Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20211031 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: Mesa (21.2.4 -> 21.2.5) Mesa-drivers (21.2.4 -> 21.2.5) ffmpeg-4 (4.4 -> 4.4.1) haveged imlib2 (1.7.1 -> 1.7.4) libmemcached libqt5-qtbase (5.15.2+kde222 -> 5.15.2+kde254) libqt5-qtdeclarative (5.15.2+kde29 -> 5.15.2+kde36) libqt5-qtquickcontrols2 (5.15.2+kde7 -> 5.15.2+kde8) libqt5-qtsvg (5.15.2+kde7 -> 5.15.2+kde13) libqt5-qtvirtualkeyboard (5.15.2+kde3 -> 5.15.2+kde4) libqt5-qtwayland (5.15.2+kde28 -> 5.15.2+kde34) librdkafka (1.7.0 -> 1.8.0) memcached python-qt5 (5.15.5 -> 5.15.6) wget (1.21.1 -> 1.21.2) === Details === ==== Mesa ==== Version update (21.2.4 -> 21.2.5) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.2.5 * bit of everything: general vulkan, panfrost, and zink are the biggest changes. ==== Mesa-drivers ==== Version update (21.2.4 -> 21.2.5) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to 21.2.5 * bit of everything: general vulkan, panfrost, and zink are the biggest changes. ==== ffmpeg-4 ==== Version update (4.4 -> 4.4.1) Subpackages: libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Update to version 4.4.1: * Stable bug fix release, mainly codecs and format fixes. - Refresh patches with quilt. - Drop patches fixed upstream: * ffmpeg-CVE-2021-33815.patch * ffmpeg-CVE-2021-38114.patch * ffmpeg-CVE-2021-38171.patch * ffmpeg-CVE-2020-22037.patch ==== haveged ==== Subpackages: libhavege2 - Improvements on the linux kernel random subsystem have made the haveged service/daemon obsolete, remove the service files, initrd modules and udev rules, the other components are still useful. ==== imlib2 ==== Version update (1.7.1 -> 1.7.4) Subpackages: imlib2-loaders libImlib2-1 - update to 1.7.4: * imlib2_view: Move property stuff to separate file * imlib2_view: Cleanups * imlib2_view: By default scale large images to fit on screen * imlib2_view: Add some debug * imlib2_view: Fix issue with new default scaling * WEBP loader: Remove forgotten debug printout * WEBP loader: Rename fd variable to be same as everywhere else * LBM loader: Fix potential out-of-bounds memory access * GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix * Revert "GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix" * GIF, TIFF, WEBP loaders: Fix loading if filename does not have usual suffix - take 2 * Add script to generate Changelog * Update Changelog to new format * image.c: Use the LOAD_... macros to check loader return values * autofoo: Resurrect non-pkg check for bzip2 * Remove some unnecessary X_DISPLAY_MISSING stuff * rend.c: Remove some pointless lines * Add XBM loader * Add imlib2_load and /build to .gitignore * Remove obsolete and unused AC_HEADER_STDC * Restore file:key functionality * ICO loader: Fix (disabled) debug stuff * ICO loader: Enable specifying ico image index by key * Remove unused Context functions * context.c: Fix potential segv * LBM loader: Fix handling of missing RLE data * Fix clang-analyzer warnings - bin (trivial) * Fix clang-analyzer warnings - loaders (trivial) * Fix clang-analyzer warnings - loaders (suppress bogus) * Fix clang-analyzer warnings - lib (mostly trivial) * Fix clang-analyzer warnings - lib (less trivial) * autofoo: Move more to pkg-config * TIFF loader: Drop use of libtiff defined types deprecated in libtiff-4.3.0 * TGA loader: Fix loading small images without footer * Spec file: Add git tag to rpm file name (if built from git checkout) * Cleanups: while->for loops (loaders list) * Cleanups: while->for loops (context list) * Cleanups: while->for loops (im->tags list) * Cleanups: while->for loops (images list) * Cleanups: while->for loops (pixmaps list) * Drop unused Imlib_Object_List:last * Add feature to build with ASAN (--enable-gcc-asan) * Correct (disabled) debug printouts * Loaders: Remove unnecessary headers * WEBP saver: Use fopen() etc. like all other savers ==== libmemcached ==== - Move libmemcachedprotocol library into its own package to fix shlib-policy-name-error. Fixes bsc#1191767 ==== libqt5-qtbase ==== Version update (5.15.2+kde222 -> 5.15.2+kde254) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.2+kde254: * Revert "QPushButton: fix support of style sheet rule for text alignment" * Revert "Fix invalid text layout data when a full layout run is interrupted" * Optimize mime type matching * fix potential mem leak on connection lost * tst_QSslSocket - replace an old certificate * tst_QSslCertificate::verify - remove QSKIP * tst_QSslCertificate::verify - skip auto-test * Doc: bump the OpenSSL minimum supported version to 1.1.1 * QHttpSocketEngine: Fix memory leak * QSslCertificate(OpenSSL) - harden protection against nullpointers * QSslCertificate: Guard against accessing empty QByteArray * Make QStyle::proxy() always return the leaf proxy * Prefer previously used channels in QHttpNetworkConnection * Fix populating selection clipboard with keyboard * QSslCertificate::operator == - cleanup error queue * Revert "Fix highdpi conversion of QTabletEvent coordinates on xcb" * Fix highdpi conversion of QTabletEvent coordinates on xcb * Support transformations in pattern/texture brushes in pdf * Respect font stretch if set together with font style * Fix QPainterPath with QFont::SmallCaps * Avoid generating large pdf files when using dashed cosmetic pens * PDF generation: disentangle native pen from transforms * qmake: Switch to using Xcode's new build system * Explicitly set input files for qtpreprocess * Only embed launch screen when building an app * Explicitly set output files for qtpreprocess * Fix memory leak * Fix reading gamma from PNGs without ICC profile * QPlatformWindow: fix isAncestorOf not breaking recursion * Cater for upstream changes in eglplatform.h * QTextOdfWriter: fix exporting pixmaps to ODT * Fix access to content: URLs with transient read/write permissions ==== libqt5-qtdeclarative ==== Version update (5.15.2+kde29 -> 5.15.2+kde36) - Update to version 5.15.2+kde36: * Do not revert properties of deleted objects * Revert "Fix for possible crash in QSGDefaultLayer::grab" * Fix distorted text with subpixel matrix translation * Fix sweep step for tainted QObject JavaScript wrappers * QQmlDelegateModel: Refresh the view when a column is added at 0 * QQuickLoader: Do not incubate if the source arrives after setActive(false) * Include <limits> in Yarr.h to fix build with GCC 11 ==== libqt5-qtquickcontrols2 ==== Version update (5.15.2+kde7 -> 5.15.2+kde8) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.2+kde8: * Unset mouseGrabberPopup if it's removed from children ==== libqt5-qtsvg ==== Version update (5.15.2+kde7 -> 5.15.2+kde13) - Update to version 5.15.2+kde13: * Fix parsing of animation clock values * Improve parsing of "r" * Fix parsing of arc elements in paths * Fix text x/y when the length is not in pixels * Support font size not in pixels * Limit font size to avoid numerous overflows ==== libqt5-qtvirtualkeyboard ==== Version update (5.15.2+kde3 -> 5.15.2+kde4) Subpackages: libQt5HunspellInputMethod5 libQt5VirtualKeyboard5 libqt5-qtvirtualkeyboard-hunspell - Update to version 5.15.2+kde4: * Avoid reparenting of InputPanel when the window is being destroyed ==== libqt5-qtwayland ==== Version update (5.15.2+kde28 -> 5.15.2+kde34) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.2+kde34: * Fix the logic for decoding modifiers map in Wayland text input protocol * Client: Always destroy frame callback in the actual callback * Client: Don't always recreate frame callbacks * Wayland client: Fix crash when windows are shown/hidden during drag * Correctly detect if image format is supported by QImageWriter * Do not update the mask if we do not have a surface ==== librdkafka ==== Version update (1.7.0 -> 1.8.0) - update to 1.8.0: * Upgrade bundled zlib version from 1.2.8 to 1.2.11 in the `librdkafka.redist` NuGet package. The updated zlib version fixes CVEs: CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 See https://github.com/edenhill/librdkafka/issues/2934 for more information. * librdkafka now uses [vcpkg](https://vcpkg.io/) for up-to-date Windows dependencies in the `librdkafka.redist` NuGet package: OpenSSL 1.1.1l, zlib 1.2.11, zstd 1.5.0. * The upstream dependency (OpenSSL, zstd, zlib) source archive checksums are now verified when building with `./configure --install-deps`. These builds are used by the librdkafka builds bundled with confluent-kafka-go, confluent-kafka-python and confluent-kafka-dotnet. * Producer `flush()` now overrides the `linger.ms` setting for the duration of the `flush()` call, effectively triggering immediate transmission of queued messages. (#3489) * Lots of bugfixes, see included CHANGELOG.md for details - build against system libraries rather than bundled ones - enable all features ==== memcached ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_memcached.service.patch Modified: * memcached.service ==== python-qt5 ==== Version update (5.15.5 -> 5.15.6) - Update to 5.15.6 * Bug fixes * affecting source builds for Python 3.10 * minor improvements to the QObject type hints ==== wget ==== Version update (1.21.1 -> 1.21.2) Subpackages: wget-lang - GNU wget 1.21.2: * Support for autoconf 2.71 * Fix a double free in FTP when using an absolute path * --page-requisites will now also download links marked as "alternate stylesheet" or "icon" - drop 0001-src-main.c-Introduce-truncate_filename-option.patch superseded by upstream changes