Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20220506 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (22.0.2 -> 22.0.3) Mesa-drivers (22.0.2 -> 22.0.3) MozillaFirefox (99.0.1 -> 100.0) SDL2 akonadi-calendar apparmor audacity babl binutils bluedevil5 (5.24.4 -> 5.24.5) bluez breeze (5.24.4 -> 5.24.5) breeze-gtk (5.24.4 -> 5.24.5) bzip2 clamav (0.103.5 -> 0.103.6) discover (5.24.4 -> 5.24.5) drkonqi5 (5.24.4 -> 5.24.5) elfutils-debuginfod freetype2 (2.12.0 -> 2.12.1) fuse3 (3.10.5 -> 3.11.0) gdb gnome-software (42.0 -> 42.1) hdf5 kactivitymanagerd (5.24.4 -> 5.24.5) kcm_sddm (5.24.4 -> 5.24.5) kde-cli-tools5 (5.24.4 -> 5.24.5) kde-gtk-config5 (5.24.4 -> 5.24.5) kgamma5 (5.24.4 -> 5.24.5) khotkeys5 (5.24.4 -> 5.24.5) kinfocenter5 (5.24.4 -> 5.24.5) kmenuedit5 (5.24.4 -> 5.24.5) kscreen5 (5.24.4 -> 5.24.5) kscreenlocker (5.24.4 -> 5.24.5) ksshaskpass5 (5.24.4 -> 5.24.5) ksystemstats5 (5.24.4 -> 5.24.5) kwayland-integration (5.24.4 -> 5.24.5) kwayland-server (5.24.4 -> 5.24.5) kwin5 (5.24.4 -> 5.24.5) kwrited5 (5.24.4 -> 5.24.5) layer-shell-qt (5.24.4 -> 5.24.5) libapparmor libkdecoration2 (5.24.4 -> 5.24.5) libkscreen2 (5.24.4 -> 5.24.5) libksysguard5 (5.24.4 -> 5.24.5) libreoffice (7.3.3.1 -> 7.3.3.2) libseccomp (2.5.3 -> 2.5.4) libshout (2.4.5 -> 2.4.6) libsrtp2 libstorage-ng (4.5.6 -> 4.5.9) libunwind (1.5.0 -> 1.6.2) libxcb (1.14 -> 1.15) libxml2 (2.9.13 -> 2.9.14) libxml2-python (2.9.13 -> 2.9.14) live555 (2022.02.07 -> 2022.04.26) manpages-l10n (4.13+56 -> 4.14.0) mcelog (178 -> 181) milou5 (5.24.4 -> 5.24.5) mozilla-nss (3.76.1 -> 3.77) okteta openconnect (8.10 -> 8.20) openexr (3.1.4 -> 3.1.5) oxygen5 (5.24.4 -> 5.24.5) pcaudiolib (1.1 -> 1.2) plasma-browser-integration (5.24.4 -> 5.24.5) plasma-nm5 (5.24.4 -> 5.24.5) plasma5-addons (5.24.4 -> 5.24.5) plasma5-desktop (5.24.4 -> 5.24.5) plasma5-disks (5.24.4 -> 5.24.5) plasma5-integration (5.24.4 -> 5.24.5) plasma5-openSUSE plasma5-pa (5.24.4 -> 5.24.5) plasma5-systemmonitor (5.24.4 -> 5.24.5) plasma5-thunderbolt (5.24.4 -> 5.24.5) plasma5-workspace (5.24.4 -> 5.24.5) polkit-kde-agent-5 (5.24.4 -> 5.24.5) powerdevil5 (5.24.4 -> 5.24.5) pwgen python-SQLAlchemy (1.4.35 -> 1.4.36) python-bcrypt (3.2.0 -> 3.2.2) re2c (2.2 -> 3.0) rpm ruby3.1 samba (4.16.0+git.227.931848a12ab -> 4.16.1+git.235.f435da606f7) snapper systemsettings5 (5.24.4 -> 5.24.5) unbound (1.14.0 -> 1.15.0) unixODBC (2.3.10 -> 2.3.11) xdg-desktop-portal-kde (5.24.4 -> 5.24.5) yast2-packager (4.5.2 -> 4.5.3) yast2-samba-client (4.5.0 -> 4.5.1) === Details === ==== Mesa ==== Version update (22.0.2 -> 22.0.3) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - Update to 22.0.3 * bugfix release with fixes for most of the major drivers - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ==== Mesa-drivers ==== Version update (22.0.2 -> 22.0.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libxatracker2 - Update to 22.0.3 * bugfix release with fixes for most of the major drivers - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ==== MozillaFirefox ==== Version update (99.0.1 -> 100.0) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 100.0 * subtitle support in PiP * spell checking supports multiple languages in parallel * more details here https://www.mozilla.org/en-US/firefox/100.0/releasenotes MFSA 2022-16 (boo#1198970) * CVE-2022-29914 (bmo#1746448) Fullscreen notification bypass using popups * CVE-2022-29909 (bmo#1755081) Bypassing permission prompt in nested browsing contexts * CVE-2022-29916 (bmo#1760674) Leaking browser history with CSS variables * CVE-2022-29911 (bmo#1761981) iframe Sandbox bypass * CVE-2022-29912 (bmo#1692655) Reader mode bypassed SameSite cookies * CVE-2022-29910 (bmo#1757138) Firefox for Android forgot HTTP Strict Transport Security settings * CVE-2022-29915 (bmo#1751678) Leaking cross-origin redirect through the Performance API * CVE-2022-29917 (bmo#1684739, bmo#1706441, bmo#1753298, bmo#1762614, bmo#1762620, bmo#1764778) Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 * CVE-2022-29918 (bmo#1744043, bmo#1747178, bmo#1753535, bmo#1754017, bmo#1755847, bmo#1756172, bmo#1757477, bmo#1758223, bmo#1760160, bmo#1761481, bmo#1761771) Memory safety bugs fixed in Firefox 100 - requires NSS 3.77 ==== SDL2 ==== - Restore sdl2-symvers.patch to full symbol list to facilitate application installation with Leap 15.x's SDL2. ==== akonadi-calendar ==== Subpackages: akonadi-calendar-lang akonadi-plugin-calendar kalendarac libKF5AkonadiCalendar5 - Drop patch to fix the reminder daemon not starting on login. The autostart key is not automatically set to true here, so it was effectively disabled completely. The daemon tries to not start akonadi unless configured, so the patch can be dropped: * 0001-Make-sure-the-reminder-daemon-is-not-started-by-defa.patch ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ==== audacity ==== Subpackages: audacity-lang - Fix build on non-x86_64 by not requiring carla-devel ==== babl ==== - Add patches, backported from git, to fix build with meson 0.62: + 2dc7fc40.patch + b05b2826.patch ==== binutils ==== Subpackages: libctf-nobfd0 libctf0 - Renumber Sources. - Fix ExcludeArch for ppc. - Make multibuild utilize only the main binutils.spec file. - Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh. - Start using _multibuild for cross binutils. ==== bluedevil5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: bluedevil5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== bluez ==== Subpackages: bluez-auto-enable-devices libbluetooth3 - add Requires(post): systemd for bluez-auto-enable-devices * fixes boo#1198906 ==== breeze ==== Version update (5.24.4 -> 5.24.5) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang libbreezecommon5-5 - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * Add Windows CI * Disable decoration on Windows and mac * Add missing kcoreaddons dep ==== breeze-gtk ==== Version update (5.24.4 -> 5.24.5) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== bzip2 ==== Subpackages: libbz2-1 libbz2-1-32bit libbz2-devel - Port rpmlintrc format to rpmlint 2.x. ==== clamav ==== Version update (0.103.5 -> 0.103.6) Subpackages: libclamav9 libfreshclam2 - Update to 0.103.6 * CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (boo#1199242) * CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. (boo#1199246) * CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (boo#1199244) * CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (boo#1199245) * CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (boo#1199274) * ClamOnAcc: Fixed a number of assorted stability issues and added niceties for debugging ClamOnAcc. * Fixed an issue causing byte-compare subsignatures to cause an alert when they match even if other conditions of the given logical signatures were not met. * Fix memleak when using multiple byte-compare subsignatures. This fix was backported from 0.104.0. * Assorted bug fixes and improvements. - Remove upstreamed clamav-ck_assert_msg.patch ==== discover ==== Version update (5.24.4 -> 5.24.5) Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * flatpak: Fix state change emits (kde#451111) * flatpak: Improve stability of different sources integration * flatpak: Centralise remote integration in FlatpakBackend (kde#443745) * pk: Consider multiple package ids for one upgradeable resource (kde#444600) * Don't use the appdata version in the installed version string if empty * libdiscover: Fix Discover doesn't show license or description of local package (kde#452150) - Refresh patch and drop part of the message which might sound a bit too harsh and is mostly redundant anyway: * 0001-Warning-for-FlatHub.patch ==== drkonqi5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: drkonqi5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * fix processor invocation * fix the instance filter * instance ids have 2 hyphens not 3 ==== elfutils-debuginfod ==== - Do not set DEBUGINFOD_URLS for anything older than Tumbleweed. ==== freetype2 ==== Version update (2.12.0 -> 2.12.1) Subpackages: freetype2-devel libfreetype6 libfreetype6-32bit - drop revert-ft212-subpixel-hinting-change.patch: upstream - Update to 2.12.1: - Loading CFF fonts sometimes made FreeType crash (bug introduced in version 2.12.0) - Loading a fully hinted TrueType glyph a second time (without caching) sometimes yielded different rendering results if TrueType hinting was active (bug introduced in version 2.12.0). - The generation of the pkg-config file `freetype2.pc` was broken if the build was done with cmake (bug introduced in version 2.12.0). - The meson build no longer enforces both static and dynamic versions of the library by default. - The internal zlib library was updated to version 1.2.12. Note, however, that FreeType is *not* affected by CVE-2018-25032 since it only does decompression. - Drop freetype-2.12.0-cff_slot_load-segfault.patch - Drop 079a22da037835daf5be2bd9eccf7bc1eaa2e783.patch ==== fuse3 ==== Version update (3.10.5 -> 3.11.0) Subpackages: libfuse3-3 - Update to version 3.11.0: * Add support for flag FOPEN_NOFLUSH for avoiding flush on close. * Fixed returning an error condition to ioctl(2) ==== gdb ==== - Remove dependency on binutils-gold as the package will be removed in the future. Gold linker is unmaintained by the upstream project. - Fix unresolved BuildRequires fpc for Leap 15.4/i586. ==== gnome-software ==== Version update (42.0 -> 42.1) Subpackages: gnome-software-lang - Updated to version 42.1: + #1514 GNOME OS: Most system apps have no icons in installed list. + #1690 Button to go back is missing in "OS Updates" page opened from "Installed Updates" window. + #1693 Fix an issue where Software would sometimes display a "Software Updates Failed" error message on startup. + #1712 Clicking "Fedora Flathub Selection" does not update the filtered Flathub AppStream metadata until reboot. + #1723 Installed Updates dialog UI papercuts. + #1727 Wrong direction of arrows in updates list in RTL languages. + !794 flatpak: Prefer to install runtimes from the same remote as the application. + !1235 Find AppStream metadata in every possible location. + !1299 Avoid re-downloads of not-yet-stale data in some cases. + !1307 Change thread I/O priority depending on job priority. + !1313 Ensure labels don't overlap in app lists. + !1318 Fix an issue preventing the user from disabling some repositories on Fedora. + Translation updates. - Drop 8cbce25.patch - patched upstream, #1693. ==== hdf5 ==== Subpackages: libhdf5-103 libhdf5_cpp103 libhdf5_fortran102 libhdf5_hl100 libhdf5_hl_cpp100 libhdf5hl_fortran100 - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ==== kactivitymanagerd ==== Version update (5.24.4 -> 5.24.5) Subpackages: kactivitymanagerd-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kcm_sddm ==== Version update (5.24.4 -> 5.24.5) Subpackages: kcm_sddm-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kde-cli-tools5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kde-cli-tools5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kde-gtk-config5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kde-gtk-config5-gtk3 - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kgamma5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kgamma5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== khotkeys5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: khotkeys5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kinfocenter5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kinfocenter5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kmenuedit5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kmenuedit5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kscreen5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kscreen5-lang kscreen5-plasmoid - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kscreenlocker ==== Version update (5.24.4 -> 5.24.5) Subpackages: kscreenlocker-lang libKScreenLocker5 - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== ksshaskpass5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: ksshaskpass5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== ksystemstats5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: ksystemstats5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kwayland-integration ==== Version update (5.24.4 -> 5.24.5) - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== kwayland-server ==== Version update (5.24.4 -> 5.24.5) - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * outputconfigurationinterface: don't crash if mode is invalid (kde#453042) * Fix race in wp_drm_lease_v1. * Simplify code that announces available modes and current mode (kde#452318) * Guard subsurface parent access. (kde#452044) * Fix layer shell reset ==== kwin5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: kwin5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * backends/drm: reduce "max bpc" to what is actually used (kde#449906) * Fix unlocking wayland sessions (kde#447705) * effects/kscreen: don't use xcb on Wayland (kde#450564) * AbstractClient: Fix the current VD being always added to the plasma interface (kde#452171) * Do not send overlay geometry to text input. * backends/drm: don't permanently disable VRR when the test commit fails * backends/drm: fetch immutable blobs in DrmProperty * waylandserver: move LockScreenPresentationWatcher to the correct place * xdgactivation: Demand attention when a process fails to resolve its token * waylandserver: only signal lockScreenShown once it has actually been shown * Add a way to ignore devices for tablet mode ==== kwrited5 ==== Version update (5.24.4 -> 5.24.5) - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== layer-shell-qt ==== Version update (5.24.4 -> 5.24.5) - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ==== libkdecoration2 ==== Version update (5.24.4 -> 5.24.5) Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private9 - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== libkscreen2 ==== Version update (5.24.4 -> 5.24.5) Subpackages: libKF5Screen7 libkscreen2-plugin - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== libksysguard5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== libreoffice ==== Version update (7.3.3.1 -> 7.3.3.2) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to version 7.3.3.2: You can find the complete release notes here: https://wiki.documentfoundation.org/Releases/7.3.3/RC2 - Add system_curl build condition - Revert: Filter out binary-or-shlib-defines-rpath with $ORIGIN argument, $ORIGIN is interpreted by rpmlint now. ==== libseccomp ==== Version update (2.5.3 -> 2.5.4) - Deactive python3 by default, it's just not a good idea for ring0. - Update to release 2.5.4 * Update the syscall table for Linux v5.17. * Fix minor issues with binary tree testing and with empty binary trees. * Minor documentation improvements including retiring the mailing list. - buildrequire python-rpm-macros - reenable python bindings at least for the distro default python3 package: - adds make-python-build.patch ==== libshout ==== Version update (2.4.5 -> 2.4.6) - Update to 2.4.6 * Fixed pkg-config file * Made vorbis an optional codec * Do not pass to small headers to libspeex (see also the same mirror-patch in Icecast) * Updated documentation, mostly in regard of making it clearer which functions are now obsoleted * General code cleanup * Added compiler warnings about obsoleted functions and ignored return values * Replaced old shout_set_metadata() with new shout_set_metadata_utf8() * Added support for plain text streaming * Fixed shout_set_metadata*() sometimes returning SHOUTERR_RETRY * Workaround old clients by emulating SHOUTERR_RETRY with SHOUTERR_BUSY * Remove our re-implementation of X509_check_host() * Allow to disable building tools - Spec cleanup ==== libsrtp2 ==== - Remove include header editing; the issue once present in libsrtp 2.0.0 seems reasonably resolved in current 2.4.2 [boo#1198887] ==== libstorage-ng ==== Version update (4.5.6 -> 4.5.9) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#873 - extended documentation - consistently save and log partition id in hex - 4.5.9 - merge gh#openSUSE/libstorage-ng#872 - moved check of image-filename from create to check function - added logging of pbkdf - added const - coding style - updated documentation - 4.5.8 - merge gh#openSUSE/libstorage-ng#870 - LUKS2: add AEAD integrity option (PM-3419) - 4.5.7 ==== libunwind ==== Version update (1.5.0 -> 1.6.2) - update to 1.6.2: * Fix off-by-one error in x86_64 stack frames * Fix error in aarch64 unw_sigcontext * resolve possible null pointer dereference * Switch to C11 atomics * RISC-V support * aarch64 getcontext functionality ==== libxcb ==== Version update (1.14 -> 1.15) Subpackages: libxcb-composite0 libxcb-damage0 libxcb-devel libxcb-dpms0 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-randr0 libxcb-record0 libxcb-render0 libxcb-render0-32bit libxcb-res0 libxcb-screensaver0 libxcb-shape0 libxcb-shm0 libxcb-shm0-32bit libxcb-sync1 libxcb-xf86dri0 libxcb-xfixes0 libxcb-xinerama0 libxcb-xinput0 libxcb-xkb1 libxcb-xtest0 libxcb-xv0 libxcb-xvmc0 libxcb1 libxcb1-32bit - buildrequire xcb-proto >= 1.15 - Update to version 1.15 * xcb_auth: Quiet -Wimplicit-fallthrough warning in get_authptr() * Fix integer overflows in xcb_in.c * Use the 'present' field to properly check that the XC-MISC * Fix a memory leak * Increment libtool version info for libxcb-dri3 * Add newline when printing auth/connection failure string to stderr * Fix build on Windows * Fix writev emulation on Windows * c_client.py: Extract get_expr_field_names() * c_client.py: Use get_expr_field_names directly to resolve list fields * c_client: Extract _c_get_field_mapping_for_expr() * c_client.py: Implement handling of <length> element * tests: don't use deprecated fail_unless check API * gitignore: add files generated by make check * Avoid request counter truncation in replies map after 2**32 requests * Fix hang in xcb_request_check() * Improve/fix docs for reply fds functions ==== libxml2 ==== Version update (2.9.13 -> 2.9.14) Subpackages: libxml2-2 libxml2-2-32bit libxml2-tools - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ==== libxml2-python ==== Version update (2.9.13 -> 2.9.14) - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ==== live555 ==== Version update (2022.02.07 -> 2022.04.26) Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 libliveMedia106 - Update to 2022.04.26: * Ensure that we don't call "delete[]" on an uninitialized pointer. - Changes from version 2022.04.15: * Fixed a "fprintf()" argument-order-evaluation bug in the "mikeyParse" demo application. - Changes from version 2022.04.12: * Updated the "openRTSP" application (RTSP command-line client) to add an option '-L', meaning: receive only an "application" (e.g., 'metadata') track, if present, outputting the data to 'stdout'. ==== manpages-l10n ==== Version update (4.13+56 -> 4.14.0) Subpackages: man-pages-cs man-pages-da man-pages-de man-pages-el man-pages-es man-pages-fr man-pages-hu man-pages-it man-pages-pl man-pages-pt_BR - Update to version 4.14.0: * New language: Ukrainian. * Updated many translations. - Remove unused argument in %man_lang_package macro definition. ==== mcelog ==== Version update (178 -> 181) - Update to version 181: * mcelog: Add support for Raptorlake - Adopt patches to latest git version M Start-consolidating-AMD-specific-stuff.patch M add-f10h-support.patch M add-f11h-support.patch M add-f12h-support.patch M add-f14h-support.patch M add-f15h-support.patch M add-f16h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch - Use Python3 shebang instead of python A python3_shebang - Use Github URL - Update to version 180: * Fix warnings in sysfs.c * mcelog: Change "DDR4" string to "DDR" for i10nm platforms * Fix logrotate syntax * remove outdated mcelog.conf.5 manual file * add furture print function for Python2 * fix python errors in genconfig.py * fix the buf not freed in read_field * mcelog: Print warning for locked down kernel * mcelog: Handle sysfs files without length * Fix make test fail ==== milou5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: milou5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== mozilla-nss ==== Version update (3.76.1 -> 3.77) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.77 * Bug 1762244 - resolve mpitests build failure on Windows. * bmo#1761779 - Fix link to TLS page on wireshark wiki * bmo#1754890 - Add two D-TRUST 2020 root certificates. * bmo#1751298 - Add Telia Root CA v2 root certificate. * bmo#1751305 - Remove expired explicitly distrusted certificates from certdata.txt. * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. * bmo#1756271 - Remove token member from NSSSlot struct. * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. * bmo#1757279 - Support UTF-8 library path in the module spec string. * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. * bmo#1760827 - Add a CI Target for gcc-11. * bmo#1760828 - Change to makefiles for gcc-4.8. * bmo#1741688 - Update googletest to 1.11.0 * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API. * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts. * bmo#1755904 - Fix calculation of ECH HRR Transcript. * bmo#1758741 - Allow ld path to be set as environment variable. * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests. * bmo#1758478 - Fix DataBuffer Move Assignment. * bmo#1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 * bmo#1755092 - rework signature verification in mozilla::pkix ==== okteta ==== Subpackages: libKasten4 libOkteta3 libkasten-lang libokteta-lang okteta-data okteta-lang - Add okteta-rpmlintrc to silence the'shlib-policy-name-error' rpmlint error ==== openconnect ==== Version update (8.10 -> 8.20) Subpackages: libopenconnect5 openconnect-bash-completion openconnect-lang - Update to release 8.20: * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. * Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 * Support Juniper login forms containing both password and 2FA token * Explicitly disable 3DES and RC4, unless enabled with - -allow-insecure-crypto * Allow protocols to delay tunnel setup and shutdown (!117) * Support for GlobalProtect IPv6 * SIGUSR1now causes OpenConnect to log detailed connection information and statistics * Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint * Demangle default routes sent as split routes by GlobalProtect * Support more Juniper login forms, including some SSO forms * Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header * Add support for PPP-based protocols, currently over TLS only. * Add support for two PPP-based protocols, F5 with - -protocol=f5 and Fortinet with --protocol=fortinet. * Add support for Array Networks SSL VPN. * Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM. ==== openexr ==== Version update (3.1.4 -> 3.1.5) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.5: * Add backwards-compatibilty flags to the core library to match original behavior of the the c++ library. Fixes reading of certain files by the new core. * Fix build failures on MSVC14 and MSVC 2022 * Fix build failure on latest 64-bit Ubuntu * Documentation refers to primary branch as "main" * Update the CI workflow matrix to VFX-CY2022 * Update auto-fetch Imath version to v3.1.5 Specific OSS-fuzz issues: * OSS-fuzz [46309](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46309) Heap-buffer-overflow in Imf_3_1::memstream_read * OSS-fuzz [46083](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46083) Out-of-memory in openexr_exrcheck_fuzzer * OSS-fuzz [45899](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45899) Integer-overflow in internal_exr_compute_chunk_offset_size * OSS-fuzz [44084](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44084) Out-of-memory in openexr_exrcheck_fuzzer ==== oxygen5 ==== Version update (5.24.4 -> 5.24.5) - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== pcaudiolib ==== Version update (1.1 -> 1.2) - Update to version 1.2 * Fix cancellation snappiness * Alsa: fixed sample_size calculation, multiply with channel count. * Fix some typos ==== plasma-browser-integration ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma-browser-integration-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== plasma-nm5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * Don't use forceActiveFocus to focus the applet toolbar ==== plasma5-addons ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-addons-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * Remove unneeded check for comic Dataengine being valid (kde#452596) ==== plasma5-desktop ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-desktop-emojier plasma5-desktop-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * applets/taskmanager: Disable `reuseItems` to avoid a crash * containments/desktop/folder: remove stray qDebugs * Folder View: save desktop containment icon positions on a per-resolution basis (kde#360478,kde#354802) * applets/taskmanager: Update tooltip bindings when activating from keyboard (kde#452187) * applets/taskmanager: manually set hover: true on the tooltip highlight * Folder View: Make popup dialog wide enough for one more grid cell (kde#417539) ==== plasma5-disks ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-disks-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== plasma5-integration ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to 5.24.5 ==== plasma5-pa ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-pa-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * SpeakerTest: Fix subwoofer test (kde#445523) ==== plasma5-systemmonitor ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-systemmonitor-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== plasma5-thunderbolt ==== Version update (5.24.4 -> 5.24.5) Subpackages: plasma5-thunderbolt-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== plasma5-workspace ==== Version update (5.24.4 -> 5.24.5) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * [lookandfeel] Fix collapsed width of a volume/brightness OSD on a lock screen (kde#446185) * xdgactivation: Make sure we don't call setStartupId with an x11 token * Convert old-style Favorites resources in KActivities DB (kde#385814) * runners/baloo: Add missing category "text" to file search results * applets/digital-clock: Fix date drift (kde#452554) * systemtray: Fix race in DBusServiceObserver (kde#422111) * systemdialog: also consider buttonbox for dimensions * Fix not working applet with same compact/full representation when hiding * shell/scripting: Consider current activity in `desktopForScreen` (kde#452561) * Set a sane minimum size * SystemDialog: re-add removed public properties * kcm/colors: don't dull accent colour on dark themes in colorsapplicator (kde#442820) * wallpapers/image: Use onActivated instead of onCurrentIndexChanged * appmenu: Use existing menu in compact represenation (kde#438467) * Change the text color when appmenu is selected or hovered * Don't use forceActiveFocus to set search field focus * applets/clipboard: Don't forward input to filter if it's disabled * Avoid memory leaks by misusing HistoryItem::mimeData() * A better fix for BUG 431673 * Revert "Trim very long text strings in Klipper history view" * Revert "[klipper] Use full text for DBus return values" * Revert "Fix Klipper Actions content truncation" * Revert "klipper: Add FullTextRole to get untruncated text" * Revert "klipper: Add `testTrimmedText`" * Revert "applets/clipboard: Use FullTextRole in EditPage" * Revert "applets/clipboard: Use FullTextRole in SortFilterModel" * Revert "applets/clipboard: Generate QR code from full text" ==== polkit-kde-agent-5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: polkit-kde-agent-5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== powerdevil5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: powerdevil5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== pwgen ==== - switch to https urls ==== python-SQLAlchemy ==== Version update (1.4.35 -> 1.4.36) - update to 1.4.36: * details on https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.36 * Fixed regression where the change made for #7861, released in version 1.4.33, that brought the Insert construct to be partially recognized as an ORM-enabled statement * Modified the DeclarativeMeta metaclass to pass cls.__dict__ into the declarative scanning process to look for attributes, rather than the separate dictionary passed to the type?s __init__() method * Fixed a memory leak in the C extensions which could occur when calling upon named members of Row when the member does not exist under Python 3 * Added a warning regarding a bug which exists in the Result.columns() method when passing 0 for the index in conjunction with a Result that will return a single ORM entity, which indicates that the current behavior of Result.columns() is broken in this case as the Result object will yield scalar values and not Row objects * Fixed bug where ForeignKeyConstraint naming conventions using the referred_column_0 naming convention key would not work if the foreign key constraint were set up as a ForeignKey object rather than an explicit ForeignKeyConstraint object. ==== python-bcrypt ==== Version update (3.2.0 -> 3.2.2) - update to 3.2.2: * Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. * Added support for compilation on z/OS * The next release of ``bcrypt`` with be 4.0 and it will require Rust at compile time, for users building from source. There will be no additional requirement for users who are installing from wheels. Users on most platforms will be able to obtain a wheel by making sure they have an up to date ``pip``. The minimum supported Rust version will be 1.56.0. ==== re2c ==== Version update (2.2 -> 3.0) - update to 3.0: - Added code generation backend for Rust: - Added options: + ``--loop-switch`` + ``--no-unsafe`` - Added configurations; + ``re2c:label:yyloop`` + ``re2c:unsafe`` - Renamed options to use common naming scheme. The old names are supported as aliases, so the change does not break existing code. Documentation has been updated to use new names. + ``--api`` is a new alias for ``--input`` + ``--ebcdic`` is a new alias for ``--ecb`` + ``--ucs2`` is a new alias for ``--wide-chars`` + ``--utf32`` is a new alias for ``--unicode`` + ``--utf16`` is a new alias for ``--utf-16`` + ``--utf8`` is a new alias for ``--utf-8`` + ``--header`` is a new alias for ``--type-header`` - Renamed configurations to use common naming scheme and support proper scoping under subcategories such as ``:define``, ``:label``, ``:variable``, etc. The old names are supported as aliases, so the change does not break existing code. Documentation has been updated to use new names. + ``re2c:api`` is a new alias for ``re2c:flags:input`` + ``re2c:bit-vectors`` is a new alias for ``re2c:flags:bit-vectors`` + ``re2c:case-insensitive`` is a new alias for ``re2c:flags:case-insensitive`` + ``re2c:case-inverted`` is a new alias for ``re2c:flags:case-inverted`` + ``re2c:case-ranges`` is a new alias for ``re2c:flags:case-ranges`` + ``re2c:cond:prefix`` is a new alias for ``re2c:condprefix`` + ``re2c:cond:enumprefix`` is a new alias for ``re2c:condenumprefix`` + ``re2c:computed-gotos`` is a new alias for ``re2c:flags:computed-gotos`` + ``re2c:computed-gotos:threshold`` is a new alias for ``re2c:cgoto:threshold`` + ``re2c:debug-output`` is a new alias for ``re2c:flags:debug-output`` + ``re2c:encoding:ebcdic`` is a new alias for ``re2c:flags:ecb`` + ``re2c:encoding:utf32`` is a new alias for ``re2c:flags:unicode`` + ``re2c:encoding:ucs2`` is a new alias for ``re2c:flags:wide-chars`` + ``re2c:encoding:utf16`` is a new alias for ``re2c:flags:utf-16`` + ``re2c:encoding:utf8`` is a new alias for ``re2c:flags:utf-8`` + ``re2c:encoding-policy`` is a new alias for ``re2c:flags:encoding-policy`` + ``re2c:empty-class`` is a new alias for ``re2c:flags:empty-class`` + ``re2c:header`` is a new alias for ``re2c:flags:type-header`` + ``re2c:label:prefix`` is a new alias for ``re2c:labelprefix`` + ``re2c:label:yyfill`` is a new alias for ``re2c:label:yyFillLabel`` + ``re2c:label:start`` is a new alias for ``re2c:startlabel`` + ``re2c:nested-ifs`` is a new alias for ``re2c:flags:nested-ifs`` + ``re2c:posix-captures`` is a new alias for ``re2c:flags:posix-captures`` + ``re2c:tags`` is a new alias for ``re2c:flags:tags`` + ``re2c:variable:yych:conversion`` is a new alias for ``re2c:yych:conversion`` + ``re2c:variable:yych:emit`` is a new alias for ``re2c:yych:emit`` + ``re2c:variable:yybm:hex`` is a new alias for ``re2c:yybm:hex`` + ``re2c:unsafe`` is a new alias for ``re2c:flags:unsafe`` - Added directive alias ``conditions:re2c`` for ``types:re2c``. - Multiple small changes in code generation, including some formatting changes that result in large diffs in the generated code: + Do not allocate indices for unused state labels (this results in a change in state enumeration), commits + Do not generate redundant ``YYPEEK`` statements, commit + Do not generate ``YYDEBUG`` statements for unused states labels, commit + C backend: change formatting of switch statements, commit + Go backend: render continuous character ranges in compact form, commit + Mark start and end of included .re files with line directives, commit - A fix to limit maximum allowed NFA and DFA size (to avoid out of memory crashes and stack overflows), - A fix to correctly compute fixed tags in trailing context, commit - A fix to generate non-overlapping names for s-tag and m-tag variables, commit - Infrastructural: added support for CMake presets. - Updated documentation. - Backwards-incompatible changes that are unlikely to affect any users: + Restrict lexical contexts where ``%{`` is recognized as a block start, + Emit an error when repetition lower bound exceeds upper bound, commit ==== rpm ==== Subpackages: librpmbuild9 - update rpm-shorten-changelog.diff: fix shortening of changelog, the non-primary binary packages had the full changelog - update macrosin.diff: remove binarychangelog cutoff setting, this comes from rpm-config-SUSE now ==== ruby3.1 ==== Subpackages: libruby3_1-3_1 - Do not depend on binutils-gold as it will be removed in the future as it's obsoleted. Use lld instead of it for clang build. ==== samba ==== Version update (4.16.0+git.227.931848a12ab -> 4.16.1+git.235.f435da606f7) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Update to 4.16.1 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * KVNO off by 100000; (bso#14951); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * smbd doesn't handle UPNs for looking up names; (bso#15054); - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data. ==== snapper ==== Subpackages: libsnapper6 snapper-zypp-plugin - fixed error handling when reading configs (gh#openSUSE/snapper#715) ==== systemsettings5 ==== Version update (5.24.4 -> 5.24.5) Subpackages: systemsettings5-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ==== unbound ==== Version update (1.14.0 -> 1.15.0) Subpackages: libunbound8 unbound-anchor - drop python2 packages - update to 1.15.0: This release has bug fixes for crashes that happened on heavy network usage. The default for the aggressive-nsec option has changed, it is now enabled. The ratelimit logic had to be reworked for the crash fixes. As a result, there are new options to control the behaviour of ratelimiting. The ratelimit-backoff and ip-ratelimit-backoff options can be used to control how severe the backoff is when the ratelimit is exceeded. The rpz-signal-nxdomain-ra option can be used to unset the RA flag, for NXDOMAIN answers from RPZ. That is used by some clients to detect that the domain is externally blocked. The RPZ option for-downstream can be used like for auth zones, this allows the RPZ zone information to be queried. That can be useful for monitoring scripts. Features - Fix #596: unset the RA bit when a query is blocked by an unbound RPZ nxdomain reply. The option rpz-signal-nxdomain-ra allows to signal that a domain is externally blocked to clients when it is blocked with NXDOMAIN by unsetting RA. - Add rpz: for-downstream: yesno option, where the RPZ zone is authoritatively answered for, so the RPZ zone contents can be checked with DNS queries directed at the RPZ zone. - Merge PR #616: Update ratelimit logic. It also introduces ratelimit-backoff and ip-ratelimit-backoff configuration options. - Change aggressive-nsec default to yes. Bug Fixes - Fix compile warning for if_nametoindex on windows 64bit. - Merge PR #581 from fobser: Fix -Wmissing-prototypes and -Wshadow warnings in rpz. - Fix validator debug output about DS support, print correct algorithm. - Add code similar to fix for ldns for tab between strings, for consistency, the test case was not broken. - Allow local-data for classes other than IN to inherit a configured local-zone's type if possible, instead of defaulting to type transparent as per the implicit rule. - Fix to pick up other class local zone information before unlock. - Add missing configure flags for optional features in the documentation. - Fix Unbound capitalization in the documentation. - Fix #591: Unbound-anchor manpage links to non-existent license file. - contrib/aaaa-filter-iterator.patch file renewed diff content to apply cleanly to the current coderepo for the current code version. - Fix to add test for rpz-signal-nxdomain-ra. - Fix #596: only unset RA when NXDOMAIN is signalled. - Fix that RPZ does not set RD flag on replies, it should be copied from the query. - Fix for #596: fix that rpz return message is returned and not just the rcode from the iterator return path. This fixes signal unset RA after a CNAME. - Fix unit tests for rpz now that the AA flag returns successfully from the iterator loop. - Fix for #596: add unit test for nsdname trigger and signal unset RA. - Fix for #596: add unit test for nsip trigger and signal unset RA. - Fix #598: Fix unbound-checkconf fatal error: module conf 'respip dns64 validator iterator' is not known to work. - Fix for #596: Fix rpz-signal-nxdomain-ra to work for clientip triggered operation. - Merge #600 from pemensik: Change file mode before changing file owner. - Fix prematurely terminated TCP queries when a reply has the same ID. - For #602: Allow the module-config "subnetcache validator cachedb iterator". - Fix EDNS to upstream where the same option could be attached more than once. - Add a region to serviced_query for allocations. - For dnstap, do not wakeupnow right there. Instead zero the timer to force the wakeup callback asap. - Fix #610: Undefine-shift in sldns_str2wire_hip_buf. - Fix #588: Unbound 1.13.2 crashes due to p->pc is NULL in serviced_udp_callback. - Merge PR #612: TCP race condition. - Test for NSID in SERVFAIL response due to DNSSEC bogus. - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC document. - Fix tls-* and ssl-* documented alternate syntax to also be available through remote-control and unbound-checkconf. - Better cleanup on failed DoT/DoH listening socket creation. - iana portlist update. - Fix review comment for use-after-free when failing to send UDP out. - Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA internals. - Merge PR #532 from Shchelk: Fix: buffer overflow bug. - Merge PR #617: Update stub/forward-host notation to accept port and tls-auth-name. - Update stream_ssl.tdir test to also use the new forward-host notation. - Fix header comment for doxygen for authextstrtoaddr. - please clang analyzer for loop in test code. - Fix docker splint test to use more portable uname. - Update contrib/aaaa-filter-iterator.patch with diff for current software version. - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan. - Change to systemd-sysusers ==== unixODBC ==== Version update (2.3.10 -> 2.3.11) - Update to 2.3.11: * Add missing files to 2.3.10 - See https://github.com/lurcher/unixODBC/issues/107 ==== xdg-desktop-portal-kde ==== Version update (5.24.4 -> 5.24.5) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - Changes since 5.24.4: * Fix saving file dialog view options ==== yast2-packager ==== Version update (4.5.2 -> 4.5.3) - Run the package solver after selecting additional system packages, fixes possible broken package dependencies after system upgrade (bsc#1195828) - 4.5.3 ==== yast2-samba-client ==== Version update (4.5.0 -> 4.5.1) - Use translation macro for range settings expert details text; (bsc#1197936). - 4.5.1