Packages changed: 389-ds (2.1.1~git22.faef73366 -> 2.2.2~git0.55e2c7ab3) PackageKit-Qt5 gcc12 (12.1.0+git27 -> 12.1.1+git215) ghostscript libX11 (1.8 -> 1.8.1) libjpeg-turbo libnl3 (3.6.0 -> 3.7.0) libvirt (8.4.0 -> 8.5.0) libzio libzip (1.8.0 -> 1.9.2) libzypp (17.30.2 -> 17.30.3) llvm14 (14.0.5 -> 14.0.6) mhvtl (1.70_release+862.561d4d5b473f_k5.18.9_1 -> 1.70_release+865.af13081a1ae5_k5.18.9_1) net-snmp (5.9.1 -> 5.9.2) open-iscsi openssl (1.1.1p -> 1.1.1q) openssl-1_1 (1.1.1p -> 1.1.1q) pam pam-full-src patterns-base patterns-gnome patterns-kde patterns-media perl-Bootloader plasma5-pa polkit-default-privs (1550+20220524.0345bd9 -> 1550+20220608.097448e) protobuf-c python-libvirt-python (8.4.0 -> 8.5.0) rubygem-msgpack (1.5.2 -> 1.5.3) rubygem-rack (2.2.3.1 -> 2.2.4) rubygem-rubocop (1.31.1 -> 1.31.2) rubygem-sprockets (4.0.3 -> 4.1.1) tiff tracker vlc webkit2gtk3 (2.36.3 -> 2.36.4) webkit2gtk3-soup2 (2.36.3 -> 2.36.4) yast2-core (4.5.1 -> 4.5.2) === Details === ==== 389-ds ==== Version update (2.1.1~git22.faef73366 -> 2.2.2~git0.55e2c7ab3) Subpackages: lib389 libsvrcore0 - Update to version 2.2.2~git0.55e2c7ab3: * Bump version to 2.2.2 * Issue 5221 - fix covscan (#5359) * Issue 5294: Report Portal 5 is not processing an XML file with (#5358) * Issue 5353 - CLI - dsconf backend export breaks with multiple backends * Issue 5346 - New connection table fails with ASAN failures (#5350) * Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347) * Issue 5323 - BUG - improve skipping of monitor db (#5340) * Issue 5329 - Improve replication extended op logging * Issue 5343 - Various improvements to winsync * Issue 4932 - CLI - add parser aliases to long arg names ==== PackageKit-Qt5 ==== - Add upstream patch to add Qt 6 support: * 0001-Add-build-system-support-for-Qt6.patch - Build packages as multibuild flavors: qt5, qt6 ==== gcc12 ==== Version update (12.1.0+git27 -> 12.1.1+git215) Subpackages: cpp12 gcc12-info gcc12-locale libasan8 libatomic1 libgcc_s1 libgcc_s1-32bit libgccjit0 libgfortran5 libgomp1 libitm1 liblsan0 libobjc4 libquadmath0 libstdc++6 libstdc++6-32bit libstdc++6-devel-gcc12 libstdc++6-locale libstdc++6-pp libstdc++6-pp-32bit libtsan2 libubsan1 - Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215 * includes libgomp mold linker detection fix * includes nvptx offload compiler build fix * includes s390x tsan executable stack fix - Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78 - Enable PRU architecture for AM335x platforms ==== ghostscript ==== Subpackages: ghostscript-x11 - use system zlib (bsc#1198449) ==== libX11 ==== Version update (1.8 -> 1.8.1) Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . ==== libjpeg-turbo ==== Subpackages: libjpeg8 libjpeg8-32bit libturbojpeg0 - Add requires between baselibs ==== libnl3 ==== Version update (3.6.0 -> 3.7.0) Subpackages: libnl-config libnl3-200 - Update to release 3.7 * route/mdb: fix buffer overflow in mdb_msg_parser() * route/act: add NAT action ==== libvirt ==== Version update (8.4.0 -> 8.5.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 8.5.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v8-5-0-2022-07-01 - Drop downstream-only lxc patches. They received little interest upstream, are difficult to maintain, and are no longer required by the requester (SLE): 0001-Extract-stats-functions-from-the-qemu-driver.patch, 0002-lxc-implement-connectGetAllDomainStats.patch ==== libzio ==== - switch to https download url ==== libzip ==== Version update (1.8.0 -> 1.9.2) - libzip 1.9.2: * Fix version number in header file. * Fix zip_file_is_seekable(). * Add zip_file_is_seekable(). * Improve compatibility with WinAES. * Fix encoding handling in zip_name_locate(). * Add option to zipcmp to output summary of changes. * Various bug fixes and documentation improvements. ==== libzypp ==== Version update (17.30.2 -> 17.30.3) - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ==== llvm14 ==== Version update (14.0.5 -> 14.0.6) Subpackages: clang-tools clang14 clang14-doc libLLVM14 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang-cpp14 libclang13 llvm14-gold - Update to version 14.0.6. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== mhvtl ==== Version update (1.70_release+862.561d4d5b473f_k5.18.9_1 -> 1.70_release+865.af13081a1ae5_k5.18.9_1) - Update to version 1.70_release+865.af13081a1ae5: * Fix possible double define of HAVE_UNLOCKED_IOCTL (fixing a build issue on some architectures) * kernel: Handle removal of genhd.h from linux includes. * Clean up the kernel Makefile. This removed the patch (no longer needed): mhvtl-fix-removal-of-genhd-h.patch Also, updated SPEC file to avoid building s390x ==== net-snmp ==== Version update (5.9.1 -> 5.9.2) Subpackages: libsnmp40 perl-SNMP snmp-mibs - update to 5.9.2 (bsc#1201103): - security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - Refactor two patches to work with version number 5.9.2: delete: * net-snmp-5.9.1-pie.patch * net-snmp-5.9.1-fix-create-v3-user-outfile.patch add: * net-snmp-5.9.2-pie.patch * net-snmp-5.9.2-fix-create-v3-user-outfile.patch ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ==== openssl ==== Version update (1.1.1p -> 1.1.1q) - updated to 1.1.q release ==== openssl-1_1 ==== Version update (1.1.1p -> 1.1.1q) Subpackages: libopenssl1_1 libopenssl1_1-32bit libopenssl1_1-hmac - update to 1.1.1q: * [CVE-2022-2097, bsc#1201099] * Addresses situations where AES OCB fails to encrypt some bytes - openssl-riscv64-config.patch: backport of riscv64 config support ==== pam ==== Subpackages: pam-32bit pam_unix - Keep old directory in filelist for migration - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ==== pam-full-src ==== - Keep old directory in filelist for migration - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Use pipewire as default audio server in TW. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Replace pulseaudio with pipewire as the default audio server in TW. ==== patterns-kde ==== Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_pim patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - Replace pulseaudio with pipewire as the default audio server in TW. ==== patterns-media ==== Subpackages: patterns-media-rest_cd_core patterns-media-rest_dvd - Recommend instead of require xfce* and network_admin patterns on the DVD: those patterns do not exist in staging. - Ensure pulseaudio is part of the DVD. ==== perl-Bootloader ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== plasma5-pa ==== Subpackages: plasma5-pa-lang - Suggests pipewire-pulseaudio on TW instead of pulseaudio-module-x11 to make pipewire the default audio server. ==== polkit-default-privs ==== Version update (1550+20220524.0345bd9 -> 1550+20220608.097448e) - Update to version 1550+20220608.097448e: * Whitelist new systemd methods (bsc#1200098) ==== protobuf-c ==== - Do not build static libraries - Run unit tests - Explicit files and directories for includedir, so we can detect what we actually install there - 508.patch: fixes invalid arithmetic shift (bsc#1200908, CVE-2022-33070) ==== python-libvirt-python ==== Version update (8.4.0 -> 8.5.0) - Update to 8.5.0 - Add all new APIs and constants in libvirt 8.5.0 ==== rubygem-msgpack ==== Version update (1.5.2 -> 1.5.3) - updated to version 1.5.3 * Fix deduplication of empty strings when using the `freeze: true` option. * Use `rb_hash_new_capa` when available (Ruby 3.2) for improved performance when parsing large hashes. ==== rubygem-rack ==== Version update (2.2.3.1 -> 2.2.4) - updated to version 2.2.4 * Better support for lower case headers in `Rack::ETag` middleware. ([#1919](https://github.com/rack/rack/pull/1919), [@ioquatix](https://github.com/ioquatix)) * Use custom exception on params too deep error. ([#1838](https://github.com/rack/rack/pull/1838), [@simi](https://github.com/simi)) ==== rubygem-rubocop ==== Version update (1.31.1 -> 1.31.2) - updated to version 1.31.2 [#]## Bug fixes * [#10774](https://github.com/rubocop/rubocop/pull/10774): Fix false negatives in `Style/DocumentationMethod` when a public method is defined after a private one. ([@Darhazer][]) * [#10764](https://github.com/rubocop/rubocop/issues/10764): Fix performance issue for Layout/FirstHashElementIndentation and Layout/FirstArrayElementIndentation. ([@j-miyake][]) * [#10780](https://github.com/rubocop/rubocop/issues/10780): Fix an error when using `rubocop:auto_correct` deprecated custom rake task. ([@koic][]) * [#10786](https://github.com/rubocop/rubocop/issues/10786): Fix a false positive for `Lint/NonAtomicFileOperation` when using complex conditional. ([@koic][]) * [#10785](https://github.com/rubocop/rubocop/pull/10785): Fix a false negative for `Style/RedundantParentheses` when parens around a receiver of a method call with an argument. ([@koic][]) * [#10026](https://github.com/rubocop/rubocop/issues/10026): Fix merging of array parameters in either parent of default config. ([@jonas054][]) ==== rubygem-sprockets ==== Version update (4.0.3 -> 4.1.1) - updated to version 4.1.1 no changelog found ==== tiff ==== Subpackages: libtiff5 libtiff5-32bit - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ==== tracker ==== Subpackages: libtracker-sparql-3_0-0 tracker-data-files tracker-lang typelib-1_0-Tracker-3_0 - Add tracker-do-not-rebuild-non-existing-FTS-tables.patch: Prevent SQL logic error when using tag manager of nautilus. (bsc#1201246, glgo#GNOME/tracker!515) ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Extend vlc-lua-5.3.patch: match upstream commit 0e0b070c26. - Add 867.patch: support LUA 5.4 (boo#1200944). ==== webkit2gtk3 ==== Version update (2.36.3 -> 2.36.4) Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.36.4 (boo#1201221): + Fix the new ATSPI accessibility implementation to add the missing Collection interface for the loaded document. + Fix the MediaSession implementation to make the MPRIS object names more sandbox friendly, which plays better with Flatpak and WebKit's own Bubblwrap-based sandboxing. + Fix leaked Web Processes in some particular situations. + Fix the build with media capture support enabled. + Fix cross-compilation when targeting 64-bit ARM. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-22677, CVE-2022-26710. - Add webkit2gtk3-fix-build.patch: fix the build. ==== webkit2gtk3-soup2 ==== Version update (2.36.3 -> 2.36.4) Subpackages: WebKit2GTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.36.4 (boo#1201221): + Fix the new ATSPI accessibility implementation to add the missing Collection interface for the loaded document. + Fix the MediaSession implementation to make the MPRIS object names more sandbox friendly, which plays better with Flatpak and WebKit's own Bubblwrap-based sandboxing. + Fix leaked Web Processes in some particular situations. + Fix the build with media capture support enabled. + Fix cross-compilation when targeting 64-bit ARM. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-22677, CVE-2022-26710. - Add webkit2gtk3-fix-build.patch: fix the build. ==== yast2-core ==== Version update (4.5.1 -> 4.5.2) - Fix building with GCC 13 and GCC 12.x (gh#yast/yast-core#156) - 4.5.2