Packages changed: ImageMagick (7.1.0.50 -> 7.1.0.51) alsa (1.2.7.2 -> 1.2.8) alsa-ucm-conf (1.2.7.2 -> 1.2.8) alsa-utils (1.2.7 -> 1.2.8) bluez curl (7.85.0 -> 7.86.0) dbus-1 (1.14.0 -> 1.14.4) dbus-1-x11 (1.14.0 -> 1.14.4) emacs expat (2.4.9 -> 2.5.0) gdb gettext-runtime (0.21 -> 0.21.1) gtk4 (4.8.1 -> 4.8.2) irqbalance kernel-firmware (20220930 -> 20221017) libgsasl libidn2 (2.3.3 -> 2.3.4) libreoffice (7.4.1.2 -> 7.4.2.3) libxshmfence (1.3 -> 1.3.1) mtools (4.0.41 -> 4.0.42) multipath-tools (0.9.2+57+suse.cf3c1e9 -> 0.9.2+59+suse.ac8942d) openSUSE-build-key pkcs11-helper (1.28.0 -> 1.29.0) python-kiwi (9.24.48 -> 9.24.49) python-typing_extensions (4.3.0 -> 4.4.0) samba (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9) sddm sendmail shaderc (2022.2 -> 2022.3) syslogd (1.4.1 -> 1.5.1) systemd (251.6 -> 251.7) transactional-update (4.0.1 -> 4.1.0) vulkan-loader (1.3.224.0 -> 1.3.231.0) vulkan-tools (1.3.224.0 -> 1.3.231) webkit2gtk3 (2.38.0 -> 2.38.1) webkit2gtk3-soup2 (2.38.0 -> 2.38.1) xcb-util-cursor (0.1.3 -> 0.1.4) xdg-user-dirs (0.17 -> 0.18) yast2 (4.5.17 -> 4.5.18) yast2-add-on (4.5.1 -> 4.5.2) yast2-ruby-bindings (4.5.3 -> 4.5.4) zsh === Details === ==== ImageMagick ==== Version update (7.1.0.50 -> 7.1.0.51) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - update to 7.1.0.51: * obtain scene from image structure * prevent undefined shift * Added private api to go through a linked list without using semaphores. * Fixed build. * latest automake configuration * fix undefined-shift in ReadTGAImage @ https://oss-fuzz.com/testcase?key=5129864151957504 * prevent divide by zero exception ==== alsa ==== Version update (1.2.7.2 -> 1.2.8) Subpackages: libasound2 libasound2-32bit libatopology2 - Update to version 1.2.8: add FreeBSD/NetBD/OpenBSD build support, fixes in control namehint, various PCM plugins and UCM. For details, see: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== alsa-ucm-conf ==== Version update (1.2.7.2 -> 1.2.8) - Update to version 1.2.8: lots of new profiles for USB-audio, SOF and others: https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== alsa-utils ==== Version update (1.2.7 -> 1.2.8) - Update to alsa-utils 1.2.8: automake update, minor alsactl, amixer and aplay fixes. https://www.alsa-project.org/wiki/Changes_v1.2.7.2_v1.2.8 - Add keyring ==== bluez ==== Subpackages: bluez-auto-enable-devices bluez-cups bluez-zsh-completion libbluetooth3 - For pushing bluez 5.65 to 15-SP5 (bluez-5.62), sync more change log: (jsc#PED-1407) - The hcidump-Fix-set_ext_ctrl-global-buffer-overflow.patch be merged to bluez-5.51 in 2018. (bsc#1013732)(CVE-2016-9801) - The following btmon patches are merged to bluez-5.51 and later: 0001-btmon-fix-segfault-caused-by-buffer-over-read.patch 0002-btmon-fix-segfault-caused-by-buffer-over-read.patch 0003-btmon-fix-segfault-caused-by-buffer-over-read.patch 0004-btmon-Fix-crash-caused-by-integer-underflow.patch 0005-btmon-fix-stack-buffer-overflow.patch 0006-btmon-fix-multiple-segfaults.patch 0007-btmon-fix-segfault-caused-by-integer-underflow.patch 0008-btmon-fix-segfault-caused-by-integer-undeflow.patch 0009-btmon-fix-segfault-caused-by-buffer-over-read.patch 0010-btmon-fix-segfault-caused-by-buffer-overflow.patch 0011-btmon-fix-segfault-caused-by-integer-underflow.patch 0012-btmon-fix-segfault-caused-by-buffer-over-read.patch (bsc#1015173)(CVE-2016-9918)(bsc#1013893)(CVE-2016-9802) - The shared-gatt-server-Fix-not-properly-checking-for-sec.patch be merged to bluez-5.57 in 2021. (bsc#1186463 CVE-2021-0129 CVE-2020-26558) - The gatt-Fix-potential-buffer-out-of-bound.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - The shared-gatt-db-Introduce-gatt_db_attribute_set_fixed.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - The gatt-Make-use-of-gatt_db_attribute_set_fixed_length.patch be merged to bluez-5.56 in 2021. (bsc#1187165 CVE-2021-3588) - Add JIRA-SLE-18497 number to 5.60, 5.61 and 5.62 update log to sync with bluez.changes in SLE15-SP5. - Install modprobe.conf files to %_modprobedir This change already in bluez.sepc in openSUSE:Factory/bluez. Sync the change log here. (bsc#1196275, jsc#SLE-20639) ==== curl ==== Version update (7.85.0 -> 7.86.0) Subpackages: libcurl4 - Update to 7.86.0: * Security fixes: - POST following PUT confusion [bsc#1204383, CVE-2022-32221] - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260] - HTTP proxy double-free [bsc#1204385, CVE-2022-42915] - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916] * Changes: - NPN: remove support for and use of - Websockets: initial support * Bugfixes: - altsvc: reject bad port numbers - autotools: reduce brute-force when detecting recv/send arg list - aws_sigv4: fix header computation - cli tool: do not use disabled protocols - connect: change verbose IPv6 address:port to [address]:port - connect: fix builds without AF_INET6 - connect: fix Curl_updateconninfo for TRNSPRT_UNIX - connect: fix the wrong error message on connect failures - content_encoding: use writer struct subclasses for different encodings - cookie: reject cookie names or content with TAB characters - curl/add_file_name_to_url: use the libcurl URL parser - curl/get_url_file_name: use libcurl URL parser - curl: warn for --ssl use, considered insecure - docs/libcurl/symbols-in-versions: add several missing symbols - ftp: ignore a 550 response to MDTM - functypes: provide the recv and send arg and return types - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled - header: define public API functions as extern c - headers: reset the requests counter at transfer start - hostip: guard PF_INET6 use - hostip: lazily wait to figure out if IPv6 works until needed - http, vauth: always provide Curl_allow_auth_to_host() functionality - http2: make nghttp2 less picky about field whitespace - http: try parsing Retry-After: as a number first - http_proxy: restore the protocol pointer on error - lib: add missing limits.h includes - lib: prepare the incoming of additional protocols - lib: sanitize conditional exclusion around MIME - libssh: if sftp_init fails, don't get the sftp error code - mprintf: reject two kinds of precision for the same argument - mqtt: return error for too long topic - netrc: compare user name case sensitively - netrc: replace fgets with Curl_get_line - netrc: use the URL-decoded user - ngtcp2: fix build errors due to changes in ngtcp2 library - noproxy: support proxies specified using cidr notation - openssl: make certinfo available for QUIC - resolve: make forced IPv4 resolve only use A queries - schannel: ban server ALPN change during recv renegotiation - schannel: don't reset recv/send function pointers on renegotiation - schannel: when importing PFX, disable key persistence - setopt: use the handler table for protocol name to number conversions - setopt: when POST is set, reset the 'upload' field - single_transfer: use the libcurl URL parser when appending query parts - smb: replace CURL_WIN32 with WIN32 - tool: avoid generating ambiguous escaped characters in --libcurl - tool_main: exit at once if out of file descriptors - tool_operate: more transfer cleanup after parallel transfer fail - tool_operate: prevent over-queuing in parallel mode - tool_paramhelp: asserts verify maximum sizes for string loading - tool_xattr: save the original URL, not the final redirected one - url: a zero-length userinfo part in the URL is still a (blank) user - url: allow non-HTTPS HSTS-matching for debug builds - url: rename function due to name-clash in Watt-32 - url: use IDN decoded names for HSTS checks - urlapi: detect scheme better when not guessing - urlapi: fix parsing URL without slash with CURLU_URLENCODE - urlapi: reject more bad characters from the host name field * Remove patch upstream: - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch ==== dbus-1 ==== Version update (1.14.0 -> 1.14.4) Subpackages: dbus-1-common dbus-1-daemon dbus-1-tools libdbus-1-3 libdbus-1-3-32bit - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ==== dbus-1-x11 ==== Version update (1.14.0 -> 1.14.4) - update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. - An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) - A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) - A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) - Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) - On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) - Slightly improve error-handling for inotify (dbus!235, Simon McVittie) - Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) ==== emacs ==== Subpackages: emacs-el emacs-eln emacs-info emacs-nox emacs-x11 etags - Fix typos in etags manpage - Don't disable PIE ==== expat ==== Version update (2.4.9 -> 2.5.0) Subpackages: libexpat1 libexpat1-32bit - Update to 2.5.0: (bsc#1204708) * Security fixes: - CVE-2022-43680 -- Fix heap use-after-free after overeager destruction of a shared DTD in function XML_ExternalEntityParserCreate in out-of-memory situations. Expected impact is denial of service or potentially arbitrary code execution. * Bug fixes: - Fix curruption from undefined entities - Fix case when parsing was suspended while processing nested entities - Stop leaking opening tag bindings after a closing tag mismatch error where a parser is reset through XML_ParserReset and then reused to parse - CMake: Fix generation of pkg-config file - MinGW|CMake: Fix static library name * Other changes: - Protect header expat_config.h from multiple inclusion - examples: Make use of XML_GetBuffer and be more consistent across examples - Address compiler warnings - Version info bumped from 9:9:8 to 9:10:8; see https://verbump.de/ for what these numbers do ==== gdb ==== - Patches added (swo#29277): * gdb-fix-assert-in-handle_jit_event.patch - Maintenance script qa.sh: * Add PR29706 and PR28617 kfails. ==== gettext-runtime ==== Version update (0.21 -> 0.21.1) Subpackages: libtextstyle0 - update keyring for the last version update - Update to Version 0.21.1 * Runtime behaviour: - On AIX, locale names with a script or with an uppercase language are now supported. For example, sr_Cyrl_RS.UTF-8 is treated like sr_RS.UTF-8@cyrillic, and EN_US.UTF-8 is treated like en_US.UTF-8. * The base Unicode standard is now updated to 14.0.0. * Portability: - Building on macOS 11/arm64 is now supported. - Building on Linux/powerpc64le with glibc ≥ 2.35 is now supported. ==== gtk4 ==== Version update (4.8.1 -> 4.8.2) Subpackages: gtk4-lang gtk4-schema gtk4-tools libgtk-4-1 typelib-1_0-Gtk-4_0 - Update to version 4.8.2: + Input: - Give input methods more control over resets and allow them to preserve state. - Align interpretation of modifiers in key events in X11 and Wayland. + GtkColumnView: Fixes to focus handling. + GtkPopover: - Fix problems with focus when dismissing popovers. - Fix problems with focusing editable labels in popovers. + Build: - Fix build problems with resources and non-gnu linkers. - Fix gi-docgen detection in cross builds. - Require meson 0.60. + Debugging: - Make more debug options available in no-debug builds. - Improve consistency of debug logging. - Give names to all sources. + Accessibility: Introduce GtkAccessibleRange. + Wayland: - Make monitor bounds handling more robust. - Prevent shrinking clients due to wrong toplevel bounds. + Broadway: Return correct pointer coordinates from device queries. + Updated translations. ==== irqbalance ==== Subpackages: irqbalance-ui - run tests - add Avoid-double-free-on-deinit_thermal.patch (bsc#1204607) ==== kernel-firmware ==== Version update (20220930 -> 20221017) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20221017 (git commit 48407ffd7adb): * cnm: update chips&media wave521c firmware. * brcm: add symlink for Pi Zero 2 W NVRAM file * rtw89: 8852b: add initial fw v0.27.32.0 * iwlwifi: add new FWs from core72-129 release * iwlwifi: update 9000-family firmwares to core72-129 * rtl_bt: Update RTL8852C BT USB firmware to 0xD5B8_A40A * amdgpu: update GC 10.3.6 RLC firmware * amdgpu: update GC 10.3.7 RLC firmware * amdgpu: update Yellow Carp RLC firmware * amdgpu: update Beige Goby RLC firmware * amdgpu: update Dimgrey Cavefish RLC firmware * amdgpu: update Navy Flounder RLC firmware * amdgpu: update Sienna Cichlid RLC firmware * mediatek: Update mt8195 SOF firmware to v0.4.1 * qcom: add squashed version of a530 zap shader * rtw89: 8852c: update fw to v0.27.56.1 * rtw89: 8852c: update fw to v0.27.56.0 * mediatek: Update mt8186 SCP firmware - Update Cirrus CS35L41 firmware (bsc#1203699) cirrus-WHENCE-update.patch - Update aliases from 6.1-rc1 kernel ==== libgsasl ==== Subpackages: libgsasl-lang libgsasl7 - refresh keyring ==== libidn2 ==== Version update (2.3.3 -> 2.3.4) Subpackages: libidn2-0 libidn2-0-32bit libidn2-lang - update to 2.3.4: * Support for Unicode 15.0.0 * Uses IDNA2008 from tables from unicode.org rather than IANA for consistency with other implementation and support for Unicode versions 12 through 15. This breaks backwards- compatibility regarding U+19DA and recent releases ==== libreoffice ==== Version update (7.4.1.2 -> 7.4.2.3) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Fix bsc#1201095 - LO-L3: Text box shows that does not show in PowerPoint * bsc1201095.patch - Update to 7.4.2.3: https://wiki.documentfoundation.org/Releases/7.4.2/RC3 https://wiki.documentfoundation.org/Releases/7.4.2/RC2 https://wiki.documentfoundation.org/Releases/7.4.2/RC1 - Remove upstreamed patches: * poppler-22.09.0.patch * bsc1203502.patch ==== libxshmfence ==== Version update (1.3 -> 1.3.1) - Update to version 1.3.1 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * alloc: prefer atomic close-on-exec without O_TMPFILE as well * alloc: prefer SHM_ANON on FreeBSD a la memfd_create ==== mtools ==== Version update (4.0.41 -> 4.0.42) - update to 4.0.42: * Added postcmd attribute in drive description to allow to execute "device release" code automatically at end of command * Code cleanup, signedness cleanup about directory entries ==== multipath-tools ==== Version update (0.9.2+57+suse.cf3c1e9 -> 0.9.2+59+suse.ac8942d) Subpackages: kpartx libmpath0 - Update to version 0.9.2+59+suse.ac8942d: * Fix segfault in "multipath -t" command (boo#1204731) ==== openSUSE-build-key ==== - add the SUSE Container key in PEM format too to new /usr/share/pki/containers/ directory. (bsc#1204706) ==== pkcs11-helper ==== Version update (1.28.0 -> 1.29.0) Subpackages: libpkcs11-helper1 - Update to 1.29.0: * build: do not fail if slot evnets are disabled, thanks to Fabrice Fontaine. * core: do not assume standard objects supported by provider. * openssl: set back key into EVP for openssl-3 to work, thanks to apollo13. ==== python-kiwi ==== Version update (9.24.48 -> 9.24.49) - Bump version: 9.24.48 → 9.24.49 - Fixed test-image-vagrant virtualbox-guest-tools obsoletes virtualbox-guest-x11 - ignore the type check on the Result class With an update of mypy the bound TypeVar is no longer allowed. In newer versions of python we could use the "Self" type or import annotations from the future module. Unfortunately in older python versions which we still support (3.6) there is no non intrusive change which allows us to handle that type annotation. Thus this commit ignores the return type spec for Result.load() for the moment. - Stop copying /dev files statically into the OCI container In containers (nspawn) where part of the /dev filesystem is bind-mounted from outside system, kiwi fails to do the rsync (in creation of the nodes). There is no reason to actually copy whole tree inside so let's just not do it (as it does not seem to be needed at all). - List riscv64 as a valid architecture in the schemas This is needed so that architecture filters on riscv64 specifics can be defined. - Support DM integrity legacy options Add a new attribute integrity_legacy_hmac="true|false" which allows to use old flawed HMAC calculation (does not protect superblock). Add a new attribute integrity_legacy_padding="true|false" which allows to use inefficient legacy padding. Do not use these attributes until compatibility with a specific old kernel is required! - ci(lint): Add Shell linter - Differential Shellcheck - Limit repo alias names to be a safe POSIX name Characters like spaces or other symbols used in repo alias names can cause the package manager to fail setting up the repo. Thus this patch changes the schema to only allow for safe POSIX names matching: {pattern = "[a-zA-Z0-9_\-\.]+"}. This Fixes #2170 - Increase space for test-image-embedded test Add more space to test profile: SystemFeatures - Increase efifatimage size for legacy build test ==== python-typing_extensions ==== Version update (4.3.0 -> 4.4.0) - Clean specfile from old cruft. - Requires Python 3.7+ - Fix testsuite: Must test as module; don't need multibuild. - Update Summary and Description - Update to version 4.4.0 * Add `typing_extensions.Any` a backport of python 3.11's Any class which is subclassable at runtime. (backport from python/cpython#31841, by Shantanu and Jelle Zijlstra). Patch by James Hilton-Balfe (@Gobot1234). * Add initial support for TypeVarLike `default` parameter, PEP 696. Patch by Marc Mueller (@cdce8p). * Runtime support for PEP 698, adding `typing_extensions.override`. Patch by Jelle Zijlstra. * Add the `infer_variance` parameter to `TypeVar`, as specified in PEP 695. Patch by Jelle Zijlstra. ==== samba ==== Version update (4.17.1+git.270.17afe7cb6b -> 4.17.2+git.273.a55a83528b9) Subpackages: libsamba-policy0-python3 samba-ad-dc-libs samba-ad-dc-libs-32bit samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-python3 samba-winbind samba-winbind-libs samba-winbind-libs-32bit - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). ==== sddm ==== Subpackages: sddm-branding-openSUSE - Add patch to avoid launching xdg-desktop-portal by accident: * 0001-disable-automatic-portal-launching.patch ==== sendmail ==== Subpackages: libmilter1_0 - Remove maybe perilous shell script code from sm-client.pre (boo#1202937) ==== shaderc ==== Version update (2022.2 -> 2022.3) - Update to release 2022.3 * Implement default builtin constants needed for GL_EXT_mesh_shader. ==== syslogd ==== Version update (1.4.1 -> 1.5.1) Subpackages: klogd syslog-service - Update ot version 1.5.1 ChangeLog for version 1.5.1 Many thanks to Rainer Gerhards, rsyslog project lead, for identifying a problem with how rsyslog's rsyslogd and sysklogd's syslogd check for invalid priority values (CVE-2014-3634). ChangeLog for version 1.5 * Fix file descriptor leak in klogd * Improve argument list processing * Prevent potential buffer overflow in reading messages from the kernel log ringbuffer * Ensure that "len" is not placed in a register, and that the endtty() signal handler is not installed too early which could cause a segmentation fault or worse * klogd will reconnect to the logger (mostly syslogd) after it went away during operation * On heavily loaded system syslog will not spit out error messages anymore when recvfrom() results in EAGAIN * Makefile improvements * Local copy of module.h * Improved manpage * Always log with syslogd's timezone and locale * Remove trailing newline when forwarding messages * Continue working properly if /etc/service is missing and ignore network activity * Continue writing to log files as soon as space becomes available again after a filled up disk * Removed test to detect control characters> 0x20 as this prevented characters encoded in UTF-8 to be properly passed through * Only resolve the local domain when accepting messages from remote * Properly accompany the MARK message with the facility * Improved daemonise routine in klogd to stabilise startup * klogd will not change the console log level anymore unless -c is given * Added back /usr/src/linux/System.map as fall-back location * Rewrite the module symbol parser to read from /proc/kallsyms * Notify the waiting parent process if the client dies * Complete rewrite of the oops kernel module for Linux 2.6 * Only read kernel symbols from /proc/kallsyms if no System.map has been read * Improved symbol lookup * Prevent named pipes from becoming the controlling tty * Fixing a race condition in syslogd discovered in UML * Improved README.linux * Added boundary checks in klogd * Don't block on the network socket in case of packet loss * Don't crash when filesize limit is reached (e.g. without LFS) * Fix spurious hanging syslogd in connection with futex and NPTL introduced in recent glibc versions and Linux 2.6 (details) * Improved syslog.conf(5) manpage * Use socklen_t where appropriate * Use newer query_module function rather than stepping through /dev/kmem. * Remove special treatment of the percent sign in klogd - Remove patches now upstream solved * klogd-obsolete.patch * sysklogd-1.4.1-fileleak.patch * sysklogd-1.4.1-ksym.patch * sysklogd-1.4.1-no_SO_BSDCOMPAT.diff * sysklogd-1.4.1-owl-crunch_list.diff * sysklogd-1.4.1-preserve_percents.patch * sysklogd-1.4.1-utf8.patch - Port patches * sysklogd-1.4.1-CVE-2014-3634.patch * sysklogd-1.4.1-clearing.patch * sysklogd-1.4.1-dgram.patch * sysklogd-1.4.1-dns.patch * sysklogd-1.4.1-dontsleep.patch * sysklogd-1.4.1-forw.patch * sysklogd-1.4.1-klogd24.dif * sysklogd-1.4.1-ksyslogsize.diff * sysklogd-1.4.1-large.patch * sysklogd-1.4.1-nofortify.patch * sysklogd-1.4.1-reload.dif * sysklogd-1.4.1-reopen.patch * sysklogd-1.4.1-showpri.patch * sysklogd-1.4.1-signal.dif * sysklogd-1.4.1-sparc.patch * sysklogd-1.4.1-sysmap-prior-to-2.5.patch * sysklogd-1.4.1-systemd-multi.dif * sysklogd-1.4.1-systemd-sock-name.patch * sysklogd-1.4.1-systemd.dif * sysklogd-1.4.1-unix_sockets.patch * sysklogd-1.4.1.dif * sysklogd-ipv6.diff ==== systemd ==== Version update (251.6 -> 251.7) Subpackages: libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd-32bit systemd-container systemd-lang udev - Import commit c212388f7de8d22a3f7c22b19553548ccc0cdd15 (merge of v251.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/f78bba8d037cc26c09bbdd167625b2d7fe1f5a30...c212388f7de8d22a3f7c22b19553548ccc0cdd15 - specfile: reindent comments ==== transactional-update ==== Version update (4.0.1 -> 4.1.0) Subpackages: dracut-transactional-update libtukit4 transactional-update-zypp-config tukit tukitd - Version 4.1.0 - t-u: Add a "setup-kdump" command; implements [jsc#PED-1441] - Export TRANSACTIONAL_UPDATE_ROOT (the path to the snapshot) in the update environment; implements [jsc#PED-1078] - Add support for "notify" reboot method for desktop use [gh#openSUSE/transactional-update#93] - Fix kdump initrd recreation detection; the check was performed in the active snapshot instead of the target snapshot - Document register command [bsc#1202900] - Avoid unnecessary snapshots for register command [bsc#1202901] - Various optimizations for register command - Remove bogus error message when triggering reboot - Rework /etc overlay documentation in "The Transactional Update Guide" - Fix incorrect manpage formatting - Remove leftover "salt" reboot method in configuration example file - Replace deprecated std::mem_fn with lambdas ==== vulkan-loader ==== Version update (1.3.224.0 -> 1.3.231.0) - Update to release SDK-1.3.231.0 * Don't pass portability bit to ICDs that dont expect it. * Allow implicit layers for all API versions. ==== vulkan-tools ==== Version update (1.3.224.0 -> 1.3.231) - Update to release 1.3.231.0 * Adapt to Vulkan 231 API, but otherwise no interesting changes - Add 0001-cubepp-Fix-presentKHR-assert.patch ==== webkit2gtk3 ==== Version update (2.38.0 -> 2.38.1) Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Update to version 2.38.1: + Make xdg-dbus-proxy work if host session bus address is an abstract socket. + Use a single xdg-dbus-proxy process when sandbox is enabled. + Fix high resolution video playback due to unimplemented changeType operation. + Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. + Fix player stucking in buffering (paused) state for progressive streaming. + Do not try to preconnect on link click when link preconnect setting is disabled. + Fix close status code returned when the client closes a WebSocket in some cases. + Fix media player duration calculation. + Fix several crashes and rendering issues. ==== webkit2gtk3-soup2 ==== Version update (2.38.0 -> 2.38.1) Subpackages: WebKit2GTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.38.1: + Make xdg-dbus-proxy work if host session bus address is an abstract socket. + Use a single xdg-dbus-proxy process when sandbox is enabled. + Fix high resolution video playback due to unimplemented changeType operation. + Ensure GSubprocess uses posix_spawn() again and inherit file descriptors. + Fix player stucking in buffering (paused) state for progressive streaming. + Do not try to preconnect on link click when link preconnect setting is disabled. + Fix close status code returned when the client closes a WebSocket in some cases. + Fix media player duration calculation. + Fix several crashes and rendering issues. ==== xcb-util-cursor ==== Version update (0.1.3 -> 0.1.4) - Update to version 0.1.4 * Update README for gitlab migration * Add README.md to EXTRA_DIST * Use AC_CONFIG_FILES to replace the deprecated AC_OUTPUT with parameters * Update m4 to xorg/util/xcb-util-m4@c617eee22ae5c285e79e81 * gitlab CI: add a basic build test * configure: Drop AM_MAINTAINER_MODE * autogen.sh: Honor NOCONFIGURE=1 * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish * documentation: Call xcb_free_cursor() when done * Fix out-of-source builds ==== xdg-user-dirs ==== Version update (0.17 -> 0.18) Subpackages: xdg-user-dirs-lang - update to 0.18: + Fixed minor leak + Updated translations + Documentation fixes ==== yast2 ==== Version update (4.5.17 -> 4.5.18) Subpackages: yast2-logs - Improve logging in the ProductControl module, use the new "log.group" call to group logs for each workflow step (bsc#1204625) - 4.5.18 ==== yast2-add-on ==== Version update (4.5.1 -> 4.5.2) - support 'repo' scheme for add-ons (jsc#SLE-22578, jsc#SLE-24584) - 4.5.2 ==== yast2-ruby-bindings ==== Version update (4.5.3 -> 4.5.4) - Added "log.group" method for grouping the log messages (bsc#1204625) - Update Rakefile to allow installing the Ruby files in inst-sys using the "yupdate" command - 4.5.4 ==== zsh ==== - Add zsh-sh subpackage to offer Zsh users a "native" way to handle /bin/sh scripts and use an SH shell with the capabilities of Zsh itself to emulate a Bourne shell. An 'sh' symlink pointing to the Zsh binary is all that is needed for it to emulate the Bourne shell, it is similar to the use of `emulate sh` Zsh's built-in command or the `zsh --emulate sh` shell command. - Drop deprecated use of install_info(_delete) post(un) macros. RPM file triggers have replaced their functionality since 2019.