Packages changed: ImageMagick (7.1.0.4 -> 7.1.0.8) Mesa (21.2.1 -> 21.2.2) Mesa-drivers (21.2.1 -> 21.2.2) NetworkManager-vpnc apparmor atftp (0.7.4 -> 0.7.5) bubblewrap (0.4.1 -> 0.5.0) crash ell (0.43 -> 0.44) freerdp gedit-plugins gjs (1.68.3 -> 1.68.4) gnome-control-center (40.0 -> 40.1) gnome-dictionary gnome-shell-extension-desktop-icons gnome-shell-extensions gnome-tweaks gnome-user-docs (40.4 -> 40.5) gnome-user-share gtk4 gtkspell gucharmap irda konsole libapparmor libass (0.15.1 -> 0.15.2) libcryptui libfido2 (1.7.0 -> 1.8.0) libgexiv2 (0.12.3 -> 0.14.0) libmwaw (0.3.19 -> 0.3.20) libstorage-ng (4.4.36 -> 4.4.37) llvm12 mariadb multipath-tools nautilus-sendto nautilus-share net-snmp notification-daemon pidgin (2.14.6 -> 2.14.7) pulseaudio python-importlib-resources (3.3.0 -> 5.2.2) qemu systemd-default-settings tracker2 webkit2gtk3 (2.32.3 -> 2.32.4) wpebackend-fdo (1.8.0 -> 1.10.0) xdg-desktop-portal (1.8.1 -> 1.10.0) yast2-add-on (4.4.2 -> 4.4.3) === Details === ==== ImageMagick ==== Version update (7.1.0.4 -> 7.1.0.8) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.0.8 * Check for `null` in InvokeDelegate() (reference https://github.com/ImageMagick/ImageMagick/issues/4225). * Fixed incorrect check when module is used as the domain in policy.xml that could allow the use of a disabled module. (reference https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr). * Prevent color reduction merging into one color (reference https://github.com/ImageMagick/ImageMagick/issues/4059) * Tweak the bilevel image type (reference https://github.com/ImageMagick/ImageMagick/issues/4121). * Converting from LAB to RGB leads to wrong colors (reference https://github.com/ImageMagick/ImageMagick/issues/4105). * Added option (-dng:read-thumbnail=true) to read the thumbnail of a raw Image and store it as a profile called dng:thumbnail. * Heap-based buffer overflow in TIFF coder (alert from Hunter Mitchell). * Grayscale image write optimization. ==== Mesa ==== Version update (21.2.1 -> 21.2.2) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.2.2 * second bugfix release: a ton of work went into panfrost, getting it closer to being conformant (it is conformant on 21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm, zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even osmesa. ==== Mesa-drivers ==== Version update (21.2.1 -> 21.2.2) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to 21.2.2 * second bugfix release: a ton of work went into panfrost, getting it closer to being conformant (it is conformant on 21.3!); fixes for ir3, croccus, nir, utils, llvmpipe, gallivm, zink, glsl, v3d, vc4, intel, mesa, aco, iris, radv, and even osmesa. ==== NetworkManager-vpnc ==== Subpackages: NetworkManager-vpnc-gnome NetworkManager-vpnc-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit python3-apparmor - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ==== atftp ==== Version update (0.7.4 -> 0.7.5) - Update to version 0.7.5 [bsc#1190522, CVE-2021-41054] * text files: mark/convert all textfiles to UTF-8 * fix some compiler warnings * fix buffer overflow in atftpd (CVE-2021-41054) * test.sh: check for root no longer necessary * tftpd.c: Only drop privs if requested or running as root + check for failure * fix invalid read of 1 byte in tftp_send_request. * Check return value of fseek(), abort if != 0 * options.c: Proper fix for the read-past-end-of-array * configure.ac: Add -std=gnu89 if gcc/clang is detected * tftpd.c: Fix memleak if thread spawning fails * atftp: Check return value of fgets, buffer might be uninitialized on NULL * Fix check for argz support (HAVE_ARGZ -> HAVE_ARGZ_H) * replace LICENSE with current version * Remove patches fixed upstream: - atftp-0.7-sorcerers_apprentice.patch - atftp-0.7-server_receive_race.patch - atftp-0.7-ack_heuristic.patch * Rebase patches: - atftp-drop_privileges_non-daemon.patch - atftp-0.7-default_dir_man.patch - atftp-0.7-default_user_man.patch - Added hardening to systemd service(s) (bsc#1181400). Modified: * atftpd.service ==== bubblewrap ==== Version update (0.4.1 -> 0.5.0) - Update to version 0.5.0: + New features: - --chmod changes permissions - --clearenv unsets every environment variable (except PWD) - --perms sets permissions for one subsequent --bind-data, - -dir, --file, --ro-bind-data or --tmpfs + Other enhancements: - Better diagnostics when a --bind or other bind-mount fails - zsh tab-completion - Better test coverage + Bug fixes: - Use Python 3 for tests and examples - Mount points for non-directories are created with permissions - r--r--r-- instead of -rw-rw-rw- - Don't remount items in /proc read-only if already EROFS, required to run under Docker - Allow mounting an non-directory over an existing non-directory, e.g. --bind "$XDG_RUNTIME_DIR/my-log-socket" /dev/log - Silence kernel messages for our bind-mounts - Make sure pkg-config is checked for, regardless of build options - Improve ability to bind-mount directories on case-insensitive filesystems - Fix -Wshadow warnings - Fix deprecation warnings with newer SELinux - Add new subpackage bubblewrap-zsh-completion ==== crash ==== - Fix build on ppc64 - it needs full TOC as much as ppc64le. - Fix module loading (bsc#1190743 ltc#194414). + crash-mod-fix-module-object-file-lookup.patch ==== ell ==== Version update (0.43 -> 0.44) - update to release 0.44 * Fix issue with allowing zero byte input for AEAD cipher. * Fix issue with filling in DNS info in DHCP lease objects. * Add support neighbor discovery utility helpers. ==== freerdp ==== Subpackages: libfreerdp2 libwinpr2 - Create an explicit freerdp dependency for libwinpr - Add preliminary patch freerdp-fix-plugin-path.patch to fix dynamic addin loading - Modified spec to satisfy because obs-service-source_validator does not support elif - Fix the spec-cleaner mess - Enable a few options on TW - Build for 15.3 required another lib - Remove X264 option, no related backend exists and enabling it fails in cmake creation stage - Reorganize build flags - Apply fix for -DBUILTIN_CHANNELS=OFF: freerdp-builtin-channels-off-link-fix.diff - Add plugins to libwinpr ==== gedit-plugins ==== Subpackages: gedit-plugins-data gedit-plugins-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gjs ==== Version update (1.68.3 -> 1.68.4) Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Update to version 1.68.4: + Build fix backported from the development branch. ==== gnome-control-center ==== Version update (40.0 -> 40.1) Subpackages: gnome-control-center-color gnome-control-center-goa gnome-control-center-lang gnome-control-center-user-faces - Update to version 40.1: + About: Don't show GNOME micro version. + Location: Fix permission store table and id. + Network: - Show all IPv6 addresses for an interface. - Display IPv6 gateway. + Power: Fix D-Bus proxy leak. + Updated translations. - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gnome-dictionary ==== Subpackages: gnome-dictionary-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gnome-shell-extension-desktop-icons ==== - Remove obsolete translation-update-upstream and gnome-patch-translation support (jsc#SLE-21105). ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang - Remove obsolete translation-update-upstream and gnome-patch-translation support (jsc#SLE-21105). ==== gnome-tweaks ==== Subpackages: gnome-tweaks-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gnome-user-docs ==== Version update (40.4 -> 40.5) - Update to version 40.5: + Updates to Files documentation. + Updated terminology. + Updated translations. ==== gnome-user-share ==== Subpackages: gnome-user-share-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gtk4 ==== Subpackages: gtk4-lang gtk4-schema libgtk-4-1 typelib-1_0-Gtk-4_0 - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gtkspell ==== Subpackages: gtkspell-lang libgtkspell0 - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== gucharmap ==== Subpackages: gucharmap-lang libgucharmap_2_90-7 - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== irda ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * irattach.service ==== konsole ==== Subpackages: konsole-part konsole-part-lang - Add patches to fix some more window size related issues: * 0001-Don-t-resize-window-when-switching-virtual-desktops-.patch (kde#441610) * 0002-Always-save-the-window-state-and-geometry.patch (kde#442252, boo#1189927) ==== libapparmor ==== Subpackages: libapparmor1 libapparmor1-32bit - lessopen.sh profile: allow reading files that live on NFS over UDP (added to apparmor-lessopen-nfs-workaround.diff) (boo#1190552) ==== libass ==== Version update (0.15.1 -> 0.15.2) - Update to version 0.15.2 * Fix some format string bugs, which could lead to garbled log messages or on some platforms crashes * Fix ass_set_fonts_dir failing to load long paths * Better handling of control characters that have no associated font glyphs - Update Requires and BuildRequires to actual pkgconfig versions ==== libcryptui ==== Subpackages: libcryptui-data libcryptui-lang libcryptui0 seahorse-daemon - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== libfido2 ==== Version update (1.7.0 -> 1.8.0) - Removed fix-cmake-linking.patch because no longer needed - Update to version 1.8.0: * Dropped 'Requires.private' entry from pkg-config file. * Better support for FIDO 2.1 authenticators. * Support for Windows's native webauthn API. * Support for attestation format 'none'. * New API calls: - fido_assert_set_clientdata; - fido_cbor_info_algorithm_cose; - fido_cbor_info_algorithm_count; - fido_cbor_info_algorithm_type; - fido_cbor_info_transports_len; - fido_cbor_info_transports_ptr; - fido_cred_set_clientdata; - fido_cred_set_id; - fido_credman_set_dev_rk; - fido_dev_is_winhello. * fido2-token: new -Sc option to update a resident credential. * Documentation and reliability fixes. * HID access serialisation on Linux. - disable fix-cmake-linking.patch, not needed currently ==== libgexiv2 ==== Version update (0.12.3 -> 0.14.0) - Update to version 0.14.0: + Fix BMFF compile test. - Changes from version 0.13.0: + Update gexiv2-dump tool + More additions to API and _try versions that support GErorr if exiv2 might throw + Some additions to gexiv2-tool + Changes in build configuration ==== libmwaw ==== Version update (0.3.19 -> 0.3.20) - Update to 0.3.20: * add a parser for Student Writing Center files (v1) * add a parser for Word Maker files (v1) * add a parser for Canvas 9/10 files (Mac) ==== libstorage-ng ==== Version update (4.4.36 -> 4.4.37) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Greek) (bsc#1149754) - 4.4.37 ==== llvm12 ==== Subpackages: clang-tools clang12 clang12-doc libLLVM12 libLTO12 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang12 - Set CMAKE_LINKER to workaround CMake wanting to use lld just because we're using clang as compiler. Fixes build on aarch64. (https://bugs.llvm.org/show_bug.cgi?id=51115) ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - Replace %{_rpmconfigdir}/macros.d with %{_rpmmacrodir}, remove ownership of this directory. Fixes boo#1182218 - Run spec-cleaner ==== multipath-tools ==== Subpackages: kpartx libmpath0 - Add a versioned dependency of multipath-tools on libmpath0 (bsc#1190622) ==== nautilus-sendto ==== Subpackages: nautilus-sendto-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== nautilus-share ==== Subpackages: nautilus-share-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== net-snmp ==== Subpackages: libsnmp30 perl-SNMP snmp-mibs - add upstream signing keyring and validate source signature ==== notification-daemon ==== Subpackages: notification-daemon-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== pidgin ==== Version update (2.14.6 -> 2.14.7) Subpackages: libpurple libpurple-lang libpurple-plugin-sametime libpurple-tcl - Remove obsolete translation-update-upstream support (jsc#SLE-21105). - update to 2.14.7: * Fix leak in purple_markup_find_tag on error * Fix an assert in purple_markup_html_to_xhtml * Correctly free parse tags at end of purple_html_to_xhtml * Fix leak that may occur when xmlnode_from_str fails * Port purple_str_to_time to use a regular expressions ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion - Remove obsolete translation-update-upstream support (jsc#SLE-21105). - Require perl-XML-Parser explicitly, it's needed by build. ==== python-importlib-resources ==== Version update (3.3.0 -> 5.2.2) - Update to v5.2.2 * #234: Fix refleak in as_file caught by CPython tests. - Release v5.2.1 * bpo-38291: Avoid DeprecationWarning on typing.io. - Release v5.2.0 * #80 via #221: Legacy API (path, contents, ...) is now supported entirely by the .files() API with a compatibility shim supplied for resource loaders without that functionality. - Release v5.0.6 * bpo-38693: Prefer f-strings to .format calls. - Release v5.1.4 * #225: Require zipp 3.1.0 or later on Python prior to 3.10 to incorporate those fixes. - Release v5.0.5 * #216: Make MultiplexedPath.name a property per the spec. - Release v5.1.3 * Refresh packaging and improve tests. * #216: Make MultiplexedPath.name a property per the spec. - Release v5.1.2 * Re-release with changes from 5.0.4. - Release v5.0.4 * Fixed non-hermetic test in test_reader, revealed by GH-24670. - Release v5.1.1 * Re-release with changes from 5.0.3. - Release v5.0.3 * Simplified DegenerateFiles.Path. - Release v5.0.2 * #214: Added _adapters module to ensure that degenerate files behavior can be made available for legacy loaders whose resource readers don't implement it. Fixes issue where backport compatibility module was masking this fallback behavior only to discover the defect when applying changes to CPython. - Release v5.1.0 * Added simple module implementing adapters from a low-level resource reader interface to a TraversableResources interface. Closes #90. - Release v5.0.1 * Remove pyinstaller hook for hidden 'trees' module. - Release v5.0.0 * Removed importlib_resources.trees, deprecated since 1.3.0. - Release v4.1.1 * Fixed badges in README. - Release v4.1.0 * #209: Adopt jaraco/skeleton. * Cleaned up some straggling Python 2 compatibility code. * Refreshed test zip files without .pyc and .pyo files. - Release v4.0.0 * #108: Drop support for Python 2.7. Now requires Python 3.6+. - Release v3.3.1 * Minor cleanup. ==== qemu ==== Subpackages: qemu-accel-qtest qemu-accel-tcg-x86 qemu-arm qemu-audio-spice qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390x qemu-seabios qemu-sgabios qemu-skiboot qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu qemu-x86 - Fix testsuite dependencies (bsc#1190573) * Patches added: modules-quick-fix-a-fundamental-error-in.patch - Replace patch to fix hardcoded binfmt handler (bsc#1186256) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch * Patches added: qemu-binfmt-conf.sh-should-use-F-as-shor.patch - Stable fixes from upstream * Patches added: 9pfs-fix-crash-in-v9fs_walk.patch i386-cpu-Remove-AVX_VNNI-feature-from-Co.patch plugins-do-not-limit-exported-symbols-if.patch plugins-execlog-removed-unintended-s-at-.patch qemu-sockets-fix-unix-socket-path-copy-a.patch target-i386-add-missing-bits-to-CR4_RESE.patch virtio-balloon-don-t-start-free-page-hin.patch ==== systemd-default-settings ==== Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2 6b8dde1 Convert more drop-ins into early ones ==== tracker2 ==== Subpackages: libtracker-common-2_0 libtracker-control-2_0-0 libtracker-miner-2_0-0 libtracker-sparql-2_0-0 tracker2-lang - Remove obsolete translation-update-upstream support (jsc#SLE-21105). ==== webkit2gtk3 ==== Version update (2.32.3 -> 2.32.4) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update to version 2.32.4 (boo#1190701): + Do not append .asc extension to downloaded text/plain files. + Fix several crashes and rendering issues. + Security fixes: CVE-2021-30858. - Drop fix-lto.patch: fixed upstream. ==== wpebackend-fdo ==== Version update (1.8.0 -> 1.10.0) - Update to version 1.10.0: + Added API to query whether receiving rendered audio has been configured. + Added API to obtain the wl_resource for SHM exported buffers. + The CMake build system has been removed in favor of Meson. + Made it easier to override where Meson looks for wayland-scanner during cross-compilation, using a native machine file. + Fixed invalid usage of Wayland client connections in the nested compositor which caused sporadic crashes in certain conditions. + Fixed file descriptor and memory leaks. ==== xdg-desktop-portal ==== Version update (1.8.1 -> 1.10.0) Subpackages: xdg-desktop-portal-lang - Update to version 1.10.0: + Remap /run/flatpak/app, for Flatpak 1.11.x + Remap /var/config and /var/data + permission-store: Avoid a crash + permissions-store: Add GetPermission + screencast: Add 'virtual' source type + openuri: Use real path for OpenDirectory + location: Fix accuracy levels + Add power profile monitor implementation + Updated translations. ==== yast2-add-on ==== Version update (4.4.2 -> 4.4.3) - When the user clicks on "Run Software Manager", check for the "pkg" UI extension and prompt user to install it if not present (jsc#SLE-20346, jsc#SLE-20462) - 4.4.3