Packages changed: ImageMagick (7.1.1.40 -> 7.1.1.41) MozillaFirefox (132.0.1 -> 132.0.2) clazy (1.12git.20240630T203330~f3fb82c -> 1.13git.20240928T115050~ef4fa16) gstreamer-plugins-ugly (1.24.8 -> 1.24.9) libheif llvm18 llvm19 nvidia-open-driver-G06-signed-cuda openSUSE-release (20241117 -> 20241118) opensc (0.25.1 -> 0.26.0) patterns-media plymouth (22.02.122+94.4bd41a3 -> 22.02.122+180.b1d5aa9) yast2-trans (84.87.20241109.fe9daf12bb -> 84.87.20241115.093806fbe6) yast2-ycp-ui-bindings (5.0.0 -> 5.0.1) === Details === ==== ImageMagick ==== Version update (7.1.1.40 -> 7.1.1.41) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.41 * Fix compiler identification with Clang on Darwin in #7773 * revert map changes breaking ABI in #7768 ==== MozillaFirefox ==== Version update (132.0.1 -> 132.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 132.0.2 * Fixed possible errors when playing encrypted media content through some streaming providers. (bmo#1929491) * Added a mitigation to help reduce the frequency of duplicated push notifications reported by some users. (bmo#1928868) * Fixed hangs when printing from some sites when using the system print dialog. (bmo#1898184) * Fixed a crash which could occur when using Microsoft SSO on macOS (bmo#1929622) * Fixed a crash in the Network Monitor developer tool which could occur in some circumstances. (bmo#1924882) ==== clazy ==== Version update (1.12git.20240630T203330~f3fb82c -> 1.13git.20240928T115050~ef4fa16) - Update runtime requirements - Keep using LLVM 18 on Tumbleweed until upstream fixes compatibility with LLVM 19 - Update to version 1.13git.20240928T115050~ef4fa16: * Fix clang deprecations by porting to FileEntryRef * Use clazy helper to avoid startsWith->starts_with deprecation * [cmake] Adjust for non-installed LLVM * rule-of-three: Fix destructor not being found and thus causing false positive * Add test for qca clazy false positive * Fail if no Qt installation was found at all * Add Qt6 BSD CI * Only look for Qt5/Qt6 installs if respective CI job is running * Verbose ctest * Make tests work when clang library is different from system default * Move used-qunused to manuallevel for now * Add used-qunused check for identifying unneeded/wrong Q_UNUSED/void casts * Bump master to 1.13 ==== gstreamer-plugins-ugly ==== Version update (1.24.8 -> 1.24.9) Subpackages: gstreamer-plugins-ugly-lang - Update to version 1.24.9: + No changes, stable version bump only. ==== libheif ==== Subpackages: gdk-pixbuf-loader-libheif libheif-aom libheif-dav1d libheif-ffmpeg libheif-jpeg libheif-openjpeg libheif-rav1e libheif-svtenc libheif1 - Fix build for Tumbleweed - cleanup - build for 15: * openjpeg only for 16+ * require correct gcc version ==== llvm18 ==== Subpackages: libLLVM18 libclang-cpp18 - Apply clang-shlib-symbol-versioning.patch to add symbol versions to libclang-cpp.so similar to libLLVM.so. This is required when multiple versions of the library are loaded into the same process. (boo#1219405, boo#1221183, boo#1233220) ==== llvm19 ==== Subpackages: clang-tools clang19 libLLVM19 libclang-cpp19 libclang13 libclang_rt19 llvm19-gold - Apply clang-shlib-symbol-versioning.patch to add symbol versions to libclang-cpp.so similar to libLLVM.so. This is required when multiple versions of the library are loaded into the same process. (boo#1219405, boo#1221183, boo#1233220) ==== nvidia-open-driver-G06-signed-cuda ==== - kmp-trigger.sh: * avoid to return with exit code != 0 if no modules are loaded ==== openSUSE-release ==== Version update (20241117 -> 20241118) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== opensc ==== Version update (0.25.1 -> 0.26.0) Subpackages: opensc-bash-completion - Update to version 0.26.0 Security * CVE-2024-45615: Usage of uninitialized values in libopensc# and pkcs15init (#3225). * CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225) * CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225) * CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225) * CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225) * CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225) * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219) General improvements * Fix reselection of DF after error in PKCS#15 layer (#3067) * Unify OpenSSL logging throughout code (#2922) * Extend the p11test to support kryoptic (#3141) * Fix for error in PCSC reconnection (#3150) * Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer PKCS#15 * Documentation for PKCS#15 profile files (#3132) minidriver * Support PinCacheAlwaysPrompt usable for PIV cards (#3167) pkcs11-tool * Show URI when listing token information (#3125) and objects * Do not limit size of objects to 5000 bytes (#3174) * Add support for AES CMAC (#3184) * Add support for AES GCM encryption (#3195) * Add support for RSA OAEP encryption (#3175) * Add support for HKDF (#3193) * Implement better support for wrapping and unwrapping (#3198) * Add support for EdDSA sign and verify (#2979) pkcs15-crypt * Fix PKCS#1 encoding function to correctly detect padding type piv-tool * Fix RSA key generation (#3158) * Avoid possible state change when matching unknown card (#3112) sc-hsm-tool * Cleanse buffer with plaintext key share (#3226) pkcs11-register * Fix pkcs11-register defaults on macOS and Windows (#3053) IDPrime * Fix identification of IDPrime 840 cards (#3146) * Fix container mapping for IDPrime 940 cards (#3220) * Reorder ATRs for matching cards (#3154) OpenPGP * Fix state tracking after erasing card (#3024) Belpic * Disable Applet V1.8 (#3109) MICARDO * Deactivate driver (#3152) SmartCard-HSM * Fix signing with secp521r1 signature (#3157) eOI * Set model via sc_card_ctl function (#3189) Rutoken * increase the minimum PIN size to support Rutoken ECP BIO. JPKI * Adjust parameters for public key in PKCS#15 emulator (#3182) D-Trust * Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (#3240, #3248) - Drop patches (changes now in upstream): * opensc-CVE-2024-45615.patch * opensc-CVE-2024-45616.patch * opensc-CVE-2024-45617.patch * opensc-CVE-2024-45618.patch * opensc-CVE-2024-45619.patch * opensc-CVE-2024-45620.patch * opensc-CVE-2024-8443.patch ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Add required packages for FDE+TPM ==== plymouth ==== Version update (22.02.122+94.4bd41a3 -> 22.02.122+180.b1d5aa9) Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Remove plymouth-only_use_fb_for_cirrus_bochs.patch: Bochs and cirrus DRM drivers are fully compatible with plymouth. Remove the workaround that forces them to use fbdev. Resolves the blank screen after disabling fbdev interfaces.(bsc#1232727) - Set BOOT_TTY and SHUTDOWN_TTY to pre-Meson values. With Meson, the values BOOT_TTY and SHUTDOWN_TTY lose their defaults. As the given value of tty1 is not a full path name, plymouth fails to find the file and falls back to serial output. Restoring the _TTY defaults to /dev/tty1 and /dev/tty7 also restores graphics output. (bsc#1224150) - Update to 22.02.122+94.4bd41a3: * Port build system to Meson; * device-manager: Support kernels with CONFIG_VT=n; * Fix terminal crash; * terminal: Add API for flushing input buffer; * device-manager: Only wait for device timeout for framebuffer devices; * scripts: Update keymap-render script to handle xkb keymaps too; * drm: Add support for new /dev/input feature; * frame-buffer: Add support for new /dev/input feature; * src: Hide console text when splash is requested; * script: adds a new native GetCapslockState function to lib-plymouth; - Add plymouth-adapts-xkbommon.patch: xkbommon in openSUSE install to a specify location, this modify to make plymouth adapt with it to build. - Rebase plymouth-crash-avoid-on-keyboard-remove-input-handler.patch: To fit with the update. - Rebase plymouth-disable-fedora-logo.patch: To fit with the update. - Rebase plymouth-log-on-default.patch: To fit with the update. - Update plymouth.spec: To fit with the update. Make plymouth use Tumbleweed/Leap's logo instead of upstream's. - Drop plymouth-manpages.patch: openSUSE fix the problem in other side, "man 1 plymouth" and "man 8 plymouth" all works withouth this patch (bnc#871419). - Update plymouth.spec: Add service in installation, remove service in uninstallation based on systemd requirement. ==== yast2-trans ==== Version update (84.87.20241109.fe9daf12bb -> 84.87.20241115.093806fbe6) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20241115.093806fbe6: * New POT for text domain 'iscsi-client'. * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * New POT for text domain 'iscsi-client'. ==== yast2-ycp-ui-bindings ==== Version update (5.0.0 -> 5.0.1) - Fixed package / pattern examples (bsc#1233415) - 5.0.1