Packages changed: PackageKit-Qt5 containers-systemd (0.0+git20220628.ee9e63c -> 0.0+git20220706.2c928fe) gcc12 (12.1.0+git27 -> 12.1.1+git215) ghostscript installation-images-MicroOS (17.54 -> 17.56) libX11 (1.8 -> 1.8.1) libjpeg-turbo libnl3 (3.6.0 -> 3.7.0) libzio libzip (1.8.0 -> 1.9.2) libzypp (17.30.2 -> 17.30.3) llvm14 (14.0.5 -> 14.0.6) net-snmp (5.9.1 -> 5.9.2) open-iscsi openssl (1.1.1p -> 1.1.1q) openssl-1_1 (1.1.1p -> 1.1.1q) pam pam-full-src patterns-base patterns-gnome patterns-kde perl-Bootloader plasma5-pa polkit-default-privs (1550+20220524.0345bd9 -> 1550+20220608.097448e) protobuf-c python-jupyter-client (7.3.1 -> 7.3.4) tiff tracker webkit2gtk3 (2.36.3 -> 2.36.4) webkit2gtk3-soup2 (2.36.3 -> 2.36.4) webkit2gtk4 (2.36.3 -> 2.36.4) yast2-core (4.5.1 -> 4.5.2) === Details === ==== PackageKit-Qt5 ==== - Add upstream patch to add Qt 6 support: * 0001-Add-build-system-support-for-Qt6.patch - Build packages as multibuild flavors: qt5, qt6 ==== containers-systemd ==== Version update (0.0+git20220628.ee9e63c -> 0.0+git20220706.2c928fe) - Update to version 0.0+git20220706.2c928fe: * Fix partly missing SELinux support (#5), call podman directly ==== gcc12 ==== Version update (12.1.0+git27 -> 12.1.1+git215) Subpackages: cpp12 libgcc_s1 libgfortran5 libgomp1 libobjc4 libquadmath0 libstdc++6 libstdc++6-locale libstdc++6-pp libubsan1 - Update to gcc-12 branch head, 7811663964aa7e31c3939b859bb, git215 * includes libgomp mold linker detection fix * includes nvptx offload compiler build fix * includes s390x tsan executable stack fix - Update to gcc-12 branch head, 325d82b08696da17fb26bd2e1b6b, git78 - Enable PRU architecture for AM335x platforms ==== ghostscript ==== Subpackages: ghostscript-x11 - use system zlib (bsc#1198449) ==== installation-images-MicroOS ==== Version update (17.54 -> 17.56) - merge gh#openSUSE/installation-images#601 - add edid-write tool to create EDID data (bsc#1199020) - ensure /usr/lib/firmware directory is writable (and not on a read-only file system) - 17.56 - merge gh#openSUSE/installation-images#600 - pam config moved to /usr/lib/pam.d - 17.55 ==== libX11 ==== Version update (1.8 -> 1.8.1) Subpackages: libX11-6 libX11-data libX11-xcb1 - Update to version 1.8.1 This release fixes the --enable-thread-safety-constructor option to the configure script to work as intended. In the previous release, the changes for this option may not have been enabled when the option was not specified or when the --enable option was specified. While we have enabled it by default, believing that doing so will reduce the number of bugs users encounter running libX11 clients, in some cases it may expose bugs in which clients had previously gotten away with calling libX11 functions while a libX11 lock is already held, and thus now deadlock, as discussed in https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/157 . ==== libjpeg-turbo ==== - Add requires between baselibs ==== libnl3 ==== Version update (3.6.0 -> 3.7.0) Subpackages: libnl-config libnl3-200 - Update to release 3.7 * route/mdb: fix buffer overflow in mdb_msg_parser() * route/act: add NAT action ==== libzio ==== - switch to https download url ==== libzip ==== Version update (1.8.0 -> 1.9.2) - libzip 1.9.2: * Fix version number in header file. * Fix zip_file_is_seekable(). * Add zip_file_is_seekable(). * Improve compatibility with WinAES. * Fix encoding handling in zip_name_locate(). * Add option to zipcmp to output summary of changes. * Various bug fixes and documentation improvements. ==== libzypp ==== Version update (17.30.2 -> 17.30.3) - Fix building with GCC 12.x release (#396) - version 17.30.3 (22) ==== llvm14 ==== Version update (14.0.5 -> 14.0.6) - Update to version 14.0.6. * This release contains bug-fixes for the LLVM 14.0.0 release. This release is API and ABI compatible with 14.0.0. - Rebase llvm-do-not-install-static-libraries.patch. ==== net-snmp ==== Version update (5.9.1 -> 5.9.2) Subpackages: libsnmp40 perl-SNMP snmp-mibs - update to 5.9.2 (bsc#1201103): - security: - These two CVEs can be exploited by a user with read-only credentials: - CVE-2022-24805 A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. - These CVEs can be exploited by a user with read-write credentials: - CVE-2022-24806 Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously - CVE-2022-24807 A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808 A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. - Refactor two patches to work with version number 5.9.2: delete: * net-snmp-5.9.1-pie.patch * net-snmp-5.9.1-fix-create-v3-user-outfile.patch add: * net-snmp-5.9.2-pie.patch * net-snmp-5.9.2-fix-create-v3-user-outfile.patch ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570) ==== openssl ==== Version update (1.1.1p -> 1.1.1q) - updated to 1.1.q release ==== openssl-1_1 ==== Version update (1.1.1p -> 1.1.1q) Subpackages: libopenssl1_1 - update to 1.1.1q: * [CVE-2022-2097, bsc#1201099] * Addresses situations where AES OCB fails to encrypt some bytes - openssl-riscv64-config.patch: backport of riscv64 config support ==== pam ==== Subpackages: pam_unix - Keep old directory in filelist for migration - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ==== pam-full-src ==== - Keep old directory in filelist for migration - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced - Use pipewire as default audio server in TW. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-sw_management_gnome - Replace pulseaudio with pipewire as the default audio server in TW. ==== patterns-kde ==== Subpackages: patterns-kde-kde_plasma patterns-kde-kde_yast - Replace pulseaudio with pipewire as the default audio server in TW. ==== perl-Bootloader ==== - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. ==== plasma5-pa ==== Subpackages: plasma5-pa-lang - Suggests pipewire-pulseaudio on TW instead of pulseaudio-module-x11 to make pipewire the default audio server. ==== polkit-default-privs ==== Version update (1550+20220524.0345bd9 -> 1550+20220608.097448e) - Update to version 1550+20220608.097448e: * Whitelist new systemd methods (bsc#1200098) ==== protobuf-c ==== - Do not build static libraries - Run unit tests - Explicit files and directories for includedir, so we can detect what we actually install there - 508.patch: fixes invalid arithmetic shift (bsc#1200908, CVE-2022-33070) ==== python-jupyter-client ==== Version update (7.3.1 -> 7.3.4) Subpackages: jupyter-jupyter-client python310-jupyter-client - Update to version 7.3.4 * Revert latest changes to ThreadedZMQSocketChannel because they break Qtconsole #803 (@ccordoba12) * Add local-provisioner entry point to pyproject.toml Fixes #800 [#801] (@utkonos) * Correct Any type annotations. #791 (@joouha) * Use hatch backend #789 (@blink1073) - Remove jupyter-client-fix787-kernelwarningsfilter.patch, we updated the ipykernel instead. ==== tiff ==== - security update * CVE-2022-2056 [bsc#1201176] * CVE-2022-2057 [bsc#1201175] * CVE-2022-2058 [bsc#1201174] + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch ==== tracker ==== Subpackages: libtracker-sparql-3_0-0 tracker-data-files - Add tracker-do-not-rebuild-non-existing-FTS-tables.patch: Prevent SQL logic error when using tag manager of nautilus. (bsc#1201246, glgo#GNOME/tracker!515) ==== webkit2gtk3 ==== Version update (2.36.3 -> 2.36.4) Subpackages: WebKit2GTK-4.1-lang libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.36.4 (boo#1201221): + Fix the new ATSPI accessibility implementation to add the missing Collection interface for the loaded document. + Fix the MediaSession implementation to make the MPRIS object names more sandbox friendly, which plays better with Flatpak and WebKit's own Bubblwrap-based sandboxing. + Fix leaked Web Processes in some particular situations. + Fix the build with media capture support enabled. + Fix cross-compilation when targeting 64-bit ARM. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-22677, CVE-2022-26710. - Add webkit2gtk3-fix-build.patch: fix the build. ==== webkit2gtk3-soup2 ==== Version update (2.36.3 -> 2.36.4) Subpackages: WebKit2GTK-4.0-lang libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.36.4 (boo#1201221): + Fix the new ATSPI accessibility implementation to add the missing Collection interface for the loaded document. + Fix the MediaSession implementation to make the MPRIS object names more sandbox friendly, which plays better with Flatpak and WebKit's own Bubblwrap-based sandboxing. + Fix leaked Web Processes in some particular situations. + Fix the build with media capture support enabled. + Fix cross-compilation when targeting 64-bit ARM. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-22677, CVE-2022-26710. - Add webkit2gtk3-fix-build.patch: fix the build. ==== webkit2gtk4 ==== Version update (2.36.3 -> 2.36.4) Subpackages: WebKit2GTK-5.0-lang libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 typelib-1_0-JavaScriptCore-5_0 typelib-1_0-WebKit2-5_0 webkit2gtk-5_0-injected-bundles - Update to version 2.36.4 (boo#1201221): + Fix the new ATSPI accessibility implementation to add the missing Collection interface for the loaded document. + Fix the MediaSession implementation to make the MPRIS object names more sandbox friendly, which plays better with Flatpak and WebKit's own Bubblwrap-based sandboxing. + Fix leaked Web Processes in some particular situations. + Fix the build with media capture support enabled. + Fix cross-compilation when targeting 64-bit ARM. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-22677, CVE-2022-26710. - Add webkit2gtk3-fix-build.patch: fix the build. ==== yast2-core ==== Version update (4.5.1 -> 4.5.2) - Fix building with GCC 13 and GCC 12.x (gh#yast/yast-core#156) - 4.5.2