Packages changed: apparmor (3.1.6 -> 3.1.7) gcc13 imlib2 (1.12.1 -> 1.12.2) kernel-source (6.7.2 -> 6.7.4) libapparmor (3.1.6 -> 3.1.7) microos-tools (2.21+git9 -> 2.21+git11) numactl (2.0.17.4.g63befa8 -> 2.0.17.8.g67984e5) patterns-microos webkit2gtk3 (2.42.4 -> 2.42.5) webkit2gtk4 (2.42.4 -> 2.42.5) yast2-installation (5.0.5 -> 5.0.6) === Details === ==== apparmor ==== Version update (3.1.6 -> 3.1.7) Subpackages: apparmor-abstractions apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang python3-apparmor - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== gcc13 ==== Subpackages: cpp13 libatomic1 libgcc_s1 libgfortran5 libgomp1 libobjc4 libquadmath0 libstdc++6 libstdc++6-locale libstdc++6-pp libubsan1 - Use %{_target_cpu} to determine host and build. ==== imlib2 ==== Version update (1.12.1 -> 1.12.2) Subpackages: imlib2-loaders libImlib2-1 - update to 1.12.2: * Fixes for Y4M, ANI, PNG and JPG loaders ==== kernel-source ==== Version update (6.7.2 -> 6.7.4) - Linux 6.7.4 (bsc#1012628). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (bsc#1012628). - powerpc/mm: Fix null-pointer dereference in pgtable_cache_add (bsc#1012628). - arm64: irq: set the correct node for VMAP stack (bsc#1012628). - drivers/perf: pmuv3: don't expose SW_INCR event in sysfs (bsc#1012628). - powerpc: Fix build error due to is_valid_bugaddr() (bsc#1012628). - powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() (bsc#1012628). - powerpc/64s: Fix CONFIG_NUMA=n build due to create_section_mapping() (bsc#1012628). - x86/boot: Ignore NMIs during very early boot (bsc#1012628). - powerpc: pmd_move_must_withdraw() is only needed for CONFIG_TRANSPARENT_HUGEPAGE (bsc#1012628). - powerpc/lib: Validate size for vector operations (bsc#1012628). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (bsc#1012628). - sched/numa: Fix mm numa_scan_seq based unconditional scan (bsc#1012628). - perf/core: Fix narrow startup race when creating the perf nr_addr_filters sysfs file (bsc#1012628). - debugobjects: Stop accessing objects after releasing hash bucket lock (bsc#1012628). - sched/fair: Fix tg->load when offlining a CPU (bsc#1012628). - regulator: core: Only increment use_count when enable_count changes (bsc#1012628). - audit: Send netlink ACK before setting connection in auditd_set (bsc#1012628). - ACPI: tables: Correct and clean up the logic of acpi_parse_entries_array() (bsc#1012628). - ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (bsc#1012628). - PNP: ACPI: fix fortify warning (bsc#1012628). - ACPI: extlog: fix NULL pointer dereference check (bsc#1012628). - selftests/nolibc: fix testcase status alignment (bsc#1012628). - ACPI: NUMA: Fix the logic of getting the fake_pxm value (bsc#1012628). - kunit: tool: fix parsing of test attributes (bsc#1012628). - kunit: Reset test->priv after each param iteration (bsc#1012628). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (bsc#1012628). - ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (bsc#1012628). - OPP: The level field is always of unsigned int type (bsc#1012628). - thermal: core: Fix thermal zone suspend-resume synchronization (bsc#1012628). - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (bsc#1012628). - UBSAN: array-index-out-of-bounds in dtSplitRoot (bsc#1012628). - jfs: fix slab-out-of-bounds Read in dtSearch (bsc#1012628). - jfs: fix array-index-out-of-bounds in dbAdjTree (bsc#1012628). - jfs: fix uaf in jfs_evict_inode (bsc#1012628). - hwrng: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: p10-aes-gcm - Avoid -Wstringop-overflow warnings (bsc#1012628). - pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1012628). - erofs: fix up compacted indexes for block size < 4096 (bsc#1012628). - crypto: starfive - Fix dev_err_probe return error (bsc#1012628). - crypto: octeontx2 - Fix cptvf driver cleanup (bsc#1012628). - erofs: fix ztailpacking for subpage compressed blocks (bsc#1012628). - crypto: stm32/crc32 - fix parsing list of devices (bsc#1012628). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (bsc#1012628). - rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() (bsc#1012628). - jfs: fix array-index-out-of-bounds in diNewExt (bsc#1012628). - s390/boot: always align vmalloc area on segment boundary (bsc#1012628). - arch: consolidate arch_irq_work_raise prototypes (bsc#1012628). - arch: fix asm-offsets.c building with -Wmissing-prototypes (bsc#1012628). - s390/vfio-ap: fix sysfs status attribute for AP queue devices (bsc#1012628). - s390/ptrace: handle setting of fpc register correctly (bsc#1012628). - KVM: s390: fix setting of fpc register (bsc#1012628). - sysctl: Fix out of bounds access for empty sysctl registers (bsc#1012628). - SUNRPC: Fix a suspicious RCU usage warning (bsc#1012628). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1012628). - smb: client: fix renaming of reparse points (bsc#1012628). - smb: client: fix hardlinking of reparse points (bsc#1012628). - cifs: fix in logging in cifs_chan_update_iface (bsc#1012628). - ecryptfs: Reject casefold directory inodes (bsc#1012628). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1012628). - ext4: unify the type of flexbg_size to unsigned int (bsc#1012628). - ext4: remove unnecessary check from alloc_flex_gd() (bsc#1012628). ... changelog too long, skipping 1153 lines ... - commit f71b395 ==== libapparmor ==== Version update (3.1.6 -> 3.1.7) - Update to AppArmor 3.1.7 - aa-logprof: don't skip exec events in hats - fix aa-cleanprof to work with named profiles - add permissions in various abstractions - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.7 for the full list of changes - drop upstreamed apparmor-systemd-sessions.patch ==== microos-tools ==== Version update (2.21+git9 -> 2.21+git11) - Update to version 2.21+git11: * Install man-online alias only for bash ==== numactl ==== Version update (2.0.17.4.g63befa8 -> 2.0.17.8.g67984e5) Subpackages: libnuma1 - Update to version 2.0.17.8.g67984e5: * numastat: Print package version number instead of own. * numastat: Remove commented out perl code * Check for MPOL_PREFERRED_MANY lazily * libnuma: add numa_set_mempolicy_home_node API ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap - Add "Requires: steam-devices" for both Gnome and KDE * This package is just a small set of udev rules for controller support, and is one of the more common reasons for end users to need to interact with transactional-update, no good reason to not include it in the desktop patterns ==== webkit2gtk3 ==== Version update (2.42.4 -> 2.42.5) Subpackages: WebKitGTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== webkit2gtk4 ==== Version update (2.42.4 -> 2.42.5) Subpackages: WebKitGTK-6.0-lang libjavascriptcoregtk6_0-1 libwebkitgtk6_0-4 webkitgtk-6_0-injected-bundles - Update to version 2.42.5 (boo#1219604): + Fix webkit_web_context_allow_tls_certificate_for_host to handle IPv6 URIs produced by SoupURI. + Ignore stops with offset zero before last one when rendering gradients with cairo. + Write bwrapinfo.json to disk for xdg-desktop-portal. + Fix gamepads detection by correctly handling focused window in GTK4. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-23222, CVE-2024-23206, CVE-2024-23213. - Drop webkit2gtk3-CVE-2024-23222.patch: fixed upstream. - Add webkit2gtk3-llint-build-fix.patch: fix the build for non-x86 architectures. ==== yast2-installation ==== Version update (5.0.5 -> 5.0.6) - Restore the selected products after reloading the package manager, properly install all products for new modules and extensions when upgrading from SLE12 (bsc#1218391) - 5.0.6