Packages changed: MicroOS-release (20240705 -> 20240708) gstreamer-plugins-good harfbuzz (8.5.0 -> 9.0.0) installation-images-MicroOS (17.130 -> 17.131) krb5 (1.21.2 -> 1.21.3) libksba (1.6.6 -> 1.6.7) libndp libphonenumber (8.13.30 -> 8.13.40) openssh qt6-base snapper (0.11.0 -> 0.11.1) speech-dispatcher === Details === ==== MicroOS-release ==== Version update (20240705 -> 20240708) Subpackages: MicroOS-release-appliance MicroOS-release-dvd - automatically generated by openSUSE-release-tools/pkglistgen ==== gstreamer-plugins-good ==== - Enable qt6 support: + Add subpackage for qml6glsink + BuildRequires: add qt6-gui-private-devel (same as Qt5) + BuildRequires: add pkgconfig(Qt6Widgets) (additionally required for Qt6) + Leap: use compiler supporting c++17 by default ==== harfbuzz ==== Version update (8.5.0 -> 9.0.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - update to version 9.0.0: + Speed up “AAT” shaping for short words by up to 4% + Ignore unknown “CFF” operators + “hb_subset_input_keep_everything()” now keeps also non-unicode “name” table records. + Update the IANA and OpenType language tag registries + Support composite glyphs with very large number of points in hb-draw API + Various build fixes ==== installation-images-MicroOS ==== Version update (17.130 -> 17.131) - merge gh#openSUSE/installation-images#723 - etc: update module.config to match 6.10 - 17.131 ==== krb5 ==== Version update (1.21.2 -> 1.21.3) - Update to 1.21.3 * Fix vulnerabilities in GSS message token handling: * CVE-2024-37370, bsc#1227186 * CVE-2024-37371, bsc#1227187 * Fix a potential bad pointer free in krb5_cccol_have_contents() * Fix a memory leak in the macOS ccache type - Update patch 0009-Fix-three-memory-leaks.patch ==== libksba ==== Version update (1.6.6 -> 1.6.7) - Update to 1.6.7: * Allow for an empty Subject in certs. [T7171] * Release-info: https://dev.gnupg.org/T7173 * Rebase libksba-nobetasuffix.patch ==== libndp ==== - Add libndp-CVE-2024-5564.patch: add a check on the route information option length field (bsc#1225771 CVE-2024-5564). ==== libphonenumber ==== Version update (8.13.30 -> 8.13.40) - Update to version 8.13.40: * Updated metadata - Use mode="manual" in _service ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Add patch from upstream to fix proxy multiplexing mode: * 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch - Add patch from upstream to restore correctly sigprocmask * 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch - Add patch from upstream to fix a logic error in ObscureKeystrokeTiming that rendered this feature ineffective, allowing a passive observer to detect which network packets contained real keystrokes (bsc#1227318, CVE-2024-39894): * 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch - Add obsoletes for openssh-server-config-rootlogin since that package existed for a brief period of time during SLE 15 SP6/ Leap 15.6 development but even if it was removed from the repositories before GM, some users might have it in their systems from having tried a beta/RC release (boo#1227350). ==== qt6-base ==== Subpackages: libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-printsupport-cups qt6-sql-sqlite - Add upstream change (boo#1227426, CVE-2024-39936) * 0001-HTTP2-Delay-any-communication-until-encrypted-can-be.patch ==== snapper ==== Version update (0.11.0 -> 0.11.1) Subpackages: libsnapper7 - handle content-length of stomp in zypper plugin (gh#openSUSE/snapper#918) - version 0.11.1 - fixed error message (gh#openSUSE/snapper#907) ==== speech-dispatcher ==== - Add speech-dispatcher-pulseaudio-samples.patch: fix for losing samples with pulseaudio.