.10) - Update to 3.10 * Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement. - from version 3.9 * Update to Unicode 16.0.0 * Deprecate setup.cfg in favour of pyproject.toml * Use ruff for code formatting ==== python-immutables ==== Version update (0.20 -> 0.21) - update to 0.21: * Drop typing_extensions dependency * Replace `_PyLong_Format` with `PyNumber_ToBase` ==== python-numpy ==== - Build with latest gcc for Leap 16.0 ==== python-requests ==== - Switch to pyproject macros. ==== rubygem-ruby-augeas ==== Version update (0.5.0 -> 0.6.0) - Update to version 0.6.0 which includes mostly distribution patches - remove arity-fix.patch as it is included in new release - remove COPYING.patch as it is included in new release ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - Fix build with Swig 4.3.0 (boo#1231590) * subversion-1.14.4-swig-4.3.0-swig-py.patch * subversion-1.14.4-swig-4.3.0-swig-rb.patch ==== usbutils ==== Version update (017 -> 018) - Update to version 018: * Add a manpage for lsusb.py * Add a manpage for usbreset * Add lsusb.py.1 to DISTCLEANFILES * usb-devices: fix bashism * man: remove version from the manual pages * README: add Contributing section * lsusb.py: mention both usb.ids paths * README: fix link, add DCO and SPDX details * lsusb: make internal API const-aware * lsusb: const annotate most data, re-enable -Wdiscarded-qualifiers * man: move manual pages in designated sub-folder * lsusb: drop the audioterminal hash table * lsusb: drop the videoterminal hash table * lsusb: drop the genericstrtable hash tables * editorconfig: add initial config file * lsusb: reformat and add trailing commas for multi-line arrays * usb-spec: move the opening curly brackets to end of line * Include "negotiated speed" in device dump * lsusb: remove autotools checks for iconv * lsusb: remove byteswap.h check * lsusb: always include config.h * usbutils: remove usbutils.pc * usbutils: convert build system to use meson * usbutils.spdx: update file based on recent file movements * lsusb: fix memory leak in libusb * lsusb: billboard alternate mode is in little endian format * README: update based on build tool changes * lsusb: add support to show superspeed++ * usbhid-dump: clean up meson.build a bit * usbutils.spdx: update the SPDX file * LICENSE: add LGPL-2.1 license text * usbutils.spdx: update the data * update usbutils.spdx file * lsusb-t: get rid of custom list.h logic * LICENSES: add CC0 and MIT licenses * lsusb-t: fix memory leak * justfile: add some more targets * usbutils.spdx: update based on file additions * usbutils.spdx: update due to new file and checksums * usbreset: replace some unbounded strcpy() calls * sysfs.c: fix an theoretical issue with snprintf() * usbutils.spdx: update checksums * usbmisc: fix possible stack-buffer-overflow Running lsusb with -D argument and path, which len is more than PATH_MAX + 1, cause stack-buffer-overflow because of copy to the buf a string without null-terminator Force setting 0 byte to the end of the buf fixes this error Fix #190 * update ccid descriptor dumping to V1.1 spec * usb-devices: Fix usb-devices with busybox * Do not warn about missing LPM bit when not required * lsusb: add VideoControl Endpoint Descriptor - Switch to meson build system - Drop usbutils-devel package * the only file in there was usbutils.pc usbutils.pc was removed by upstream with v018 https://github.com/gregkh/usbutils/commit/bdadae186382daa8b517b960f154432787f8877b - Add patch: * usbutils-enable-usbreset.patch ==== zenity ==== Version update (4.0.2 -> 4.0.3) Subpackages: zenity-lang - Update to version 4.0.3: + progress: - Support markup on label update STDIN - Properly setup custom ok/cancel labels + color: Properly support custom ok/cancel labels + test: Add test for custom ok/cancel buttons + Updated translations.