Packages changed: 389-ds (3.1.1~git13.a9c7ff9 -> 3.1.1~git57.65773c3) Mesa Mesa-drivers MozillaFirefox (132.0.2 -> 133.0) cairo container-selinux (2.232.1 -> 2.233.0) file (5.45 -> 5.46) gimp glib2 gnome-session gpgme gpgmeqt6 grub2 libpwquality libreoffice (24.8.2.1 -> 24.8.3.2) libssh (0.10.6 -> 0.11.1) openSUSE-release (20241127 -> 20241130) python-gobject python-setuptools (72.1.0 -> 75.6.0) python311-packaging (24.1 -> 24.2) qt6-wayland selinux-policy (20241105 -> 20241118) sqlite3 (3.46.1 -> 3.47.1) system-config-printer unbound webkit2gtk3 (2.46.3 -> 2.46.4) yast2-storage-ng (5.0.21 -> 5.0.22) === Details === ==== 389-ds ==== Version update (3.1.1~git13.a9c7ff9 -> 3.1.1~git57.65773c3) Subpackages: lib389 libsvrcore0 - Remove 389-ds-link-icu-uc.patch - upstreamed - Update to version 3.1.1~git57.65773c3: * Issue 6340 - RFE - extract keys once (#6413) * Issue 6415 - BUG - Incorrect icu linking (#6416) * Issue 6420 - Update dsidm user get_dn test (#6421) * Issue 6258 - Resolve race condition for two tests in health_config.py * Bump cross-spawn from 7.0.3 to 7.0.6 in /src/cockpit/389-console (#6407) * Issue 6386 - backup/restore broken after db log rotation (#6406) * Issue 6401 - Remove logging macros * Issue 6404 - UI - Add npm pretter package * Issue 6374 - nsslapd-mdb-max-dbs autotuning doesn't work properly (#6400) * Issue 5842 - Add log buffering for error log * Issue 6397 - Remove deprecated setting for HR time stamps in logs * Issue 6390 - Adjust cleanAllRUV max per txn and interval limits * Issue 6349 - RFE - extract keys once (#6363) (#6394) * Issue 6387 - Use make macro in the spec file * Issue 6359 - Add exception to GPL license in license tag * Issue 6381 - CleanAllRUV - move changelog purging to the very end of the task * Issue 5920 - pamModuleIsThreadSafe is missing in the schema * Issue 6377 - syntax error in setup.py (#6378) * Issue 6349 - RFE - Use previously extracted key path (#6363) * Issue 6067 - Update dsidm to prioritize basedn from .dsrc over interactive input (#6362) * Issue 6347 - better fix for desyncronized vlv cache (#6358) * Issue 6243 - dsctl bdb2mdb should cleanly fail if bundled libdb is not available (#6351) * Issue 6331 - UI - Instance fails to load when DB backup directory doesn't exist (#6332) * Issue 6356 - On LMDB, after an update the impact VLV index, the vlv recno cache is not systematically cleared (#6357) * Issue 6056 - WebUI supports only instances with BDB (#6299) * Issue 6339 - Address Coverity scan issues in memberof and bdb_layer (#6353) * Issue 6328 - vlv control may not be logged (#6354) * Issue 6347 - VLV search sometime fails with operation error (#6349) * Issue 6343 - Improve online import robustness when the server is under load * Issue 6345 - Ensure all slapi_log_err calls end format strings with newline character \n (#6346) * Issue 6064 - bdb2mdb shows errors (#6341) * Issue 6336 - Fix failing CI tests (roles) due to slow import (#6337) * Fix duplicate detection logic by ensuring exact match on string length (#6333) * Issue 6304 - RFE when memberof is enabled, defer updates of members from the update of the group (#6305) * Issue 6329 - lmdb typo in error log notice message (#6330) * Issue 6324 - Provide more information in the error message during setup_ol_tls_conn() (#6325) * Issue 5965 - UI, CLI - Fix Account Policy Plugin functionality issues (#6323) * Issue 6188 - Check if nsslapd-haproxy-trusted-ip attribute is returned in default schema * Issue 6319 - bdb subpackage has `%description` in the wrong place * Issue 6321 - lib389 get_db_lib function may returns the wrong db type (#6322) * Issue 6245 - Fix some other coverity scan regressions (#6273) * Issue 6316 - lmdb reindex is broken if index type is specified (#6318) * Issue 6090 - Fix dbscan options and man pages (#6315) * Issue 6307 - Wrong set of entries returned for some search filters (#6308) ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - trying to make buildservice happy by adding both tarballs to specfile ... - on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167) - adjusted patches for Mesa 24.1.7: * python36-buildfix1-s390x.patch * u_dep_xcb-s390x.patch * u_mesa-CVE-2023-45913-s390x.patch ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - trying to make buildservice happy by adding both tarballs to specfile ... - on s390x build Mesa 24.1.7 to fix colors with Xvnc (boo#1233167) - adjusted patches for Mesa 24.1.7: * python36-buildfix1-s390x.patch * u_dep_xcb-s390x.patch * u_mesa-CVE-2023-45913-s390x.patch ==== MozillaFirefox ==== Version update (132.0.2 -> 133.0) Subpackages: MozillaFirefox-branding-upstream - Mozilla Firefox 133.0 https://www.mozilla.org/en-US/firefox/133.0/releasenotes MFSA 2024-63 (bsc#1233695) * CVE-2024-11691 (bmo#1914707, bmo#1924184) Memory corruption in Apple GPU drivers * CVE-2024-11700 (bmo#1836921) Potential Tapjacking Exploit for Intent Confirmation on Android * CVE-2024-11692 (bmo#1909535) Select list elements could be shown over another site * CVE-2024-11701 (bmo#1914797) Misleading Address Bar State During Navigation Interruption * CVE-2024-11702 (bmo#1918884) Inadequate Clipboard Protection in Private Browsing Mode on Android * CVE-2024-11693 (bmo#1921458) Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 (bmo#1924167) CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 (bmo#1925496) URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11703 (bmo#1928779) Password access without authentication via PIN bypass on Android * CVE-2024-11696 (bmo#1929600) Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 (bmo#1842187) Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11704 (bmo#1899402) Potential Double-Free Vulnerability in PKCS#7 Decryption Handling * CVE-2024-11698 (bmo#1916152) Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11705 (bmo#1921768) Null Pointer Dereference in NSC_DeriveKey * CVE-2024-11706 (bmo#1923767) Null Pointer Dereference in PKCS#12 Utility * CVE-2024-11708 (bmo#1922912) Data race with PlaybackParams * CVE-2024-11699 (bmo#1880582, bmo#1929911) Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 - requires NSS 3.106 - remove obsolete mozilla-python313.patch - add mozilla-python313.patch to fix build with python 3.13+ ==== cairo ==== Subpackages: libcairo-gobject2 libcairo-script-interpreter2 libcairo2 - Convert to source service: allows for easier upgrades by the GNOME team. ==== container-selinux ==== Version update (2.232.1 -> 2.233.0) - Update to version 2.233.0: * container_engine_t: small change to allow non root exec in a container * RPM: explicitly list ghosted paths and skip mode verification * container-selinux install on non selinux-policy-targeted systems (#332) * set container_log_t type for /var/log/kube-apiserver * Allow kubelet_t to create a sock file kubelet_var_lib_t * dontaudit spc_t to mmap_zero * Packit: update targets (#330) * container_engine_t: another round of small improvements (#327) * Allow container_device_plugin_t to use the network (#325) * RPM: cleanup changelog (#324) * TMT: Simplify tests ==== file ==== Version update (5.45 -> 5.46) Subpackages: file-magic libmagic1 - Update to 5.46: * Add OFFPOSITIVE * avoid leaking symbols in libmagic * PR/562: jsummers: Search/regex offsets are absolute to the beginning of the file, so adjust them by subtracting the offset that the "use" starts so that we don't double-count it. * PR/543: matshch: bump nbuf so we can get the flags into the buffer. * Add Android elf notes (enh) * Add limit for number of magic warnings allowed * check regex bounds (found by clusterfuzz) - Remove patch file-5.45-type_t.dif now upstream - Port patches * file-4.24-autoconf.dif * file-5.17-option.dif * file-5.18-javacheck.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.22-elf.dif * file-5.28-btrfs-image.dif * file-5.45-type_t.dif * file-secure_getenv.patch - Port patch file-5.45.dif and rename it to file-5.46.dif * Note that our kernel magics do not fit anymore as upstream now has a huge rework and extended features ==== gimp ==== Subpackages: gimp-plugin-aa libgimp-2_0-0 libgimpui-2_0-0 - Fix jpeg-xl disabling, use proper with/without - Disable jpeg-xl support on SLES < 16.0 (SP6, SP7) libjxl is only in Leap/PackageHUB but not in SLES. Leap gets gimp binary rpms from SLES. (helps to fix bsc#1233157) - Re-adding dropped references compared to SLES 15 SP6 changelog CVE-2022-32990 CVE-2023-44441 CVE-2023-44442 CVE-2023-44443 CVE-2023-44444 bsc#1201192 bsc#1217160 bsc#1217161 bsc#1217162 bsc#1217163 ==== glib2 ==== Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 typelib-1_0-GLib-2_0 typelib-1_0-GModule-2_0 typelib-1_0-GObject-2_0 typelib-1_0-Gio-2_0 - Have the glib2-tools postun trigger exit normally if glib2-compile-schemas can't be run. Fixes error when uninstalling if libgio is uninstalled first (bsc#1231463). ==== gnome-session ==== Subpackages: gnome-session-core gnome-session-wayland gnome-session-xsession - Build gnome-session-wayland also on s390x: It was originally excluded because xwayland did not exist. That has been solved in 2021 though. ==== gpgme ==== Subpackages: libgpgme11 libgpgmepp6 - Add gpgme-fix-python-install.patch: Fix the installation of the python bindings without having to move them around manually. ==== gpgmeqt6 ==== - Add gpgme-fix-python-install.patch: Fix the installation of the python bindings without having to move them around manually. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-common grub2-snapper-plugin grub2-systemd-sleep-plugin - Support s390x Secure Execution (jsc#PED-9531) * grub2-s390x-secure-execution-support.patch - Update grub2-s390x-set-hostonly.patch to add the patch header and the description ==== libpwquality ==== Subpackages: libpwquality1 pam_pwquality - Drop python 2.x support (it's been 4 years). - Add python3-setuptools BuildRequires which is needed for distutils. ==== libreoffice ==== Version update (24.8.2.1 -> 24.8.3.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-qt6 libreoffice-writer libreofficekit - Update to 24.8.3.2 (24.8.3 final) * Release notes: https://wiki.documentfoundation.org/Releases/24.8.3/RC1 https://wiki.documentfoundation.org/Releases/24.8.3/RC2 - Update bundled dependencies: * curl 8.10.1 -> 8.11.0 - New translation: Tagalog ==== libssh ==== Version update (0.10.6 -> 0.11.1) Subpackages: libssh-config libssh4 - Update to version 0.11.1: * Fixed default TTY modes that are set when stdin is not connected to tty. * Fixed zlib cleanup procedure, which could crash on i386. * Various test fixes improving their stability. * Remove 0001-disable-timeout-test-on-slow-buildsystems.patch to enable slow tests also in s390 s390x ppc64le. - Set BuildArch: noarch for the config package as it only ships configuration files. - Update to version 0.11.0 https://www.libssh.org/2024/08/08/libssh-0-11-0-release/ - Updated 0001-disable-timeout-test-on-slow-buildsystems.patch - Removed libssh-fix-ipv6-hostname-regression.patch ==== openSUSE-release ==== Version update (20241127 -> 20241130) Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== python-gobject ==== Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo - Add python-pygobject provides: help packages to eliminate rpmlint warnings when comparing requrements.txt vs the packages depdency. 'pygobject' is the proper upstream name. ==== python-setuptools ==== Version update (72.1.0 -> 75.6.0) - remove duplicated "uses_network" skip - Skip over the tests which require network. - Don't use pytest-xdist, it breaks test suite. - update to 75.6.0: * Preserve original PKG-INFO into METADATA when creating wheel (instead of calling wheel.metadata.pkginfo_to_metadata). This helps to be more compliant with the flow specified in PEP 517. * Changed the WindowsSdkVersion, FrameworkVersion32 and FrameworkVersion64 properties of setuptools.msvc.PlatformInfo to return an empty tuple instead of None as a fallthrough case -- by :user:`Avasam` - update to 75.5.0: * Removed support for SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION, as it is deemed prone to errors. * Added support for the environment variable SETUPTOOLS_DANGEROUSLY_SKIP_PYPROJECT_VALIDATION=true, allowing users to bypass the validation of pyproject.toml. This option should be used only as a last resort when resolving dependency issues, as it may lead to improper functioning. Users who enable this setting are responsible for ensuring that pyproject.toml complies with setuptools requirements. (#4611) Attention! This environment variable was removed in a later version of setuptools. * Require Python 3.9 or later. (#4718) * Remove dependency on importlib_resources and the vendored copy of the library. Instead, setuptools consistently rely on stdlib's importlib.resources (available on Python 3.9+). (#4718) * Setuptools' bdist_wheel implementation no longer produces wheels with the m SOABI flag (pymalloc-related). This flag was removed on Python 3.8+ (see :obj:`sys.abiflags`). (#4718) * Updated vendored packaging version to 24.2. (#4740) * Merge with pypa/distutils@251797602, including fix for dirutil.mkpath handling in pypa/distutils#304. * Allowed using dict as an ordered type in setuptools.dist.check_requirements -- by :user:`Avasam` * Ensured methods in setuptools.modified preferably raise a consistent distutils.errors.DistutilsError type (except in the deprecated use case of SETUPTOOLS_USE_DISTUTILS=stdlib) - - by :user:`Avasam` * Fix the ABI tag when building a wheel using the debug build of Python 3.13 on Windows. Previously, the ABI tag was missing the "d" flag. * Fix clashes for optional-dependencies in pyproject.toml and extra_requires in setup.cfg/setup.py. As per PEP 621, optional-dependencies have to be honoured and dynamic behaviour is not allowed. * #4560 * Made errors when parsing Distribution data more explicit about the expected type (tuple[str, ...] | list[str]) -- by :user:`Avasam` * Fix a TypeError when a Distribution's old included attribute was a tuple -- by :user:`Avasam` * Add workaround for bdist_wheel --dist-info-dir errors when customisation does not inherit from setuptools. * Re-use pre-existing .dist-info dir when creating wheels via the build backend APIs (PEP 517) and the metadata_directory argument is passed -- by :user:`pelson`. * Changed egg_info command to avoid adding an empty .egg-info directory while iterating over entry-points. This avoids triggering integration problems with importlib.metadata/importlib_metadata (reference: pypa/pyproject-hooks#206). * Deprecated bdist_wheel.universal configuration. * Removed reference to upload_docs module in entry points. * Declare also the dependencies used by distutils (adds jaraco.collections). * Removed upload_docs command. * Merge with pypa/distutils@7283751. Removed the register and upload commands and the config module that backs them (pypa/distutils#294). Removed the borland compiler. Replaced vendored dependencies with natural dependencies. Cygwin C compiler now gets compilers from sysconfig (pypa/distutils#296). * Fix cross-platform compilation using distutils._msvccompiler.MSVCCompiler -- by :user:`saschanaz` and :user:`Avasam` * Fixed TypeError in sdist filelist processing by adding support for pathlib Paths for the build_base. * Removed degraded and deprecated test_integration (easy_install) from the test suite. * Fixed TypeError in msvc.EnvironmentInfo.return_env when no runtime redistributables are installed. * Added support for defining ext-modules via pyproject.toml (EXPERIMENTAL, may change in future releases). * Merge with pypa/distutils@3dcdf8567, removing the duplicate vendored copy of packaging. * Restored setuptools.msvc.Environmentinfo as it is used externally. * Changed the type of error raised by setuptools.command.easy_install.CommandSpec.from_param on unsupported argument from AttributeError to TypeError -- by :user:`Avasam` * Added detection of ARM64 variant of MSVC -- by :user:`saschanaz` * Made setuptools.package_index.Credential a typing.NamedTuple - - by :user:`Avasam` ... changelog too long, skipping 43 lines ... get_msvcr() (pypa/distutils#274). ==== python311-packaging ==== Version update (24.1 -> 24.2) - update to 24.2: * PEP 639: Implement License-Expression and License-File (:issue:`828`) * Use !r formatter for error messages with filenames (:issue:`844`) * Add support for PEP 730 iOS tags (:issue:`832`) * Fix prerelease detection for > and < (:issue:`794`) * Fix uninformative error message (:issue:`830`) * Refactor canonicalize_version (:issue:`793`) * Patch python_full_version unconditionally (:issue:`825`) * Fix doc for canonicalize_version to mention strip_trailing_zero and a typo in a docstring (:issue:`801`) * Fix typo in Version __str__ (:issue:`817`) * Support creating a SpecifierSet from an iterable of Specifier objects (:issue:`775`) ==== qt6-wayland ==== Subpackages: libQt6WaylandClient6 libQt6WaylandCompositor6 libQt6WaylandEglClientHwIntegration6 libQt6WaylandEglCompositorHwIntegration6 libQt6WlShellIntegration6 - Add patch to fix crash when unplugging a graphics tablet: * 0001-client-Redo-management-of-tablet-object-proxies.patch ==== selinux-policy ==== Version update (20241105 -> 20241118) Subpackages: selinux-policy-targeted - Update to version 20241118: * Add workaround for /run/rpmdb lockfile (bsc#1231127) * Add dedicated health-checker module (bsc#1231127) - Packaging rework: moving all config files to git repository https://gitlab.suse.de/selinux/selinux-policy - Moved booleans to dist/*/booleans.conf and dropped from package: * booleans-minimum.conf - user facing change: boolean settings are now the same as in upstream * booleans-mls.conf - user facing change: boolean settings are now the same as in upstream * booleans-targeted.conf - user facing change: kerberos_enabled boolean was not enabled due to a bug, now it is enabled - Moved booleans.subs_dist to dist/booleans.subs_dist and dropped from package - Moved customizable_types to dist/customizable_types and dropped from package - user facing change: using upstream version - Moved file_contexts.subs_dist to config/file_contexts.subs_dist and dropped from package - user facing change: changed systemd entries in file_contexts.subs_dist: /run/systemd/system -> dropped from file /run/systemd/generator.early /run/systemd/generator /run/systemd/generator.late /run/systemd/generator - Moved modules config to dist/<policytype>/modules.conf and dropped from package: - user facing change: minimum policy: modules base and contrib are merged into modules.lst and modules-enabled.lst was added which contains the enabled modules, replacing modules-minimum-disable.lst * modules-minimum-base.conf * modules-minimum-contrib.conf * modules-minimum-disable.lst * Added: modules-minimum.lst - user facing change: mls policy: modules base + contrib are merged into modules.lst * modules-mls-base.conf * modules-mls-contrib.conf - user facing change: targeted policy: modules base + contrib are merged into modules.lst: * modules-targeted-base.conf * modules-targeted-contrib.conf - Moved securetty config to config/appconfig-<policytype>/securetty_types and dropped from package - user facing change: using upstream version for all policy types * securetty_types-minimum * securetty_types-mls * securetty_types-targeted - Moved setrans config to dist/<policytype>/setrans.conf and dropped from package * setrans-minimum.conf * setrans-mls.conf * setrans-targeted.conf - Moved users config to dist/<policytype>/users and dropped from package * users-minimum - user facing change: added guest_u and xguest_u * users-mls * users-targeted - Fix debug-build.sh to follow symlinks when creating the tarball - Update embedded container-selinux version to commit: * 3f06c141bebc00a07eec4c0ded038aac4f2ae3f0 - Update to version 20241107: * Re-add kanidm module to dist/targeted/modules.conf * Add SUSE-specific file contexts to file_contexts.subs_dist * Disallow execstack in dist/minimum/booleans.conf * Add SUSE-specific booleans to dist/targeted/booleans.conf * Add SUSE specific modules to targeted modules.conf * Label /var/cache/systemd/home with systemd_homed_cache_t * Allow login_userdomain connect to systemd-homed over a unix socket * Allow boothd connect to systemd-homed over a unix socket * Allow systemd-homed get attributes of a tmpfs filesystem * Allow abrt-dump-journal-core connect to systemd-homed over a unix socket * Allow aide connect to systemd-homed over a unix socket * Label /dev/hfi1_[0-9]+ devices * Remove the openct module sources * Remove the timidity module sources * Enable the slrn module * Remove i18n_input module sources * Enable the distcc module * Remove the ddcprobe module sources * Remove the timedatex module sources * Remove the djbdns module sources * Confine iio-sensor-proxy * Allow staff user nlmsg_write * Update policy for xdm with confined users * Allow virtnodedev watch mdevctl config dirs * Allow ssh watch home config dirs * Allow ssh map home configs files * Allow ssh read network sysctls * Allow chronyc sendto to chronyd-restricted * Allow cups sys_ptrace capability in the user namespace * Add policy for systemd-homed * Remove fc entry for /usr/bin/pump * Label /usr/bin/noping and /usr/bin/oping with ping_exec_t * Allow accountsd read gnome-initial-setup tmp files * Allow xdm write to gnome-initial-setup fifo files * Allow rngd read and write generic usb devices * Allow qatlib search the content of the kernel debugging filesystem * Allow qatlib connect to systemd-machined over a unix socket * mls/modules.conf - fix typo * Use dist/targeted/modules.conf in build workflow * Fix default and dist config files * Allow unprivileged user watch /run/systemd * CI: update to actions/checkout@v4 * Allow boothd connect to kernel over a unix socket * Clean up and sync securetty_types * Bring config files from dist-git into the source repo * Confine gnome-remote-desktop * Allow virtstoraged execute mount programs in the mount domain * Make mdevctl_conf_t member of the file_type attribute ==== sqlite3 ==== Version update (3.46.1 -> 3.47.1) Subpackages: libsqlite3-0 sqlite3-tcl - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the "install" target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like "SELECT func(a) FROM tab GROUP BY 1" only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the "order-by-subquery" optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The "indexed-subtype-expr" optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the "long double" data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript "opfs" VFS. Correct "mode=ro" handling for the "opfs" VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. ==== system-config-printer ==== Subpackages: python3-cupshelpers system-config-printer-applet system-config-printer-common system-config-printer-dbus-service udev-configure-printer - Add installation-root-dir-from-setup.patch gh#OpenPrinting/system-config-printer#361 to fix cupshelpers installation. ==== unbound ==== Subpackages: libunbound8 unbound-anchor - add workaround for bug https://github.com/NLnetLabs/unbound/issues/509 Starting up with 127.0.0.1 in the /etc/resolv.conf leads to long delays if the anchor update is being run as ExecStartPre in the unbound service ==== webkit2gtk3 ==== Version update (2.46.3 -> 2.46.4) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.46.4: + Improve memory consumption and performance of Canvas getImageData. + Fix preserve-3D intersection rendering. + Fix video dimensions since GStreamer 1.24.9. + Fix the HTTP-based remote Web Inspector not loading in Chromium. + Fix content filters not working on about:blank iframes. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-44308, CVE-2024-44309. - Drop patches fixed upstream: + 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch + webkit2gtk3-CVE-2024-44308.patch + webkit2gtk3-CVE-2024-44309.patch ==== yast2-storage-ng ==== Version update (5.0.21 -> 5.0.22) - Mount '/mnt/run' as private to avoid mount points propagation (gh#yast/yast-storage-ng#1395) - 5.0.22