Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
libbpf (1.0.1 -> 1.1.0)
libqt5-qtwebengine (5.15.11 -> 5.15.12)
librepo (1.14.5 -> 1.15.1)
vim (9.0.1075 -> 9.0.1107)
zvbi (0.2.38 -> 0.2.39)
=== Details ===
==== libbpf ====
Version update (1.0.1 -> 1.1.0)
- update to v1.1.0:
User space-side features and APIs:
* user-space ring buffer (BPF_MAP_TYPE_USER_RINGBUF) support;
* new documentation page listing all recognized SEC() definitions;
* BTF dedup improvements:
* unambiguous fwd declaration resolution for structs and unions;
* better handling of some corner cases with identical structs and arrays;
* mixed enum and enum64 forward declaration resolution logic;
* bpf_{link,btf,pro,mapg}_get_fd_by_id_opts() and bpf_get_fd_by_id_opts()
APIs;
* libbpf supports loading raw BTF for BPF CO-RE from known search paths;
* support for new cgroup local storage (BPF_MAP_TYPE_CGRP_STORAGE);
* libbpf will only add BPF_F_MMAPABLE flag for data maps with global
(i.e., non-static) vars;
* latest Linux UAPI headers with lots of changes synced into
include/uapi/linux.
BPF-side features and APIs;
* BPF_PROG2() macro added that supports struct-by-value arguments;
* new BPF helpers:
* bpf_user_ringbuf_drain();
* cgrp_storage_get() and cgrp_storage_delete().
Bug fixes
* better handling of padding corner cases;
* btf__align_of() determines packed structs better now;
* improved handling of enums of non-standard sizes;
* USDT spec parsing improvements;
* overflow handling fixes for ringbufs;
* Makefile fixes to support cross-compilation for 32-bit targets;
* fix crash if SEC("freplace") programs don't have attach_prog_fd set;
* better handling of file existence checks when running as non-root with
enhanced capabilities;
* a bunch of small fixes:
* ELF handling improvements;
* fix memory leak in USDT argument parsing logic;
* fix NULL dereferences in few corner cases;
* improved netlink attribute iteration handling.
- drop libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch,
libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch,
libbpf-Fix-memory-leak-in-parse_usdt_arg.patch
libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch (upstream)
==== libqt5-qtwebengine ====
Version update (5.15.11 -> 5.15.12)
- Update to version 5.15.12:
* Bump version to 5.15.12
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
* Fixup the patch for CVE-2022-3200 on 87-based / 5.15
* [Backport] CVE-2022-3038: Use after free in Network Service
* [Backport] CVE-2022-3040: Use after free in Layout
* [Backport] CVE-2022-3041: Use after free in WebSQL
* [Backport] CVE-2022-3046: Use after free in Browser Tag
* [Backport] CVE-2022-3075: Insufficient data validation in Mojo
* [Backport] CVE-2022-3196: Use after free in PDF
* [Backport] CVE-2022-3197: Use after free in PDF
* [Backport] CVE-2022-3198: Use after free in PDF
* [Backport] CVE-2022-3199: Use after free in Frames.
* [Backport] CVE-2022-3200: Heap buffer overflow in Internals
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (1/2)
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (2/2)
* [Backport] CVE-2022-3304: Use after free in CSS
* [Backport] CVE-2022-3370: Use after free in Custom Elements
* [Backport] CVE-2022-3373: Out of bounds write in V8
* [Backport] CVE-2022-3445: Use after free in Skia.
* [Backport] CVE-2022-3446 and CVE-2022-35737
* [Backport] CVE-2022-3885: Use after free in V8
* [Backport] CVE-2022-3887: Use after free in Web Workers
* [Backport] CVE-2022-3889: Type Confusion in V8
* [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
* [Backport] CVE-2022-4174: Type Confusion in V8
* [Backport] CVE-2022-4180: Use after free in Mojo
* [Backport] CVE-2022-4181: Use after free in Forms
* [Backport] CVE-2022-4262: Type Confusion in V8
* [Backport] Security bug 1356308
* [Backport] Security bug 1378916
* [Backport] Security bugs 1346938 and 1338114
==== librepo ====
Version update (1.14.5 -> 1.15.1)
- update to 1.15.1:
* Add API support for waiting on network in an event driven
manner
* OpenPGP API extension and fixes
- lincense updated to LGPL-2.1-or-later
==== vim ====
Version update (9.0.1075 -> 9.0.1107)
Subpackages: vim-data vim-data-common vim-small
- Updated to version 9.0.1107, fixes the following problems
* build fails if the compiler doesn't allow for a declaration right after
"case".
* ASAN complains about NULL argument.
* Can add text property with negative ID before virtual text property.
* With the +vartabs feature indent folding may use wrong 'tabstop'.
* Leaking memory when defining a user command fails.
* The "kitty" terminfo entry is not widespread, resulting in the kitty
terminal not working properly.
* Using "->" with split lines does not always work.
* Some jsonc files are not recognized.
* Empty and comment lines in a class cause an error.
* Code handling low level MS-Windows events cannot be tested.
* Compiler warns for uninitialized variable.
* Display wrong in Windows terminal after exiting Vim.
* Autocommand test sometimes fails.
* Clang warns for unused variable.
* unnessary assignment
* FHIR Shorthand files are not recognized.
* Assignment to non-existing member causes a crash. (Yegappan Lakshmanan)
* Search error message doesn't show used pattern.
* Using freed memory of object member. (Yegappan Lakshmanan)
* Compiler warning when HAS_MESSAGE_WINDOW is not defined.
* Using freed memory when declaration fails. (Yegappan Lakshmanan)
* Reallocating hashtab when the size didn't change.
* Tests are failing.
* Code uses too much indent.
* Trying to resize a hashtab may cause a problem.
==== zvbi ====
Version update (0.2.38 -> 0.2.39)
- update to 0.2.39:
* Updates to remove compiler warnings during tests.
* Allow autogen.sh and configure to run separately by default.
* Add Georgian language translation po files.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
distrobox (1.4.1 -> 1.4.2.1)
kernel-firmware (20221130 -> 20221216)
libarchive (3.6.1 -> 3.6.2)
libgnomesu
libpsl (0.21.1 -> 0.21.2)
lsof (4.96.4 -> 4.96.5)
publicsuffix (20220903 -> 20221129)
python-urllib3 (1.26.12 -> 1.26.13)
=== Details ===
==== distrobox ====
Version update (1.4.1 -> 1.4.2.1)
Subpackages: distrobox-bash-completion
- Update to latest version (1.4.2.1). Some changes:
* all: fix setting up default images and names
* compatibility: add gentoo docker image
* compatibility: change debian 8 image
* completion: Remove shebangs from bash completions
* completion: add compatibility list flag, add image name
autocompletion
* create/enter/export: Add home prefix
* create: Fix using --home with space in path
* create: use --entrypoint to override entrypoint defined by
image
* distrobox: remove trap from the wrapper
* docs: Add resource limitation tips
* docs: Fix example configuration file
* docs: Update handler function to support bash scripts
* enter/export: handle quotes in arguments in a better way
* enter: exclude LANG environment variables
* enter: remove detach-keys, work on #398
* export/enter: inject container ID at enter-time, in order to be
used in export
* export: fix variable declaration
* export: look at global user services while trying to export a
service
* export: use realpath on icons
* init: Add init and pre-init hook defaults as supported config
options
* init: add missing findmnt in OpenSUSE
* init: better systemd unit cleanup
* init: copy skel files only if using custom home
* init: fix overriding of SHELL at each start, override default
SHELL only the first time
* init: fix sudoers spam (missing " in check)
* init: fix void-linux package incompatibility error
* init: fix vte installation; add --noreplace to prevent repeated
builds
* init: integrate with kerberos host only if it is installed on
the host.
* init: skip external mounts when searching for sockets
* init: specify package for gentoo
* init: use container's path for SHELL instead of host's one
* init: use findmnt instead of mountpoint, fixing compatibility
with old distributions
* install-podman: Fix cni_plugin_dirs
* install: do not use scraping, use fixed version
* main: Do not open manpager automatically
Full list available at: https://github.com/89luca89/distrobox/releases/tag/1.4.2.1
==== kernel-firmware ====
Version update (20221130 -> 20221216)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20221216 (git commit c9c19583f717):
* rtw89: 8852c: update fw to v0.27.56.9
* rtw89: 8852c: update fw to v0.27.56.8
* amdgpu: updated navi10 firmware for amd-5.4
* amdgpu: updated yellow carp firmware for amd-5.4
* amdgpu: updated raven2 firmware for amd-5.4
* amdgpu: updated raven firmware for amd-5.4
* amdgpu: updated PSP 13.0.8 firmware for amd-5.4
* amdgpu: updated GC 10.3.7 RLC firmware for amd-5.4
* amdgpu: updated vega20 firmware for amd-5.4
* amdgpu: updated PSP 13.0.5 firmware for amd-5.4
* amdgpu: add VCN 4.0.0 firmware for amd-5.4
* amdgpu: add SMU 13.0.0 firmware for amd-5.4
* amdgpu: Add SDMA 6.0.0 firmware for amd-5.4
* amdgpu: add PSP 13.0.0 firmware for amd-5.4
* amdgpu: add GC 11.0.0 firmware for amd-5.4
* amdgpu: add DCN 3.2.0 firmware for amd-5.4
* amdgpu: updated vega10 firmware for amd-5.4
* amdgpu: updated beige goby firmware for amd-5.4
* amdgpu: updated dimgrey cavefish firmware for amd-5.4
* amdgpu: updated vangogh firmware for amd-5.4
* amdgpu: updated picasso firmware for amd-5.4
* amdgpu: updated navy flounder firmware for amd-5.4
* amdgpu: updated green sardine firmware for amd-5.4
* amdgpu: updated sienna cichlid firmware for amd-5.4
* amdgpu: updated arcture firmware for amd-5.4
* amdgpu: updated navi14 firmware for amd-5.4
* amdgpu: updated renoir firmware for amd-5.4
* amdgpu: updated navi12 firmware for amd-5.4
* amdgpu: updated aldebaran firmware for amd-5.4
* sr150 : Add NXP SR150 UWB firmware
* brcm: add/update firmware files for brcmfmac driver
* rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x75b8_f098
==== libarchive ====
Version update (3.6.1 -> 3.6.2)
- update to 3.6.2 (bsc#1205629, CVE-2022-36227)
* NULL pointer dereference vulnerability in archive_write.c
* include ZSTD in Windows builds (#1688)
* SSL fixes on Windows (#1714, #1723, #1724)
* rar5 reader: fix possible garbled output with bsdtar -O (#1745)
* mtree reader: support reading mtree files with tabs (#1783)
* various small fixes for issues found by CodeQL
==== libgnomesu ====
Subpackages: libgnomesu-lang libgnomesu0
- Migration of PAM settings to /usr/lib/pam.d.
==== libpsl ====
Version update (0.21.1 -> 0.21.2)
- update to 0.21.2:
* Increased internal label size
* Fix undefined behavior in library code
* Ensure that calls to fopen() and stat() can handle largefiles
- add multibuild definition
==== lsof ====
Version update (4.96.4 -> 4.96.5)
- update to 4.96.5:
* Avoid C89-only constructs is Configure
- drop format.patch, now upstream
==== publicsuffix ====
Version update (20220903 -> 20221129)
- Update to version 20221129:
* util: gTLD data autopull updates for 2022-11-29T15:14:18 UTC (#1658)
* Add activetrail.biz (#1655)
* Add `cf-ipfs.com`, `cloudflare-ipfs.com`, and `r2.dev` (#1582)
* Added mytabit.co.il; mytabit.com; (#1499)
* removing tbits.me from public suffix list (#1642)
- Update to version 20221107:
* Add myamaze.net (#1602)
* Remove gwiddle.co.uk (#1638)
* Removing domain that expired and is not used (#1643)
* util: gTLD data autopull updates for 2022-11-02T15:17:39 UTC (#1641)
* Fix typos in pull request template (#1639)
* util: gTLD data autopull updates for 2022-10-29T15:16:24 UTC (#1636)
* util: gTLD data autopull updates for 2022-10-20T15:22:14 UTC (#1632)
* util: gTLD data autopull updates for 2022-10-15T15:17:50 UTC (#1631)
* Use CentralNic model for Amazon suffixes (#1629)
* Names.of.London is no longer operating the service (#1630)
* Domains from simplesite.com used for subdomain style webhosting of individual customer websites. (#1623)
* Add Fastmail user content domain user.fm (#1601)
* util: gTLD data autopull updates for 2022-10-11T15:20:32 UTC (#1626)
* util: gTLD data autopull updates for 2022-10-07T15:19:56 UTC (#1624)
* Add *.on-acorn.io (#1578)
* Update existing Replit entries, add `firewalledreplit.co` (#1568)
* Add 2.azurestaticapps.net DNS suffix (#1604)
* Update Pull Request Form to address #1619
* Add rules for AWS Cloud9 (#1590)
* util: gTLD data autopull updates for 2022-09-15T15:17:33 UTC (#1615)
==== python-urllib3 ====
Version update (1.26.12 -> 1.26.13)
- update to 1.26.13
* Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods.
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.
* Fixed a deprecation warning when using cryptography v39.0.0.
* Removed the ``<4`` in the ``Requires-Python`` packaging metadata field.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
dnsmasq (2.87 -> 2.88)
fwupd (1.8.7 -> 1.8.8)
gnome-control-center (43.1 -> 43.2)
libpwquality (1.4.4 -> 1.4.5)
mdadm
openblas_pthreads
=== Details ===
==== dnsmasq ====
Version update (2.87 -> 2.88)
- update to 2.88:
* Fix bug in --dynamic-host when an interface has /16 IPv4
* address.
* Add --fast-dns-retry option. This gives dnsmasq the ability
to originate retries for upstream DNS queries itself, rather
than relying on the downstream client. This is most useful
when doing DNSSEC over unreliable upstream networks. It comes
with some cost in memory usage and network bandwidth.
* Add --use-stale-cache option. When set, if a DNS name exists
in the cache, but its time-to-live has expired, dnsmasq will
return the data anyway.
* handle removal of whole files or entries within files.
==== fwupd ====
Version update (1.8.7 -> 1.8.8)
Subpackages: fwupd-bash-completion fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.8.8:
+ This release adds the following features:
- Add BIOS rollback protection support for Dell and Lenovo
systems
- Generate OVAL rules for openSCAP evaluation
- Show the signed reports from QA teams in client tools
+ This release fixes the following bugs:
- Add a X-Gpu category for new hardware support
- Add more ChromeOS metadata to the report attributes
- Ensure the device name is set for Intel USB4 devices
- Fix a critical DFU CSR warning when deploying firmware
- Fix a Synaptics RMI issue when updating non-secure devices
- Match more device properties when using GetDetails
- Move AMD platform rollback protection to level 4
- Use the correct AppStream ID for the Key Manifest failure
- Wait for the Intel GPU to come back after updating
+ This release adds support for the following hardware:
- Logitech Whiteboard cameras
- More Goodix MoC devices
- Several QSI Docks
==== gnome-control-center ====
Version update (43.1 -> 43.2)
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces
- Update to version 43.2:
+ About: Update distro logo when dark-mode changes.
+ Applications: Don't recurse into symlinks when clearing cache.
+ Cellular: Avoid duplicated entries in SIM providers list.
+ Color: Fix crash when first device row is non-existent.
+ Common: Make list row switches work when annimations are OFF.
+ Display: Allow the Night Light error label to wrap for small
screens.
+ Mouse: Fix activation of rows while navigating with keyboard.
+ Network:
- Fix crashes when EAP password is missing.
- Fix wrong signal of SEA password visibility toggle.
+ Notifications: Sync lock screen notification setting string.
+ Users: Show a missing-avatar image when avatars cannot be
loaded.
+ Updated translations.
- Drop gnome-control-center-fix-ws-sea-pass-toggle.patch: Fixed
upstream.
- Refresh patches with quilt.
==== libpwquality ====
Version update (1.4.4 -> 1.4.5)
Subpackages: libpwquality-lang libpwquality-tools libpwquality1 pam_pwquality
- Update to version 1.4.5:
+ Minor bug fixes and documentation enhancements.
+ Updated translations.
==== mdadm ====
- mdadm.spec: create the following symbolic link in /sbin for
compatibility,
/sbin/mdadm -> /usr/sbin/mdadm
/sbin/mdmon -> /usr/sbin/mdmon
(jsc#PED-1009, jsc#PED-947)
==== openblas_pthreads ====
- Fix aarch64 builds with GCC < 9 (i.e. Leap/SLE 15.x), disable
NEOVERSEN2 target. See gh#xianyi/OpenBLAS#3874.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
kernel-source (6.1.0 -> 6.1.1)
pam
sddm
=== Details ===
==== kernel-source ====
Version update (6.1.0 -> 6.1.1)
- Linux 6.1.1 (bsc#1012628).
- KEYS: encrypted: fix key instantiation with user-provided data
(bsc#1012628).
- cifs: fix oops during encryption (bsc#1012628).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on
CPU sub-system for Raptor Lake (bsc#1012628).
- usb: typec: ucsi: Resume in separate work (bsc#1012628).
- igb: Initialize mailbox message for VF reset (bsc#1012628).
- staging: r8188eu: fix led register settings (bsc#1012628).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (bsc#1012628).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
(bsc#1012628).
- USB: serial: f81534: fix division by zero on line-speed change
(bsc#1012628).
- USB: serial: f81232: fix division by zero on line-speed change
(bsc#1012628).
- USB: serial: cp210x: add Kamstrup RF sniffer PIDs (bsc#1012628).
- USB: serial: option: add Quectel EM05-G modem (bsc#1012628).
- usb: gadget: uvc: Prevent buffer overflow in setup handler
(bsc#1012628).
- udf: Fix extending file within last block (bsc#1012628).
- udf: Do not bother looking for prealloc extents if i_lenExtents
matches i_size (bsc#1012628).
- udf: Fix preallocation discarding at indirect extent boundary
(bsc#1012628).
- udf: Discard preallocation before extending file with a hole
(bsc#1012628).
- irqchip/ls-extirq: Fix endianness detection (bsc#1012628).
- mips: ralink: mt7621: do not use kzalloc too early
(bsc#1012628).
- mips: ralink: mt7621: soc queries and tests as functions
(bsc#1012628).
- mips: ralink: mt7621: define MT7621_SYSC_BASE with __iomem
(bsc#1012628).
- PCI: mt7621: Add sentinel to quirks table (bsc#1012628).
- libbpf: Fix uninitialized warning in btf_dump_dump_type_data
(bsc#1012628).
- x86/vdso: Conditionally export __vdso_sgx_enter_enclave()
(bsc#1012628).
- commit 181a470
==== pam ====
- Also obsolete pam_unix-32bit to have clean upgrade path.
- Merge pam_unix back into pam, seperate package not needed anymore
- Update pam-git.diff to current upstream
- pam_env: Use vendor specific pam_env.conf and environment as fallback
- pam_shells: Use the vendor directory
obsoletes pam_env_econf.patch
- Refresh docbook5.patch
==== sddm ====
Subpackages: sddm-branding-openSUSE
- Move dbus-1 system.d conf file to /usr (bsc#1206348)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
alsa-plugins
ell (0.54 -> 0.55)
gstreamer (1.20.4 -> 1.20.5)
gstreamer-plugins-bad (1.20.4 -> 1.20.5)
gstreamer-plugins-base (1.20.4 -> 1.20.5)
gstreamer-plugins-good (1.20.4 -> 1.20.5)
opencc (1.1.4 -> 1.1.6)
pam-full-src
permissions (1599_20220912 -> 1599_20221220)
python-httpcore (0.15.0 -> 0.16.3)
samba (4.17.3+git.283.2157972742b -> 4.17.4+git.300.305b22bfce)
tcl
=== Details ===
==== alsa-plugins ====
Subpackages: alsa-plugins-speexrate alsa-plugins-upmix
- Replace pkgconfig(libavresample) with pkgconfig(libswresample)
BuildRequires as rate-lav was ported to use the latter.
==== ell ====
Version update (0.54 -> 0.55)
- update to 0.55:
* Fix issue with DHCP and blocked unicast requests.
==== gstreamer ====
Version update (1.20.4 -> 1.20.5)
Subpackages: gstreamer-lang libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- update to 1.20.5:
+ This release only contains bugfixes and it should be safe to
upgrade from 1.20.x.
+ systemclock waiting fixes for certain 32-bit platforms/libcs
+ alphacombine: robustness improvements for corner case scenarios
+ avfvideosrc: Report latency when doing screen capture
+ d3d11videosink: various thread-safety and stability fixes
+ decklink: fix performance issue when HDMI signal has been lost
for a long time
+ flacparse: Fix handling of headers advertising 32 bits per
sample
+ mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl
libc)
+ opengl: fix automatic dispmanx detection for rpi4 and fix usage
of eglCreate/DestroyImage
+ opusdec: Various channel-related fixes
+ textrender: event handling fixes, esp. for GAP event
+ subparse: Fix non-closed tag handling
+ videoscale: fix handling of unknown buffer metas
+ videosink: reverse playback handling fixes
+ qtmux: Prefill mode fixes, especially for raw audio
+ multiudpsink: allow binding to IPv6 address
+ rtspsrc:
- Fix usage of IPv6 connections in SETUP
- Only EOS on timeout if all streams are timed out/EOS
+ splitmuxsrc: fix playback stall if there are unlinked pads
+ v4l2: Fix SIGSEGV on state change during format changes
+ wavparse robustness fixes
+ Fix static linking on macOS (opengl, vulkan)
+ gstreamer-vaapi: fix headless build against mesa >= 22.3.0
+ GStreamer Editing Services library: Fix build with tools
disabled
+ webrtc example/demo fixes
+ unit test fixes for aesdec and rtpjitterbuffer
+ Cerbero: Fix ios cross-compile with cmake on M1; some recipe
updates and other build fixes
+ Miscellaneous bug fixes, memory leak fixes, and other stability
and reliability improvements
+ Performance improvements
+ Changes in gstreamer base package:
- allocator: Copy allocator name in gst_allocator_register()
- concat: Properly propagate EOS seqnum
- fakesrc: avoid time overflow with datarate
- Fix build of 1.20 branch with Meson 0.64.1 for those who have
hotdoc installed on their system.
- gst-inspect: Don't leak list
- meson: fix check for pthread_setname_np()
- miniobject: support higher refcount values
- pads: Fix non-serialized sticky event push, e.g. instant
change rate events
- padtemplate: Fix annotations
- systemclock: Use futex_time64 syscall on x32 and other
platforms that always...
- -Wimplicit-function-declaration in pthread_setname_np check
(missing GNUSOURCE)
==== gstreamer-plugins-bad ====
Version update (1.20.4 -> 1.20.5)
Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0
- Update to version 1.20.5:
+ aesdec:
- Fix padding removal for per-buffer-padding=FALSE
- Fix test failing in gst-plugins-bad
+ alphacombine: Add missing query handler for gaps
+ avfdeviceprovider: do not leak the properties
+ avfvideosrc: Report latency when doing screen capture
+ d3d11screencapturesrc: Specify PAR 1/1 to template caps
+ d3d11videosink:
- Fixing focus lost on desktop layout change
- Call ShowWindow() from window thread
- Fix deadlock when parent window is busy
- Always clear back buffer on resize
+ decklink: reset calculation of time_mapping to fix clipping
HDMI video
+ directshow: Fix build error with glib 2.75 and newer
+ dvbsubenc:
- Forward GAP events as-is if we wouldn't produce an end packet
- Write Display Definition Segment if a non-default
width/height is used
+ h265decoder: Do not abort when failed to prepare ref pic set
+ h264parser: Fix a typo in pred_weight_table parsing.
+ mediafoundation, d3d11: Fix memory leak and make leak tracer
happy
+ mpegts:
- Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
- Check continuity counter on section streams
+ mpegtsdemux: Always clear packetizer on DISCONT push mode
+ srt: various fixes - improve stats and error handling
+ rtmp2: Improve error messages
+ rtmp2sink: Correctly return GST_FLOW_ERROR on error
+ vulkan: Fix static linking on macOS
+ webrtcbin: also add rtcp-fb ccm fir for video mlines by default
+ webrtc/nice: fix small leak of split strings
==== gstreamer-plugins-base ====
Version update (1.20.4 -> 1.20.5)
Subpackages: gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0
- Update to version 1.20.5:
+ audioconvert, audioresample, audiofilter: fix divide by 0 for
input buffer without caps
+ cdparanoia: Ignore compiler warning coming from the cdparanoia
header
+ oggdemux, parsebin: More leak fixes
+ opengl:
- Fix automatic dispmanx detection for rpi4
- Fix usage of eglCreate/DestroyImage
- Fix static linking on macOS
+ Bump core requirement in 1.20 branch to 1.20.4
+ oggdemux: Don't leak incoming EOS event
+ opusdec: Various channel-related fixes
+ subparse: Fix non-closed tag handling.
+ textrender:
- Don't blindly forward all events and don't blindly forward
all events
- Negotiate caps on a GAP event if none were negotiated yet
+ timeoverlay: fix pad leak
+ videodecoder: Only post latency message if it changed
+ videoscale: buffer meta handling fixes (NULL-terminate array of
valid meta tags)
+ videosink: Don't return unknown end-time from get_times()
==== gstreamer-plugins-good ====
Version update (1.20.4 -> 1.20.5)
Subpackages: gstreamer-plugins-good-gtk gstreamer-plugins-good-lang
- Update to version 1.20.5:
+ flacparse: Fix handling of headers advertising 32bps
+ multiudpsink: allow binding to IPv6 address
+ oss4: Fix debug category initialization
+ qt5:
- Deactivate context if fill_info fails
- Initialize GError properly in gst_qt_get_gl_wrapcontext()
+ qtdemux:
- Check return value from gst_structure_get in PIFF box
- Use unsigned int types to store result of QT_UINT32
- Prefill mode fixes
+ rtpjitterbuffer tests: Cast drop-messages-interval type
properly (fixing it on 32-bit architectures)
+ rtspsrc:
- Don't replace 404 errors with "no auth protocol found"
- Fix seek event leaks
- Fix usage of IPv6 connections in SETUP
- Only EOS on timeout if all streams are timed out/EOS
+ splitmuxsrc: don't queue data on unlinked pads
+ v4l2: Fix SIGSEGV on 'change state' during 'format change'
+ v4l2videodec: Fix activation of internal pool
+ wavparse:
- Avoid occasional crash due to referencing freed buffer.
- Fix crash that occurs in push mode when header chunks are
corrupted in certain ways.
==== opencc ====
Version update (1.1.4 -> 1.1.6)
Subpackages: libopencc1_1 opencc-data
- update to 1.1.6:
* FTBFS for MacOS w/ Python 3.11
* Support Python 3.11
* Automatically name SO files
* Add support for Apple silicon build tag
* other minor fixes
==== pam-full-src ====
- Also obsolete pam_unix-32bit to have clean upgrade path.
- Merge pam_unix back into pam, seperate package not needed anymore
- Update pam-git.diff to current upstream
- pam_env: Use vendor specific pam_env.conf and environment as fallback
- pam_shells: Use the vendor directory
obsoletes pam_env_econf.patch
- Refresh docbook5.patch
==== permissions ====
Version update (1599_20220912 -> 1599_20221220)
Subpackages: chkstat permissions-config
- Update to version 20221220:
* profiles: remove outdated kdesud, apptainer entries
==== python-httpcore ====
Version update (0.15.0 -> 0.16.3)
- Update to 0.16.3
* Allow ws and wss schemes. Allows us to properly support
websocket upgrade connections. (#625)
* Forwarding HTTP proxies use a connection-per-remote-host.
Required by some proxy implementations. (#637)
* Don't raise RuntimeError when closing a connection pool with
active connections. Removes some error cases when cancellations
are used. (#631)
* Lazy import anyio, so that it's no longer a hard dependancy,
and isn't imported if unused. (#639)
- Add httpcore-allow-deprecationwarnings-test.patch
gh#encode/httpcore#511, gh#agronholm/anyio#470
- update to 0.16.2:
* Revert 'Fix async cancellation behaviour', which introduced race conditions
* Raise RuntimeError if attempting to us UNIX domain sockets on Windows
* Fix HTTP/1.1 interim informational responses, such as "100 Continue"
* Support HTTP/1.1 informational responses.
* Fix async cancellation behaviour.
* Support h11 0.14
==== samba ====
Version update (4.17.3+git.283.2157972742b -> 4.17.4+git.300.305b22bfce)
Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3
- Update to 4.17.4
* CVE-2022-44640 Upstream Heimdal free of user-controlled
pointer in FAST; (bsc#14929);
* CVE-2021-20251 Bad password count not incremented atomically;
(bsc#14611);
* CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
(bsc#15203);
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240);
* pam_winbind uses time_t and pointers assuming they are of the
same size; (bso#15224);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
(bso#15252);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* libnet: change_password() doesn't work with
dcerpc_samr_ChangePasswordUser4(); (bso#15206);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
* Memory leak in snprintf replacement functions; (bso#15230);
* RODC doesn't reset badPwdCount reliable via an RWDC
(CVE-2021-20251 regression); (bso#15253);
* Prevent EBADF errors with vfs_glusterfs; (bso#15198);
* %U for include directive doesn't work for share listing
(netshareenum); (bso#15243);
* Stack smashing in net offlinejoin requestodj; (bso#15257);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
* Heimdal session key selection in AS-REQ examines wrong entry;
(bso#15219);
- Remove deprecated if-{down,up} scripts; (bsc#1206444);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
* Paths are additive so do not repeat paths from named.service
* Prefix the samba DLZ directory with "-" to ignore this path
if it does not exists
- Migration PAM settings to /usr/etc: Saving user changed
configuration files in /etc and restoring them while an RPM
update.
==== tcl ====
- bsc#1206623, tcl-string-compare.patch: Fix a bug in string
comparison on big endian that made test string-2.20.1 fail.
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
bind (9.18.9 -> 9.18.10)
ca-certificates-mozilla (2.56 -> 2.60)
cronie
dconf
glib2 (2.74.3 -> 2.74.4)
gnome-control-center
gtk4 (4.8.2 -> 4.8.3)
iproute2 (6.0 -> 6.1)
nftables (1.0.5 -> 1.0.6)
open-iscsi
pipewire
sssd
vulkan-loader (1.3.231.0 -> 1.3.236.0)
vulkan-tools (1.3.231 -> 1.3.236.0)
webkit2gtk3 (2.38.2 -> 2.38.3)
webkit2gtk4 (2.38.2 -> 2.38.3)
wicked (0.6.70 -> 0.6.71)
zbar
zlib-ng-compat
=== Details ===
==== bind ====
Version update (9.18.9 -> 9.18.10)
- Update to release 9.18.10
Feature Changes:
* To reduce unnecessary memory consumption in the cache, NXDOMAIN
records are no longer retained past the normal negative cache
TTL, even if stale-cache-enable is set to yes.
* The auto-dnssec option has been deprecated and will be removed
in a future BIND 9.19.x release. Please migrate to
dnssec-policy.
* The coresize, datasize, files, and stacksize options have been
deprecated. The limits these options set should be enforced
externally, either by manual configuration (e.g. using ulimit)
or via the process supervisor (e.g. systemd).
* Setting alternate local addresses for inbound zone transfers
has been deprecated. The relevant options (alt-transfer-source,
alt-transfer-source-v6, and use-alt-transfer-source) will be
removed in a future BIND 9.19.x release.
* The number of HTTP headers allowed in requests sent to namedâs
statistics channel has been increased from 10 to 100, to
accommodate some browsers that send more than 10 headers by
default.
Bug Fixes:
* named could crash due to an assertion failure when an HTTP
connection to the statistics channel was closed prematurely
(due to a connection error, shutdown, etc.).
* When a catalog zone was removed from the configuration, in some
cases a dangling pointer could cause the named process to
crash.
* When a zone was deleted from a server, a key management object
related to that zone was inadvertently kept in memory and only
released upon shutdown. This could lead to constantly
increasing memory use on servers with a high rate of changes
affecting the set of zones being served.
* TLS configuration for primary servers was not applied for zones
that were members of a catalog zone.
* In certain cases, named waited for the resolution of
outstanding recursive queries to finish before shutting down.
* host and nslookup command-line options setting the custom
TCP/UDP port to use were ignored for ANY queries (which are
sent over TCP).
* The zone <name>/<class>: final reference detached log message
was moved from the INFO log level to the DEBUG(1) log level to
prevent the named-checkzone tool from superfluously logging
this message in non-debug mode.
==== ca-certificates-mozilla ====
Version update (2.56 -> 2.60)
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022"
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
Patch: remove-trustcor.patch
==== cronie ====
Subpackages: cron
- Use %_pam_vendordir
==== dconf ====
Subpackages: gsettings-backend-dconf libdconf1
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== glib2 ====
Version update (2.74.3 -> 2.74.4)
Subpackages: glib2-lang glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 libgthread-2_0-0
- Update to version 2.74.4:
+ Fix missing input validation in `GDBusMenuModel`.
+ Various GVariant security fixes when handling untrusted data.
+ Bugs fixed: glgo#GNOME/GLib#861, glgo#GNOME/GLib#2121,
glgo#GNOME/GLib#2540, glgo#GNOME/GLib#2794,
glgo#GNOME/GLib#2797, glgo#GNOME/GLib#2835,
glgo#GNOME/GLib#2839, glgo#GNOME/GLib#2840,
glgo#GNOME/GLib#2841, glgo#GNOME/GLib#2852,
glgo#GNOME/GLib!3114, glgo#GNOME/GLib!3126,
glgo#GNOME/GLib!3134, glgo#GNOME/GLib!3138,
glgo#GNOME/GLib!3153, glgo#GNOME/GLib!3161,
glgo#GNOME/GLib!3164.
+ Updated translations.
- Add 1539540.patch: gthread-posix: need to #include <errno.h>.
==== gnome-control-center ====
Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces
- Modify gnome-control-center-disable-error-message-for-NM.patch:
fix wifi panel(bsc#1206233).
- Rebase gnome-control-center-disable-error-message-for-NM.patch.
- Add gnome-control-center-network-use-AdwStatusPage.patch:
network-panel: Use AdwStatusPage to show NetworkManager error.
This is needed by the above rebased patch
(glgo#GNOME/gnome-control-center/commit/2b3de01124).
- Add gnome-control-center-fix-ws-sea-pass-toggle.patch: Fix crash
when user clicking password visibility toggle in Security page
when method is WPA3 Personal
(glgo#GNOME/gnome-control-center!1520).
==== gtk4 ====
Version update (4.8.2 -> 4.8.3)
Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0
- Update to version 4.8.3:
+ GtkText:
- Claim gestures more selectively.
- Prevent unexpected notify::direction emissions.
+ Accessibility: Remember if we don't find the a11y bus.
+ DND: Prefer file:// urls over other protocols.
+ GtkMountOperation: Work on Wayland.
+ GtkListView: Cancel rubberband if not handling drag.
+ Wayland: Fix button masks.
+ Windows: Fix resizes with native decorations.
+ X11: Fix some ordering problems with surface destruction.
+ Updated translations.
==== iproute2 ====
Version update (6.0 -> 6.1)
Subpackages: iproute2-bash-completion
- update to 6.1:
* man: ss.8: fix a typo
* testsuite: fix build failure
* genl: remove unused vars in Makefile
* json: do not escape single quotes
* ip-monitor: Do not error out when RTNLGRP_STATS is not available
* ip-link: man: Document existence of netns argument in add command
* macsec: add Extended Packet Number support
* macsec: add user manual description for extended packet number feature
* ip: xfrm: support "external" (`collect_md`) mode in xfrm interfaces
* ip: xfrm: support adding xfrm metadata as lwtunnel info in routes
* ip: add NLM_F_ECHO support
* libnetlink: add offset for nl_dump_ext_ack_done
* tc/tc_monitor: print netlink extack message
* rtnetlink: add new function rtnl_echo_talk()
* ip: fix return value for rtnl_talk failures
* iplink_bridge: Add no_linklocal_learn option support
* devlink: use dl_no_arg instead of checking dl_argc == 0
* devlink: remove dl_argv_parse_put
* mnlg: remove unnused mnlg_socket structure
* utils: extract CTRL_ATTR_MAXATTR and save it
* devlink: expose nested devlink for a line card object
* devlink: load port-ifname map on demand
* devlink: fix parallel flash notifications processing
* devlink: move use_iec into struct dl
* devlink: fix typo in variable name in ifname_map_cb()
* devlink: load ifname map on demand from ifname_map_rev_lookup() as well
* dcb: unblock mnl_socket_recvfrom if not message received
* libnetlink: Fix memory leak in __rtnl_talk_iov()
* tc_util: Fix no error return when large parent id used
* tc_util: Change datatype for maj to avoid overflow issue
* ss: man: add missing entries for MPTCP
* ss: man: add missing entries for TIPC
* ss: usage: add missing parameters
* ss: re-add TIPC query support
* devlink: Fix setting parent for 'rate add'
* link: display 'allmulti' counter
* seg6: add support for flavors in SRv6 End* behaviors
* tc: ct: Fix invalid pointer dereference
* uapi: update from 6.1 pre rc1
* u32: fix json formatting of flowid
* tc_stab: remove dead code
* uapi: update for in.h and ip.h
* remove #if 0 code
* tc: add json support to size table
* tc: put size table options in json object
* tc/basic: fix json output filter
* iplink: support JSON in MPLS output
* tc: print errors on stderr
* ip: print mpls errors on stderr
* tc: make prefix const
* man: add missing tc class show
* iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays
* ip link: add sub-command to view and change DSA conduit interface
==== nftables ====
Version update (1.0.5 -> 1.0.6)
Subpackages: libnftables1 python3-nftables
- Update to release 1.0.6
* Fix bytecode generation for concatenation of intervals where
selectors use different byteorder datatypes, e.g. IPv4
(network byte order).
* Fix match of uncommon protocol matches with raw expressions
* Unbreak insertion of rules with intervals ("sport {
3478-3497, 16384-16387 }")
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0
- Update iscsid.service so it starts iscsid.socket, if needed
(bsc#1206132).
==== pipewire ====
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Add patch from upstream to remember last routing after a reboot
(glfo#pipewire/pipewire#2893):
* 0001-alsa-dont-set--1-as-node.target.patch
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Take systemd units off the restart list that have
RefuseManualStart=yes [boo#1206592]
- Add symvers.patch [boo#1206592]
==== vulkan-loader ====
Version update (1.3.231.0 -> 1.3.236.0)
- Update to release SDK-1.3.236.0
* Fix cases where OOM was handled wrong
* Null check vk_icdGetPhysicalDeviceProcAddr
==== vulkan-tools ====
Version update (1.3.231 -> 1.3.236.0)
- Update to release SDK-1.3.236.0
* vulkaninfo: Add Driver Version handling
- Delete 0001-cubepp-Fix-presentKHR-assert.patch (merged)
==== webkit2gtk3 ====
Version update (2.38.2 -> 2.38.3)
Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Update to version 2.38.3 (boo#1206474):
+ Fix runtime critical warnings from media player.
+ Fix network process crash when fetching website data on
ephemeral session.
+ Fix the build with Ruby 3.2.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2022-42856.
- Drop b7ac5d0c.patch: fixed upstream.
==== webkit2gtk4 ====
Version update (2.38.2 -> 2.38.3)
Subpackages: WebKit2GTK-5.0-lang libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles
- Update to version 2.38.3 (boo#1206474):
+ Fix runtime critical warnings from media player.
+ Fix network process crash when fetching website data on
ephemeral session.
+ Fix the build with Ruby 3.2.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2022-42856.
- Drop b7ac5d0c.patch: fixed upstream.
==== wicked ====
Version update (0.6.70 -> 0.6.71)
Subpackages: wicked-service
- version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
==== zbar ====
- ImageMagick instead of GraphicsMagick
==== zlib-ng-compat ====
- add 0001-Add-one-extra-byte-to-return-value-of-compressBound-.patch
fixes a data corruption regression in 2.0.6
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox
autoyast2 (4.5.11 -> 4.5.12)
curl (7.86.0 -> 7.87.0)
openssh
util-linux (2.37.4 -> 2.38.1)
util-linux-systemd (2.37.4 -> 2.38.1)
=== Details ===
==== MozillaFirefox ====
Subpackages: MozillaFirefox-translations-common
- add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600)
==== autoyast2 ====
Version update (4.5.11 -> 4.5.12)
- Added XSLT transformation for easy conversion of the data types in the
AutoYaST XML profiles between the old and the new format. This allows to
convert a new profile to the format accepted in SLE15-SP2 or older
(bsc#1206597)
- 4.5.12
==== curl ====
Version update (7.86.0 -> 7.87.0)
Subpackages: libcurl4
- Update to 7.87.0:
* Security fixes:
- CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
- CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
* Changes
- curl: add --url-query
- CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
- lib: add CURL_WRITEFUNC_ERROR to signal write callback error
- openssl: reduce CA certificate bundle reparsing by caching
- version: add a feature names array to curl_version_info_data
* Bugfixes
- altsvc: fix rejection of negative port numbers
- aws_sigv4: consult x-%s-content-sha256 for payload hash
- aws_sigv4: fix typos in aws_sigv4.c
- base64: better alloc size
- base64: encode without using snprintf
- base64: faster base64 decoding
- build: assume assert.h is always available
- build: assume errno.h is always available
- c-hyper: CONNECT respones are not server responses
- c-hyper: fix multi-request mechanism
- CI: Change FreeBSD image from 12.3 to 12.4
- CI: LGTM.com will be shut down in December 2022
- ci: Remove zuul fuzzing job as it's superseded by CIFuzz
- cmake: check for cross-compile, not for toolchain
- CMake: fix build with `CURL_USE_GSSAPI`
- cmake: really enable warnings with clang
- cmake: set the soname on the shared library
- cmdline-opts/gen.pl: fix the linkifier
- cmdline-opts/page-footer: remove long option nroff formatting
- config-mac: define HAVE_SYS_IOCTL_H
- config-mac: fix typo: size_T -> size_t
- config-mac: remove HAVE_SYS_SELECT_H
- config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
- configure: require fork for NTLM-WB
- contributors.sh: actually use $CURLWWW instead of just setting it
- cookie: compare cookie prefixes case insensitively
- cookie: expire cookies at once when max-age is negative
- cookie: open cookie jar as a binary file
- curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
- curl-rustls.m4: on macOS, rustls also needs the Security framework
- curl.h: include <sys/select.h> on SerenityOS
- curl.h: name all public function parameters
- curl.h: reword comment to not use deprecated option
- curl: override the numeric locale and set "C" by force
- curl: timeout in the read callback
- curl_endian: remove Curl_write64_le from header
- curl_get_line: allow last line without newline char
- curl_path: do not add '/' if homedir ends with one
- curl_url_get.3: remove spurious backtick
- curl_url_set.3: document CURLU_DISALLOW_USER
- curl_url_set.3: fix typo
- CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
- CURLOPT_COOKIEFILE.3: advice => advise
- CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
- CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw"
- CURLOPT_POST.3: Explain setting to 0 changes request type
- docs/curl_ws_send: Fixed typo in websocket docs
- docs/EARLY-RELEASE.md: how to determine an early release
- docs/examples: spell correction ('Retrieve')
- docs/INSTALL.md: expand on static builds
- docs/WEBSOCKET.md: explain the URL use
- docs: add missing parameters for --retry flag
- docs: add more "SEE ALSO" links to CA related pages
- docs: explain the noproxy CIDR notation support
- docs: extend the dump-header documentation
- docs: remove performance note in CURLOPT_SSL_VERIFYPEER
- examples/10-at-a-time: fix possible skipped final transfers
- examples: update descriptions
- ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
- gen.pl: do not generate CURLHELP bitmask lines > 79 characters
- GHA: clarify workflows permissions, set least possible privilege
- GHA: NSS use clang instead of clang-9
- gnutls: use common gnutls init and verify code for ngtcp2
- headers: add endif comments
- HTTP-COOKIES.md: mention that http://localhost is a secure context
- HTTP-COOKIES.md: update the 6265bis link to draft-11
- http: do not send PROXY more than once
- http: fix the ::1 comparison for IPv6 localhost for cookies
- http: set 'this_is_a_follow' in the Location: logic
- http: use the IDN decoded name in HSTS checks
- hyper: classify headers as CONNECT and 1XX
- hyper: fix handling of hyper_task's when reusing the same address
- idn: remove Curl_win32_ascii_to_idn
- INSTALL: update operating systems and CPU archs
- KNOWN_BUGS: remove eight entries
- lib1560: add some basic IDN host name tests
- lib: connection filters (cfilter) addition to curl:
- lib: feature deprecation warnings in gcc >= 4.3
- lib: fix some type mismatches and remove unneeded typecasts
- lib: parse numbers with fixed known base 10
- lib: remove bad set.opt_no_body assignments
- lib: rewind BEFORE request instead of AFTER previous
- lib: sync guard for Curl_getaddrinfo_ex() definition and use
- lib: use size_t or int etc instead of longs
- libcurl-errors.3: remove duplicate word
- libssh2: return error when ssh_hostkeyfunc returns error
- limit-rate.d: see also --rate
- log2changes.pl: wrap long lines at 80 columns
... changelog too long, skipping 66 lines ...
- x509asn1: avoid freeing unallocated pointers
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- Adapt OpenSSH to build with OpenSSL 3, use new KDF API (bsc#1205042)
Add openssh-openssl-3.patch
==== util-linux ====
Version update (2.37.4 -> 2.38.1)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 util-linux-lang
- restore lsblk and lslogins as well
- reinstanciate logger
- Fix /usr/bin/findmnt to be in only one package (bsc#1206347)
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Convert the build back to per-parts build, just use multibuild.
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- Do not set SUID permissions for util-linux-mini.
- Fix pam directory for the staging package.
- Add util-linux-rpmlintrc removing unneeded warnings.
- Update to version 2.38.1:
* column: fix buffer overflow when -l specified, fix greedy mode
on -l
* dmesg: fix --since and --until
* libmount: when moving a mount point, all sub mount entries in
utab should also be updated (bsc#1198731)
* libuuid: improve cache handling (bsc#1201959, PED-1150)
* lsblk: fix JSON output when without --bytes
* lsfd:fix crash triggered by an empty filter expression
* sulogin: fix includes (obsoletes linux-fs.patch)
* Many other fixes, improvements and code cleanup. For the
complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes
- Fix some rpmlintrc warnings and remove util-linux-rpmlintrc.
- Update to version 2.38:
* first release with translated util-linux man-pages
* mount: new options --mkdir as shortcut for X-mount.mkdir
* mount, libmount: new mount options X-mount.subdir=
* lsfd: new command
* dmesg: new option --json to print kernel log in JSON format
* libfdisk: improved to set correct CHS addresses in MBR
* fstrim: ignores all /ect/fstab entries with X-fstrim.notrim
(jsc#SLE-17942)
* hardlink: now supports reflinks and new option --method=
* hwclock: new command line options --param-get and --param-set
* irqtop: new option --cpu-stat
* libblkid: supports zoned disks for btrfs
* lsblk: new options --noempty to ignore all devices with zero
size, and --zoned to print information about zones
* mkswap: new option --quiet
* nsenter: new option --wdns to change working directory within
namespace
* rename: new options --all and --last to replace all or last
occurrences of expression rather than the first one
* su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE
and RLIMIT_NOFILE reourse limits.
* unshare: new options --map-users= and --map-groups= to map
block of group IDs; new option --map-auto to map the first
block of user IDs owned by the effective user from /etc/subuid
* wdctl: new options --setpregovernor to set pre-timeout governor
name, and --setpretimeout to set watchdog pre-timeout in
seconds
* Many other new features and fixes. For the complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes
- Changed packaging style from multi spec build to multibuild with
python multi-flavor build (PED-1007).
Advantages:
* Easily prevents bootstrap build loops.
* No artificial package splitting needed any more.
* Less complicated spec file.
* Can run full test suite.
* python*-libmount available for more python versions.
* Enable asciidoctor to build documentation.
* Enable support for libmagic.
* Turn technically incorrect Recommends to Requires.
- Fix rpmling warning by setting attr for clock.txt ghost file.
- Drop upstreamed util-linux-sulogin4bsc1175514.patch
==== util-linux-systemd ====
Version update (2.37.4 -> 2.38.1)
- restore lsblk and lslogins as well
- reinstanciate logger
- Fix /usr/bin/findmnt to be in only one package (bsc#1206347)
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- Convert the build back to per-parts build, just use multibuild.
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
- Do not set SUID permissions for util-linux-mini.
- Fix pam directory for the staging package.
- Add util-linux-rpmlintrc removing unneeded warnings.
- Update to version 2.38.1:
* column: fix buffer overflow when -l specified, fix greedy mode
on -l
* dmesg: fix --since and --until
* libmount: when moving a mount point, all sub mount entries in
utab should also be updated (bsc#1198731)
* libuuid: improve cache handling (bsc#1201959, PED-1150)
* lsblk: fix JSON output when without --bytes
* lsfd:fix crash triggered by an empty filter expression
* sulogin: fix includes (obsoletes linux-fs.patch)
* Many other fixes, improvements and code cleanup. For the
complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes
- Fix some rpmlintrc warnings and remove util-linux-rpmlintrc.
- Update to version 2.38:
* first release with translated util-linux man-pages
* mount: new options --mkdir as shortcut for X-mount.mkdir
* mount, libmount: new mount options X-mount.subdir=
* lsfd: new command
* dmesg: new option --json to print kernel log in JSON format
* libfdisk: improved to set correct CHS addresses in MBR
* fstrim: ignores all /ect/fstab entries with X-fstrim.notrim
(jsc#SLE-17942)
* hardlink: now supports reflinks and new option --method=
* hwclock: new command line options --param-get and --param-set
* irqtop: new option --cpu-stat
* libblkid: supports zoned disks for btrfs
* lsblk: new options --noempty to ignore all devices with zero
size, and --zoned to print information about zones
* mkswap: new option --quiet
* nsenter: new option --wdns to change working directory within
namespace
* rename: new options --all and --last to replace all or last
occurrences of expression rather than the first one
* su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE
and RLIMIT_NOFILE reourse limits.
* unshare: new options --map-users= and --map-groups= to map
block of group IDs; new option --map-auto to map the first
block of user IDs owned by the effective user from /etc/subuid
* wdctl: new options --setpregovernor to set pre-timeout governor
name, and --setpretimeout to set watchdog pre-timeout in
seconds
* Many other new features and fixes. For the complete list see
https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes
- Changed packaging style from multi spec build to multibuild with
python multi-flavor build (PED-1007).
Advantages:
* Easily prevents bootstrap build loops.
* No artificial package splitting needed any more.
* Less complicated spec file.
* Can run full test suite.
* python*-libmount available for more python versions.
* Enable asciidoctor to build documentation.
* Enable support for libmagic.
* Turn technically incorrect Recommends to Requires.
- Fix rpmling warning by setting attr for clock.txt ghost file.
- Drop upstreamed util-linux-sulogin4bsc1175514.patch
- Use %_pam_vendordir
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
gcc13
glibc
kernel-source (6.0.12 -> 6.1.0)
=== Details ===
==== gcc13 ====
Subpackages: libatomic1 libgcc_s1 libgfortran5 libgomp1 libobjc4 libquadmath0 libstdc++6 libstdc++6-locale libstdc++6-pp libubsan1
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
==== glibc ====
Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd
- floatn.patch: Update _FloatN header support for C++ in GCC 13
==== kernel-source ====
Version update (6.0.12 -> 6.1.0)
- tcp: Add TIME_WAIT sockets in bhash2 (bsc#1206466).
- commit d8defbe
- series.conf: cleanup
- update upstream reference and resort:
- patches.suse/NFSD-fix-use-after-free-in-__nfs42_ssc_open.patch
- commit bf66071
- io_uring/net: ensure compat import handlers clear free_iov
(bsc#1206509).
- commit 747fc96
- NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209
CVE-2022-4379).
- commit 338ca73
- series.conf: cleanup
- update upstream references and move into sorted section:
- patches.suse/char-xillybus-Fix-trivial-bug-with-mutex.patch
- patches.suse/char-xillybus-Prevent-use-after-free-due-to-race-con.patch
- patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch
- patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch
- commit 7f1864f
- mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359).
- Delete
patches.suse/Revert-mm-add-merging-after-mremap-resize.patch.
- commit 3440c9c
- mm, mremap: fix mremap() expanding vma with addr inside
vma (bsc#1206359).
- commit b61d296
- Revert "mm: add merging after mremap resize" (bsc#1206335).
- commit 52313a4
- series.conf: remove stale comment
- commit ab17686
- Refresh patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch.
- Refresh patches.suse/can-slcan-fix-freed-work-crash.patch.
Update upstream status.
- commit a6c4f4e
- Update to 6.1 final
- refresh configs (headers only)
- commit d1335c0
- Delete
patches.suse/Input-synaptics-retry-query-upon-error.patch.
The patch is not needed (bsc#1194086 comment 50).
- commit d03b675
- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch.
Not needed anymore. kernel-firmware contains -72s since 06dbfbc74388
released in 20221109 already.
- commit e1d0837
- Delete
patches.suse/drm-sched-Fix-kernel-NULL-pointer-dereference-error.patch.
This can be dropped thanks to commit bafaf67c42f4 (Revert "drm/sched:
Use parent fence instead of finished") in v6.1-rc1.
- commit 15d1c2b
- Refresh
patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch.
Update upstream status.
- commit d504053
- Delete patches.suse/dm-mpath-no-partitions-feature. (bsc#1189976)
- commit e544c6d
- Refresh
patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch.
Update to final version and update upstream status.
- commit dd048d9
- Delete patches.suse/suse-hv-guest-os-id.patch. (bsc#1189965)
- commit de46b50
- Delete patches.suse/dm-mpath-leastpending-path-update. (bsc#1189962)
- commit fb9bee7
- Delete patches.suse/dm-table-switch-to-readonly. (bsc#1189963)
- commit 3a71c4d
- Delete patches.suse/kbd-ignore-gfx.patch. (bsc#1189975)
- commit 900ecbb
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=1&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
MozillaFirefox (107.0.1 -> 108.0.1)
NetworkManager (1.40.6 -> 1.40.8)
avahi
avahi-glib2
cairomm1_0
enchant-1
ethtool (6.0 -> 6.1)
glib2-branding-openSUSE
gnome-menus
imlib2 (1.9.1 -> 1.10.0)
libcloudproviders
libgtop
mpc (1.3.0 -> 1.3.1)
pangomm1_4
rpm
xz (5.2.8 -> 5.2.10)
=== Details ===
==== MozillaFirefox ====
Version update (107.0.1 -> 108.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 108.0.1 (boo#1206507)
* Fixes the default search engine being reset on upgrade for
profiles which were previously copied from a different location
- Mozilla Firefox 108.0
https://www.mozilla.org/en-US/firefox/108.0/releasenotes/
MFSA 2022-51 (bsc#1206242)
* CVE-2022-46871 (bmo#1795697)
libusrsctp library out of date
* CVE-2022-46872 (bmo#1799156)
Arbitrary file read from a compromised content process
* CVE-2022-46873 (bmo#1644790)
Firefox did not implement the CSP directive unsafe-hashes
* CVE-2022-46874 (bmo#1746139)
Drag and Dropped Filenames could have been truncated to
malicious extensions
* CVE-2022-46875 (bmo#1786188)
Download Protections were bypassed by .atloc and .ftploc
files on Mac OS
* CVE-2022-46877 (bmo#1795139)
Fullscreen notification bypass
* CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685,
bmo#1801102, bmo#1801315, bmo#1802395)
Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6
* CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845,
bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479)
Memory safety bugs fixed in Firefox 108
- requires
NSS >= 3.85
rustc/cargo 1.65
- added translations to .desktop file.
==== NetworkManager ====
Version update (1.40.6 -> 1.40.8)
Subpackages: NetworkManager-bluetooth NetworkManager-lang NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0
- Update to version 1.40.8:
+ Fixed a bug that caused devices (MACsec in particular) to be
stuck in UNAVAILABLE state and not transition to DISCONNECTED
if the carrier was ready too early.
+ Improved interoperability of MACsec with some Aruba switches by
allowing CKN shorter than 64 characters.
+ Fixed an assertion failure when restarting NetworkManager with
MACsec links configured.
+ Fixed a possible DHCP helper crash when handling failure to
connect to D-Bus.
+ Corrected calculation of expiration time for items configured
from IPv6 neighbor discovery messages.
+ Various fixes for platforms that don't allow unaligned memory
access.
- Drop iptables BuildRequires and -Diptables meson parameter:
iptables is legacy (obsoleted in favor of nft). Additionally.
meson has proper fallback detection to assume the correct path,
should it need to use iptables.
- Recommend nftables instead of iptables.
==== avahi ====
Subpackages: avahi-lang libavahi-client3 libavahi-common3 libavahi-core7
- Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts:
they are not used, or supported, in a while already.
==== avahi-glib2 ====
- Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts:
they are not used, or supported, in a while already.
==== cairomm1_0 ====
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== enchant-1 ====
Subpackages: enchant-1-backends libenchant1
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== ethtool ====
Version update (6.0 -> 6.1)
- update to upstream release 6.1
* Feature: update link mode tables
* Feature: register dump for NXP ENETC driver (-d)
* Feature: report TCP header-data split (-g)
* Feature: support new message types in pretty print
* Fix: man page syntax fixes
==== glib2-branding-openSUSE ====
- Prefer file-roller over nautilus for archives.
==== gnome-menus ====
Subpackages: gnome-menus-lang libgnome-menu-3-0 typelib-1_0-GMenu-3_0
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== imlib2 ====
Version update (1.9.1 -> 1.10.0)
Subpackages: imlib2-loaders libImlib2-1
- update to 1.10.0:
* Introduce imlib_load_image_fde
imlib2_load: Tweak load mode handling
Introduce Imlib2_Loader.h - all that is needed by loaders
image: Change has alpha flag to separate byte
loading: Don't look for cached image when not caching
loading: New loader infrastructure
* loading: Introduce __imlib_ImageFileContextPush/Pop
loading: Centralize mmap handling
* Introduce imlib_load_image_mem
* imlib2_load: Add option to use imlib_load_image_mem
api: Remove cast previously dropped everywhere else
Hide imlib_get/set_color_usage() if no X11
api: Move X11 related functions to separate file
api: Move filter functions to separate file
Enable disabling filter functions
api: Move text functions to separate file
Enable disabling text functions
J2K loader: Drop showing deprecated item in debug message
image: Fix memory leak when cloning images
Unify basic X11 functionality in test programs
Includes tweaks
test: Re-generate test images with recent tool/library versions
image: Hide internal ImlibImageFileInfo struct
image: Don't munmap external memory
* Introduce imlib_get_error
api: error_return adjustments
imlib2_load: Add option to enable image caching
image: Fix potential use of uninitialized time stamps
PNG loader: Correct frame delay in zero denominator case
PNG loader: Cosmetics
PNG loader: Improved handling of animated PNGs
multiframe: Support loop count
PNG loader: Fix animated PNG loading some more
autofoo: Fix trouble with test subdirectory in distributed source
autofoo: Rework git tag/release stuff
test: test_load: Quit when loading primary image fails
SVG loader: Don't reference multiframe stuff
* ICO loader: Eliminate ico_load
autofoo: Use AC_USE_SYSTEM_EXTENSIONS
imlib2_view: Fix single frame update rendering
test: test_load_2: Check frame 0/1 loading too
PNG loader: Cosmetics
PS loader: Cosmetics
multiframe: Tweaks around frame number handling
multiframe: Centralize handling of frame update offsets
multiframe: Move frame info to allocated record
multiframe: Allocate frame info only when needed
PNG loader: Quit scan when target fdAT is seen
PNG loader: Quit after loading first frame
PNG loader: Simplify update callback handling
imlib2_view: Fix multiframe rendering detail
multiframe: Remove frame offset from updates
imlib2_view: Fix multiframe after update coordinate change
imlib2_view: Deal with all pending X events at once
imlib2_view: Properly handle caching vs progress callbacks
imlib2_view: Don't load bad images twice if first or last in argument list
image: Cosmetics
* image: Introduce __imlib_LoadEmbeddedMem
Add new ani loader
* image: Cosmetics
ANI loader: Disable progress in embed loader
ANI loader: Multiframe suport
v1.10.0
Introduce imlib_load_image_frame_mem
imlib_load_image_frame_mem(): set nocache
TGA loader: fix indexing in tgaflip
==== libcloudproviders ====
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== libgtop ====
Subpackages: libgtop-2_0-11 libgtop-lang
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== mpc ====
Version update (1.3.0 -> 1.3.1)
- Update to version 1.3.1:
* Bug fix: It is again possible to include mpc.h without
including stdio.h.
- drop mpc-1.3.0-gmpdep.patch
==== pangomm1_4 ====
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== rpm ====
Subpackages: librpmbuild9
- switch to pkgconfig(zlib) so that alternative providers can be
used
==== xz ====
Version update (5.2.8 -> 5.2.10)
Subpackages: liblzma5 xz-lang
- update to 5.2.10:
* xz: Don't modify argv[] when parsing the --memlimit* and
- -block-list command line options. This fixes confusing
arguments in process listing (like "ps auxf").
* GNU/Linux only: Use __has_attribute(__symver__) to detect if
that attribute is supported. This fixes build on Mandriva where
Clang is patched to define __GNUC__ to 11 by default (instead
of 4 as used by Clang upstream).
* liblzma:
- Fixed an infinite loop in LZMA encoder initialization
if dict_size >= 2 GiB.
- Fixed two cases of invalid free() that can happen if
a tiny allocation fails in encoder re-initialization
or in lzma_filters_update(). These bugs had some
similarities with the bug fixed in 5.2.7.
- Fixed lzma_block_encoder() not allowing the use of
LZMA_SYNC_FLUSH with lzma_code() even though it was
documented to be supported. The sync-flush code in
the Block encoder was already used internally via
lzma_stream_encoder(), so this was just a missing flag
in the lzma_block_encoder() API function.
- GNU/Linux only: Don't put symbol versions into static
liblzma as it breaks things in some cases (and even if
it didn't break anything, symbol versions in static
libraries are useless anyway). The downside of the fix
is that if the configure options --with-pic or --without-pic
are used then it's not possible to build both shared and
static liblzma at the same time on GNU/Linux anymore;
with those options --disable-static or --disable-shared
must be used too.
- drop unused xz-devel-static which is no longer supported when using
- -with-pic (which is needed for shared libs)
1
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=microos&groupid=3&version…
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&com…
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
7zip
bash (5.2.12 -> 5.2.15)
brltty
cracklib (2.9.7 -> 2.9.8)
dracut (057+suse.351.ge78c8ff6 -> 057+suse.353.g6dab83eb)
elfutils-debuginfod
exiv2
gcc13 (12.2.1+git537 -> 13.0.0+git197351)
git
gnutls
groff
groff-full
gtkmm3
highway
irqbalance
krb5
libjxl
libqt5-qtbase (5.15.7+kde167 -> 5.15.7+kde177)
libqt5-qtdeclarative (5.15.7+kde18 -> 5.15.7+kde25)
libqt5-qtquickcontrols2 (5.15.7+kde6 -> 5.15.7+kde7)
libtool
libwnck
mozilla-nss (3.84 -> 3.85)
mozjs102 (102.5.0 -> 102.6.0)
mpc (1.2.1 -> 1.3.0)
nano (7.0 -> 7.1)
open-vm-tools (12.1.0 -> 12.1.5)
openssh
openssl-1_1
openssl-3
osinfo-db (20221018 -> 20221130)
pipewire (0.3.62 -> 0.3.63)
protobuf (21.11 -> 21.12)
python-anyio
python-lark (1.1.4 -> 1.1.5)
python-pycares (4.2.2 -> 4.3.0)
selinux-policy
shadow
speech-dispatcher (0.10.2 -> 0.11.4)
sqlite3
webkit2gtk3
webkit2gtk4
xorg-x11-server
xscreensaver (6.05.1 -> 6.06)
xwayland
xz
yast2-add-on (4.5.2 -> 4.5.3)
yast2-packager (4.5.8 -> 4.5.9)
zlib
=== Details ===
==== 7zip ====
- build for x86_64 subarchs the same way like for baseline
==== bash ====
Version update (5.2.12 -> 5.2.15)
Subpackages: bash-doc bash-sh
- Add upstream patches
* bash52-013
Bash can leak memory when referencing a non-existent associative
array element.
* bash52-014
Bash defers processing additional terminating signals when running
the EXIT trap while exiting due to a terminating signal. This
patch allows the new terminating signal to kill the shell immediately.
* bash52-015
There are several cases where bash is too aggressive when optimizing
out forks in subshells. For example, `eval' and traps should never
be optimized.
==== brltty ====
Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi
- Use tmpfiles_create_package
- Use sysuser-tools unconditionally (bsc#1205161)
==== cracklib ====
Version update (2.9.7 -> 2.9.8)
Subpackages: libcrack2
- update to 2.9.8:
* rules: Drop using register keyword
* add exec perms
* translation updates
* Use what's in the build environment and use a current autoconf
* util/Makefile.am: fix link with lintl
* Force grep to treat the input as text when formatting word files
==== dracut ====
Version update (057+suse.351.ge78c8ff6 -> 057+suse.353.g6dab83eb)
Subpackages: dracut-ima dracut-mkinitrd-deprecated
- Update to version 057+suse.353.g6dab83eb:
* revert(fips): check for fipscheck in libexec (bsc#1206431)
==== elfutils-debuginfod ====
Subpackages: debuginfod-profile libdebuginfod1
- Remove dependency to not used sysconfig package
- Weaken systemd dependency, no hard requires necessary
==== exiv2 ====
- switch to pkgconfig(zlib) so that alternative providers can be
used
==== gcc13 ====
Version update (12.2.1+git537 -> 13.0.0+git197351)
Subpackages: libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1
- check each header separately
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump to 0a43f7b1a73c8e3b9cefffe430274d0a3d6d3291, git197351.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Sync cross.spec.in changes from gcc12 package.
- Bump to 380d62c14c99d8df13b7a86660e7ee67d01ad827, git197210.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Bump to de144fdab17dbbb64ccb540056ab78b4ffb3fbbc, git197173.
- Depend on at least LLVM 13 for GCN cross compiler.
- Bump to 4304e09a1617bcf1c87f5bc96017ae5017379d75, git197155.
- Rebase gcc44-rename-info-files.patch.
- Bump to d13c359a49291f0a1206adbad4065677010b7e4b, git197143.
- Sync changes from gcc12 package
- Update embedded newlib to version 4.2.0
* includes newlib-4.1.0-aligned_alloc.patch
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
- Bump to 2b0ae7fb91f64fb005abf7d7903fd4c0764bb45c, git197102.
- Handle new libstdc++exp.a lib.
- Bump to 5c0d171f67d082c353ddc319859111d3b9126c17, git196938.
- Add 2 new headers.
- Bump to b457b779427b0f7b3fbac447811c9c52db5bc79e, git196485.
==== git ====
- switch to pkgconfig(zlib) so that alternative providers can be
used
==== gnutls ====
- switch to pkgconfig(zlib) so that alternative providers can be
used
==== groff ====
- set doc-default-operating-system and doc-volume-operating-system
to $PRETTY_NAME [bsc#1185613]
==== groff-full ====
Subpackages: gxditview
- set doc-default-operating-system and doc-volume-operating-system
to $PRETTY_NAME [bsc#1185613]
==== gtkmm3 ====
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== highway ====
- Added missing baselibs.conf so that 32bit library packages
become available
==== irqbalance ====
Subpackages: irqbalance-ui
- build for x86_64 subarchs the same way like for baseline
==== krb5 ====
- Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch,
already fixed in release 1.20.0
==== libjxl ====
- Added missing baselibs.conf so that 32bit library packages
become available
==== libqt5-qtbase ====
Version update (5.15.7+kde167 -> 5.15.7+kde177)
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Update to version 5.15.7+kde177:
* Fix wrong to linear conversion
* QKeySequence: Add missing modifier names
* Scale BMP color samples with periodic bit expansion
* Send accessible focus event after list view has focus
* update function argument of SSL_CTX_set_options
* Openssl backend: reinsert a missing C in qCDebug
* Annotate QMutex with TSAN annotations
* Handle allocation failure in QImage rotate 90/180/270 functions
* xcb: Replace qCWarning by qCDebug in QXcbConnection::printXcbError()
* a11y: support GetAccessibleId for at-spi
- Drop patches, now upstream:
* 0001-Fix-wrong-to-linear-conversion.patch
==== libqt5-qtdeclarative ====
Version update (5.15.7+kde18 -> 5.15.7+kde25)
- Update to version 5.15.7+kde25:
* Make QaccessibleQuickWidget private API
* a11y: track item enabled state
* QQuickItem: avoid emitting signals during destruction
* Send ObjectShow event for visible components after initialized
* Implement accessibility for QQuickWidget
* Fix build after 95290f66b806a307b8da1f72f8fc2c69801933d0
* Don't convert QByteArray in `startDrag`
==== libqt5-qtquickcontrols2 ====
Version update (5.15.7+kde6 -> 5.15.7+kde7)
Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5
- Update to version 5.15.7+kde7:
* Fix the popup position of a Menu
==== libtool ====
- switch to pkgconfig(zlib) so that alternative providers can be
used
==== libwnck ====
Subpackages: libwnck-3-0 typelib-1_0-Wnck-3_0
- Drop baselibs.conf: there is no known consumer of the -32bit
package.
==== mozilla-nss ====
Version update (3.84 -> 3.85)
Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
==== mozjs102 ====
Version update (102.5.0 -> 102.6.0)
- Update to version 102.6.0:
+ Various stability, functionality, and security fixes.
+ CVE-2022-46880: Use-after-free in WebGL.
+ CVE-2022-46872: Arbitrary file read from a compromised content
process.
+ CVE-2022-46881: Memory corruption in WebGL.
+ CVE-2022-46874: Drag and Dropped Filenames could have been
truncated to malicious extensions.
+ CVE-2022-46875: Download Protections were bypassed by .atloc
and .ftploc files on Mac OS.
+ CVE-2022-46882: Use-after-free in WebGL.
+ CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and
Firefox ESR 102.6.
==== mpc ====
Version update (1.2.1 -> 1.3.0)
- Add mpc-1.3.0-gmpdep.patch to avoid dependence on stdio.h when
including mpc.h
- Update to version 1.3.0.
* New function: mpc_agm
* New rounding modes "away from zero", indicated by the letter "A"
and corresponding to MPFR_RNDA on the designated real or imaginary part.
* New experimental ball arithmetic.
* New experimental function: mpc_eta_fund
* Bug fixes:
- mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)|
- mpc_pow_fr: sign of zero part of result when the base has up to sign
the same real and imaginary part, and the exponent is an even
positive integer
- mpc_fma: the returned int value was incorrect in some cases
(indicating whether the rounded real/imaginary parts were
smaller/equal/greater than the exact values), but the computed
complex value was correct.
==== nano ====
Version update (7.0 -> 7.1)
- update to 7.1:
* When --autoindent and --breaklonglines are combined, pressing
<Enter> at a specific position no longer eats characters.
==== open-vm-tools ====
Version update (12.1.0 -> 12.1.5)
Subpackages: libvmtools0 open-vm-tools-desktop
- Don't list libgrpc++, libgrpc, and libprotobuf in the containerinfo Requires
section. The dependencies will be added automatically.
- Don't use new LDFLAGS, -labsl_synchronization -lgpr, when building for SLE.
- Add containerInfo plugin (jsc-PED-1344)
- Add dependencies on grpc, protobuf, and containerd for container
introspection
- Added patches (jsc-PED-1344)
+ detect-suse-location.patch
- Add _service to handle open-vm-tools sources
- Update to 12.1.5 (build 20735119) (boo#1205962)
- A number of Coverity reported issues have been addressed.
- The deployPkg plugin may prematurely reboot the guest VM before cloud-init
has completed user data setup. If both the Perl based Linux customization
script and cloud-init run when the guest VM boots, the deployPkg plugin
may reboot the guest before cloud-init has finished. The deployPkg
plugin has been updated to wait for a running cloud-init process to
finish before the guest VM reboot is initiated. This issue is fixed in
this release.
- A SIGSEGV may be encountered when a non-quiesing snapshot times out.
This issue is fixed in this release.
- Unwanted vmtoolsd service error message if not on a VMware hypervisor.
When open-vm-tools comes preinstalled in a base Linux release, the vmtoolsd
services are started automatically at system start and desktop login.
If running on physical hardware or in a non-VMware hypervisor, the services
will emit an error message to the Systemd's logging service before stopping.
This issue is fixed in this release.
==== openssh ====
Subpackages: openssh-clients openssh-common openssh-server
- limit to openssl < 3.0 as this version is not compatible (bsc#1205042)
next version update will fix it
==== openssl-1_1 ====
Subpackages: libopenssl1_1
- POWER10 performance enhancements for cryptography [jsc#PED-512]
* openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch
* openssl-1_1-Fixed-counter-overflow.patch
* openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch
* openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch
* openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
==== openssl-3 ====
- Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996]
* Add patch: openssl-3-Fix-double-locking-problem.patch
==== osinfo-db ====
Version update (20221018 -> 20221130)
- Update to database version 20221130
osinfo-db-20221130.tar.xz
- Add support for SLE Micro 5.4
add-slem5.4-support.patch
- Fix <derives-from id> value
add-slem5.3-support.patch
==== pipewire ====
Version update (0.3.62 -> 0.3.63)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
- Update to version 0.3.63:
* Highlights
- Fix a critical bug that causes audio distortion in some cases
when using AVX2.
- Fix a crash in mpv caused by deinit of PipeWire.
- Resample the convolver IR to match the graph samplerate for
better results.
- Many more small bugfixes and improvements.
* PipeWire
- Fix a segfault in the PipeWire deinit code triggered by mpv
in some cases.
- Fix docs about SPA_PLUGIN_DIR.
- Always dlclose by default (even under valgrind). Add an
option with PIPEWIRE_DLCLOSE to select alternative behaviour.
- Improve PIPEWIRE_DEBUG category handling.
* modules
- Resample the IR for the convolver when the IR samplerate and
graph rate don't match.
* SPA
- Handle spurious reads from timerfd gracefully.
- Fix potential stack-use-after-scope when starting Audacity.
- Fix distorted audio when using AVX2.
- Remove fallback to default channel map in channelmix.
- Improve sorting of MIDI events, use the same order as Ardour.
- Enable LFE downmixing by default.
- Make IEC958/AC3 and IEC958/DTS work better by enforcing a
fixed minimal buffering for the encoder to avoid stuttering.
* Pulse-Server
- Add a new pulse.cmd config section to execute pulse commands,
currently only for loading modules. This removes the
dependency on pactl.
- Improve debug of messages.
- Rebase reduce-meson-dependency.patch.
- Add patch to add channel-map in the echo-cancel module:
* 0001-pulse-server-add-channel-map-in-echo-cancel-module.patch
==== protobuf ====
Version update (21.11 -> 21.12)
- update to v21.12:
* Python
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
==== python-anyio ====
- Skip trio exception tests for now
* https://github.com/agronholm/anyio/issues/508
* https://github.com/agronholm/anyio/commit/787cb0c2e53c2a3307873d202fbd49dc5…
==== python-lark ====
Version update (1.1.4 -> 1.1.5)
- Update to v1.1.5
* What's Changed
setup.cfg: Replace deprecated license_file with license_files by @mgorny in #1209
Fix Github shenanigans by @erezsh in #1220
Fix AmbiguousExpander (Issue #1214) by @chanicpanic in #1216
Fix EOF line information in InteractiveParser.resume_parse() by @erezsh in #1224
Use generator instead of list expand or add method by @jmishra01 in #1225
==== python-pycares ====
Version update (4.2.2 -> 4.3.0)
- Update to version 4.3.0
* Bump cibuildwheel to build for Python 3.11 + CI total time speedups by @Jackenmen in #174
Fix tests that depended on external sites by @Jackenmen in #180
Complete the Python 3.11 support by @Jackenmen in #179
Drop CPython 3.6 by @saghul in #181
Improve test compatibility with pytest by @saghul in #182
Update c-ares submodule to 1.18.1 by @saghul in #183
==== selinux-policy ====
Subpackages: selinux-policy-targeted
- Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan
(bnc#1206445)
- Added policy for wicked scripts under /etc/sysconfig/network/scripts
(bnc#1205770)
- Add fix_sendmail.patch
* fix context of custom sendmail startup helper
* fix context of /var/run/sendmail and add necessary rules to manage
content in there
==== shadow ====
Subpackages: libsubid4 login_defs
- bsc#1205502: Fix useradd audit event logging of ID field
* Add shadow-audit-no-id.patch
==== speech-dispatcher ====
Version update (0.10.2 -> 0.11.4)
Subpackages: libspeechd2 python3-speechd
- Update to version 0.11.4:
- Update CLDR to version 42 and symbols from NVDA.
- Fix audio plugin loading with dlopen.
- Fix atomicity of getting reply in threaded mode.
- Changes from 0.11.3:
- Fix back DefaultModule configuration.
- pico: Avoid falling to english when passed a bogus voice name.
- espeak: Fix setting voice type.
- Changes from 0.11.2:
- Fix loading xx-yy locales.
- Various memory leaks fixes.
- Add mimic3 configuration file.
- pico: Fix setting language vs voice.
- Make sure that modules report a list of voices.
- Update CLDR to version 41, symbols from NVDA and orca.
- Allow building without ltdl.
- Re-enable SSML in espeak-ng-mbrola module.
- Changes from 0.11.1:
- Add SPEECHD_PLUGIN_DIR environment variable.
- Fix listing voices of the default module.
- Changes from 0.11
- Support playing audio through the server.
- modules: Add support for loading from user's
.local/libexec/speech-dispatcher.
- symbols: Process symbols.dic before emojis.dic.
- symbols: Enable speechd symbols processing by default.
- modules: Moved speech dispatcher modules to
/usr/libexec/speech-dispatcher-modules
- espeak-ng: Add support for mbrola voices.
- mary: Add auto-detection.
- mary: Add newer voices.
- mary: Add volume, pitch, and rate support.
- ivona: Add auto-detection.
- festival: Strip head silence.
- generic: Add DefaultVoice option.
- es_ES: Add some gender neutral rules.
- Add SPEECHD_CMD environment variable.
- modules: Rewrite main functions with BSD licence, to let
proprietary modules easily reuse this as a basis.
- modules: Add skeletons ready for use as a basis for new
modules.
- Add script to run speechd from the build tree.
- Update CLDR to version 39, symbols from NVDA and orca.
- Add Esperanto translation.
- Sort modules by quality, let the best quality module be the
default.
- Rebase harden_speech-dispatcherd.service.patch.
- Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update.
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_speech-dispatcherd.service.patch
==== sqlite3 ====
Subpackages: libsqlite3-0 sqlite3-tcl
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
relying on --safe for execution of an untrusted CLI script
==== webkit2gtk3 ====
Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles
- Add upstream patch b7ac5d0c.patch: Fix build with Ruby 3.2.
==== webkit2gtk4 ====
Subpackages: libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles
- Add upstream patch b7ac5d0c.patch: Fix build with Ruby 3.2.
==== xorg-x11-server ====
Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
* XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
bsc#1206017)
- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
* Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
* Xi: return an error from XI property changes if verification
failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
* Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
* Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
* Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
* Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
CVE-2022-46342, bsc#1205879)
==== xscreensaver ====
Version update (6.05.1 -> 6.06)
Subpackages: xscreensaver-data xscreensaver-lang
- update to 6.06:
* New hack hextrail
* marbling works again
* Adjust old hacks for higher resolution displays
* X11: More robust desktop image grabbing.
* X11: Various improvements to xscreensaver-settings
* X11: Supports "Lock" messages from systemd, e.g. when
logind.conf has "HandleLidSwitch=lock" instead of "suspend".
* Retired thornbird, which is redundant with discrete.
- drop xscreensaver-gtk3.patch, upstream
==== xwayland ====
- U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch
* XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283,
bsc#1206017)
- U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch
* Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265,
CVE-2022-46340, bsc#1205874)
- U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch
* Xi: return an error from XI property changes if verification
failed (no ZDI-CAN id, no CVE id, bsc#1205875)
- U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch
* Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405,
CVE-2022-46344, bsc#1205876)
- U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch
* Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381,
CVE-2022-46341, bsc#1205877)
- U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch
* Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404,
CVE-2022-46343, bsc#1205878)
- U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch
* Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400,
CVE-2022-46342, bsc#1205879)
==== xz ====
Subpackages: liblzma5
- Rename xz-static-devel -> xz-devel-static to follow the general
naming used in openSUSE.
==== yast2-add-on ====
Version update (4.5.2 -> 4.5.3)
- Fixed failure with the "media_url" element in AutoYaST profile
containing CDATA block with spaces (bsc#1205928)
- 4.5.3
==== yast2-packager ====
Version update (4.5.8 -> 4.5.9)
- Merged PR https://github.com/yast/yast-packager/pull/623
by Christopher Yeleighton <giecrilj(a)stegny.2a.pl>:
Do not call [Install done] on aborted packages (boo#1203302)
- 4.5.9
==== zlib ====
Subpackages: libminizip1 libz1
- build zlib with optflags again
1
0