Packages changed: ImageMagick (7.1.0.53 -> 7.1.0.55) Mesa (22.2.4 -> 22.3.2) Mesa-drivers (22.2.4 -> 22.3.2) MozillaFirefox (107.0.1 -> 108.0.1) NetworkManager (1.40.6 -> 1.40.8) alsa-plugins autoyast2 (4.5.11 -> 4.5.12) avahi avahi-glib2 bind (9.18.9 -> 9.18.10) ca-certificates-mozilla (2.56 -> 2.60) cairomm1_0 cronie curl (7.86.0 -> 7.87.0) dconf distrobox (1.4.1 -> 1.4.2.1) dnsmasq (2.87 -> 2.88) ell (0.54 -> 0.55) ethtool (6.0 -> 6.1) fwupd (1.8.7 -> 1.8.8) glib2 (2.74.3 -> 2.74.4) glib2-branding-openSUSE glibc gnome-control-center (43.1 -> 43.2) gnome-menus grub2 gstreamer (1.20.4 -> 1.20.5) gstreamer-plugins-bad (1.20.4 -> 1.20.5) gstreamer-plugins-base (1.20.4 -> 1.20.5) gstreamer-plugins-good (1.20.4 -> 1.20.5) gtk4 (4.8.2 -> 4.8.3) gupnp (1.6.2 -> 1.6.3) harfbuzz (5.3.1 -> 6.0.0) imlib2 (1.9.1 -> 1.10.0) iproute2 (6.0 -> 6.1) kernel-firmware (20221130 -> 20221216) kernel-source (6.0.12 -> 6.1.1) libICE (1.1.0 -> 1.1.1) libSM (1.2.3 -> 1.2.4) libXau (1.0.10 -> 1.0.11) libarchive (3.6.1 -> 3.6.2) libbpf (1.0.1 -> 1.1.0) libcloudproviders libfontenc (1.1.6 -> 1.1.7) libgnomesu libgtop libjxl libpsl (0.21.1 -> 0.21.2) libpwquality (1.4.4 -> 1.4.5) libqt5-qtwebengine (5.15.11 -> 5.15.12) librepo (1.14.5 -> 1.15.1) libstorage-ng (4.5.56 -> 4.5.57) libxkbfile (1.1.1 -> 1.1.2) libxshmfence (1.3.1 -> 1.3.2) lsof (4.96.4 -> 4.96.5) lua54 mdadm mpc (1.3.0 -> 1.3.1) nftables (1.0.5 -> 1.0.6) open-iscsi open-vm-tools openblas_pthreads openssh pam pam-full-src pangomm1_4 permissions (1599_20220912 -> 1599_20221220) pipewire policycoreutils publicsuffix (20220903 -> 20221129) python-Beaker (1.11.0 -> 1.12.0) python-h2 python-httpcore (0.15.0 -> 0.16.3) python-jsonschema python-urllib3 (1.26.12 -> 1.26.13) raspberrypi-firmware (2022.11.18 -> 2022.12.12) raspberrypi-firmware-config (2022.11.18 -> 2022.12.12) redis (7.0.5 -> 7.0.7) rpm samba (4.17.3+git.283.2157972742b -> 4.17.4+git.300.305b22bfce) screen sddm sssd systemd tcl tuned (2.18.0.8+git.6f907c9 -> 2.19.0.29+git.b894a3e) util-linux (2.37.4 -> 2.38.1) util-linux-systemd (2.37.4 -> 2.38.1) vim (9.0.1040 -> 9.0.1107) vulkan-loader (1.3.231.0 -> 1.3.236.0) vulkan-tools (1.3.231 -> 1.3.236.0) webkit2gtk3 (2.38.2 -> 2.38.3) wicked (0.6.70 -> 0.6.71) xcb-util (0.4.0 -> 0.4.1) xf86-input-joystick (1.6.3 -> 1.6.4) xf86-video-vesa (2.5.0 -> 2.6.0) xkbcomp (1.4.5 -> 1.4.6) xorg-x11-server (21.1.4 -> 21.1.6) xwayland (22.1.5 -> 22.1.7) xz (5.2.8 -> 5.2.10) yast2-packager (4.5.9 -> 4.5.10) zbar zlib-ng-compat zvbi (0.2.38 -> 0.2.39) === Details === ==== ImageMagick ==== Version update (7.1.0.53 -> 7.1.0.55) Subpackages: ImageMagick-config-7-SUSE libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - update to 7.1.0.55: * https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#710-55---2022-12-17 ==== Mesa ==== Version update (22.2.4 -> 22.3.2) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - don't try to generate libvdpau_virtio_gpu package on ppc64le; for some reason this driver doesn't get built on this platform - Update to version 22.3.0: * See https://docs.mesa3d.org/relnotes/22.3.0.html - Update to version 22.3.1: * See https://docs.mesa3d.org/relnotes/22.3.1.html - Update to version 22.3.2: * See https://docs.mesa3d.org/relnotes/22.3.2.html - Remove the libXvMC_nouveau and libXvMC_r600 packages as XVMC support was removed. - Add libvdpau_virtio_gpu package for VirtIO GPU. - Rebase n_drirc-disable-rgb10-for-chromium-on-amd.patch. - Rebase u_dep_xcb.patch. - Rebase U_fix-mpeg1_2-decode-mesa-20.2.patch. - Drop n_buildfix-21.3.0.patch: fixed upstream. ==== Mesa-drivers ==== Version update (22.2.4 -> 22.3.2) Subpackages: Mesa-dri Mesa-gallium Mesa-libva - don't try to generate libvdpau_virtio_gpu package on ppc64le; for some reason this driver doesn't get built on this platform - Update to version 22.3.0: * See https://docs.mesa3d.org/relnotes/22.3.0.html - Update to version 22.3.1: * See https://docs.mesa3d.org/relnotes/22.3.1.html - Update to version 22.3.2: * See https://docs.mesa3d.org/relnotes/22.3.2.html - Remove the libXvMC_nouveau and libXvMC_r600 packages as XVMC support was removed. - Add libvdpau_virtio_gpu package for VirtIO GPU. - Rebase n_drirc-disable-rgb10-for-chromium-on-amd.patch. - Rebase u_dep_xcb.patch. - Rebase U_fix-mpeg1_2-decode-mesa-20.2.patch. - Drop n_buildfix-21.3.0.patch: fixed upstream. ==== MozillaFirefox ==== Version update (107.0.1 -> 108.0.1) - add mozilla-bmo1805809.patch to fix build for x86-32 (boo#1206600) - Mozilla Firefox 108.0.1 (boo#1206507) * Fixes the default search engine being reset on upgrade for profiles which were previously copied from a different location - Mozilla Firefox 108.0 https://www.mozilla.org/en-US/firefox/108.0/releasenotes/ MFSA 2022-51 (bsc#1206242) * CVE-2022-46871 (bmo#1795697) libusrsctp library out of date * CVE-2022-46872 (bmo#1799156) Arbitrary file read from a compromised content process * CVE-2022-46873 (bmo#1644790) Firefox did not implement the CSP directive unsafe-hashes * CVE-2022-46874 (bmo#1746139) Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46875 (bmo#1786188) Download Protections were bypassed by .atloc and .ftploc files on Mac OS * CVE-2022-46877 (bmo#1795139) Fullscreen notification bypass * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, bmo#1801102, bmo#1801315, bmo#1802395) Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 * CVE-2022-46879 (bmo#1736224, bmo#1793407, bmo#1794249, bmo#1795845, bmo#1797682, bmo#1797720, bmo#1798494, bmo#1799479) Memory safety bugs fixed in Firefox 108 - requires NSS >= 3.85 rustc/cargo 1.65 - added translations to .desktop file. ==== NetworkManager ==== Version update (1.40.6 -> 1.40.8) Subpackages: NetworkManager-bluetooth NetworkManager-tui NetworkManager-wwan libnm0 typelib-1_0-NM-1_0 - Update to version 1.40.8: + Fixed a bug that caused devices (MACsec in particular) to be stuck in UNAVAILABLE state and not transition to DISCONNECTED if the carrier was ready too early. + Improved interoperability of MACsec with some Aruba switches by allowing CKN shorter than 64 characters. + Fixed an assertion failure when restarting NetworkManager with MACsec links configured. + Fixed a possible DHCP helper crash when handling failure to connect to D-Bus. + Corrected calculation of expiration time for items configured from IPv6 neighbor discovery messages. + Various fixes for platforms that don't allow unaligned memory access. - Drop iptables BuildRequires and -Diptables meson parameter: iptables is legacy (obsoleted in favor of nft). Additionally. meson has proper fallback detection to assume the correct path, should it need to use iptables. - Recommend nftables instead of iptables. ==== alsa-plugins ==== Subpackages: alsa-plugins-speexrate alsa-plugins-upmix - Replace pkgconfig(libavresample) with pkgconfig(libswresample) BuildRequires as rate-lav was ported to use the latter. ==== autoyast2 ==== Version update (4.5.11 -> 4.5.12) - Added XSLT transformation for easy conversion of the data types in the AutoYaST XML profiles between the old and the new format. This allows to convert a new profile to the format accepted in SLE15-SP2 or older (bsc#1206597) - 4.5.12 ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already. ==== avahi-glib2 ==== - Drop %{_sysconfdir}/sysconfig/network/if-{up,down}.d scripts: they are not used, or supported, in a while already. ==== bind ==== Version update (9.18.9 -> 9.18.10) - Update to release 9.18.10 Feature Changes: * To reduce unnecessary memory consumption in the cache, NXDOMAIN records are no longer retained past the normal negative cache TTL, even if stale-cache-enable is set to yes. * The auto-dnssec option has been deprecated and will be removed in a future BIND 9.19.x release. Please migrate to dnssec-policy. * The coresize, datasize, files, and stacksize options have been deprecated. The limits these options set should be enforced externally, either by manual configuration (e.g. using ulimit) or via the process supervisor (e.g. systemd). * Setting alternate local addresses for inbound zone transfers has been deprecated. The relevant options (alt-transfer-source, alt-transfer-source-v6, and use-alt-transfer-source) will be removed in a future BIND 9.19.x release. * The number of HTTP headers allowed in requests sent to named’s statistics channel has been increased from 10 to 100, to accommodate some browsers that send more than 10 headers by default. Bug Fixes: * named could crash due to an assertion failure when an HTTP connection to the statistics channel was closed prematurely (due to a connection error, shutdown, etc.). * When a catalog zone was removed from the configuration, in some cases a dangling pointer could cause the named process to crash. * When a zone was deleted from a server, a key management object related to that zone was inadvertently kept in memory and only released upon shutdown. This could lead to constantly increasing memory use on servers with a high rate of changes affecting the set of zones being served. * TLS configuration for primary servers was not applied for zones that were members of a catalog zone. * In certain cases, named waited for the resolution of outstanding recursive queries to finish before shutting down. * host and nslookup command-line options setting the custom TCP/UDP port to use were ignored for ANY queries (which are sent over TCP). * The zone /: final reference detached log message was moved from the INFO log level to the DEBUG(1) log level to prevent the named-checkzone tool from superfluously logging this message in non-debug mode. ==== ca-certificates-mozilla ==== Version update (2.56 -> 2.60) - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch: remove-trustcor.patch ==== cairomm1_0 ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== cronie ==== Subpackages: cron - Use %_pam_vendordir ==== curl ==== Version update (7.86.0 -> 7.87.0) Subpackages: libcurl4 - Update to 7.87.0: * Security fixes: - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free * Changes - curl: add --url-query - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit - lib: add CURL_WRITEFUNC_ERROR to signal write callback error - openssl: reduce CA certificate bundle reparsing by caching - version: add a feature names array to curl_version_info_data * Bugfixes - altsvc: fix rejection of negative port numbers - aws_sigv4: consult x-%s-content-sha256 for payload hash - aws_sigv4: fix typos in aws_sigv4.c - base64: better alloc size - base64: encode without using snprintf - base64: faster base64 decoding - build: assume assert.h is always available - build: assume errno.h is always available - c-hyper: CONNECT respones are not server responses - c-hyper: fix multi-request mechanism - CI: Change FreeBSD image from 12.3 to 12.4 - CI: LGTM.com will be shut down in December 2022 - ci: Remove zuul fuzzing job as it's superseded by CIFuzz - cmake: check for cross-compile, not for toolchain - CMake: fix build with `CURL_USE_GSSAPI` - cmake: really enable warnings with clang - cmake: set the soname on the shared library - cmdline-opts/gen.pl: fix the linkifier - cmdline-opts/page-footer: remove long option nroff formatting - config-mac: define HAVE_SYS_IOCTL_H - config-mac: fix typo: size_T -> size_t - config-mac: remove HAVE_SYS_SELECT_H - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW - configure: require fork for NTLM-WB - contributors.sh: actually use $CURLWWW instead of just setting it - cookie: compare cookie prefixes case insensitively - cookie: expire cookies at once when max-age is negative - cookie: open cookie jar as a binary file - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS - curl-rustls.m4: on macOS, rustls also needs the Security framework - curl.h: include on SerenityOS - curl.h: name all public function parameters - curl.h: reword comment to not use deprecated option - curl: override the numeric locale and set "C" by force - curl: timeout in the read callback - curl_endian: remove Curl_write64_le from header - curl_get_line: allow last line without newline char - curl_path: do not add '/' if homedir ends with one - curl_url_get.3: remove spurious backtick - curl_url_set.3: document CURLU_DISALLOW_USER - curl_url_set.3: fix typo - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE - CURLOPT_COOKIEFILE.3: advice => advise - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "raw" - CURLOPT_POST.3: Explain setting to 0 changes request type - docs/curl_ws_send: Fixed typo in websocket docs - docs/EARLY-RELEASE.md: how to determine an early release - docs/examples: spell correction ('Retrieve') - docs/INSTALL.md: expand on static builds - docs/WEBSOCKET.md: explain the URL use - docs: add missing parameters for --retry flag - docs: add more "SEE ALSO" links to CA related pages - docs: explain the noproxy CIDR notation support - docs: extend the dump-header documentation - docs: remove performance note in CURLOPT_SSL_VERIFYPEER - examples/10-at-a-time: fix possible skipped final transfers - examples: update descriptions - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH - gen.pl: do not generate CURLHELP bitmask lines > 79 characters - GHA: clarify workflows permissions, set least possible privilege - GHA: NSS use clang instead of clang-9 - gnutls: use common gnutls init and verify code for ngtcp2 - headers: add endif comments - HTTP-COOKIES.md: mention that http://localhost is a secure context - HTTP-COOKIES.md: update the 6265bis link to draft-11 - http: do not send PROXY more than once - http: fix the ::1 comparison for IPv6 localhost for cookies - http: set 'this_is_a_follow' in the Location: logic - http: use the IDN decoded name in HSTS checks - hyper: classify headers as CONNECT and 1XX - hyper: fix handling of hyper_task's when reusing the same address - idn: remove Curl_win32_ascii_to_idn - INSTALL: update operating systems and CPU archs - KNOWN_BUGS: remove eight entries - lib1560: add some basic IDN host name tests - lib: connection filters (cfilter) addition to curl: - lib: feature deprecation warnings in gcc >= 4.3 - lib: fix some type mismatches and remove unneeded typecasts - lib: parse numbers with fixed known base 10 - lib: remove bad set.opt_no_body assignments - lib: rewind BEFORE request instead of AFTER previous - lib: sync guard for Curl_getaddrinfo_ex() definition and use - lib: use size_t or int etc instead of longs - libcurl-errors.3: remove duplicate word - libssh2: return error when ssh_hostkeyfunc returns error - limit-rate.d: see also --rate - log2changes.pl: wrap long lines at 80 columns ... changelog too long, skipping 66 lines ... - x509asn1: avoid freeing unallocated pointers ==== dconf ==== Subpackages: gsettings-backend-dconf libdconf1 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== distrobox ==== Version update (1.4.1 -> 1.4.2.1) Subpackages: distrobox-bash-completion - Update to latest version (1.4.2.1). Some changes: * all: fix setting up default images and names * compatibility: add gentoo docker image * compatibility: change debian 8 image * completion: Remove shebangs from bash completions * completion: add compatibility list flag, add image name autocompletion * create/enter/export: Add home prefix * create: Fix using --home with space in path * create: use --entrypoint to override entrypoint defined by image * distrobox: remove trap from the wrapper * docs: Add resource limitation tips * docs: Fix example configuration file * docs: Update handler function to support bash scripts * enter/export: handle quotes in arguments in a better way * enter: exclude LANG environment variables * enter: remove detach-keys, work on #398 * export/enter: inject container ID at enter-time, in order to be used in export * export: fix variable declaration * export: look at global user services while trying to export a service * export: use realpath on icons * init: Add init and pre-init hook defaults as supported config options * init: add missing findmnt in OpenSUSE * init: better systemd unit cleanup * init: copy skel files only if using custom home * init: fix overriding of SHELL at each start, override default SHELL only the first time * init: fix sudoers spam (missing " in check) * init: fix void-linux package incompatibility error * init: fix vte installation; add --noreplace to prevent repeated builds * init: integrate with kerberos host only if it is installed on the host. * init: skip external mounts when searching for sockets * init: specify package for gentoo * init: use container's path for SHELL instead of host's one * init: use findmnt instead of mountpoint, fixing compatibility with old distributions * install-podman: Fix cni_plugin_dirs * install: do not use scraping, use fixed version * main: Do not open manpager automatically Full list available at: https://github.com/89luca89/distrobox/releases/tag/1.4.2.1 ==== dnsmasq ==== Version update (2.87 -> 2.88) - update to 2.88: * Fix bug in --dynamic-host when an interface has /16 IPv4 * address. * Add --fast-dns-retry option. This gives dnsmasq the ability to originate retries for upstream DNS queries itself, rather than relying on the downstream client. This is most useful when doing DNSSEC over unreliable upstream networks. It comes with some cost in memory usage and network bandwidth. * Add --use-stale-cache option. When set, if a DNS name exists in the cache, but its time-to-live has expired, dnsmasq will return the data anyway. * handle removal of whole files or entries within files. ==== ell ==== Version update (0.54 -> 0.55) - update to 0.55: * Fix issue with DHCP and blocked unicast requests. ==== ethtool ==== Version update (6.0 -> 6.1) - update to upstream release 6.1 * Feature: update link mode tables * Feature: register dump for NXP ENETC driver (-d) * Feature: report TCP header-data split (-g) * Feature: support new message types in pretty print * Fix: man page syntax fixes ==== fwupd ==== Version update (1.8.7 -> 1.8.8) Subpackages: fwupd-bash-completion libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.8.8: + This release adds the following features: - Add BIOS rollback protection support for Dell and Lenovo systems - Generate OVAL rules for openSCAP evaluation - Show the signed reports from QA teams in client tools + This release fixes the following bugs: - Add a X-Gpu category for new hardware support - Add more ChromeOS metadata to the report attributes - Ensure the device name is set for Intel USB4 devices - Fix a critical DFU CSR warning when deploying firmware - Fix a Synaptics RMI issue when updating non-secure devices - Match more device properties when using GetDetails - Move AMD platform rollback protection to level 4 - Use the correct AppStream ID for the Key Manifest failure - Wait for the Intel GPU to come back after updating + This release adds support for the following hardware: - Logitech Whiteboard cameras - More Goodix MoC devices - Several QSI Docks ==== glib2 ==== Version update (2.74.3 -> 2.74.4) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.74.4: + Fix missing input validation in `GDBusMenuModel`. + Various GVariant security fixes when handling untrusted data. + Bugs fixed: glgo#GNOME/GLib#861, glgo#GNOME/GLib#2121, glgo#GNOME/GLib#2540, glgo#GNOME/GLib#2794, glgo#GNOME/GLib#2797, glgo#GNOME/GLib#2835, glgo#GNOME/GLib#2839, glgo#GNOME/GLib#2840, glgo#GNOME/GLib#2841, glgo#GNOME/GLib#2852, glgo#GNOME/GLib!3114, glgo#GNOME/GLib!3126, glgo#GNOME/GLib!3134, glgo#GNOME/GLib!3138, glgo#GNOME/GLib!3153, glgo#GNOME/GLib!3161, glgo#GNOME/GLib!3164. + Updated translations. - Add 1539540.patch: gthread-posix: need to #include . ==== glib2-branding-openSUSE ==== - Prefer file-roller over nautilus for archives. ==== glibc ==== Subpackages: glibc-extra glibc-locale glibc-locale-base nscd - floatn.patch: Update _FloatN header support for C++ in GCC 13 ==== gnome-control-center ==== Version update (43.1 -> 43.2) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-user-faces - Update to version 43.2: + About: Update distro logo when dark-mode changes. + Applications: Don't recurse into symlinks when clearing cache. + Cellular: Avoid duplicated entries in SIM providers list. + Color: Fix crash when first device row is non-existent. + Common: Make list row switches work when annimations are OFF. + Display: Allow the Night Light error label to wrap for small screens. + Mouse: Fix activation of rows while navigating with keyboard. + Network: - Fix crashes when EAP password is missing. - Fix wrong signal of SEA password visibility toggle. + Notifications: Sync lock screen notification setting string. + Users: Show a missing-avatar image when avatars cannot be loaded. + Updated translations. - Drop gnome-control-center-fix-ws-sea-pass-toggle.patch: Fixed upstream. - Refresh patches with quilt. - Modify gnome-control-center-disable-error-message-for-NM.patch: fix wifi panel(bsc#1206233). - Rebase gnome-control-center-disable-error-message-for-NM.patch. - Add gnome-control-center-network-use-AdwStatusPage.patch: network-panel: Use AdwStatusPage to show NetworkManager error. This is needed by the above rebased patch (glgo#GNOME/gnome-control-center/commit/2b3de01124). - Add gnome-control-center-fix-ws-sea-pass-toggle.patch: Fix crash when user clicking password visibility toggle in Security page when method is WPA3 Personal (glgo#GNOME/gnome-control-center!1520). ==== gnome-menus ==== Subpackages: libgnome-menu-3-0 typelib-1_0-GMenu-3_0 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Setup multiple device paths for a nvmf boot device (bsc#1205666) * 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch - Increase the path buffer in the crypttab command for the long volume name (bsc#1206333) * grub2-increase-crypttab-path-buffer.patch ==== gstreamer ==== Version update (1.20.4 -> 1.20.5) Subpackages: libgstreamer-1_0-0 typelib-1_0-Gst-1_0 - update to 1.20.5: + This release only contains bugfixes and it should be safe to upgrade from 1.20.x. + systemclock waiting fixes for certain 32-bit platforms/libcs + alphacombine: robustness improvements for corner case scenarios + avfvideosrc: Report latency when doing screen capture + d3d11videosink: various thread-safety and stability fixes + decklink: fix performance issue when HDMI signal has been lost for a long time + flacparse: Fix handling of headers advertising 32 bits per sample + mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc) + opengl: fix automatic dispmanx detection for rpi4 and fix usage of eglCreate/DestroyImage + opusdec: Various channel-related fixes + textrender: event handling fixes, esp. for GAP event + subparse: Fix non-closed tag handling + videoscale: fix handling of unknown buffer metas + videosink: reverse playback handling fixes + qtmux: Prefill mode fixes, especially for raw audio + multiudpsink: allow binding to IPv6 address + rtspsrc: - Fix usage of IPv6 connections in SETUP - Only EOS on timeout if all streams are timed out/EOS + splitmuxsrc: fix playback stall if there are unlinked pads + v4l2: Fix SIGSEGV on state change during format changes + wavparse robustness fixes + Fix static linking on macOS (opengl, vulkan) + gstreamer-vaapi: fix headless build against mesa >= 22.3.0 + GStreamer Editing Services library: Fix build with tools disabled + webrtc example/demo fixes + unit test fixes for aesdec and rtpjitterbuffer + Cerbero: Fix ios cross-compile with cmake on M1; some recipe updates and other build fixes + Miscellaneous bug fixes, memory leak fixes, and other stability and reliability improvements + Performance improvements + Changes in gstreamer base package: - allocator: Copy allocator name in gst_allocator_register() - concat: Properly propagate EOS seqnum - fakesrc: avoid time overflow with datarate - Fix build of 1.20 branch with Meson 0.64.1 for those who have hotdoc installed on their system. - gst-inspect: Don't leak list - meson: fix check for pthread_setname_np() - miniobject: support higher refcount values - pads: Fix non-serialized sticky event push, e.g. instant change rate events - padtemplate: Fix annotations - systemclock: Use futex_time64 syscall on x32 and other platforms that always... - -Wimplicit-function-declaration in pthread_setname_np check (missing GNUSOURCE) ==== gstreamer-plugins-bad ==== Version update (1.20.4 -> 1.20.5) Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplay-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstva-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Update to version 1.20.5: + aesdec: - Fix padding removal for per-buffer-padding=FALSE - Fix test failing in gst-plugins-bad + alphacombine: Add missing query handler for gaps + avfdeviceprovider: do not leak the properties + avfvideosrc: Report latency when doing screen capture + d3d11screencapturesrc: Specify PAR 1/1 to template caps + d3d11videosink: - Fixing focus lost on desktop layout change - Call ShowWindow() from window thread - Fix deadlock when parent window is busy - Always clear back buffer on resize + decklink: reset calculation of time_mapping to fix clipping HDMI video + directshow: Fix build error with glib 2.75 and newer + dvbsubenc: - Forward GAP events as-is if we wouldn't produce an end packet - Write Display Definition Segment if a non-default width/height is used + h265decoder: Do not abort when failed to prepare ref pic set + h264parser: Fix a typo in pred_weight_table parsing. + mediafoundation, d3d11: Fix memory leak and make leak tracer happy + mpegts: - Handle when iconv doesn't support ISO 6937 (e.g. musl libc) - Check continuity counter on section streams + mpegtsdemux: Always clear packetizer on DISCONT push mode + srt: various fixes - improve stats and error handling + rtmp2: Improve error messages + rtmp2sink: Correctly return GST_FLOW_ERROR on error + vulkan: Fix static linking on macOS + webrtcbin: also add rtcp-fb ccm fir for video mlines by default + webrtc/nice: fix small leak of split strings ==== gstreamer-plugins-base ==== Version update (1.20.4 -> 1.20.5) Subpackages: libgstallocators-1_0-0 libgstapp-1_0-0 libgstaudio-1_0-0 libgstfft-1_0-0 libgstgl-1_0-0 libgstpbutils-1_0-0 libgstriff-1_0-0 libgstrtp-1_0-0 libgstrtsp-1_0-0 libgstsdp-1_0-0 libgsttag-1_0-0 libgstvideo-1_0-0 typelib-1_0-GstTag-1_0 - Update to version 1.20.5: + audioconvert, audioresample, audiofilter: fix divide by 0 for input buffer without caps + cdparanoia: Ignore compiler warning coming from the cdparanoia header + oggdemux, parsebin: More leak fixes + opengl: - Fix automatic dispmanx detection for rpi4 - Fix usage of eglCreate/DestroyImage - Fix static linking on macOS + Bump core requirement in 1.20 branch to 1.20.4 + oggdemux: Don't leak incoming EOS event + opusdec: Various channel-related fixes + subparse: Fix non-closed tag handling. + textrender: - Don't blindly forward all events and don't blindly forward all events - Negotiate caps on a GAP event if none were negotiated yet + timeoverlay: fix pad leak + videodecoder: Only post latency message if it changed + videoscale: buffer meta handling fixes (NULL-terminate array of valid meta tags) + videosink: Don't return unknown end-time from get_times() ==== gstreamer-plugins-good ==== Version update (1.20.4 -> 1.20.5) Subpackages: gstreamer-plugins-good-gtk - Update to version 1.20.5: + flacparse: Fix handling of headers advertising 32bps + multiudpsink: allow binding to IPv6 address + oss4: Fix debug category initialization + qt5: - Deactivate context if fill_info fails - Initialize GError properly in gst_qt_get_gl_wrapcontext() + qtdemux: - Check return value from gst_structure_get in PIFF box - Use unsigned int types to store result of QT_UINT32 - Prefill mode fixes + rtpjitterbuffer tests: Cast drop-messages-interval type properly (fixing it on 32-bit architectures) + rtspsrc: - Don't replace 404 errors with "no auth protocol found" - Fix seek event leaks - Fix usage of IPv6 connections in SETUP - Only EOS on timeout if all streams are timed out/EOS + splitmuxsrc: don't queue data on unlinked pads + v4l2: Fix SIGSEGV on 'change state' during 'format change' + v4l2videodec: Fix activation of internal pool + wavparse: - Avoid occasional crash due to referencing freed buffer. - Fix crash that occurs in push mode when header chunks are corrupted in certain ways. ==== gtk4 ==== Version update (4.8.2 -> 4.8.3) Subpackages: gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.8.3: + GtkText: - Claim gestures more selectively. - Prevent unexpected notify::direction emissions. + Accessibility: Remember if we don't find the a11y bus. + DND: Prefer file:// urls over other protocols. + GtkMountOperation: Work on Wayland. + GtkListView: Cancel rubberband if not handling drag. + Wayland: Fix button masks. + Windows: Fix resizes with native decorations. + X11: Fix some ordering problems with surface destruction. + Updated translations. ==== gupnp ==== Version update (1.6.2 -> 1.6.3) - Update to version 1.6.3: + Fix handling of deprecated and tentative v6 addresses. + Bugs fixed in this release: - https://gitlab.gnome.org/GNOME/gupnp/issues/82  - https://gitlab.gnome.org/GNOME/gupnp/issues/83 ==== harfbuzz ==== Version update (5.3.1 -> 6.0.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to version 6.0.0: + Add API to pre-process the face and speed up future subsetting operations on that face. Provides up to a 95% reduction in subsetting times when the same face is subset more than once. + Shaping have been speedup by skipping entire lookups when the buffer contents don't intersect with the lookup. Shows up to a 10% speedup in shaping some fonts + The HarfBuzz subsetter can now drop axes by pinning them to specific values (also referred to as instancing) - Drop harfbuzz-5.3.1-Fix_check-symbols_failure.patch: Fixed upstream. ==== imlib2 ==== Version update (1.9.1 -> 1.10.0) Subpackages: imlib2-loaders libImlib2-1 - update to 1.10.0: * Introduce imlib_load_image_fde imlib2_load: Tweak load mode handling Introduce Imlib2_Loader.h - all that is needed by loaders image: Change has alpha flag to separate byte loading: Don't look for cached image when not caching loading: New loader infrastructure * loading: Introduce __imlib_ImageFileContextPush/Pop loading: Centralize mmap handling * Introduce imlib_load_image_mem * imlib2_load: Add option to use imlib_load_image_mem api: Remove cast previously dropped everywhere else Hide imlib_get/set_color_usage() if no X11 api: Move X11 related functions to separate file api: Move filter functions to separate file Enable disabling filter functions api: Move text functions to separate file Enable disabling text functions J2K loader: Drop showing deprecated item in debug message image: Fix memory leak when cloning images Unify basic X11 functionality in test programs Includes tweaks test: Re-generate test images with recent tool/library versions image: Hide internal ImlibImageFileInfo struct image: Don't munmap external memory * Introduce imlib_get_error api: error_return adjustments imlib2_load: Add option to enable image caching image: Fix potential use of uninitialized time stamps PNG loader: Correct frame delay in zero denominator case PNG loader: Cosmetics PNG loader: Improved handling of animated PNGs multiframe: Support loop count PNG loader: Fix animated PNG loading some more autofoo: Fix trouble with test subdirectory in distributed source autofoo: Rework git tag/release stuff test: test_load: Quit when loading primary image fails SVG loader: Don't reference multiframe stuff * ICO loader: Eliminate ico_load autofoo: Use AC_USE_SYSTEM_EXTENSIONS imlib2_view: Fix single frame update rendering test: test_load_2: Check frame 0/1 loading too PNG loader: Cosmetics PS loader: Cosmetics multiframe: Tweaks around frame number handling multiframe: Centralize handling of frame update offsets multiframe: Move frame info to allocated record multiframe: Allocate frame info only when needed PNG loader: Quit scan when target fdAT is seen PNG loader: Quit after loading first frame PNG loader: Simplify update callback handling imlib2_view: Fix multiframe rendering detail multiframe: Remove frame offset from updates imlib2_view: Fix multiframe after update coordinate change imlib2_view: Deal with all pending X events at once imlib2_view: Properly handle caching vs progress callbacks imlib2_view: Don't load bad images twice if first or last in argument list image: Cosmetics * image: Introduce __imlib_LoadEmbeddedMem Add new ani loader * image: Cosmetics ANI loader: Disable progress in embed loader ANI loader: Multiframe suport v1.10.0 Introduce imlib_load_image_frame_mem imlib_load_image_frame_mem(): set nocache TGA loader: fix indexing in tgaflip ==== iproute2 ==== Version update (6.0 -> 6.1) Subpackages: iproute2-bash-completion - update to 6.1: * man: ss.8: fix a typo * testsuite: fix build failure * genl: remove unused vars in Makefile * json: do not escape single quotes * ip-monitor: Do not error out when RTNLGRP_STATS is not available * ip-link: man: Document existence of netns argument in add command * macsec: add Extended Packet Number support * macsec: add user manual description for extended packet number feature * ip: xfrm: support "external" (`collect_md`) mode in xfrm interfaces * ip: xfrm: support adding xfrm metadata as lwtunnel info in routes * ip: add NLM_F_ECHO support * libnetlink: add offset for nl_dump_ext_ack_done * tc/tc_monitor: print netlink extack message * rtnetlink: add new function rtnl_echo_talk() * ip: fix return value for rtnl_talk failures * iplink_bridge: Add no_linklocal_learn option support * devlink: use dl_no_arg instead of checking dl_argc == 0 * devlink: remove dl_argv_parse_put * mnlg: remove unnused mnlg_socket structure * utils: extract CTRL_ATTR_MAXATTR and save it * devlink: expose nested devlink for a line card object * devlink: load port-ifname map on demand * devlink: fix parallel flash notifications processing * devlink: move use_iec into struct dl * devlink: fix typo in variable name in ifname_map_cb() * devlink: load ifname map on demand from ifname_map_rev_lookup() as well * dcb: unblock mnl_socket_recvfrom if not message received * libnetlink: Fix memory leak in __rtnl_talk_iov() * tc_util: Fix no error return when large parent id used * tc_util: Change datatype for maj to avoid overflow issue * ss: man: add missing entries for MPTCP * ss: man: add missing entries for TIPC * ss: usage: add missing parameters * ss: re-add TIPC query support * devlink: Fix setting parent for 'rate add' * link: display 'allmulti' counter * seg6: add support for flavors in SRv6 End* behaviors * tc: ct: Fix invalid pointer dereference * uapi: update from 6.1 pre rc1 * u32: fix json formatting of flowid * tc_stab: remove dead code * uapi: update for in.h and ip.h * remove #if 0 code * tc: add json support to size table * tc: put size table options in json object * tc/basic: fix json output filter * iplink: support JSON in MPLS output * tc: print errors on stderr * ip: print mpls errors on stderr * tc: make prefix const * man: add missing tc class show * iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays * ip link: add sub-command to view and change DSA conduit interface ==== kernel-firmware ==== Version update (20221130 -> 20221216) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20221216 (git commit c9c19583f717): * rtw89: 8852c: update fw to v0.27.56.9 * rtw89: 8852c: update fw to v0.27.56.8 * amdgpu: updated navi10 firmware for amd-5.4 * amdgpu: updated yellow carp firmware for amd-5.4 * amdgpu: updated raven2 firmware for amd-5.4 * amdgpu: updated raven firmware for amd-5.4 * amdgpu: updated PSP 13.0.8 firmware for amd-5.4 * amdgpu: updated GC 10.3.7 RLC firmware for amd-5.4 * amdgpu: updated vega20 firmware for amd-5.4 * amdgpu: updated PSP 13.0.5 firmware for amd-5.4 * amdgpu: add VCN 4.0.0 firmware for amd-5.4 * amdgpu: add SMU 13.0.0 firmware for amd-5.4 * amdgpu: Add SDMA 6.0.0 firmware for amd-5.4 * amdgpu: add PSP 13.0.0 firmware for amd-5.4 * amdgpu: add GC 11.0.0 firmware for amd-5.4 * amdgpu: add DCN 3.2.0 firmware for amd-5.4 * amdgpu: updated vega10 firmware for amd-5.4 * amdgpu: updated beige goby firmware for amd-5.4 * amdgpu: updated dimgrey cavefish firmware for amd-5.4 * amdgpu: updated vangogh firmware for amd-5.4 * amdgpu: updated picasso firmware for amd-5.4 * amdgpu: updated navy flounder firmware for amd-5.4 * amdgpu: updated green sardine firmware for amd-5.4 * amdgpu: updated sienna cichlid firmware for amd-5.4 * amdgpu: updated arcture firmware for amd-5.4 * amdgpu: updated navi14 firmware for amd-5.4 * amdgpu: updated renoir firmware for amd-5.4 * amdgpu: updated navi12 firmware for amd-5.4 * amdgpu: updated aldebaran firmware for amd-5.4 * sr150 : Add NXP SR150 UWB firmware * brcm: add/update firmware files for brcmfmac driver * rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x75b8_f098 ==== kernel-source ==== Version update (6.0.12 -> 6.1.1) - Linux 6.1.1 (bsc#1012628). - KEYS: encrypted: fix key instantiation with user-provided data (bsc#1012628). - cifs: fix oops during encryption (bsc#1012628). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (bsc#1012628). - usb: typec: ucsi: Resume in separate work (bsc#1012628). - igb: Initialize mailbox message for VF reset (bsc#1012628). - staging: r8188eu: fix led register settings (bsc#1012628). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (bsc#1012628). - USB: serial: f81534: fix division by zero on line-speed change (bsc#1012628). - USB: serial: f81232: fix division by zero on line-speed change (bsc#1012628). - USB: serial: cp210x: add Kamstrup RF sniffer PIDs (bsc#1012628). - USB: serial: option: add Quectel EM05-G modem (bsc#1012628). - usb: gadget: uvc: Prevent buffer overflow in setup handler (bsc#1012628). - udf: Fix extending file within last block (bsc#1012628). - udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1012628). - udf: Fix preallocation discarding at indirect extent boundary (bsc#1012628). - udf: Discard preallocation before extending file with a hole (bsc#1012628). - irqchip/ls-extirq: Fix endianness detection (bsc#1012628). - mips: ralink: mt7621: do not use kzalloc too early (bsc#1012628). - mips: ralink: mt7621: soc queries and tests as functions (bsc#1012628). - mips: ralink: mt7621: define MT7621_SYSC_BASE with __iomem (bsc#1012628). - PCI: mt7621: Add sentinel to quirks table (bsc#1012628). - libbpf: Fix uninitialized warning in btf_dump_dump_type_data (bsc#1012628). - x86/vdso: Conditionally export __vdso_sgx_enter_enclave() (bsc#1012628). - commit 181a470 - tcp: Add TIME_WAIT sockets in bhash2 (bsc#1206466). - commit d8defbe - series.conf: cleanup - update upstream reference and resort: - patches.suse/NFSD-fix-use-after-free-in-__nfs42_ssc_open.patch - commit bf66071 - io_uring/net: ensure compat import handlers clear free_iov (bsc#1206509). - commit 747fc96 - NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209 CVE-2022-4379). - commit 338ca73 - series.conf: cleanup - update upstream references and move into sorted section: - patches.suse/char-xillybus-Fix-trivial-bug-with-mutex.patch - patches.suse/char-xillybus-Prevent-use-after-free-due-to-race-con.patch - patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch - patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch - commit 7f1864f - mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359). - Delete patches.suse/Revert-mm-add-merging-after-mremap-resize.patch. - commit 3440c9c - mm, mremap: fix mremap() expanding vma with addr inside vma (bsc#1206359). - commit b61d296 - Revert "mm: add merging after mremap resize" (bsc#1206335). - commit 52313a4 - series.conf: remove stale comment - commit ab17686 - Refresh patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch. - Refresh patches.suse/can-slcan-fix-freed-work-crash.patch. Update upstream status. - commit a6c4f4e - Update to 6.1 final - refresh configs (headers only) - commit d1335c0 - Delete patches.suse/Input-synaptics-retry-query-upon-error.patch. The patch is not needed (bsc#1194086 comment 50). - commit d03b675 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch. Not needed anymore. kernel-firmware contains -72s since 06dbfbc74388 released in 20221109 already. - commit e1d0837 - Delete patches.suse/drm-sched-Fix-kernel-NULL-pointer-dereference-error.patch. This can be dropped thanks to commit bafaf67c42f4 (Revert "drm/sched: Use parent fence instead of finished") in v6.1-rc1. - commit 15d1c2b - Refresh patches.suse/media-dvb-core-Fix-UAF-due-to-refcount-races-at-rele.patch. Update upstream status. - commit d504053 - Delete patches.suse/dm-mpath-no-partitions-feature. (bsc#1189976) - commit e544c6d - Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch. Update to final version and update upstream status. ... changelog too long, skipping 8 lines ... - commit 900ecbb ==== libICE ==== Version update (1.1.0 -> 1.1.1) - update to 1.1.1: * ICEmsg: Fix C++ interoperability error due to static_assert define - drop U_ICEmsg-Fix-C-interoperability-error-due-to-static_as.patch (upstream) ==== libSM ==== Version update (1.2.3 -> 1.2.4) - update to 1.2.4: * Handle arrays too large to fit in iceConn buffers * v2: Raise required libICE version to 1.1.0 to get the updated * IceGetHeaderExtra macro definition needed for this to work correctly. * Fix some potential memory leaks in SmcCloseConnection(). * Add uuid as private dependency to sm.pc for static linking * Build xz tarballs instead of bzip2 * Fix spelling/wording issues ==== libXau ==== Version update (1.0.10 -> 1.0.11) - update to 1.0.11: configure: Use AC_SYS_LARGEFILE to enable large file support - modernize spec file, install license into licensedir ==== libarchive ==== Version update (3.6.1 -> 3.6.2) - update to 3.6.2 (bsc#1205629, CVE-2022-36227) * NULL pointer dereference vulnerability in archive_write.c * include ZSTD in Windows builds (#1688) * SSL fixes on Windows (#1714, #1723, #1724) * rar5 reader: fix possible garbled output with bsdtar -O (#1745) * mtree reader: support reading mtree files with tabs (#1783) * various small fixes for issues found by CodeQL ==== libbpf ==== Version update (1.0.1 -> 1.1.0) - update to v1.1.0: User space-side features and APIs: * user-space ring buffer (BPF_MAP_TYPE_USER_RINGBUF) support; * new documentation page listing all recognized SEC() definitions; * BTF dedup improvements: * unambiguous fwd declaration resolution for structs and unions; * better handling of some corner cases with identical structs and arrays; * mixed enum and enum64 forward declaration resolution logic; * bpf_{link,btf,pro,mapg}_get_fd_by_id_opts() and bpf_get_fd_by_id_opts() APIs; * libbpf supports loading raw BTF for BPF CO-RE from known search paths; * support for new cgroup local storage (BPF_MAP_TYPE_CGRP_STORAGE); * libbpf will only add BPF_F_MMAPABLE flag for data maps with global (i.e., non-static) vars; * latest Linux UAPI headers with lots of changes synced into include/uapi/linux. BPF-side features and APIs; * BPF_PROG2() macro added that supports struct-by-value arguments; * new BPF helpers: * bpf_user_ringbuf_drain(); * cgrp_storage_get() and cgrp_storage_delete(). Bug fixes * better handling of padding corner cases; * btf__align_of() determines packed structs better now; * improved handling of enums of non-standard sizes; * USDT spec parsing improvements; * overflow handling fixes for ringbufs; * Makefile fixes to support cross-compilation for 32-bit targets; * fix crash if SEC("freplace") programs don't have attach_prog_fd set; * better handling of file existence checks when running as non-root with enhanced capabilities; * a bunch of small fixes: * ELF handling improvements; * fix memory leak in USDT argument parsing logic; * fix NULL dereferences in few corner cases; * improved netlink attribute iteration handling. - drop libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch, libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch, libbpf-Fix-memory-leak-in-parse_usdt_arg.patch libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch (upstream) ==== libcloudproviders ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== libfontenc ==== Version update (1.1.6 -> 1.1.7) - update to 1.1.7: * configure: Use AC_SYS_LARGEFILE to enable large file support ==== libgnomesu ==== Subpackages: libgnomesu0 - Migration of PAM settings to /usr/lib/pam.d. ==== libgtop ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== libjxl ==== - Add patch (applied reversed) to revert the requirement for an updated liblcms2 library when we have an older one. This allows libjxl to build in SLE15 SP4/SP5 (and Leap 15.4/15.5): * 0001-Remove-LCMS-mutex.patch ==== libpsl ==== Version update (0.21.1 -> 0.21.2) - update to 0.21.2: * Increased internal label size * Fix undefined behavior in library code * Ensure that calls to fopen() and stat() can handle largefiles - add multibuild definition ==== libpwquality ==== Version update (1.4.4 -> 1.4.5) Subpackages: libpwquality-tools libpwquality1 pam_pwquality - Update to version 1.4.5: + Minor bug fixes and documentation enhancements. + Updated translations. ==== libqt5-qtwebengine ==== Version update (5.15.11 -> 5.15.12) - Update to version 5.15.12: * Bump version to 5.15.12 * Update Chromium: * Bump V8_PATCH_LEVEL * Fixup for patch for CVE-2022-3200 on OpenSuse 15.1 * Fixup the patch for CVE-2022-3200 on 87-based / 5.15 * [Backport] CVE-2022-3038: Use after free in Network Service * [Backport] CVE-2022-3040: Use after free in Layout * [Backport] CVE-2022-3041: Use after free in WebSQL * [Backport] CVE-2022-3046: Use after free in Browser Tag * [Backport] CVE-2022-3075: Insufficient data validation in Mojo * [Backport] CVE-2022-3196: Use after free in PDF * [Backport] CVE-2022-3197: Use after free in PDF * [Backport] CVE-2022-3198: Use after free in PDF * [Backport] CVE-2022-3199: Use after free in Frames. * [Backport] CVE-2022-3200: Heap buffer overflow in Internals * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2) * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2) * [Backport] CVE-2022-3304: Use after free in CSS * [Backport] CVE-2022-3370: Use after free in Custom Elements * [Backport] CVE-2022-3373: Out of bounds write in V8 * [Backport] CVE-2022-3445: Use after free in Skia. * [Backport] CVE-2022-3446 and CVE-2022-35737 * [Backport] CVE-2022-3885: Use after free in V8 * [Backport] CVE-2022-3887: Use after free in Web Workers * [Backport] CVE-2022-3889: Type Confusion in V8 * [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad * [Backport] CVE-2022-4174: Type Confusion in V8 * [Backport] CVE-2022-4180: Use after free in Mojo * [Backport] CVE-2022-4181: Use after free in Forms * [Backport] CVE-2022-4262: Type Confusion in V8 * [Backport] Security bug 1356308 * [Backport] Security bug 1378916 * [Backport] Security bugs 1346938 and 1338114 ==== librepo ==== Version update (1.14.5 -> 1.15.1) - update to 1.15.1: * Add API support for waiting on network in an event driven manner * OpenPGP API extension and fixes - lincense updated to LGPL-2.1-or-later ==== libstorage-ng ==== Version update (4.5.56 -> 4.5.57) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Macedonian) (bsc#1149754) - 4.5.57 ==== libxkbfile ==== Version update (1.1.1 -> 1.1.2) - update to 1.1.2: * configure: Use AC_SYS_LARGEFILE to enable large file support - modernize spec file, install license to licensedir ==== libxshmfence ==== Version update (1.3.1 -> 1.3.2) - update to 1.3.2: * configure: Use AC_SYS_LARGEFILE to enable large file support - spec file modernisation, add license and README ==== lsof ==== Version update (4.96.4 -> 4.96.5) - update to 4.96.5: * Avoid C89-only constructs is Configure - drop format.patch, now upstream ==== lua54 ==== - Added more numbered patches from upstream: * luabugs8.patch * luabugs9.patch ==== mdadm ==== - mdadm.spec: create the following symbolic link in /sbin for compatibility, /sbin/mdadm -> /usr/sbin/mdadm /sbin/mdmon -> /usr/sbin/mdmon (jsc#PED-1009, jsc#PED-947) ==== mpc ==== Version update (1.3.0 -> 1.3.1) - Update to version 1.3.1: * Bug fix: It is again possible to include mpc.h without including stdio.h. - drop mpc-1.3.0-gmpdep.patch ==== nftables ==== Version update (1.0.5 -> 1.0.6) Subpackages: libnftables1 python3-nftables - Update to release 1.0.6 * Fix bytecode generation for concatenation of intervals where selectors use different byteorder datatypes, e.g. IPv4 (network byte order). * Fix match of uncommon protocol matches with raw expressions * Unbreak insertion of rules with intervals ("sport { 3478-3497, 16384-16387 }") ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0 - Update iscsid.service so it starts iscsid.socket, if needed (bsc#1206132). - Updated SPEC file dependencies for libopeniscsiusr to avoid conflicting package installation. ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Migration of PAM settings to /usr/lib/pam.d. ==== openblas_pthreads ==== - Fix aarch64 builds with GCC < 9 (i.e. Leap/SLE 15.x), disable NEOVERSEN2 target. See gh#xianyi/OpenBLAS#3874. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - Adapt OpenSSH to build with OpenSSL 3, use new KDF API (bsc#1205042) Add openssh-openssl-3.patch ==== pam ==== - Also obsolete pam_unix-32bit to have clean upgrade path. - Merge pam_unix back into pam, seperate package not needed anymore - Update pam-git.diff to current upstream - pam_env: Use vendor specific pam_env.conf and environment as fallback - pam_shells: Use the vendor directory obsoletes pam_env_econf.patch - Refresh docbook5.patch ==== pam-full-src ==== - Also obsolete pam_unix-32bit to have clean upgrade path. - Merge pam_unix back into pam, seperate package not needed anymore - Update pam-git.diff to current upstream - pam_env: Use vendor specific pam_env.conf and environment as fallback - pam_shells: Use the vendor directory obsoletes pam_env_econf.patch - Refresh docbook5.patch ==== pangomm1_4 ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== permissions ==== Version update (1599_20220912 -> 1599_20221220) Subpackages: chkstat permissions-config - Update to version 20221220: * profiles: remove outdated kdesud, apptainer entries ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to remember last routing after a reboot (glfo#pipewire/pipewire#2893): * 0001-alsa-dont-set--1-as-node.target.patch ==== policycoreutils ==== Subpackages: policycoreutils-python-utils python3-policycoreutils - Use %_pam_vendordir - Error in spec file: No "config" tag in "/usr/ should be used. - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== publicsuffix ==== Version update (20220903 -> 20221129) - Update to version 20221129: * util: gTLD data autopull updates for 2022-11-29T15:14:18 UTC (#1658) * Add activetrail.biz (#1655) * Add `cf-ipfs.com`, `cloudflare-ipfs.com`, and `r2.dev` (#1582) * Added mytabit.co.il; mytabit.com; (#1499) * removing tbits.me from public suffix list (#1642) - Update to version 20221107: * Add myamaze.net (#1602) * Remove gwiddle.co.uk (#1638) * Removing domain that expired and is not used (#1643) * util: gTLD data autopull updates for 2022-11-02T15:17:39 UTC (#1641) * Fix typos in pull request template (#1639) * util: gTLD data autopull updates for 2022-10-29T15:16:24 UTC (#1636) * util: gTLD data autopull updates for 2022-10-20T15:22:14 UTC (#1632) * util: gTLD data autopull updates for 2022-10-15T15:17:50 UTC (#1631) * Use CentralNic model for Amazon suffixes (#1629) * Names.of.London is no longer operating the service (#1630) * Domains from simplesite.com used for subdomain style webhosting of individual customer websites. (#1623) * Add Fastmail user content domain user.fm (#1601) * util: gTLD data autopull updates for 2022-10-11T15:20:32 UTC (#1626) * util: gTLD data autopull updates for 2022-10-07T15:19:56 UTC (#1624) * Add *.on-acorn.io (#1578) * Update existing Replit entries, add `firewalledreplit.co` (#1568) * Add 2.azurestaticapps.net DNS suffix (#1604) * Update Pull Request Form to address #1619 * Add rules for AWS Cloud9 (#1590) * util: gTLD data autopull updates for 2022-09-15T15:17:33 UTC (#1615) ==== python-Beaker ==== Version update (1.11.0 -> 1.12.0) - Update to 1.12.0: * Enabled testing on Python 3.10 and 3.11 * Fixed issue #122 - Session ignores deserializer json * Remove ID generation fallback for when the uuid module is not found * Port testing from nose to pytest * Fixed issue #180 - KeyError when loading deleted session - Remove Python 2 and Python 3 gubbins. - Remove patch denose.patch, merged upstream. - Add patch support-pymemcache.patch: * Also support pymemcache. - Fiddle BuildRequires as appropiate. ==== python-h2 ==== - add fix-repr-checks-for-py311.patch ==== python-httpcore ==== Version update (0.15.0 -> 0.16.3) - Update to 0.16.3 * Allow ws and wss schemes. Allows us to properly support websocket upgrade connections. (#625) * Forwarding HTTP proxies use a connection-per-remote-host. Required by some proxy implementations. (#637) * Don't raise RuntimeError when closing a connection pool with active connections. Removes some error cases when cancellations are used. (#631) * Lazy import anyio, so that it's no longer a hard dependancy, and isn't imported if unused. (#639) - Add httpcore-allow-deprecationwarnings-test.patch gh#encode/httpcore#511, gh#agronholm/anyio#470 - update to 0.16.2: * Revert 'Fix async cancellation behaviour', which introduced race conditions * Raise RuntimeError if attempting to us UNIX domain sockets on Windows * Fix HTTP/1.1 interim informational responses, such as "100 Continue" * Support HTTP/1.1 informational responses. * Fix async cancellation behaviour. * Support h11 0.14 ==== python-jsonschema ==== - Create subpackages for [format] and [format-nongpl] extras * required by the tests for python-jupyter-server - Test in _multibuild in order to check that the rpm requirements are set correctly ==== python-urllib3 ==== Version update (1.26.12 -> 1.26.13) - update to 1.26.13 * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. ==== raspberrypi-firmware ==== Version update (2022.11.18 -> 2022.12.12) - Update to 0a7ea702 (2022-12-12): * firmware: arm_loader: PWM1 is not available on GPIO 45 * firmware: power: Always read the uncached voltage for AIN and USB_PD See: https://forums.raspberrypi.com/viewtopic.php?p=2059832#p2059832 * firmware: Use new SDHCI controller instead of legacy arasan See: #1763 ==== raspberrypi-firmware-config ==== Version update (2022.11.18 -> 2022.12.12) - Update to 0a7ea702 (2022-12-12): * firmware: arm_loader: PWM1 is not available on GPIO 45 * firmware: power: Always read the uncached voltage for AIN and USB_PD See: https://forums.raspberrypi.com/viewtopic.php?p=2059832#p2059832 * firmware: Use new SDHCI controller instead of legacy arasan See: #1763 ==== redis ==== Version update (7.0.5 -> 7.0.7) - Update to version 7.0.7 * Fix regression from Redis 7.0.6 in distance replies of Geo commands (#11631) - Update to version 7.0.6: * RM_ResetDataset module API should not clear the functions * RM_Call module API used with the "C" flag to run scripts, would now cause the commands in the script to check ACL with the designated user * Geo commands speedups * Fix EVAL command performance regression from Redis 7.0 * Reduce EXPIRE commands performance regression from Redis 7.0 * Optimize commands returning double values, mainly affecting zset commands * Optimize Lua parsing of some command responses * Optimize client memory usage tracking operation while client eviction is disabled * Multiple bug fixes for crashes, hangs, and incorrect behavior - drop cve-2022-3647.patch now upstream ==== rpm ==== Subpackages: librpmbuild9 - switch to pkgconfig(zlib) so that alternative providers can be used ==== samba ==== Version update (4.17.3+git.283.2157972742b -> 4.17.4+git.300.305b22bfce) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-client samba-client-libs samba-libs samba-libs-python3 samba-python3 - Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); * Prevent EBADF errors with vfs_glusterfs; (bso#15198); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Stack smashing in net offlinejoin requestodj; (bso#15257); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); - Remove deprecated if-{down,up} scripts; (bsc#1206444); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== screen ==== - Use %_pam_vendordir - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== sddm ==== Subpackages: sddm-branding-openSUSE - Move dbus-1 system.d conf file to /usr (bsc#1206348) ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Take systemd units off the restart list that have RefuseManualStart=yes [boo#1206592] - Add symvers.patch [boo#1206592] ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-doc udev - Fix systemd-coredump to not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415) Add 5000-coredump-adjust-whitespace.patch Add 5001-coredump-do-not-allow-user-to-access-coredumps-with-.patch ==== tcl ==== - bsc#1206623, tcl-string-compare.patch: Fix a bug in string comparison on big endian that made test string-2.20.1 fail. ==== tuned ==== Version update (2.18.0.8+git.6f907c9 -> 2.19.0.29+git.b894a3e) - Update to version 2.19.0.29+git.b894a3e: * Fix for catching exceptions in profile loader. * Add new cpu-partitioning-powersave profile * Add CodeQL workflow for GitHub code scanning * Fixed sysvinit path * systemd: relax polkit requirement * realtime-virtual-*: Tune priority of new ktimers threads * hpc-compute profile: Remove vm.hugepages_treat_as_movable * fix spelling error * Profile openshift: increase fs.aio-max-nr tunable * new release (2.19.0) * packit: s/synced_files/files_to_sync/ * packit: metadata field is no longer needed * packit: build SRPM in Copr * profiles: drop sched_ tuning from openshift-control-plane * new release (2.19.0-rc.1) * builtin functions: added calc_isolated_cores function * spec: dropped weak deps where not needed * Update tuned-adm.bash * TuneD plug-in documentation. * Adding mtu command to net plugin * openshift profile: tuning for NVMe devices * Add version/help command automatic complete * Do not hardcode disk name in tuned initrd path. * bootloader: cmdline parser change and fixed escaping * Fix in polkit authorization. * realtime: Set tsc as 'reliable' * recommend: do not ignore syspurpose_role if there is no syspurpose * Fixing arguments in disk plugin method * Default delimiters causing errors in some specific situations, inline comments * gui: fixed possible traceback in the save_profile * Striping quotes when unpacking cpu list * profiles: improve regexes to match kernel threads ==== util-linux ==== Version update (2.37.4 -> 2.38.1) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - restore lsblk and lslogins as well - reinstanciate logger - Fix /usr/bin/findmnt to be in only one package (bsc#1206347) - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch - Convert the build back to per-parts build, just use multibuild. - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Do not set SUID permissions for util-linux-mini. - Fix pam directory for the staging package. - Add util-linux-rpmlintrc removing unneeded warnings. - Update to version 2.38.1: * column: fix buffer overflow when -l specified, fix greedy mode on -l * dmesg: fix --since and --until * libmount: when moving a mount point, all sub mount entries in utab should also be updated (bsc#1198731) * libuuid: improve cache handling (bsc#1201959, PED-1150) * lsblk: fix JSON output when without --bytes * lsfd:fix crash triggered by an empty filter expression * sulogin: fix includes (obsoletes linux-fs.patch) * Many other fixes, improvements and code cleanup. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes - Fix some rpmlintrc warnings and remove util-linux-rpmlintrc. - Update to version 2.38: * first release with translated util-linux man-pages * mount: new options --mkdir as shortcut for X-mount.mkdir * mount, libmount: new mount options X-mount.subdir= * lsfd: new command * dmesg: new option --json to print kernel log in JSON format * libfdisk: improved to set correct CHS addresses in MBR * fstrim: ignores all /ect/fstab entries with X-fstrim.notrim (jsc#SLE-17942) * hardlink: now supports reflinks and new option --method= * hwclock: new command line options --param-get and --param-set * irqtop: new option --cpu-stat * libblkid: supports zoned disks for btrfs * lsblk: new options --noempty to ignore all devices with zero size, and --zoned to print information about zones * mkswap: new option --quiet * nsenter: new option --wdns to change working directory within namespace * rename: new options --all and --last to replace all or last occurrences of expression rather than the first one * su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE and RLIMIT_NOFILE reourse limits. * unshare: new options --map-users= and --map-groups= to map block of group IDs; new option --map-auto to map the first block of user IDs owned by the effective user from /etc/subuid * wdctl: new options --setpregovernor to set pre-timeout governor name, and --setpretimeout to set watchdog pre-timeout in seconds * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes - Changed packaging style from multi spec build to multibuild with python multi-flavor build (PED-1007). Advantages: * Easily prevents bootstrap build loops. * No artificial package splitting needed any more. * Less complicated spec file. * Can run full test suite. * python*-libmount available for more python versions. * Enable asciidoctor to build documentation. * Enable support for libmagic. * Turn technically incorrect Recommends to Requires. - Fix rpmling warning by setting attr for clock.txt ghost file. - Drop upstreamed util-linux-sulogin4bsc1175514.patch ==== util-linux-systemd ==== Version update (2.37.4 -> 2.38.1) - restore lsblk and lslogins as well - reinstanciate logger - Fix /usr/bin/findmnt to be in only one package (bsc#1206347) - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - Add util-linux-fix-tests-when-at-symbol-in-path.patch - Convert the build back to per-parts build, just use multibuild. - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Do not set SUID permissions for util-linux-mini. - Fix pam directory for the staging package. - Add util-linux-rpmlintrc removing unneeded warnings. - Update to version 2.38.1: * column: fix buffer overflow when -l specified, fix greedy mode on -l * dmesg: fix --since and --until * libmount: when moving a mount point, all sub mount entries in utab should also be updated (bsc#1198731) * libuuid: improve cache handling (bsc#1201959, PED-1150) * lsblk: fix JSON output when without --bytes * lsfd:fix crash triggered by an empty filter expression * sulogin: fix includes (obsoletes linux-fs.patch) * Many other fixes, improvements and code cleanup. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38.1-ReleaseNotes - Fix some rpmlintrc warnings and remove util-linux-rpmlintrc. - Update to version 2.38: * first release with translated util-linux man-pages * mount: new options --mkdir as shortcut for X-mount.mkdir * mount, libmount: new mount options X-mount.subdir= * lsfd: new command * dmesg: new option --json to print kernel log in JSON format * libfdisk: improved to set correct CHS addresses in MBR * fstrim: ignores all /ect/fstab entries with X-fstrim.notrim (jsc#SLE-17942) * hardlink: now supports reflinks and new option --method= * hwclock: new command line options --param-get and --param-set * irqtop: new option --cpu-stat * libblkid: supports zoned disks for btrfs * lsblk: new options --noempty to ignore all devices with zero size, and --zoned to print information about zones * mkswap: new option --quiet * nsenter: new option --wdns to change working directory within namespace * rename: new options --all and --last to replace all or last occurrences of expression rather than the first one * su: now resets RLIMIT_AS, RLIMIT_{NICE,RTPRIO}, RLIMIT_FSIZE and RLIMIT_NOFILE reourse limits. * unshare: new options --map-users= and --map-groups= to map block of group IDs; new option --map-auto to map the first block of user IDs owned by the effective user from /etc/subuid * wdctl: new options --setpregovernor to set pre-timeout governor name, and --setpretimeout to set watchdog pre-timeout in seconds * Many other new features and fixes. For the complete list see https://www.kernel.org/pub/linux/utils/util-linux/v2.38/v2.38-ReleaseNotes - Changed packaging style from multi spec build to multibuild with python multi-flavor build (PED-1007). Advantages: * Easily prevents bootstrap build loops. * No artificial package splitting needed any more. * Less complicated spec file. * Can run full test suite. * python*-libmount available for more python versions. * Enable asciidoctor to build documentation. * Enable support for libmagic. * Turn technically incorrect Recommends to Requires. - Fix rpmling warning by setting attr for clock.txt ghost file. - Drop upstreamed util-linux-sulogin4bsc1175514.patch - Use %_pam_vendordir ==== vim ==== Version update (9.0.1040 -> 9.0.1107) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1107, fixes the following problems * build fails if the compiler doesn't allow for a declaration right after "case". * ASAN complains about NULL argument. * Can add text property with negative ID before virtual text property. * With the +vartabs feature indent folding may use wrong 'tabstop'. * Leaking memory when defining a user command fails. * The "kitty" terminfo entry is not widespread, resulting in the kitty terminal not working properly. * Using "->" with split lines does not always work. * Some jsonc files are not recognized. * Empty and comment lines in a class cause an error. * Code handling low level MS-Windows events cannot be tested. * Compiler warns for uninitialized variable. * Display wrong in Windows terminal after exiting Vim. * Autocommand test sometimes fails. * Clang warns for unused variable. * unnessary assignment * FHIR Shorthand files are not recognized. * Assignment to non-existing member causes a crash. (Yegappan Lakshmanan) * Search error message doesn't show used pattern. * Using freed memory of object member. (Yegappan Lakshmanan) * Compiler warning when HAS_MESSAGE_WINDOW is not defined. * Using freed memory when declaration fails. (Yegappan Lakshmanan) * Reallocating hashtab when the size didn't change. * Tests are failing. * Code uses too much indent. * Trying to resize a hashtab may cause a problem. - Updated to version 9.0.1075, fixes the following problems * refreshed vim-7.4-highlight_fstab.patch * Test for mapping with CmdlineChanged fails. * Cannot define a method in a class. * ASAN gives false alarm about array access. * Macro has confusing name and is duplicated. * Setting window height using Python may cause errors. * In a class object members cannot be initialized. * Class method disassemble test fails on MS-Windows. * Matchparen is slow. * With "screenline" in 'culopt' cursorline highlight is wrong. * Crash when opening a very small terminal window. * Using freed memory when assigning to variable twice. * After a failed CTRL-W ] next command splits window. * Using freed memory on exit when EXITFREE is defined. * Default constructor arguments are not optional. * Object member can't get type from initializer. * Coverity warns for using uninitialized memory. * Leaking memory when disassembling an object method. * Conflict between supercollider and scala filetype detection. * String value of class and object do not have useful information. * Build failure with some compilers that can't handle a declaration directly after a "case" statement. * Cannot display 'showcmd' somewhere else. * Some test function names do not match what they are doing. * When using Kitty a shell command may mess up the key protocol state. * Code for making 'shortmess' temporarily empty is repeated. * A shell command switching screens may still have a problem with the kitty keyboard protocol. * Test function name is wrong. * In diff mode virtual text is highlighted incorrectly. (Rick Howe) * No information about whether requesting term codes has an effect. * Diff mode highlight fails for special characters. * Reading beyond array size. * Codecov action version is too specific. * screenpos() column result in fold may be too small. * Using "xterm-kitty" for 'term' causes problems. * Class members are not supported yet. * build fails if the compiler doesn't allow for a declaration right after "case". ==== vulkan-loader ==== Version update (1.3.231.0 -> 1.3.236.0) - Update to release SDK-1.3.236.0 * Fix cases where OOM was handled wrong * Null check vk_icdGetPhysicalDeviceProcAddr ==== vulkan-tools ==== Version update (1.3.231 -> 1.3.236.0) - Update to release SDK-1.3.236.0 * vulkaninfo: Add Driver Version handling - Delete 0001-cubepp-Fix-presentKHR-assert.patch (merged) ==== webkit2gtk3 ==== Version update (2.38.2 -> 2.38.3) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.38.3 (boo#1206474): + Fix runtime critical warnings from media player. + Fix network process crash when fetching website data on ephemeral session. + Fix the build with Ruby 3.2. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-42856. - Drop b7ac5d0c.patch: fixed upstream. ==== wicked ==== Version update (0.6.70 -> 0.6.71) Subpackages: wicked-service - version 0.6.71 - dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) - schema: fix the ip rule to-selector to handle network prefixes ==== xcb-util ==== Version update (0.4.0 -> 0.4.1) - update to 0.4.1: * Add standard X.Org package changes to autogen.sh * Build xz tarballs instead of bzip2 * Clean up some compiler warnings from clang * Do updates for migration to gitlab ==== xf86-input-joystick ==== Version update (1.6.3 -> 1.6.4) - Update to version 1.6.4 * Fix quoting in man page synopsis section * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * gitlab CI: stop requiring Signed-off-by in commits * autogen.sh: Implement GNOME Build API * autogen.sh: use quoted string variables * Adapt to USB HID header changes on NetBSD-8.99.9. * autogen: add default patch prefix * configure: Drop AM_MAINTAINER_MODE * autogen.sh: use exec instead of waiting for configure to finish ==== xf86-video-vesa ==== Version update (2.5.0 -> 2.6.0) - update to 2.6.0: * Refuse to run if framebuffer or dri devices are present * VESAValidMode: remove duplicate call to VESAGetRec * VESADGASetMode: remove unused variable scrnIdx * Build xz tarballs instead of bzip2 ==== xkbcomp ==== Version update (1.4.5 -> 1.4.6) - update to 1.4.6: * configure: Use AC_SYS_LARGEFILE to enable large file support * suppress four more warnings when 'warningLevel' is zero * suppress the "Could not resolve" warning when 'warningLevel' is zero * man page: remove out-of-date COPYRIGHT section * Build xz tarballs instead of bzip2 * Fix "upercase" typo ==== xorg-x11-server ==== Version update (21.1.4 -> 21.1.6) Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - Update to version xorg-server-21.1.6: * xserver 21.1.6 * Xext: fix invalid event type mask in XTestSwapFakeInput * xkb: fix some possible memleaks in XkbGetKbdByName * xkb: proof GetCountedString against request length attacks * xquartz: Fix some formatting * XQuartz: stub: Call LSOpenApplication instead of fork()/exec() - drop the following upstream patches: U_xkb-proof-GetCountedString-against-request-length-at.patch U_xkb-fix-some-possible-memleaks-in-XkbGetKbdByName.patch - Update to version xorg-server-21.1.5: * xkb: reset the radio_groups pointer to NULL after freeing it * Xi: avoid integer truncation in length check of ProcXIChangeProperty * Xi: return an error from XI property changes if verification failed * Xext: free the screen saver resource when replacing it * Xext: free the XvRTVideoNotify when turning off from the same client * Xi: disallow passive grabs with a detail > 255 * Xtest: disallow GenericEvents in XTestSwapFakeInput * meson: Don't build COMPOSITE for XQuartz * xquartz: Move default applications list outside of the main executable * xquartz: Remove unused macro (X11LIBDIR) - drop the following upstream patches: U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch ==== xwayland ==== Version update (22.1.5 -> 22.1.7) - Update to version 22.1.7 * This release fixes an invalid event type mask in XTestSwapFakeInput which was inadvertently changed from octal 0177 to hexadecimal 0x177 in the fix for CVE-2022-46340. - Update to version 22.1.6: * Fixes CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, CVE-2022-4283. * Xtest: disallow GenericEvents in XTestSwapFakeInput * Xi: disallow passive grabs with a detail > 255 * Xext: free the XvRTVideoNotify when turning off from the same client * Xext: free the screen saver resource when replacing it * Xi: return an error from XI property changes if verification failed * Xi: avoid integer truncation in length check of ProcXIChangeProperty * xkb: reset the radio_groups pointer to NULL after freeing it - Drop patches fixed upstream: * U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch * U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch * U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch * U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch * U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch * U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch * U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch ==== xz ==== Version update (5.2.8 -> 5.2.10) Subpackages: liblzma5 - update to 5.2.10: * xz: Don't modify argv[] when parsing the --memlimit* and - -block-list command line options. This fixes confusing arguments in process listing (like "ps auxf"). * GNU/Linux only: Use __has_attribute(__symver__) to detect if that attribute is supported. This fixes build on Mandriva where Clang is patched to define __GNUC__ to 11 by default (instead of 4 as used by Clang upstream). * liblzma: - Fixed an infinite loop in LZMA encoder initialization if dict_size >= 2 GiB. - Fixed two cases of invalid free() that can happen if a tiny allocation fails in encoder re-initialization or in lzma_filters_update(). These bugs had some similarities with the bug fixed in 5.2.7. - Fixed lzma_block_encoder() not allowing the use of LZMA_SYNC_FLUSH with lzma_code() even though it was documented to be supported. The sync-flush code in the Block encoder was already used internally via lzma_stream_encoder(), so this was just a missing flag in the lzma_block_encoder() API function. - GNU/Linux only: Don't put symbol versions into static liblzma as it breaks things in some cases (and even if it didn't break anything, symbol versions in static libraries are useless anyway). The downside of the fix is that if the configure options --with-pic or --without-pic are used then it's not possible to build both shared and static liblzma at the same time on GNU/Linux anymore; with those options --disable-static or --disable-shared must be used too. - drop unused xz-devel-static which is no longer supported when using - -with-pic (which is needed for shared libs) ==== yast2-packager ==== Version update (4.5.9 -> 4.5.10) - Do not fail when the installation URL contains a space (bsc#1201816) - 4.5.10 ==== zbar ==== - ImageMagick instead of GraphicsMagick ==== zlib-ng-compat ==== - add 0001-Add-one-extra-byte-to-return-value-of-compressBound-.patch fixes a data corruption regression in 2.0.6 ==== zvbi ==== Version update (0.2.38 -> 0.2.39) - update to 0.2.39: * Updates to remove compiler warnings during tests. * Allow autogen.sh and configure to run separately by default. * Add Georgian language translation po files.