Packages changed: ImageMagick (7.1.0.26 -> 7.1.0.27) Mesa (21.3.7 -> 22.0.0) Mesa-drivers (21.3.7 -> 22.0.0) NetworkManager-openconnect (1.2.6 -> 1.2.8) NetworkManager-openvpn (1.8.16 -> 1.8.18) alpine (2.25 -> 2.25.1) apache2 (2.4.52 -> 2.4.53) apache2-manual (2.4.52 -> 2.4.53) apache2-prefork (2.4.52 -> 2.4.53) apache2-utils (2.4.52 -> 2.4.53) appstream-glib (0.7.18+30 -> 0.7.18+31) at bluez (5.62 -> 5.63) boost-base boost-extra dbus-1 ffmpeg-4 glib2-branding-openSUSE grub2 guile harfbuzz (4.0.0 -> 4.0.1) kernel-firmware (20220224 -> 20220309) kfilemetadata5 libHX (4.2 -> 4.4) libreoffice (7.3.1.3 -> 7.3.2.1) librsvg (2.52.6 -> 2.52.7) libsolv (0.7.20 -> 0.7.21) libuv (1.43.0 -> 1.44.1) libyui (4.3.2 -> 4.3.3) libyui-ncurses (4.3.2 -> 4.3.3) libyui-ncurses-pkg (4.3.2 -> 4.3.3) libyui-qt (4.3.2 -> 4.3.3) libyui-qt-graph (4.3.2 -> 4.3.3) libyui-qt-pkg (4.3.2 -> 4.3.3) libzypp (17.29.5 -> 17.29.6) nodejs17 (17.7.0 -> 17.7.1) openSUSE-xfce-icon-theme (4.16.1+git5.e82fd05 -> 4.16.1+git.5.e82fd05) pam_mount pam_ssh perl-DBD-SQLite ppp publicsuffix (20220202 -> 20220304) qemu rsyslog rubygem-bundler sqlite3 (3.37.2 -> 3.38.1) tuned (2.16.0 -> 2.18.0.8+git.6f907c9) xen xfce4-screenshooter (1.9.9 -> 1.9.10) xorg-x11-server yast2-country (4.4.11 -> 4.4.12) yast2-installation (4.4.46 -> 4.4.48) yast2-network (4.4.44 -> 4.4.45) yast2-trans (84.87.20220305.ba29422b84 -> 84.87.20220313.3dfcfc0d1f) z3 === Details === ==== ImageMagick ==== Version update (7.1.0.26 -> 7.1.0.27) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.0.27 see ChangeLog.md for details (https://github.com/ImageMagick/ImageMagick/blob/main/ChangeLog.md) ==== Mesa ==== Version update (21.3.7 -> 22.0.0) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch * Due to a typo the private requires to libdrm were lost in dri.pc. Fixed another typo (only comment). - enabled "i915" Gallium-based Intel Gen3 driver - fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4 - no longer try to build classic non-Gallium OpenGL drivers i915, i965, nouveau, r100 and r200, which have been dropped with Mesa 22.0.0; see also some documentation on Phoronix https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired - update to 22.0.0 * lavapipe,radv,anv KHR_dynamic_rendering * radv EXT_image_view_min_lod * VK_KHR_synchronization2 on RADV. * OpenSWR has been moved to the Amber branch * radeonsi, zink ARB_sparse_texture * d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params, ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400) * radeonsi, zink ARB_sparse_texture2 * zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd * anv VK_VALVE_mutable_descriptor_type * Vulkan 1.3 on RADV,Anv. * radeonsi, zink ARB_sparse_texture_clamp ==== Mesa-drivers ==== Version update (21.3.7 -> 22.0.0) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libxatracker2 - U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch * Due to a typo the private requires to libdrm were lost in dri.pc. Fixed another typo (only comment). - enabled "i915" Gallium-based Intel Gen3 driver - fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4 - no longer try to build classic non-Gallium OpenGL drivers i915, i965, nouveau, r100 and r200, which have been dropped with Mesa 22.0.0; see also some documentation on Phoronix https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired - update to 22.0.0 * lavapipe,radv,anv KHR_dynamic_rendering * radv EXT_image_view_min_lod * VK_KHR_synchronization2 on RADV. * OpenSWR has been moved to the Amber branch * radeonsi, zink ARB_sparse_texture * d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params, ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400) * radeonsi, zink ARB_sparse_texture2 * zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd * anv VK_VALVE_mutable_descriptor_type * Vulkan 1.3 on RADV,Anv. * radeonsi, zink ARB_sparse_texture_clamp ==== NetworkManager-openconnect ==== Version update (1.2.6 -> 1.2.8) Subpackages: NetworkManager-openconnect-gnome NetworkManager-openconnect-lang - Update to version 1.2.8: + Gtk4 version of the editor plugin is now available (for use with Control Center of GNOME 42 or later). + Fix SNI and authgroup problems. + Handle IPv6 nameservers. + Allow IP prefixes of 0 for routing rules. + Updated translations. - Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and pass --with-gtk4=yes to configure, build the gtk4 version. - Stop passing --without-libnm-glib to configure, no longer needed, nor recognized. - Add optional libxml2-tools BuildRequires, build runs xml-stripblanks preprocessing if available. ==== NetworkManager-openvpn ==== Version update (1.8.16 -> 1.8.18) Subpackages: NetworkManager-openvpn-gnome NetworkManager-openvpn-lang - Update to version 1.8.18: + Gtk4 version of the editor plugin is now available (for use with Control Center of GNOME 42 or later). + Updated translations. - Drop nm-openvpn-bsc#1186091.patch: Fixed upstream. - Rebase patch with quilt. - Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and pass --with-gtk4=yes to configure, build the gtk4 version. - Stop passing --without-libnm-glib to configure, no longer needed, nor recognized. - Pass --enable-lto=yes to configure, build using LTO support. - Add optional libxml2-tools BuildRequires, build runs xml-stripblanks preprocessing if available. ==== alpine ==== Version update (2.25 -> 2.25.1) Subpackages: pico - Update to release 2.25.1 * In the past, Alpine did not recognize images embedded in an HTML file, so now it does and a link to open them is given. * Support for code_verifier and code_challenge when generating a refresh token and access token in Gmail and Outlook using the S256 method and plain method. * Alpine is modified to not to attempt to continue a draft message if the draft folder is empty. (Some servers do not allow the Drafts folder to be removed, even when it is empty.) * Improvements to the screen that allows a user to select the client-id when a user attempts to login to a server and more than one client-id is available for that server. - Delete chappa-WrtAcc.patch. Under Linux, one can use the Compose key feature. (And for Windows, the putty client can provide an equivalent Compose key feature.) ==== apache2 ==== Version update (2.4.52 -> 2.4.53) - httpd-framework updated to svn1898917 - deleted patches - apache-test-DirectorySlash-NotFound-logic.patch (upstreamed) - apache2-perl-io-socket.patch (upstreamed) - version update to 2.4.53 * ) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) * ) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative * ) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle * ) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva * ) core: Make sure and check that LimitXMLRequestBody fits in system memory. [Ruediger Pluem, Yann Ylavic] * ) core: Simpler connection close logic if discarding the request body fails. [Yann Ylavic, Ruediger Pluem] * ) mod_http2: preserve the port number given in a HTTP/1.1 request that was Upgraded to HTTP/2. Fixes PR65881. [Stefan Eissing] * ) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic] * ) dbm: Split the loading of a dbm driver from the opening of a dbm file. When an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. [Graham Leggett] * ) mod_proxy: Use the maxium of front end and backend timeouts instead of the minimum when tunneling requests (websockets, CONNECT requests). Backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR 65886 [Ruediger Pluem] * ) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers when an efficient TLS implementation is available. [Yann Ylavic] * ) core, mod_info: Add compiled and loaded PCRE versions to version number display. [Rainer Jung] * ) mod_md: do not interfere with requests to /.well-known/acme-challenge/ resources if challenge type 'http-01' is not configured for a domain. Fixes . [Stefan Eissing] * ) mod_dav: Fix regression when gathering properties which could lead to huge memory consumption proportional to the number of resources. [Evgeny Kotkov, Ruediger Pluem] * ) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) for regular expression evaluation. This depends on locating pcre2-config. [William Rowe, Petr Pisar , Rainer Jung] * ) Add the ldap function to the expression API, allowing LDAP filters and distinguished names based on expressions to be escaped correctly to guard against LDAP injection. [Graham Leggett] * ) mod_md: the status description in MDomain's JSON, exposed in the md-status handler (if configured) did sometimes not carry the correct message when certificates needed renew. [Stefan Eissing] * ) mpm_event: Fix a possible listener deadlock on heavy load when restarting and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic] ==== apache2-manual ==== Version update (2.4.52 -> 2.4.53) - httpd-framework updated to svn1898917 - deleted patches - apache-test-DirectorySlash-NotFound-logic.patch (upstreamed) - apache2-perl-io-socket.patch (upstreamed) - version update to 2.4.53 * ) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) * ) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative * ) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle * ) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva * ) core: Make sure and check that LimitXMLRequestBody fits in system memory. [Ruediger Pluem, Yann Ylavic] * ) core: Simpler connection close logic if discarding the request body fails. [Yann Ylavic, Ruediger Pluem] * ) mod_http2: preserve the port number given in a HTTP/1.1 request that was Upgraded to HTTP/2. Fixes PR65881. [Stefan Eissing] * ) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic] * ) dbm: Split the loading of a dbm driver from the opening of a dbm file. When an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. [Graham Leggett] * ) mod_proxy: Use the maxium of front end and backend timeouts instead of the minimum when tunneling requests (websockets, CONNECT requests). Backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR 65886 [Ruediger Pluem] * ) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers when an efficient TLS implementation is available. [Yann Ylavic] * ) core, mod_info: Add compiled and loaded PCRE versions to version number display. [Rainer Jung] * ) mod_md: do not interfere with requests to /.well-known/acme-challenge/ resources if challenge type 'http-01' is not configured for a domain. Fixes . [Stefan Eissing] * ) mod_dav: Fix regression when gathering properties which could lead to huge memory consumption proportional to the number of resources. [Evgeny Kotkov, Ruediger Pluem] * ) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) for regular expression evaluation. This depends on locating pcre2-config. [William Rowe, Petr Pisar , Rainer Jung] * ) Add the ldap function to the expression API, allowing LDAP filters and distinguished names based on expressions to be escaped correctly to guard against LDAP injection. [Graham Leggett] * ) mod_md: the status description in MDomain's JSON, exposed in the md-status handler (if configured) did sometimes not carry the correct message when certificates needed renew. [Stefan Eissing] * ) mpm_event: Fix a possible listener deadlock on heavy load when restarting and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic] ==== apache2-prefork ==== Version update (2.4.52 -> 2.4.53) - httpd-framework updated to svn1898917 - deleted patches - apache-test-DirectorySlash-NotFound-logic.patch (upstreamed) - apache2-perl-io-socket.patch (upstreamed) - version update to 2.4.53 * ) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) * ) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative * ) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle * ) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva * ) core: Make sure and check that LimitXMLRequestBody fits in system memory. [Ruediger Pluem, Yann Ylavic] * ) core: Simpler connection close logic if discarding the request body fails. [Yann Ylavic, Ruediger Pluem] * ) mod_http2: preserve the port number given in a HTTP/1.1 request that was Upgraded to HTTP/2. Fixes PR65881. [Stefan Eissing] * ) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic] * ) dbm: Split the loading of a dbm driver from the opening of a dbm file. When an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. [Graham Leggett] * ) mod_proxy: Use the maxium of front end and backend timeouts instead of the minimum when tunneling requests (websockets, CONNECT requests). Backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR 65886 [Ruediger Pluem] * ) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers when an efficient TLS implementation is available. [Yann Ylavic] * ) core, mod_info: Add compiled and loaded PCRE versions to version number display. [Rainer Jung] * ) mod_md: do not interfere with requests to /.well-known/acme-challenge/ resources if challenge type 'http-01' is not configured for a domain. Fixes . [Stefan Eissing] * ) mod_dav: Fix regression when gathering properties which could lead to huge memory consumption proportional to the number of resources. [Evgeny Kotkov, Ruediger Pluem] * ) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) for regular expression evaluation. This depends on locating pcre2-config. [William Rowe, Petr Pisar , Rainer Jung] * ) Add the ldap function to the expression API, allowing LDAP filters and distinguished names based on expressions to be escaped correctly to guard against LDAP injection. [Graham Leggett] * ) mod_md: the status description in MDomain's JSON, exposed in the md-status handler (if configured) did sometimes not carry the correct message when certificates needed renew. [Stefan Eissing] * ) mpm_event: Fix a possible listener deadlock on heavy load when restarting and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic] ==== apache2-utils ==== Version update (2.4.52 -> 2.4.53) - httpd-framework updated to svn1898917 - deleted patches - apache-test-DirectorySlash-NotFound-logic.patch (upstreamed) - apache2-perl-io-socket.patch (upstreamed) - version update to 2.4.53 * ) SECURITY: CVE-2022-23943: mod_sed: Read/write beyond bounds (cve.mitre.org) Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. Credits: Ronald Crane (Zippenhop LLC) * ) SECURITY: CVE-2022-22721: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (cve.mitre.org) If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Anonymous working with Trend Micro Zero Day Initiative * ) SECURITY: CVE-2022-22720: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier (cve.mitre.org) Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling Credits: James Kettle * ) SECURITY: CVE-2022-22719: mod_lua Use of uninitialized value of in r:parsebody (cve.mitre.org) A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. Credits: Chamal De Silva * ) core: Make sure and check that LimitXMLRequestBody fits in system memory. [Ruediger Pluem, Yann Ylavic] * ) core: Simpler connection close logic if discarding the request body fails. [Yann Ylavic, Ruediger Pluem] * ) mod_http2: preserve the port number given in a HTTP/1.1 request that was Upgraded to HTTP/2. Fixes PR65881. [Stefan Eissing] * ) mod_proxy: Allow for larger worker name. PR 53218. [Yann Ylavic] * ) dbm: Split the loading of a dbm driver from the opening of a dbm file. When an attempt to load a dbm driver fails, log clearly which driver triggered the error (not "default"), and what the error was. [Graham Leggett] * ) mod_proxy: Use the maxium of front end and backend timeouts instead of the minimum when tunneling requests (websockets, CONNECT requests). Backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR 65886 [Ruediger Pluem] * ) ap_regex: Use Thread Local Storage (TLS) to recycle ap_regexec() buffers when an efficient TLS implementation is available. [Yann Ylavic] * ) core, mod_info: Add compiled and loaded PCRE versions to version number display. [Rainer Jung] * ) mod_md: do not interfere with requests to /.well-known/acme-challenge/ resources if challenge type 'http-01' is not configured for a domain. Fixes . [Stefan Eissing] * ) mod_dav: Fix regression when gathering properties which could lead to huge memory consumption proportional to the number of resources. [Evgeny Kotkov, Ruediger Pluem] * ) Support pcre2 (10.x) library in place of the now end-of-life pcre (8.x) for regular expression evaluation. This depends on locating pcre2-config. [William Rowe, Petr Pisar , Rainer Jung] * ) Add the ldap function to the expression API, allowing LDAP filters and distinguished names based on expressions to be escaped correctly to guard against LDAP injection. [Graham Leggett] * ) mod_md: the status description in MDomain's JSON, exposed in the md-status handler (if configured) did sometimes not carry the correct message when certificates needed renew. [Stefan Eissing] * ) mpm_event: Fix a possible listener deadlock on heavy load when restarting and/or reaching MaxConnectionsPerChild. PR 65769. [Yann Ylavic] ==== appstream-glib ==== Version update (0.7.18+30 -> 0.7.18+31) Subpackages: appstream-glib-lang libappstream-glib8 - Update to version 0.7.18+31: * Fix extracting relative symlinks (boo#1196459) ==== at ==== - Drop systemd hardening as it breaks some jobs, fixes bsc#1196219 * Remove harden_atd.service.patch ==== bluez ==== Version update (5.62 -> 5.63) Subpackages: libbluetooth3 - Add code to restore user modifications for modprobe.d %config files after moving the files to %_modprobedir - Use %_modprobedir (jsc#SLE-20639) - update to version 5.63: * Fix issue with storing IRK causing invalid read access. * Fix issue with disconnecting due to GattCharacteristic1.MTU. * Add support for Device{Found,Lost} of advertising monitoring. ==== boost-base ==== Subpackages: boost-license1_78_0 libboost_date_time1_78_0 libboost_filesystem1_78_0 libboost_iostreams1_78_0 libboost_locale1_78_0 libboost_program_options1_78_0 libboost_thread1_78_0 - add dependency on libzstd and libzstd-devel to get on-the-fly zstd compression in boost-iostreams ==== boost-extra ==== - add dependency on libzstd and libzstd-devel to get on-the-fly zstd compression in boost-iostreams ==== dbus-1 ==== Subpackages: libdbus-1-3 libdbus-1-3-32bit - set runstatedir correctly ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Fix OS version check, so nvcodec is enabled for Leap too. ==== glib2-branding-openSUSE ==== - Update .gschema.override.in: Change default libreoffice startup entry to libreoffice-startcenter.desktop according to the libreoffice update (bsc#1195836, bsc#1196951). ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch ==== guile ==== Subpackages: guile-modules-3_0 libguile-3_0-1 - Add patch to fix build on 32-bit big-endian targets * adjust-32bit-big-endian-build-flags.patch - Run aclocal before %configure to regenerate aclocal.m4 ==== harfbuzz ==== Version update (4.0.0 -> 4.0.1) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0 - Update to version 4.0.1: + Update OpenType to AAT mappings for ?hist? and ?vrtr? features + Update IANA Language Subtag Registry to 2022-03-02 + Update USE shaper to allow any non-numeric tail in a symbol cluster, and remove obsolete data overrides + Fix handling of baseline variations to return correctly scaled values ==== kernel-firmware ==== Version update (20220224 -> 20220309) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20220309 (git commit cd01f857da28): * iwlwifi: add new FWs from core68-60 release * ath11k: add links for WCN6855 hw2.1 * ath11k: WCN6855 hw2.0: add WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 * ath11k: WCN6855 hw2.0: add board-2.bin and regdb.bin * ath10k/ath11k: mark notice.txt as "File:" * linux-firmware: add firmware for MT7986 * amdgpu: add firmware for SDMA 5.2.7 IP block * amdgpu: add firmware for PSP 13.0.8 IP block * amdgpu: add firmware for DCN 3.1.6 IP block * amdgpu: add firmware for GC 10.3.7 IP block * rtw89: 8852a: update fw to v0.13.36.0 * iwlwifi: update 9000-family firmwares to core68-60 * amdgpu: update raven2 VCN firmware * amdgpu: update raven VCN firmware * amdgpu: update picasso VCN firmware * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware * rtw89: 8852a: update fw to v0.13.35.0 ==== kfilemetadata5 ==== Subpackages: kfilemetadata5-lang - Build the optional mobipocket extractor. QMobipocket only depends on Qt and shouldn't cause any issue. ==== libHX ==== Version update (4.2 -> 4.4) Subpackages: libHX32 libHX32-32bit - Update to release 4.4 * Build fixes for mingw environments. - Update to release 4.3 * string: New functions ``HX_strtoull_sec``, ``HX_unit_seconds`` for converting between second-based time durations and human-readable durations like 129600 <-> 1d12h. * io: New function ``HX_sendfile``. ==== libreoffice ==== Version update (7.3.1.3 -> 7.3.2.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.3.2.1 - Refresh patches: * 0001-Revert-java-9-changes.patch * fix_gtk_popover_on_3.20.patch ==== librsvg ==== Version update (2.52.6 -> 2.52.7) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.52.7: + Backport a fix for the regression that was introduced in the last release: Output filled text as text for PDF; fixes regression due to outputting all text as paths. ==== libsolv ==== Version update (0.7.20 -> 0.7.21) Subpackages: libsolv-tools python3-solv ruby-solv - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 ==== libuv ==== Version update (1.43.0 -> 1.44.1) - update to 1.44.1: * fix a hang after NOTE_EXIT - inclues changes from 1.44.0: * Support for poxix_spawn API * updates to documentation, tests, benchmarks and build scripts ==== libyui ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libyui-ncurses ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libyui-ncurses-pkg ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libyui-qt ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libyui-qt-graph ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libyui-qt-pkg ==== Version update (4.3.2 -> 4.3.3) - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ==== libzypp ==== Version update (17.29.5 -> 17.29.6) - Fix package signature check (bsc#184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) ==== nodejs17 ==== Version update (17.7.0 -> 17.7.1) Subpackages: npm17 - update to 17.7.1: * url: revert fix url.parse() for @hostname - 42342.patch: fix expired certificates in unit tests ==== openSUSE-xfce-icon-theme ==== Version update (4.16.1+git5.e82fd05 -> 4.16.1+git.5.e82fd05) - Remove deprecated macros from spec - Update Upstream URL ==== pam_mount ==== Subpackages: libcryptmount0 libcryptmount0-32bit pam_mount-32bit - Add tmpfiles.d conf for /run/pam_mount ==== pam_ssh ==== Subpackages: pam_ssh-32bit - Update source packages from upstream - Add tmpfiles.d conf for /run/pam_ssh ==== perl-DBD-SQLite ==== - link embedded sqlite devel files to system files - build with internal sqlite on Leap systems ==== ppp ==== - Removed Wants=network.target from modem@.service (bsc#1196359). ==== publicsuffix ==== Version update (20220202 -> 20220304) - Update to version 20220304: * Add deta.app and deta.dev (#1511) * Add typedream.app (#1509) * Add `musician.io` - updates Staclar entry from #1331 (#1532) * Remove couk.me and ukco.me from private section (#1519) * add `*.build.run`, `*.database.run` and `*.migration.run` to PSL (#1498) * Add ktistory.com (#1493) * Remove WapBlog Suffix (#1510) * Add `aivencloud.com` (#1508) * Add site.transip.me (#1524) * Add 105 `lolipop` and `heteml` domains to private section for GMO (#1522) * Add `tech.orange` (#1526) * Add rocky.page (#1491) * Add messwithdns.com (#1490) * Revise policy links for `.ac` `.io` `.sh` (#1528) * Add kapsi.fi to PSL (#1476) * Add translated.page (#1478) * Add discordsays.com and discordsez.com (#1474) * Add `onporter.run` (#1483) * util: gTLD data autopull updates for 2022-02-18T15:13:38 UTC (#1525) * Update `.cy` per request from nic.cy in Issue 1516 (#1517) * add `*.beget.app` (#1470) * Add `vultrobjects.com` and future regional subdomains (#1472) ==== qemu ==== Subpackages: qemu-accel-tcg-x86 qemu-audio-spice qemu-block-curl qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-seabios qemu-sgabios qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-x86 Fix bsc#1189702 CVE-2021-3713 * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ==== rsyslog ==== - remove invalid dependencies from systemd service unit (bsc#1196795, bsc#1196359) ==== rubygem-bundler ==== - only limit to ruby 2.7 on sle 12 ==== sqlite3 ==== Version update (3.37.2 -> 3.38.1) - update to 3.38.1: * Fix problems with the new Bloom filter optimization that might cause some obscure queries to get an incorrect answer. * Fix the localtime modifier of the date and time functions so that it preserves fractional seconds. * Fix the sqlite_offset SQL function so that it works correctly even in corner cases such as when the argument is a virtual column or the column of a view. * Fix row value IN operator constraints on virtual tables so that they work correctly even if the virtual table implementation relies on bytecode to filter rows that do not satisfy the constraint. * Other minor fixes to assert() statements, test cases, and documentation. See the source code timeline for details. - add upstream patch to run atof1 tests only on x86_64 sqlite-src-3380100-atof1.patch - update to 3.38.0 * Add the -> and ->> operators for easier processing of JSON * The JSON functions are now built-ins * Enhancements to date and time functions * Rename the printf() SQL function to format() for better compatibility, with alias for backwards compatibility. * Add the sqlite3_error_offset() interface for helping localize an SQL error to a specific character in the input SQL text * Enhance the interface to virtual tables * CLI columnar output modes are enhanced to correctly handle tabs and newlines embedded in text, and add options like "--wrap N", "--wordwrap on", and "--quote" to the columnar output modes. * Query planner enhancements using a Bloom filter to speed up large analytic queries, and a balanced merge tree to evaluate UNION or UNION ALL compound SELECT statements that have an ORDER BY clause. * The ALTER TABLE statement is changed to silently ignores entries in the sqlite_schema table that do not parse when PRAGMA writable_schema=ON ==== tuned ==== Version update (2.16.0 -> 2.18.0.8+git.6f907c9) - Add new openshift platform profiles - Instead of adding all profiles to main package and exclude subpackage profiles, explicitly mention all added profiles in %files section - Sort (alphabetically) profiles and packages - Update to version 2.18.0.8+git.6f907c9: * beakerlib: fix systemd rate limiting for variables-support-in-profiles * scheduler: fix construction of the process name regex * Added more conflicting implementations to the systemd unit file. * raise the netfilter hash table size in openshift/atomic-{host,guest} to match the max netfilter conntrack entries, reducing such hash table load. * Fixing save call and comments in tuned gui * Adding option "txqueuelen" to net_plugin * bootloader: on s390(x) remove TuneD variables from the BLS * daemon: don't do full rollback on systemd failure * profiles: use cstate.id_no_zero instead of the cstate.id * Expanding cpu plugin force_latency option syntax * Adding support for nvme subsystem block devices and adding tests so it won't throw errors on hdparms commands. * Fix improper parsing of include directive * application: log TuneD and kernel version * readme: mention conflicting cpupower and power-profiles-daemon * dbus: fix traceback on python-2.7 * cpu_partitioning: fixed no_balance_cores on newer kernels * spec: do not require subscription-manager on CentOS * Add conditional profile loading * openshift profile: workaround high CPU utilization of [scheduler] plug-in. * scheduler: new option cgroup_ps_blacklist * breaking up various modules and implementing neccessary new syntax used downstream to keep docs repos synced ==== xen ==== Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: xen: BHB speculation issues (XSA-398) 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch ==== xfce4-screenshooter ==== Version update (1.9.9 -> 1.9.10) Subpackages: xfce4-screenshooter-lang xfce4-screenshooter-plugin - Update to version 1.9.10 * Use symbolic icons * Bump Xfce dependencies to 4.14 * _NET_FRAME_EXTENTS support * Add back button to take new screenshot (gxo#apps/xfce4-screenshooter!29) * Fix Imgur upload via CLI (gxo#apps/xfce4-screenshooter!26) * Set up ScreenshotData after commandline parsing * Fix compile warning (#62) * Update to description and addition of donate and translate links * Replace link to bugzilla with gitlab (gxo#apps/xfce4-screenshooter!25) * Translation Updates ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk - u_sync-pci-ids-with-Mesa-22.0.0.patch * sync pci ids with Mesa 22.0.0 ==== yast2-country ==== Version update (4.4.11 -> 4.4.12) Subpackages: yast2-country-data - Fixed French (Canada) keyboard layout (bsc#1196891): Use "ca", not "ca-fr-legacy" - 4.4.12 ==== yast2-installation ==== Version update (4.4.46 -> 4.4.48) - Prevent getty auto-generation because it makes xvnc to fail when it is started in YaST second stage (bsc#1196614). - 4.4.48 - Avoid terminal login prompt when running Second Stage service (bsc#1196594 and related to bsc#1195059). - 4.4.47 ==== yast2-network ==== Version update (4.4.44 -> 4.4.45) - Display the network configuration in the AutoYaST user interface (see bsc#1197019). - 4.4.45 ==== yast2-trans ==== Version update (84.87.20220305.ba29422b84 -> 84.87.20220313.3dfcfc0d1f) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20220313.3dfcfc0d1f: * Translated using Weblate (Hindi) * Translated using Weblate (Polish) * New POT for text domain 'base'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Indonesian) ==== z3 ==== - fix python3-z3 requirement