New Arm Tumbleweed snapshot 20220328 released!
Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=3&version=Tumbleweed&build=20220328 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: 389-ds (2.0.14~git3.c9226ad90 -> 2.0.14~git25.e6431d959) Mesa Mesa-drivers MozillaFirefox (98.0 -> 98.0.2) NetworkManager-pptp (1.2.8 -> 1.2.10) NetworkManager-vpnc (1.2.6 -> 1.2.8) aaa_base (84.87+git20211124.5486aad -> 84.87+git20220324.fca4619) apparmor atk (2.36.0 -> 2.38.0) augeas binutils busybox colord (1.4.5 -> 1.4.6) container-selinux cppcheck (2.7.1 -> 2.7.4) desktop-file-utils distribution-logos-openSUSE (20201117 -> 20220322) ed (1.17 -> 1.18) ffmpeg-4 firewalld flute folks (0.15.4 -> 0.15.5) freeglut (3.2.1 -> 3.2.2) glib2 (2.70.5 -> 2.72.0) gnutls (3.7.3 -> 3.7.4) google-droid-fonts gstreamer (1.18.6 -> 1.20.1) gstreamer-plugins-bad (1.18.6 -> 1.20.1) gstreamer-plugins-base (1.18.6 -> 1.20.1) gstreamer-plugins-good (1.18.6 -> 1.20.1) gstreamer-plugins-libav (1.18.6 -> 1.20.1) gstreamer-plugins-ugly (1.18.6 -> 1.20.1) gtk3 (3.24.33 -> 3.24.33+12) guile harfbuzz (4.0.1 -> 4.1.0) java-11-openjdk kwin5 libapparmor libbase libfonts libformula libkleo liblayout libloader libmodulemd libnma (1.8.34 -> 1.8.36) libqt5-qtwebengine libreoffice librepository libserializer libsolv (0.7.21 -> 0.7.22) libzypp (17.29.6 -> 17.30.0) lsb-release (3.1 -> 3.2) luajit (2.1.0~beta3+git.1624618403.e9577376 -> 2.1.0~beta3+git.1647772157.43ebb949) mdevctl monitoring-plugins mutter nvme-cli patterns-gnome pentaho-libxml pentaho-reporting-flow-engine perl-HTML-Parser (3.76 -> 3.77) pidgin python-Mako python-dnspython (2.2.0 -> 2.2.1) python-filetype (1.0.8 -> 1.0.10) python-html5lib python-pygit2 (1.9.0 -> 1.9.1) python-setuptools qemu rubygem-ruby-dbus (0.16.0 -> 0.18.0.beta1) sac sgml-skel (0.7.1 -> 0.7.2) snapper (0.9.1 -> 0.10.0) sudo (1.9.9 -> 1.9.10) systemd (249.10 -> 250.4) texlive texlive-specs-n timezone (2021e -> 2022a) timezone-java (2021e -> 2022a) transactional-update (3.6.2 -> 4.0.0~rc2) wireplumber (0.4.8 -> 0.4.9) xlockmore (5.68 -> 5.69) xml-commons-apis yelp zsh (5.8 -> 5.8.1) === Details === ==== 389-ds ==== Version update (2.0.14~git3.c9226ad90 -> 2.0.14~git25.e6431d959) Subpackages: lib389 libsvrcore0 - Resolve bsc#1197345 - CVE-2022-0996 - Mishandling of password expiry - Update to version 2.0.14~git25.e6431d959: * Issue 5221 - User with expired password can still login with full privledges * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219) * Issue 5200 - dscontainer should use environment variables with DS_ prefix * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194) * Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn * Issue 5188 - UI - LDAP editor - add entry and group types * Issue 5184 - memberOf does not work correctly with multiple include scopes * Issue 5162 - BUG - error on importing chain files (#5164) * Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements * Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179) ==== Mesa ==== Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - get rid of Mesa-libVulkan-devel(-32bit) package, which no longer makes sense since Mesa 21.1.0 * https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e... ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi - get rid of Mesa-libVulkan-devel(-32bit) package, which no longer makes sense since Mesa 21.1.0 * https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e... ==== MozillaFirefox ==== Version update (98.0 -> 98.0.2) Subpackages: MozillaFirefox-translations-common - MozillaFirefox 98.0.2: * Fixed: Fixed an issue preventing users from typing in Address Bar after opening new tab and pressing cmd + enter (bmo#1757376) * Fixed: Fixed an issue causing some users to crash in out-of- memory conditions (bmo#1757618) * Fixed: Fixed an issue in session history which caused some sites to fail to load (bmo#1758664) * Fixed: Fixed an add-on specific compatibility issue (bmo#1759162) - Change mozilla-kde.patch to follow the GNOME registry behavior for new MIME types to avoid opening downloaded files without any inquiries (bsc#1197319) - Add patch to fix start-up on aarch64: * mozilla-bmo1757571.patch - exclude slow cpus for building - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, faster buildhosts, as the others struggle to build FF. - Mozilla Firefox 98.0.1: * Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox ==== NetworkManager-pptp ==== Version update (1.2.8 -> 1.2.10) Subpackages: NetworkManager-pptp-gnome - Update to version 1.2.10: + libnm-glib compatibility (NetworkManager < 1.0) is disabled by default. + It can be enabled by passing --with-libnm-glib to configure script. Nobody should need it by now. Users that still use this are encourage to let us know before the libnm-glib support is removed for good. + The auth helper in external UI mode can now be run without a display server. This is useful when activating connections with "nmcli --ask". + Gtk4 version of the editor plugin is now available (for use with Control Center of GNOME 42 or later). + Updated translations. - Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and pass --with-gtk4=yes to configure, build the gtk4 version. - Stop passing --without-libnm-glib to configure, no longer needed, nor recognized. - Add optional libxml2-tools BuildRequires, build runs xml-stripblanks preprocessing if available. ==== NetworkManager-vpnc ==== Version update (1.2.6 -> 1.2.8) Subpackages: NetworkManager-vpnc-gnome - Update to version 1.2.8: + libnm-glib compatibility (NetworkManager < 1.0) is disabled by default. It can be enabled by passing --with-libnm-glib to configure script. Nobody should need it by now. Users that still use this are encourage to let us know before the libnm-glib support is removed for good. + The auth helper in external UI mode can now be run without a display server. This is useful when activating connections with "nmcli --ask". + Gtk4 version of the editor plugin is now available (for use with Control Center of GNOME 42 or later). + Updated translations. - Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and pass --with-gtk4=yes to configure, build the gtk4 version. - Stop passing --without-libnm-glib to configure, no longer needed, nor recognized. - Add optional libxml2-tools BuildRequires, build runs xml-stripblanks preprocessing if available. ==== aaa_base ==== Version update (84.87+git20211124.5486aad -> 84.87+git20220324.fca4619) Subpackages: aaa_base-extras - Update to version 84.87+git20220324.fca4619: * No completion in restricted bash * No longer install /usr/lib/restricted/bin/hostname => /bin/hostname symlink - Update to version 84.87+git20220321.f60f2de: * order header in the way spec-cleaner wants it * move changes from package to git * merge audio files highlighting fixes from coreutils 9 * Update from coreutils 9 * Make source validator happy - Update to version 84.87+git20220321.5a5cb79: * DIR_COLORS: lz support * DIR_COLORS: zstd support - Update to version 84.87+git20220221.b62a2cf: * package: Require new enough version of glibc * package: build in place support * drop /etc/ttytype (boo#1191923) - Update to version 84.87+git20211206.de24bdf: * Add "rpm" make target * Remove legacy usrmerged sections * Add rpmlintrc and README from OBS too * Fix osc service instructions * Add obs workflow for git integration * Adopt upstream way of setting rp_filter and promote_secondaries * Don't fail if net.ipv4.ping_group_range can't be set * add spec file ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils pam_apparmor python3-apparmor - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ==== atk ==== Version update (2.36.0 -> 2.38.0) Subpackages: libatk-1_0-0 typelib-1_0-Atk-1_0 - Update to version 2.38.0: + Require Meson 0.56.2 + Add g_autoptr support for ATK types. + Add ATK_STATE_COLLAPSED, matching AT-SPI's state. + Improve support for ATK as a Meson subproject. + Ensure that atk_value_get_value_and_text() can deal with NULL out arguments. + Updated translations. ==== augeas ==== Subpackages: augeas-lenses libaugeas0 - add sysctl_parsing.patch (bsc#1197443) ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - Add usage of a SUSE_ZNOW environment variable which allows switching on "-z now" by default using "export SUSE_ZNOW=1", similar to the SUSE_ASNEEDED variable. Adds binutils-znow.patch. ==== busybox ==== Subpackages: busybox-static - BuildRequire hostname: the test suite wants to compare the output of 'hostname' against 'busybox hostname'. We should not rely hostname to be present in the build environment. ==== colord ==== Version update (1.4.5 -> 1.4.6) Subpackages: colord-color-profiles libcolord2 libcolorhug2 - Update to version 1.4.6: + Add missing copyright notices. + Add Spyder X entry. + Document where to send patches. + Don't use exact floating point comparisons. + Drop option for removed reverse engineering tools. + Drop references to hughski.com. + Fix a small memory leak in sqlite3_exec(). + Fix typo in device-removed signal documentation. + Make introspection optional in meson. - Drop -Dreverse=false meson parameter: no longer supported. - Fix a few rpmlint warnings: + Do not self-obsolete shared-color-profiles by providing the symbol with a version. + Call +%tmpfiles_create %{_tmpfilesdir}/colord.conf in %post. + Package /usr/share/bash-completion/completions/colormgr with mode 644: the files are not executed, but sourced. + Own %{_localstatedir}/lib/colord/icc (ghost): this directory is generated by %tmpfiles_create. ==== container-selinux ==== - Add udica templates to the package ==== cppcheck ==== Version update (2.7.1 -> 2.7.4) - update to 2.7.4: * Fixes "undefined reference to `tinyxml2::" * Replace tinyxml2_LIBRARY with tinyxml2_LIBRARIES ==== desktop-file-utils ==== - suse-update-mime-defaults: add Budgie desktop environment ==== distribution-logos-openSUSE ==== Version update (20201117 -> 20220322) - Initial Leap Micro 5.2 branding ==== ed ==== Version update (1.17 -> 1.18) - update to 1.18: * The shell escape command (!) now flushes stdout so that the modified command is always printed before being executed even if standard output is fully buffered (for example, a file). * A couple of harmless memory leaks have been fixed. (They both happened just before ed exits). * The pointer returned by the function 'strip_escapes' is now checked. (It may be null if memory is exhausted). * The shell escape command (!) now removes the backslash from each escaped '%' character within the text of the shell command line. * Case-insensitive regular expressions have been implemented as in GNU sed. * Syntax errors in regular expressions, for example unmatched ( or \(, no longer overwrite a previously compiled regular expression, preventing a "No previous pattern" error. * The option '--strip-trailing-cr', which removes carriage returns at end of text lines, has been added. * Loading a file now fails if a line is longer than INT_MAX bytes or if the file contains more than INT_MAX lines (usually 2 Gi lines). (Instead of overflowing line addresses). * In interactive mode ed now sets final exit status to 1 if a fatal error happens while reading the file passed in the command line. * red now reports "Directory access restricted" instead of "Invalid filename" when trying to edit a file outside of the current directory. * The new chapter "The 's' Command" has been added to the manual. - switch to zstd - remove usrmerged handling ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add conflicts for ffmpeg-5's tools ==== firewalld ==== Subpackages: firewalld-bash-completion firewalld-zsh-completion python3-firewall - Provide dummy firewalld-prometheus-config package (bsc#1197042) ==== flute ==== - Build with java source and target level 8 ==== folks ==== Version update (0.15.4 -> 0.15.5) Subpackages: folks-data libfolks-eds26 libfolks26 - Update to version 0.15.5: + Bugs fixed: vapi: Add missing generic type argument. - Drop glib2_gsettings_schema_requires macro from folks-data sub-package, no longer needed. - Drop c44d8e323affd7f1043f300f3325b358cd5b5f0b.patch: Fixed upstream. ==== freeglut ==== Version update (3.2.1 -> 3.2.2) - update to 3.2.2: * Fix netbsd/aarch64 build by including sys/joystick.h instead of machine/joystick.h. * Fix build with gcc >= 10 which made -fno-common the default by no longer relying on COMMON symbols for globals. * Fix android build (default to FREEGLUT_GLES, and check for debug flags). * Add flat shading option to the shapes demo. * Fix crash when calling primitive drawing functions without creating a window first. * Dropped really old and unmaintained doc directory from the source tree. - drop gcc10.patch (obsolete) ==== glib2 ==== Version update (2.70.5 -> 2.72.0) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0 - desktop-file-utils: add Budgie desktop environment - Update to version 2.72.0: + Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2538, glgo#GNOME/GLib!2542, glgo#GNOME/GLib!2547, glgo#GNOME/GLib!2548, glgo#GNOME/GLib!2551, glgo#GNOME/GLib!2552. + Updated translations. ==== gnutls ==== Version update (3.7.3 -> 3.7.4) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-hmac - FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch - Enable to run the regression tests also in FIPS mode. - Update to 3.7.4: * libgnutls: Added support for certificate compression as defined in RFC8879. * certtool: Added option --compress-cert that allows user to specify compression methods for certificate compression. * libgnutls: GnuTLS can now be compiled with --enable-strict-x509 configure option to enforce stricter certificate sanity checks that are compliant with RFC5280. * libgnutls: Removed IA5String type from DirectoryString within issuer and subject name to make DirectoryString RFC5280 compliant. * libgnutls: Added function to retrieve the name of current ciphersuite from session. * Bump libgnutlsxx soname due to ABI break * API and ABI modifications: - GNUTLS_COMP_BROTLI: New gnutls_compression_method_t enum member - GNUTLS_COMP_ZSTD: New gnutls_compression_method_t enum member - gnutls_compress_certificate_get_selected_method: Added - gnutls_compress_certificate_set_methods: Added * Update gnutls.keyring ==== google-droid-fonts ==== - Add sources DroidSansFallback.ttf DroidSansFallbackFull.ttf DroidSansMono.ttf: Merge the latest modification from Android project (bsc#1190886). ==== gstreamer ==== Version update (1.18.6 -> 1.20.1) Subpackages: gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - Update to version 1.20.1: + deinterlace: various bug fixes for yadif, greedy and scalerbob methods + gtk video sink: Fix rotation not being applied when paused + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + videoaggregator fixes (negative rate handling, current position rounding) + soup http plugin: Lookup libsoup dylib files on Apple platforms; fix Cerbero static build on Android and iOS + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros + GstPlay: Fix new error + warning parsing API (was unusuable before) + mpegtsmux: VBR muxing fixes + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + Support build against libfreeaptx in openaptx plugin + webrtc: Various fixes to the webrtc-sendrecv python example + macOS: support a relocatable `GStreamer.framework` on macOS + macOS: fix applemedia plugin failing to load on ARM64 macOS + windows: ship wavpack library + gst-python: Fix build with Python 3.11 + various bug fixes, memory leak fixes, and other stability and reliability improvements + plugin loader: show the reason when spawning of gst-plugin-scanner fails + registry, plugin loading: fix dynamic relocation if GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; improve GST_PLUGIN_SUBDIR handling + context: fix transfer annotation on gst_context_writable_structure() for bindings + baseparse: Don't truncate the duration to milliseconds in gst_base_parse_convert_default() + bufferpool: Deactivate pool and get rid of references to other objects from dispose instead of finalize ==== gstreamer-plugins-bad ==== Version update (1.18.6 -> 1.20.1) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add patch to support building with srt 1.3.4 in SLE * fix-build-with-srt-1.3.4.patch - Do not build the gstldac plugin in s390x where pkgconfig(ldacBT-enc) is not available. - Update to version 1.20.1: + GstPlay: Fix new error + warning parsing API (was unusuable before) + av1parse: let the parser continue on verbose OBUs + d3d11converter: Fix RGB to GRAY conversion, broken debug messages, and add missing GRAY conversion + gs: look for google_cloud_cpp_storage.pc + ipcpipeline: fix crash and error on windows with SOCKET or _pipe() + ivfparse: Don't set zero resolution on caps + mpegtsdemux: Handle PES headers bigger than a mpeg-ts packet; fix locking in error code path; handle more program updates + mpegtsmux: Start last_ts with GST_CLOCK_TIME_NONE to fix VBR muxing behaviour + mpegtsmux: Thread safety fixes: lock mux->tsmux, the programs hash table, and pad streams + mpegtsmux: Skip empty buffers + osxaudiodeviceprovider: Add initial support for duplex devices on OSX + rtpldacpay: Fix missing payload information + sdpdemux: add media attributes to caps, fixes ptp clock handling + mfaudioenc: Handle empty IMFMediaBuffer + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + nvenc: Fix deadlock because of too strict buffer pool size + va: fix library build issues, caps leaks in the vpp transform function, and add vaav1dec to documentation + v4l2codecs: vp9: Minor fixes + v4l2codecs: h264: Correct scaling matrix ABI check + dtlstransport: Notify ICE transport property changes + webrtc: Various fixes to the webrtc-sendrecv python example + webrtc-ice: Fix memory leaks in gst_webrtc_ice_add_candidate() + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros - Drop patch already included upstream: + 1634.patch ==== gstreamer-plugins-base ==== Version update (1.18.6 -> 1.20.1) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 - Update to version 1.20.1: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ==== gstreamer-plugins-good ==== Version update (1.18.6 -> 1.20.1) Subpackages: gstreamer-plugins-good-extra gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-qtqml - Update to version 1.20.1: + deinterlace: various bug fixes for yadif method + deinterlace: Refactor greedyh and fix planar formats + deinterlace: Prevent race between method configuration and latency query + gtk video sink: Fix rotation not being applied when paused + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + rtprtx: don't access type-system per buffer (performance optimisation); code cleanups + rtpulpfecenc: fix unmatched g_slice_free() + rtpvp8depay: fix crash when making GstRTPPacketLost custom event + qtmux: Don't post an error message if pushing a sample failed with FLUSHING (e.g. on pipeline shutdown) + soup: Lookup libsoup dylib files on Apple platforms & fix Cerbero static build on Android and iOS + souphttpsrc: element not present on iOS after 1.20.0 update + v4l2tuner: return NULL if no norm set + v4l2bufferpool: Fix race condition between qbuf and pool streamoff + meson: Don't build lame plugin with -Dlame=disabled ==== gstreamer-plugins-libav ==== Version update (1.18.6 -> 1.20.1) - Update to version 1.20.1: + No changes ==== gstreamer-plugins-ugly ==== Version update (1.18.6 -> 1.20.1) - Update to version 1.20.1: + x264enc: fix plugin long-name and description ==== gtk3 ==== Version update (3.24.33 -> 3.24.33+12) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.33+12: + icons: add legacy icons (boo#1197480). + Updated translations. ==== guile ==== Subpackages: guile-modules-3_0 libguile-3_0-1 - use parallel build for Rings - force LTO - adjust-32bit-big-endian-build-flags.patch: replace with working patch ==== harfbuzz ==== Version update (4.0.1 -> 4.1.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 4.1.0: + Various OSS-Fuzz fixes + Make fallback vertical-origin match FreeType?s + Treat visible viramas like dependent vowels in USE shaper + Apply presentation forms features and discretionary features in one go in Indic shaper, which seems to match Uniscribe and CoreText behaviour + Various bug fixes ==== java-11-openjdk ==== Subpackages: java-11-openjdk-headless - Stop adding the JavaEE modules when building for Factory ==== kwin5 ==== Subpackages: kwin5-lang - Add patch to fix client cursor offset in VMs (kde#427060): * 0001-backends-drm-fall-back-to-legacy-mode-in-virtual-mac.patch ==== libapparmor ==== - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ==== libbase ==== - Modified patch: * libbase-1.1.3-sourcetarget.patch + build with source and target levels 8 ==== libfonts ==== - Modified patch: * libfonts-1.1.3-sourcetarget.patch + build with source and target levels 1.8 ==== libformula ==== - Modified patch: * libformula-1.1.3-sourcetarget.patch + Build with source and target 1.8 ==== libkleo ==== Subpackages: libKF5Libkleo5 - Add gcc12-fix.patch upstream fix in order to support GCC 12. ==== liblayout ==== - Build with source and target levels 8 ==== libloader ==== - Modified patch: * libloader-1.1.3-sourcetarget.patch + Specify java source and target level 1.8 ==== libmodulemd ==== - BuildRequire glib2-doc when building against glib2 more recent than 2.70.4: the documentation was split out (after it was earlier merged; so for older distros we don't have to worry, as glib2-devel provides glib2-doc there). ==== libnma ==== Version update (1.8.34 -> 1.8.36) Subpackages: libnma-gtk4-0 libnma0 typelib-1_0-NMA-1_0 - Update to version 1.8.36: + Include OWE wireless security option. + Do not allow setting empty 802.1x domain for EAP TLS. + The GtkBuilder files for Gtk4 are now included in the release tarball. ==== libqt5-qtwebengine ==== - Add patch to fix build with GCC 12: * 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-en libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Also enable gtk3_kde5. The gtk3 interface is more stable than the qt5/kf5 one, this option makes it possible to use gtk3 in kde with the kde filepicker (boo#1197017) ==== librepository ==== - Modified patch: * librepository-1.1.3-sourcetarget.patch + build with source/target levels 8 ==== libserializer ==== - Modified patch: * libserializer-1.1.2-sourcetarget.patch + build with java source/target levels 8 ==== libsolv ==== Version update (0.7.21 -> 0.7.22) Subpackages: libsolv-tools python3-solv ruby-solv - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 ==== libzypp ==== Version update (17.29.6 -> 17.30.0) - ZConfig: Update solver settings if target changes (bsc#1196368) - version 17.30.0 (22) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) ==== lsb-release ==== Version update (3.1 -> 3.2) - Update to version 3.2 - Shell script compatibility cleanup ==== luajit ==== Version update (2.1.0~beta3+git.1624618403.e9577376 -> 2.1.0~beta3+git.1647772157.43ebb949) - Update to version 2.1.0~beta3+git.1647772157.43ebb949: * Fix soft-float IR_POW splitting. * Fix BC_UCLO insertion for returns. * Fix compiler warning. * Revert to trival pow() optimizations to prevent inaccuracies. * Fix string buffer COW handling, part 2. * Fix install docs for Android. * *BSD: Fix getentropy() declaration. * Fix string buffer COW handling. * Fix command-line argv handling. * Don't export internal symbol. * Fix pow() optimization inconsistencies. * Always exit after machine code page protection change fails. * Fix FOLD rule for BUFHDR append with intervening buffer use. * Fix compiled error handling for buffer methods. * Prevent unroll across BC_ITERN. * Prevent replay of buffer operation for PHI operands. * Save trace recorder state around VM event call. * Bump copyright date. * FFI: Ensure library is loaded before de-serializing FFI types. * Fix HREFK forwarding vs. table.clear(). * Fix FOLD rule for BUFHDR append. * OSX: Disable unreliable assertion for external frame unwinding. * Limit exponent range in number parsing. * Fix tonumber("-0") in dual-number mode. * Limit work done in SINK pass. * Fix ABC FOLD rule with constants. * Prevent CSE of a REF_BASE operand across IR_RETF. * Windows: Fix binary output of jit.bcsave to stdout. * Fix FOLD rule for x-0. * Update Android build docs. * Update Android build docs. * ARM64: Fix pcall() error case. * OSX/ARM64: Fix external unwinding. * Fix string buffer method recording. * Fix interaction of profiler and ITERN recording. * Fix compilation of multi-result call to next(). * ARM64: Fix IR_HREF code generation. * MIPS64: Fix soft-float IR_TOSTR. * MIPS: Fix register allocation in assembly of HREF. * Fix compiler warning. * Windows/x64: Document MSVC flags for C++ exception interoperability. * FFI: Ensure returned string is alive in ffi.typeinfo(). * OSX/ARM64: Disable unwind info. * Fix stack allocation after on-trace stack check. * Fix ITERN blacklisting. * Ensure ITERN forward progress on interpreter bailout. * ARM64: Reorder interpreter stack frame and fix unwinding. * Don't bail out to interpreter to JLOOP originating from ITERN. * FFI: Don't load PC from non-function object in FFI continuation. * FFI: Don't load PC from non-function object in FFI continuation. * FFI: Fix missing cts->L initialization in argv2ctype(). * OSX/ARM64: Disable external unwinding for now. * Compile table traversals: next(), pairs(), BC_ISNEXT/BC_ITERN. * Use IR_HIOP for generalized two-register returns. * Refactor table traversal. * ARM: Fix symbol display in trace disassembly. * Refactor IR_TMPREF generation. * Refactor IR_VLOAD to take an offset. * MIPS: Fix trace linking. * String buffers, part 4b: Improve de-serialization checks. * String buffers, part 4a: Add metatable serialization dictionary. * Consider slots used by upvalues in use-def analysis. * Prevent loop in snap_usedef(). * Fix io.close() error message. * Fix io.close(). * Fix minilua vararg stack handling. * PS4: Fix compile. * Avoid out-of-range number of results when compiling select(k, ...). * String buffers, part 3d: Compile string buffer methods and functions. * Minor improvements of optimizations. * Fix error message in lj_lib_checkintrange(). * String buffers, part 2f: Prevent self-put of buffer. * String buffers, part 3c: Add IRBUFHDR_WRITE mode. * Fix IRXLOAD_* mode bits description. * String buffers, part 3b: Change IR_BUFHDR op2 mode bits to mode. * String buffers, part 3a: Add IR_TMPREF for passing TValues to helpers. * Add IRCONV_NONE for pass-through INT to I64/U64 type change. * Fix jit.dump() output for IR_CONV. - Patches broken in the need of rebase (temporarily switched off): - 0004-Add-ppc64-support-based-on-koriakin-GitHub-patchset.patch - luajit-ppc64-replace-asserts.patch ==== mdevctl ==== - spec: BuildRequires python3-docutils instead of all python flavors of the docutils module ==== monitoring-plugins ==== Subpackages: monitoring-plugins-breeze monitoring-plugins-by_ssh monitoring-plugins-cluster monitoring-plugins-common monitoring-plugins-dhcp monitoring-plugins-dig monitoring-plugins-disk monitoring-plugins-disk_smb monitoring-plugins-dns monitoring-plugins-dummy monitoring-plugins-file_age monitoring-plugins-flexlm monitoring-plugins-http monitoring-plugins-icmp monitoring-plugins-ide_smart monitoring-plugins-ifoperstatus monitoring-plugins-ifstatus monitoring-plugins-ircd monitoring-plugins-load monitoring-plugins-log monitoring-plugins-mailq monitoring-plugins-mrtg monitoring-plugins-mrtgtraf monitoring-plugins-nt monitoring-plugins-ntp_peer monitoring-plugins-ntp_time monitoring-plugins-nwstat monitoring-plugins-oracle monitoring-plugins-overcr monitoring-plugins-ping monitoring-plugins-procs monitoring-plugins-real monitoring-plugins-rpc monitoring-plugins-sensors monitoring-plugins-smtp monitoring-plugins-ssh monitoring-plugins-swap monitoring-plugins-tcp monitoring-plugins-time monitoring-plugins-ups monitoring-plugins-users monitoring-plugins-wave - added monitoring-plugins-2.3.1-check_disk_on_btrfs.patch backport fix for check_disk reporting critical on btrfs (nagios-plugins issue %569) ==== mutter ==== - Add mutter-bail-out-on-reentry-into-map-unmap.patch: This fixes gnome-shell crash when dragging close button in overview by bailing out on reentry into map/unmap() (bsc#1197350, glgo#GNOME/mutter!2299). ==== nvme-cli ==== Subpackages: nvme-cli-bash-completion nvme-cli-zsh-completion - Fix install conflict caused by new bash completion script location (bsc#1197365). ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Recommend systemd-icon-branding by gnome_x11: try to get the correct branding installed, allowing to show the correct icon in gnome-control-center. ==== pentaho-libxml ==== - Modified patch: * pentaho-libxml-1.1.3-sourcetarget.patch + Build with java source/target levels 8 ==== pentaho-reporting-flow-engine ==== - Build with java source/target levels 8 ==== perl-HTML-Parser ==== Version update (3.76 -> 3.77) - updated to 3.77 see /usr/share/doc/packages/perl-HTML-Parser/Changes 3.77 2022-03-14 * Update tests to remove HTML4 specific tags (GH#25) (Jess) ==== pidgin ==== Subpackages: libpurple libpurple-client0 libpurple-plugin-sametime libpurple-tcl libpurple0 - Fix the infinite resizing freeze (boo#1197418, https://issues.imfreedom.org/issue/PIDGIN-17602) * added rb1342.patch (https://reviews.imfreedom.org/r/1342/) ==== python-Mako ==== - python-mock is not required for build ==== python-dnspython ==== Version update (2.2.0 -> 2.2.1) - Update to version 2.2.1: * dns.zone.from_text failed if relativize was False and an origin was specified in the parameters. * A number of types permitted an empty "rest of the rdata". * L32, L64, LP, and NID were missing from dns/rdtypes/ANY/__init__.py * The type definition for dns.resolver.resolve_address() was incorrect. * dns/win32util.py erroneously had the executable bit set. * The type definition for a number of asynchronous query routines was missing the default of None for the backend parameter. * dns/tsigkeyring.py didn't import dns.tsig. * A number of rdata types that have a "rest of the line" behavior for the last field of the rdata erroneously permitted an empty string. * Timeout intervals are no longer reported with absurd precision in exception text. ==== python-filetype ==== Version update (1.0.8 -> 1.0.10) - update to 1.0.10: * Merge pull request #113 from nottaw/master * Use `==` for string comparisons * Update __init__.py * Merge pull request #111 from asfaltboy/patch-1 * Add python 3.9 to version classifiers * Merge pull request #108 from hannesbraun/aiff-support * Add AIFF support * fix(Readme): rst syntax ==== python-html5lib ==== - do not require python-mock for build - added patches fix https://github.com/html5lib/html5lib-python/issues/541 + python-html5lib-no-mock.patch ==== python-pygit2 ==== Version update (1.9.0 -> 1.9.1) - update to 1.9.1: - Type hints: added to C code and Branches/References - New ``Signature`` supports ``str()`` and ``repr()`` - Fix ODB backend's read in big endian architectures - Fix install with poetry - Wheels: update to libgit2 v1.4.2 - Tests: fix testing ``parse_diff`` - CI: various fixes after migration to libgit2 v1.4 ==== python-setuptools ==== - Refresh remove_mock.patch to add a missing file to it. ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ==== rubygem-ruby-dbus ==== Version update (0.16.0 -> 0.18.0.beta1) - 0.18.0.beta1 API: * D-Bus structs have been passed as Ruby arrays. Now these arrays are frozen. * Ruby structs can be used as D-Bus structs. Bug fixes: * Returning the value for o.fd.DBus.Properties.Get, use the specific property signature, not the generic Variant (gh#mvidner/ruby-dbus#97). - 0.17.0 API: * Export properties with `dbus_attr_accessor`, `dbus_reader` etc. (gh#mvidner/ruby-dbus#86). Bug fixes: * Depend on rexml which is separate since Ruby 3.0 (gh#mvidner/ruby-dbus#87, by Toshiaki Asai). Nokogiri is faster but bigger so it remains optional. * Fix connection in case ~/.dbus-keyrings has multiple cookies, showing as "Oops: undefined method `zero?' for nil:NilClass". * Add the missing name to the root introspection node. ==== sac ==== - Build with source/target levels 8 ==== sgml-skel ==== Version update (0.7.1 -> 0.7.2) - Create version 0.7.2 - Ensure resulting file has proper SELinux context (#6) - Apply spec-cleaner ==== snapper ==== Version update (0.9.1 -> 0.10.0) Subpackages: libsnapper5 snapper-zypp-plugin - transfer filelist by pipe instead of DBus message to avoid exceeding allowed DBus message size - version 0.10.0 ==== sudo ==== Version update (1.9.9 -> 1.9.10) Subpackages: sudo-plugin-python - update to 1.9.10: * Added new log_passwords and passprompt_regex sudoers options. If log_passwords is disabled, sudo will attempt to prevent passwords from being logged. If sudo detects any of the regular expressions in the passprompt_regex list in the terminal output, sudo will log ?*? characters instead of the terminal input until a newline or carriage return is found in the input or an output character is received. * Added new log_passwords and passprompt_regex settings to sudo_logsrvd that operate like the sudoers options when logging terminal input. * Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers sources. * Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the retry_interval in the [relay] section was not being recognized. * Restored the pre-1.9.9 behavior of not performing authentication when sudo?s -n option is specified. A new noninteractive_auth sudoers option has been added to enable PAM authentication in non-interactive mode. GitHub issue #131. * On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo (other systems) file is missing or invalid, sudo will now check file descriptors 0-2 to determine the user?s terminal. Bug #1020. * Fixed a compilation problem on Debian kFreeBSD. Bug #1021. * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is received. * Fixed an issue that resulting in ?problem with defaults entries? email to be sent if a user ran sudo when the sudoers entry in the nsswitch.conf file includes ?sss? but no sudo provider is configured in /etc/sssd/sssd.conf. * Updated the warning displayed when the invoking user is not allowed to run sudo. If sudo has been configured to send mail on failed attempts (see the mail_* flags in sudoers), it will now print ?This incident has been reported to the administrator.? If the mailto or mailerpath sudoers settings are disabled, the message will not be printed and no mail will be sent. * Fixed a bug where the user-specified command timeout was not being honored if the sudoers rule did not also specify a timeout. * Added support for using POSIX extended regular expressions in sudoers rules. A command and/or arguments in sudoers are treated as a regular expression if they start with a ?^? character and end with a ?$?. The command and arguments are matched separately, either one (or both) may be a regular expression. * A user may now only run sudo -U otheruser -l if they have a ?sudo ALL? privilege where the RunAs user contains either root or otheruser. Previously, having ?sudo ALL? was sufficient, regardless of the RunAs user. GitHub issue [#134]. * The sudo lecture is now displayed immediately before the password prompt. As a result, sudo will no longer display the lecture unless the user needs to enter a password. Authentication methods that don?t interact with the user via a terminal do not trigger the lecture. * Sudo now uses its own closefrom() emulation on Linux systems. The glibc version may not work in a chroot jail where /proc is not available. If close_range(2) is present, it will be used in preference to /proc/self/fd. - drop sudo-1.9.9-honor-T_opt.patch , feature-upstream-restrict-sudo-U-other-l.patch (upstream) ==== systemd ==== Version update (249.10 -> 250.4) Subpackages: libsystemd0 libudev1 systemd-container systemd-devel udev - spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE - Add 1000-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch A temporary workaround until bsc#1197178 is resolved. - Import commit 8ef8dfd5401ba18caec59e54a05af9f2e0d7ac65 (merge of v250.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/ca89b1d1fd1ae86cc1e763d2d01ec280... - Import commit ca89b1d1fd1ae86cc1e763d2d01ec2806f3a4d3a 37b683c832 journal: preserve acls when rotating user journals with NOCOW attribute set d043fabebc journal: when copying journal file to undo NOCOW flag, go via fd 78c2766689 journal-file: explicitly handle file systems that do not support hole punching 7ecfb4b098 journal-file: fix error handling of pread() in journald_file_punch_holes() c4946a412c journal-file: don't use pread() when determining where to append, use mmap as before d3fbd20628 journal: various fixes to journal_file_read_object() 5897a8e8d4 shared: Handle filesystems that don't support hole punching in COPY_HOLES 27746408e2 journal: Truncate file instead of punching hole in final object 59b6130030 shared: Ensure COPY_HOLES copies trailing holes ac9ccba73f journal: stat journal file after truncating 0257283444 journal: Copy holes when archiving BTRFS journal files 26c2a9952d shared: Copy holes in sparse files in copy_bytes_full() 6c7191dece copy: fix wrong argument passed to S_ISREG() in copy_file_fd_full() af0a43024d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - Update Supplements to new format in baselibs.conf - Fix libsystemd-shared exclusion in baselibs.conf - Exclude new cryptsetup libraries in baselibs.conf ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - Gzip manual page of biber - Do not attach prefix texlive twice in case of texlive-scripts-extra - Also add some obsoletes ==== texlive-specs-n ==== - Also add some obsoletes ==== timezone ==== Version update (2021e -> 2022a) - timezone update 2022a: * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ==== timezone-java ==== Version update (2021e -> 2022a) - timezone update 2022a: * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ==== transactional-update ==== Version update (3.6.2 -> 4.0.0~rc2) Subpackages: dracut-transactional-update transactional-update-zypp-config tukit - Version 4.0.0~rc2 - Fix missing prompt in "shell" command [bsc#1196580] - Add output of tukit commands to log file - Fix compilation error with GCC12 [boo#1194876] - Fixed (non-critical) security review comments [boo#1196149] - Fixed selfupdate - Code cleanup - Version 4.0.0~rc1 This release is API, but not ABI compatible with previous releases; existing applications will have to be recompiled against this new version. Major features: - Introduces a D-Bus service to access the libtukit API via the org.opensuse.tukit.Transaction interface - Introduces a C binding via libtukit.h. Other changes: - t-u: Rework --quiet handling to make sure no output is shown even in error cases; this is necessary for automation, e.g. with Salt. [gh#openSUSE/transactional-update#73] - tukit: Allow storing command output into variable by introducing a new optional parameter for "execute" and "callExt". - Replace multiple and non-standalone occurenses of {} in "callExt" argument. - Split transactional-update.timer into transactional-update.timer and transactional-update-cleanup.timer; the later will clean up old snapshots even when the system does not do automatic updates. - tukit: Remove legacy alias "setDiscard" for "setDiscardIfUnchanged". - Throw exception if snapshot is not found. - Fix various compiler warnings - Update spec file: - Include tukitd D-Bus daemon - Only install one version of the library (as there are no breaking API changes yet) - Add %pre scriplets for systemd services - Replace %systemd_postun scriptlets with %systemd_postun_with_restart to satisfy rpmlint checks - Add transactional-update log file as %ghost file ==== wireplumber ==== Version update (0.4.8 -> 0.4.9) Subpackages: libwireplumber-0_4-0 wireplumber-audio - Make the wireplumber-audio noarch as it just contains a lua config file. - Update to version 0.4.9: * Fixes: - restore-stream no longer crashes if properties for it are not present in the config (#190) - spa-json no longer crashes on non-x86 architectures - Fixed a potential crash in the bluetooth auto-switch module (#193) - Fixed a race condition that would cause Zoom desktop audio sharing to fail (#197) - Surround sound in some games is now exposed properly (pipewire#876) - Fixed a race condition that would cause the default source & sink to not be set at startup - policy-node now supports the 'target.object' key on streams and metadata - Multiple fixes in policy-node that make the logic in some cases behave more like PulseAudio (regarding nodes with the dont-reconnect property and regarding following the default source/sink) - Fixed a bug with parsing unquoted strings in spa-json * Misc: - The policy now supports configuring "persistent" device profiles. If a device is manually set to one of these profiles, then it will not be auto-switched to another profile automatically under any circumstances (#138, #204) - The device-activation module was re-written in lua - Brave, Edge, Vivaldi and Telegram were added in the bluetooth auto-switch applications list - ALSA nodes now use the PCM name to populate node.nick, which is useful at least on HDA cards using UCM, where all outputs (analog, hdmi, etc) are exposesd as nodes on a single profile - An icon name is now set on the properties of bluetooth devices - Drop patches already upstream: * 0001-spa-json-fix-va_list-APIs-for-different-architectures.patch * 0001-restore-stream-do-not-crash-if-config_properties-is-nil.patch * 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch * 0003-si-audio-adapter-relax-format-parsing.patch - Update split-config-file.py script ==== xlockmore ==== Version update (5.68 -> 5.69) - update to 5.69: Patch for xkb groups thanks to Audrey Af, public.irkutsk AT gmail.com. Minor touches for xscreensaver-6.03 port, life and life3d. ==== xml-commons-apis ==== - Build with source/target levels 8 ==== yelp ==== Subpackages: libyelp0 - Add yelp-ghelp.patch: Be even more careful about stripping slashes. Fix applications still using ghelp: URIs. ==== zsh ==== Version update (5.8 -> 5.8.1) - update to 5.8.1 (bsc#1196435, CVE-2021-45444): * CVE-2021-45444: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name. This is fixed in the shell itself by no longer performing PROMPT_SUBST evaluation on these prompt-expansion arguments. Users who are concerned about an exploit but unable to update their binaries may apply the partial work-around described in the file Etc/CVE-2021-45444-VCS_Info-workaround.patch included with the shell source. [ Reported by RyotaK <security@ryotak.me>. Additional thanks to Marc Cornellà <hello@mcornella.com>. ]
participants (1)
-
Guillaume Gardet