Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
Please do not reply to this email to report issues, rather file a bug on
For more information on filing bugs please see
lcms2 (2.11 -> 2.12)
libressl (3.2.5 -> 3.3.3)
=== Details ===
==== cups ====
Subpackages: cups-config libcups2
- When cupsd creates directories with specific owner group
and permissions (usually owner is 'root' and group matches
"configure --with-cups-group=lp") specify same owner group and
permissions in the RPM spec file to ensure those directories
are installed by RPM with the right settings because if those
directories were installed by RPM with different settings then
cupsd would use them as is and not adjust its specific owner
group and permissions which could lead to privilege escalation
from 'lp' user to 'root' via symlink attacks e.g. if owner is
falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
==== lcms2 ====
Version update (2.11 -> 2.12)
- update to 2.12:
* Added build system for fast-float plugin (see plugin documentation)
* Added new build-in sigmoidal tone curve
* Added XCode 12 project
* Added support for multichannel input up to 15 channels
* Fix LUT8 write matrix
* Fix version mess on 10/11
* Fix tools & samples xgetopt
* Fix warnings on different function pointers
* Fix matlab MEX compilation
* plugin: cleanup and better SSE detection
* plugin: add lab to any on float
* plugin: it can now be compiled as C++
* recover PDF documentation, but try to keep it under a resonable size.
* Prevent a rare but possible out-of-bounds read in postscript generator
* Fix some compiler warnings
* Add named color profile building sample to testbed
==== libressl ====
Version update (3.2.5 -> 3.3.3)
Subpackages: libcrypto46 libssl48 libtls20
- Update to release 3.3.3
* Support for DTLSv1.2.
* Continued rewrite of the record layer for the legacy stack.
* Numerous bugs and interoperability issues were fixed in the
new verifier. A few bugs and incompatibilities remain, so
this release uses the old verifier by default.
* The OpenSSL 1.1 TLSv1.3 API is not yet available.