Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version... Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.1.0.37 -> 7.1.0.44) avahi codec2 (1.0.3 -> 1.0.5) cups curl (7.83.1 -> 7.84.0) gpg2 (2.3.6 -> 2.3.7) inkscape (1.2 -> 1.2.1) java-11-openjdk (11.0.15.0 -> 11.0.16.0) kdump (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742) kernel-firmware (20220622 -> 20220714) libcap (2.64 -> 2.65) libdmtx (0.7.5 -> 0.7.7) libnettle (3.8 -> 3.8.1) libstorage-ng (4.5.31 -> 4.5.33) libuv (1.44.1 -> 1.44.2) perl polkit poppler (22.06.0 -> 22.07.0) poppler-qt5 (22.06.0 -> 22.07.0) shim unbound (1.16.0 -> 1.16.1) yast2-auth-client (4.5.0 -> 4.5.1) yast2-bootloader (4.5.1 -> 4.5.2) yast2-trans (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa) === Details === ==== ImageMagick ==== Version update (7.1.0.37 -> 7.1.0.44) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.0.44 upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - modified patches % ImageMagick-library-installable-in-parallel.patch (refreshed) - update to 7.1.0.42: * incorrect pointer update when computing median @ ImageMagick/ImageMagick#5298 * Added extra check because the flag was removed in 0.21-Beta1. * the -transparent-color option accepts colornames @ ImageMagick/ImageMagick#5297 * fix MVG stroke-opacity issues * map channel parameter to pixel channel offset @ ImageMagick/ImageMagick#5308 * beta release * preserve input depth @ ImageMagick/ImageMagick6#188 * update to latest automake/autoconf release * recognize SVG file if it starts with whitespace @ ImageMagick/ImageMagick#5294 * Removed unused stealth flag. * Removed used path field. * Removed unused target field. * Removed unused exempt field. * Added extra option to the skip spaces to the MagicInfo. * Always start at the start of the string when comparing the magic value. * cosmetic * avoid OMP deadlock @ ImageMagick/ImageMagick#5301 * prevent undefined shift * prevent possible buffer overflow * correct copy/paste error * We need to free the stream ourselves when the call to FT_Open_Face fails. * Added missing call to DestroyString. * MVG requires seekable stream * Added extra malloc method to avoid early calls to the policy checks on Windows. * Removed defines. * Only check for dll's in non static build. * Set the client name and path earlier. * fix background opacity rounding @ ImageMagick/ImageMagick#5264 * empty result on conversion from tiff to pdf @ ImageMagick/ImageMagick#5256 * Corrected patch that was made for #5256. * Pass negative interline_spacing to pango * Also check extension to fix possible stack overflow. * eliminate possible buffer overflow * set group 4 photometric to min-is-white * dasharray requires non-zero values * eliminate compiler warning * only permit one rows/columns keyword * Moved allocation back to the correct spot to avoid bypassing SetImageExtent. * Also restore setting quantum_info to null. * eliminate uninitialized value warning * Make sure all text strings are freed when realloc fails. * Reset primitive_info inside RenderMVGContent because this address could point to another address. * Always check if .text is set instead. * eliminate uninitialized alpha pixel * recognize read-mask & write-mask for -channel option * eliminate compiler warning * fix scrambled image @ ImageMagick/ImageMagick#5291 * yikes, misspelled 'level' * Fixed possible memory leak. * support floating point formats * initialize date:precision in private TimerComponentGenesis() method * check for -1 is not required * refactor date:precision flow * eliminate compiler warning * correct formulation of the phash normalization * phash normalization is conventional RMS calculation * only check shread count once * add private ShredMagickMemory() method to hide contents of memory buffers before they are relinquished * system:shred value has precedence over MAGICK_SHRED_PASSES * support shredding memory pools * update memory pointer * Silenced warning. * Corrected documentation. * first pass is fast for performance, second is crytographically strong * recommend shred value of 1 for performance reasons * only set the # of shred passes one time * if enabled, shred streams * unmap mapped pixels * default mapped member to false * don't shred streaming pixels * rework shred passes * optimize performance * change per lint advisement * typecast per lint advisement * eliminate compiler warning * eliminate lint warnings * eliminate lint warnings * support date:timestamp property * eliminate lint warnings * set timestamp from image->timestamp member * eliminate lint warnings * support MAGICK_DATE_PRECISION and registrydateprecision defines * support registry:precision define * need at least one policy defined * eliminate lint warnings * note, system:precision is deprecated * eliminate icc compiler warnings * eliminate icc compiler warnings * eliminate compiler warning * Reverted incorrect patch when doing auto-orient of an image that is right-top or left-bottom.# * Corrected conversion from flip to Orientation. ... changelog too long, skipping 22 lines ... * Also remove date:timestamp when stripping the image. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Move the dbus-1 system.d file to /usr (bsc#1201345) ==== codec2 ==== Version update (1.0.3 -> 1.0.5) - Update to version 1.0.5 * Bump version to 1.0.5 to clearly delineate from various 1.0.4 tags, otherwise the same as 1.0.4_rc2 - Update to version 1.0.4 * 2020B, * build system and tools maintenance. * This RC fixes FreeDV API backwards compatibility issue in v1.0.4 ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Move the dbus-1 system.d file to /usr (bsc#1201346) ==== curl ==== Version update (7.83.1 -> 7.84.0) Subpackages: libcurl4 - add tests-for-32bit.patch to fix testsuite on 32bit platforms - Update to 7.84.0: * Security fixes: - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service * Changes: - curl: add --rate to set max request rate per time unit - curl: deprecate --random-file and --egd-file - curl_version_info: add CURL_VERSION_THREADSAFE - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl - lib: make curl_global_init() threadsafe when possible - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION - opts: deprecate RANDOM_FILE and EGDSOCKET - socks: support unix sockets for socks proxy * Bugfixes: - aws-sigv4: fix potentional NULL pointer arithmetic - bindlocal: don't use a random port if port number would wrap - c-hyper: mark status line as status for Curl_client_write() - ci: avoid `cmake -Hpath` - CI: bump FreeBSD 13.0 to 13.1 - ci: update github actions - cmake: add libpsl support - cmake: do not add libcurl.rc to the static libcurl library - cmake: enable curl.rc for all Windows targets - cmake: fix detecting libidn2 - cmake: support adding a suffix to the OS value - configure: skip libidn2 detection when winidn is used - configure: use the SED value to invoke sed - configure: warn about rustls being experimental - content_encoding: return error on too many compression steps - cookie: address secure domain overlay - cookie: apply limits - copyright.pl: parse and use .reuse/dep5 for skips - copyright: make repository REUSE compliant - curl.1: add a few see also --tls-max - curl.1: mention exit code zero too - curl: re-enable --no-remote-name - curl_easy_pause.3: remove explanation of progress function - curl_getdate.3: document that some illegal dates pass through - Curl_parsenetrc: don't access local pwbuf outside of scope - curl_url_set.3: clarify by default using known schemes only - CURLOPT_ALTSVC.3: document the file format - CURLOPT_FILETIME.3: fix the protocols this works with - CURLOPT_HTTPHEADER.3: improve comment in example - CURLOPT_NETRC.3: document the .netrc file format - CURLOPT_PORT.3: We discourage using this option - CURLOPT_RANGE.3: remove ranged upload advice - digest: added detection of more syntax error in server headers - digest: tolerate missing "realm" - digest: unquote realm and nonce before processing - DISABLED: disable 1021 for hyper again - docs/cmdline-opts: add copyright and license identifier to each file - docs/CONTRIBUTE.md: document the 'needs-votes' concept - docs: clarify data replacement policy for MIME API - doh: remove UNITTEST macro definition - examples/crawler.c: use the curl license - examples: remove fopen.c and rtsp.c - FAQ: Clarify Windows double quote usage - fopen: add Curl_fopen() for better overwriting of files - ftp: restore protocol state after http proxy CONNECT - ftp: when failing to do a secure GSSAPI login, fail hard - GHA/hyper: enable debug in the build - gssapi: improve handling of errors from gss_display_status - gssapi: initialize gss_buffer_desc strings - headers api: remove EXPERIMENTAL tag - http2: always debug print stream id in decimal with %u - http2: reject overly many push-promise headers - http: restore header folding behavior - hyper: use 'alt-used' - krb5: return error properly on decode errors - lib: make more protocol specific struct fields #ifdefed - libcurl-security.3: add "Secrets in memory" - libcurl-security.3: document CRLF header injection - libssh: skip the fake-close when libssh does the right thing - links: update dead links to the curl-wiki - log2changes: do not indent empty lines [ci skip] - macos9: remove partial support - Makefile.am: fix portability issues - Makefile.m32: delete obsolete options, improve -On [ci skip] - Makefile.m32: delete two obsolete OpenSSL options [ci skip] - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] - max-time.d: clarify max-time sets max transfer time - mprintf: ignore clang non-literal format string - netrc: check %USERPROFILE% as well on Windows - netrc: support quoted strings - ngtcp2: allow curl to send larger UDP datagrams - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types - ngtcp2: enable Linux GSO - ngtcp2: extend QUIC transport parameters buffer - ngtcp2: fix alert_read_func return value - ngtcp2: fix typo in preprocessor condition - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data - ngtcp2: send appropriate connection close error code - ngtcp2: support boringssl crypto backend - ngtcp2: use helper funcs to simplify TLS handshake integration - ntlm: provide a fixed fake host name - projects: fix third-party SSL library build paths for Visual Studio ... changelog too long, skipping 40 lines ... - x509asn1: mark msnprintf return as unchecked ==== gpg2 ==== Version update (2.3.6 -> 2.3.7) Subpackages: dirmngr - GnuPG 2.3.7: * CVE-2022-34903: garbled status messages could trick gpgme and other parsers to accept faked status lines [boo#1201225] * A number of bug fixes to the gpg command line interface * gpgsm gained a number of new options and got some rework on the PKCS#12 parser to support DFN issues keys * The gpg agent got some added options and UI tweaks * smart card support got a number of bug fixes, and improved support for Technology Nexus cards and Yubikey * The Telesec ESIGN application is now supported ==== inkscape ==== Version update (1.2 -> 1.2.1) Subpackages: inkscape-extensions-extra inkscape-extensions-gimp - Update to version 1.2.1: + Important fix for a bug where a loss of data occurred + Ensures that objects in multipage documents show up on all pages + Fixes 5 crashes, over 25 bugs, 4 extension bugs, 15 improved user interface translations, 3 improved documentation translations + See the full release notes for Inkscape 1.2.1 at https://media.inkscape.org/media/doc/release_notes/1.2.1/Inkscape_1.2.1.html ==== java-11-openjdk ==== Version update (11.0.15.0 -> 11.0.16.0) Subpackages: java-11-openjdk-headless - Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) * Security fixes: + JDK-8272243: Improve DER parsing + JDK-8272249: Better properties of loaded Properties + JDK-8277608: Address IP Addressing + JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class compilation + JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance MethodHandle invocations + JDK-8283190: Improve MIDI processing + JDK-8284370: Improve zlib usage + JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan supports * Other fixes: + JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException + JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders. + JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements. + JDK-8133713: [macosx] Accessible JTables always reported as empty + JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph + JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn + JDK-8163498: Many long-running security libs tests + JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28 + JDK-8169004: Fix redundant @requires tags in tests + JDK-8181571: printing to CUPS fails on mac sandbox app + JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher + JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests + JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException + JDK-8193682: Infinite loop in ZipOutputStream.close() + JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10" + JDK-8202886: [macos] Test java/awt/MenuBar/8007006/ /bug8007006.java fails on MacOS + JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java + JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test + JDK-8206187: javax/management/remote/mandatory/connection/ /DefaultAgentFilterTest.java fails with Port already in use + JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java + JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start + JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location + JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests + JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names + JDK-8208697: vmTestbase/metaspace/stressHierarchy/ /stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace + JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test + JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test + JDK-8209883: ZGC: Compile without C1 broken + JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC + JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun + JDK-8210039: move OSInfo to top level testlibrary + JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022 + JDK-8210112: remove jdk.testlibrary.ProcessTools + JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter (Modules.java:244) + JDK-8210732: remove jdk.testlibrary.Utils + JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458 + JDK-8211822: Some tests fail after JDK-8210039 + JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound + JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64 + JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp + JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type" + JDK-8214799: Add package declaration to each JTREG test case in the gc folder + JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5 + JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit + JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests. + JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265 + JDK-8217233: Update build settings for AIX/xlc + JDK-8217340: Compilation failed: tools/launcher/Test7029048.java + JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP ... changelog too long, skipping 374 lines ... /SSLSessionImpl/NoInvalidateSocketException.java ==== kdump ==== Version update (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742) - fix network-related dracut options handling for fadump case - drop the elevator=deadline kernel option (bsc#1193211) - fix broken URL in manpage (bsc#1187312) ==== kernel-firmware ==== Version update (20220622 -> 20220714) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20220714 (git commit 84661a3ba62f): * amdgpu: update DMCUB firmware for DCN 3.1.6 * WHENCE: Correct dangling symlinks * Correct WHENCE entry for wfx firmware * bnx2: Drop unsupported Broadcom NetXtremeII firmware * bnx2: drop unsupported firmwares * bnx2: sort firmware names in filesystem order * Remove old Broadcom Everest (bnx2x) v4/5 firmware * drop Token Ring network firmwares * Drop TDA7706 radio firmware * Drop Intel WiMax firmware * Drop Computone IntelliPort Plus serial firmware * Drop ATM Ambassador devices firmware * brocade: drop old unsupported firmware revs * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for MT7622 WiFi device * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Add SCP firmware for MT8186 * rtw88: 8822c: Update normal firmware to v9.9.13 * rtw88: 8822c: Update normal firmware to v9.9.12 - Drop obsoleted temporary patches: wfx-WHENCE-fix.diff brcm-symlink-fixes.diff - Minor update of README.build - Fix missing aliases for qlogic (bsc#1200889) ==== libcap ==== Version update (2.64 -> 2.65) - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation ==== libdmtx ==== Version update (0.7.5 -> 0.7.7) - update to 0.7.7: * bug 9: Prevent edifact barcode encoding '31' from user input * fix compiler warnings and build errors * properly handle error when decoding Base256 scheme * remove dead and irrelevant links in the README * Add validity checks in DecodeSchemeAscii() * Declare variables in DecodeSchemeAscii() locally. * Implement RsFindErrorLocatorPoly fix from shm0nya - drop libdmtx-DmtxPropRowPadBytes.patch (upstream)# ==== libnettle ==== Version update (3.8 -> 3.8.1) Subpackages: libhogweed6 libnettle8 - update to 3.8.1: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. ==== libstorage-ng ==== Version update (4.5.31 -> 4.5.33) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#892 - continue flushing pending holders if a device cannot be found (see bsc#1201880) - coding style - removed unneeded mockups - 4.5.33 - Translated using Weblate (Czech) (bsc#1149754) - 4.5.32 ==== libuv ==== Version update (1.44.1 -> 1.44.2) - update to 1.44.2: * Add SHA to ChangeLog * aix, ibmi: handle server hang when remote sends TCP RST * process: reset the signal mask if the fork fails * zos: implement cmpxchgi() using assembly * ibmi: Implement UDP disconnect * unix: simplify getpwuid call * process,iOS: fix build breakage in process.c * test: remove unused declarations in tcp_rst test * core: add thread-safe strtok implementation * test: fix flaky file watcher test * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang * win: fix unexpected ECONNRESET error on TCP socket * doc: make sample cross-platform build * test: separate some static variables by test cases * sunos: fs-event callback can be called after uv_close() * uv: re-register interest in a file after change * uv: register UV_RENAME event for _RFIM_UNLINK * uv: register __rfim_event 156 as UV_RENAME * release: check versions of autogen scripts are newer * test: rewrite embed test * unix: use MSG_CMSG_CLOEXEC where supported * test: remove disabled callback_order test * kqueue: skip EVFILT_PROC when invalidating fds * zos: don't err when killing a zombie process * zos: avoid fs event callbacks after uv_close() * zos: correctly format interface addresses names * zos: add uv_interface_addresses() netmask support * zos: improve memory management of ip addresses * tcp,pipe: fail `bind` or `listen` after `close` * zos: implement uv_available_parallelism() * udp,win: fix UDP compiler warning * zos: fix early exit of epoll_wait() * unix,tcp: fix errno handling in uv__tcp_bind() * shutdown,unix: reduce code duplication * unix: fix c99 comments * unix: retry tcgetattr/tcsetattr() on EINTR * unix,stream: optimize uv_shutdown() codepath * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset() * win,shutdown: improve how shutdown is dispatched ==== perl ==== Subpackages: perl-base perl-doc - fix build on ppc * updated patch: perl_skip_flaky_tests_powerpc.patch ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - split out pkexec into seperate package to make system hardening easier (to avoid installing it jsc#PED-132 jsc#PED-148). ==== poppler ==== Version update (22.06.0 -> 22.07.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler122 poppler-tools - update to 22.07.0: * Fix crash when filling in forms in some files. Issue #1258 * Fix first lines of Annotations sometimes being cut off. Issue #1246 * Signatures: Don't crash if the signature doesn't have a common name * CairoFontEngine: increment font_face reference when retrieving from the cache * Add ToUnicode support for lessorequalslant and greaterorequalslant glib: * Add support for stamp annotation - add gpg keyring validation for the release tarball - drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream) - Add da226d346e691f7545d995d6761d43e08855a3b7.patch -- CairoFontEnginer: increment font_face reference when retrieving from the cache; this fixes crashes with certain pdfs [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212]. ==== poppler-qt5 ==== Version update (22.06.0 -> 22.07.0) - update to 22.07.0: * Fix crash when filling in forms in some files. Issue #1258 * Fix first lines of Annotations sometimes being cut off. Issue #1246 * Signatures: Don't crash if the signature doesn't have a common name * CairoFontEngine: increment font_face reference when retrieving from the cache * Add ToUnicode support for lessorequalslant and greaterorequalslant glib: * Add support for stamp annotation - add gpg keyring validation for the release tarball - drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream) - Add da226d346e691f7545d995d6761d43e08855a3b7.patch -- CairoFontEnginer: increment font_face reference when retrieving from the cache; this fixes crashes with certain pdfs [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212]. ==== shim ==== - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) - Revoked the change in shim.spec for "use common SBAT values (boo#1193282)" - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory is unstable for building out a stable shim binary for signing. (bsc#1198458) - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4 because closing-the-leap-gap. So sbat_distro_* variables are SLE version, not for openSUSE. (bsc#1198458) ==== unbound ==== Version update (1.16.0 -> 1.16.1) Subpackages: libunbound8 unbound-anchor - update to 1.16.1 * Features - Fix #704: [FR] Statistics counter for number of outgoing UDP queries sent; introduces 'num.query.udpout' to the 'unbound-control stats' command. * Bug Fixes - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. - Fix for edns client subnet to respect not looking in its cache when instructed to do so (e.g., prefetch). - Merge PR #688: Rpz url notify issue. - Note in the unbound.conf text that NOTIFY is allowed from the url: addresses for auth and rpz zones. - Remove unused LDNS function check for GOST Engine unloading. - Fix for loading locally stored zones that have lines with blanks or blanks and comments. - Fix #663: use after free issue with edns options. - Clarify -v flag manpage entry (#705) - Fix test program dohclient close to use portability routine. - Show the output of the exact .rpl run that failed with 'make test'. - Fix for cached 0 TTL records to not trigger prefetching when serve-expired-client-timeout is set. - Add debug option to the mini_tdir.sh test code. - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. - Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. - iana portlist update. - Fix detection of libz on windows compile with static option. - Fix compile warning for windows compile. - Merge PR #706: NXNS fallback. - From #706: Cached NXDOMAIN does not increase the target nx responses. - From #706: Don't generate parent side queries if we already have the lame records in cache. - From #706: When a lame address is the best choice, don't try to generate target queries when the missing targets are all lame. - Merge PR #671 from Petr MenÅ¡Ãk: Disable ED25519 and ED448 in FIPS mode on openssl3. - Merge PR #660 from Petr MenÅ¡Ãk: Sha1 runtime insecure. - For #660: formatting, less verbose logging, add EDE information. - Fix for correct openssl error when adding windows CA certificates to the openssl trust store. - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. - Reintroduce documentation and more EDE support for val_sigcrypt.c::dnskeyset_verify_rrset_sig. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian RodrÃguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. ==== yast2-auth-client ==== Version update (4.5.0 -> 4.5.1) - Remove nss_ldap and pam_ldap support in favour of SSSD (gh#yast/yast-auth-client#82) - 4.5.1 ==== yast2-bootloader ==== Version update (4.5.1 -> 4.5.2) - Execute the command grub2-mkpasswd-pbkdf2 in the target system so the module can run in a minimal container (bsc#1199840). - 4.5.2 ==== yast2-trans ==== Version update (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20220729.608d4643aa: * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'base'. * New POT for text domain 'auth-client'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * New POT for text domain 'base'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'journal'. * New POT for text domain 'pam'. * New POT for text domain 'control'. * New POT for text domain 'autoinst'.