Packages changed: aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) alsa (1.2.4 -> 1.2.5) alsa-plugins (1.2.2 -> 1.2.5) boost-base chrony (3.5.1 -> 4.1) cups-filters (1.27.2 -> 1.28.8) curl (7.76.1 -> 7.77.0) gnutls (3.7.1 -> 3.7.2) gupnp (1.2.4 -> 1.2.6) kmod (28 -> 29) libX11 libcap libimagequant (2.13.1 -> 2.14.1) libmodulemd (2.12.0 -> 2.12.1) libtasn1 (4.16.0 -> 4.17.0) malcontent (0.9.0 -> 0.10.1) openssl pcre2 (10.36 -> 10.37) pipewire python-pycurl rtkit vim (8.2.2850 -> 8.2.2918) wget xen (4.14.1_16 -> 4.15.0_01) yast2 (4.4.5 -> 4.4.9) === Details === ==== aaa_base ==== Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) - Update to version 84.87+git20210601.8cb043f: * Use shell builtins for $HOSTTYPE and others (boo#1186296) ==== alsa ==== Version update (1.2.4 -> 1.2.5) - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ==== alsa-plugins ==== Version update (1.2.2 -> 1.2.5) - Update to 1.2.5 * Support alsa 1.2.5 * Fixed A52 Output plugin * upmix: complete generalizing format * jack: add option to allow non-jack-aligned period size * oss: fix the config (port -> device) * pulse: pcm - handle reading pulse stream hole * usb_stream: use snd_config_get_card() to decode the card number ==== boost-base ==== Subpackages: boost-license1_76_0 libboost_thread1_76_0 - Compile boost iostreams with lzma support for reading .xz files ==== chrony ==== Version update (3.5.1 -> 4.1) Subpackages: chrony-pool-openSUSE - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally [boo#1181826]. - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. - Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don?t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don?t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - add BuildRequires for gnutls-devel (which also pulls nettle to enable the new features) - drop patches which are included in the update: chrony-test-update-processing-of-packet-log.patch chrony-test-fix-util-unit-test-for-NTP-era-split.patch - refreshed chrony-config.patch - track series file for easier quilt setup - added option to turn off testsuite with osc build --without=testsuite testsuite still runs by default ==== cups-filters ==== Version update (1.27.2 -> 1.28.8) - Version upgrade to 1.28.8 * libcupsfilters: Made check whether the driverless PPD to generate should be a fax out PPD more reliable (Issue #343). * foomatic-rip: Options in the 5th command line argument of the CUPS filter command line are separated only by white space and not by comma, also make sure that an option "none" is not considered a custom page size (Issue #348). * implicitclass: Raise timeout for cups-browsed's answer from 20s to 60s (Pull request #346). * libcupsfilters: In the PPD generator really give priority to Apple Raster against PDF (Issue #331). - Version upgrade to 1.28.7 * driverless: Removed the support quality check from Pull request #235 as it takes significant time for each printer being listed, making cups-driverd (`lpinfo -m`) timing out when there are many printers (OpenPrinting CUPS issue #65). * libcupsfilters: In the PPD generator give priority to Apple Raster against PDF (Issue #331). * libcupsfilters: Added NULL check when removing ".Borderless" suffixes from page size names (Issue #314, Pull request #328). * libcupsfilters: In the cupsRasterParseIPPOptions() map the color spaces the same way as in the PPD generator (Issue #326, Pull request #327). * libcupsfilters: Fixed addition of grayscale mode in generated PPD files, to avoid duplicate entries (OpenPrinting CUPS issue #59). - Version upgrade to 1.28.6 * libcupsfilters: In generated PPDs add a grayscale mode if there are only color printing modes (from OpenPrinting CUPS). * libcupsfilters: In generated PPDs add an "OutputBin" option also if it has only one choice (OpenPrinting CUPS pull request #18). * libcupsfilters: Generated PPDs could have an "Unknown" default InputSlot (OpenPrinting CUPS issue #44). * cups-browsed: Removed unneeded IPP attribute additions preventing the created local queues from preserving a location or description the user assigns to them (Issue #323). * cups-browsed: Removed all calls of the resolve_uri() function of libcupsfilters, as these are not actually needed and in case the supplied DNS-SD-based URI is not resolvable, the function gets stuck for ~5 seconds. * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #322). * cups-browsed: Silenced compiler warning. * foomatic-rip: Fix infinite loop and input from file on raw printing (Pull request #318). * foomatic-rip: Remove temporary file created during pdf-to-ps conversion (Pull request #313). - Version upgrade to 1.28.5 * cups-browsed: UUID from IPP response was used after its pointer was freed by ippDelete() (Pull request #311). - Version upgrade to 1.28.4 * driverless: Avoid duplicate PPD list entries from the same device via UUID * driverless: Reduce ippfind calls by "driverless" and "driverless-fax"called by CUPS. Let "driverless list" list both print and fax PPDs and "driverless-fax list" do nothing. * driverless: Avoid duplicate listings in printer discovery, by "driverless-fax" not listing any URI as "driverless" lists them all already. * driverless: Vastly improve performance by doing only one ippfind call instead of two (IPP, IPPS) as ippfind accepts more than one reg type on the command line. * Sample PPDs: Corrected manufacturer name in Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd. - Version upgrade to 1.28.3 * libcupsfilters, cups-browsed: Fixed inconsistency between resolvers for DNS-SD-based URIs, resolve_uri() and ippfind_based_uri_converter(). Now both return a freeable string. * libcupsfilters: Fix uninitialized buffer and parsing ippfind output in ippfind_based_uri_converter() function (Issue #308, Pull request #309). - Version upgrade to 1.28.2 * driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull request #304). * driverless: Make the two ippfind tasks(for IPP and IPPS) run in parallel (Pull request #302, #305, #306). * braille: Support new liblouis tables not containing a display name (Pull request #303) * Build system: Let ./configure not error out when there is more than one DejaVuSans.ttf test font candidate (Issue #300). * cups-browsed: Crash when a remote printer set as default gets removed, due to missing variable in printf() call (Issue #299). * libcupsfilters: Removed all signal handling and global variables from get_printer_attributes() and ippfind_based_uri_converter(). This is overkill for these quick operations and causes problems when shutting down cups-browsed (Issue #298). - Version upgrade to 1.28.1 * COPYING: Fixed several typos * libcupsfilters: Fixed typo in log message of get_printer_attributes functions. * cups-browsed: Fixed typos in configuration file and man page * libcupsfilters: Let the PPD generator not suffix page size names with ".Borderless" if all page sizes would get this suffix, for example for printers which generally print borderless. * libcupsfilters: Added "faxPrefix" option for generated IPP Fax Out PPDs, so that this option also appears in print dialogs. * driverless: List addresses for local services correctly when using "--std-ipp-uris" (with "localhost" hostname). * driverless: Make calls of the ippfind utility somewhat faster, setting the timeout of ippfind to automatic. * libcupsfilters: Resolve DNS-SD-based URIs for local services correctly (using hostname "localhost"). * libcupsfilters: In get_printer_attributes() functions do not try to convert URIs which are not DNS-SD-based (Issue #294). * libcupsfilters: In get_printer_attributes() functions also support URIs with "dnssd://..." scheme. * libcupsfilters: Moved signal handling back into main function of the get_printer_attributes() variants, it got moved out accidentally. * driverless: For generating a PPD, independent whether via "driverless URI" or "driverless cat URI", always allow CUPS driver URIs (prefixed with "driverless: " or "driverless-fax:") and pure IPP URIs. * driverless: Accept clean IPP URIs also for 'driverless cat ...' (Issue #295, Pull request #296). * driverless-fax: Do not use fixed path for call of driverless itself (Pull request #293). - Version upgrade to 1.28.0 * driverless, driverless-fax, libcupsfilters: Added IPP Fax Out support. Now printer setup tools list an additional fax "driver". A fax queue is created by selecting this driver. Jobs have to be sent with "-o phone=12345" to supply the destination phone number (Pull request #280). * libfontembed: Silenced warning with gcc 10.x (Pull request #287). * cups-browsed: Added ./configure options --enable-saving-created-queues and --with-remote-cups-local-queue-naming (Pull request: #253, #285). * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #281, #283). * driverless: Added "--std-ipp-uris" command line option to show listed URIs in standard hostname-based form (not the CUPS DNS-SD-service-name-based form. Only for manual call of the utility, for debugging purposes (Pull request #277). * libfontembed: Removed assert() calls which cause crashes when unsupported emoji fonts are installed (Issue #254, Pull request #276). * driverless: Added support for IPPS (use "ipps://..." URIs if possible, Issue #251, Pull request #270, #273). * gstoraster, gstopdf: When converting PostScript to PDF use the "pdfwrite" output device with "-dPDFSETTINGS=/default" instead of with "-dPDFSETTINGS=/printer". This reproduces bitmaps in the PostScript file with their original image quality (Issue #272). * cups-browsed: Limit log file size and add backup file for previous log entries. Introduced the configuration option DebugLogFileSize in cups-browsed.conf to set the actual limit in kilobytes or 0 to get the old behavior of an unlimited size for the log file (Issue #260, Pull request #267). * gstoraster, gstopdf: Do not apply margins when output format is PDF, as then we convert an incoming PostScript file to PDF (pre-pdftopdf) and do not prepare the pages for the printer (post-pdftopdf, Issue #250). * cups-browsed: Do not write any log messages directly to stderr, there were some concerning timeouts on queue creation (Issue #260). * Build system: Fix cross-compilation without DejaVu test font in configure.ac (Issue #262, Pull request #263). * libcupsfilters: Respect the fact that PPD keywords are case-sensitive when adding "*cupsManualCopies: True" in PPD file (Issue #242). * libcupsfilters: Older versions of libcups (< 2.3.1) had the enum name for fold-accordion finishings mistyped. Added a workaround. * cups-browsed: Remove left-over local queues from the previous session more quickly when CUPS legacy browsing is turned on. * cups-browsed: Left-over local queues from the previous session for which the corresponding remote printer did not appear again did not get removed as they were considered externally overwritten. * gstoraster, gstopdf: Add option "-dDoNumCopies" to Ghostscript command line if we are outputting PDF (called via gstopdf wrapper) and the number of copies supplied to CUPS is 1 (4th command line argument). In this case we convert incoming PostScript to PDF and need to respect embedded PostScript commands to implement the number of copies (Issue #255, CUPS Issue #5796, OpenSUSE bug #1173345). * imagetoraster: Potential null dereference fix (when no valid PPD is supplied, Pull request #256). * cups-browsed: Call cupsGetNamedDest() only if "OnlyUnsupportedByCUPS No" * Sample PPDs: Corrected ColorModel default for Generic PWG Raster PPD to Color (Pull request #247). * cups-browsed: Mark the temp queue as cups-browsed-generated during setting printer-is-shared (Pull request #246). * cups-browsed: Remove mentions of README and AUTHORS files in the man page (Pull request #244). * pclmtoraster: Added new filter to extract Raster data from raster-only PDF files, here for the special case of PCLm files (Pull request #243, #257). * Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to switch between color and grayscale printing (Pull request #237). - Version upgrade to 1.27.5 * cups-browsed: Do not remove the created local queues on shutdown, to avoid their re-creation on restart, so that desktops get no cluttered with notifications of new queues being created. One can return to the old behavior via "KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf (Ubuntu bug #1869981, #1878241). * cups-browsed: Do not accept DNS-SD broadcasts of IPPS type of "remote" CUPS queues of another CUPS instance on the local machine. This way we get a local queue pointing to such a printer only in unencrypted version (IPP). For some reason printing from one CUPS server to another on the same machine works only unencrypted. * foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull request #236) * Build system: In configure.ac use AS_IF instead of AC_CHECK_FILE for font check (Issue #239, Pull request #240) * cups-browsed: Cleaned up code for determining to which CUPS server (host/port/domain socket) to connect, so that connection via DomainSocket cups-browsed.conf directive, CUPS_SERVER and IPP_PORT environment variables and all defaults and methods of libcups, including CUPS' client.conf work. * gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull request #230). * libcupsfilters: Silence compiler warning (Pull request #229). - Version upgrade to 1.27.4 * libcupsfilters, cups-browsed: Fix memory issues in ppdgenerator and cups-browsed (Pull request #226). * pdftops: Mention cups-filters README, CUPS README in debug log (Pull request #225). * pdftopdf, gstoraster, foomatic-rip: Use "-dSAFER" Ghostscript option, instead of the deprecated "-dPARANOIDSAFER" (Pull request #224). * Build System: Replace '==' in configure.ac test with '=', as the former is a bashism (Pull request #222). - Version upgrade to 1.27.3 * cups-browsed: Allow sharing local queues pointing to remote CUPS queues and re-sharing printers discovered via BrowsePoll by default, using AllowResharingRemoteCUPSPrinters and NewBrowsePollQueuesShared directives in cups-browsed.conf (Issue #101, Pull request #218). * driverless: Correctly unlink temporary file when generating PPD file (Pull request #220). * cups-browsed: Fixed memory leaks (Pull request #219). * foomatic-rip: PDF page count side-loads the PDF file to count the pages in, so it cannot be run in -dSAFER mode. Run even in -dNOSAFER mode to override the -dSAFER default of newer Ghostscript versions. This should not cause a security problem as we do not take an input file which could do arbitrary side-loads but we run hard-coded PostScript commands instead (Issue #216). * libfontembed: Add checks to the test programs to not segfault if the test font file is not found (Pull request #214). * Build System: Let ./configure fail if the supplied test font file path (or the default) does not exist (Pull request #214), also use the "find" command to find the test font file DejaVuSans.ttf under /usr/share/fonts, as every distribution has it somewhere else. - fix_upstream_issue348.patch is no longer needed because it is now fixed in the upstream sources, see the above entry about "Issue #348". Entries like "Issue #NNN" or "Pull request #NNN" mean cups-filters upstream issues or cups-filters upstream GitHub pull requests at https://github.com/OpenPrinting/cups-filters ==== curl ==== Version update (7.76.1 -> 7.77.0) Subpackages: libcurl4 - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don't allow TLS 1.3 for versions that don't support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket ==== gnutls ==== Version update (3.7.1 -> 3.7.2) - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale - Rework the crypto-policies dependencies in libraries [bsc#1186385] ==== gupnp ==== Version update (1.2.4 -> 1.2.6) - Update to version 1.2.6 + Fix CVE-2021-33516 ( boo#1186590 ) + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacs + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Fix introspection annotation for send_action_list + Make ServiceIntrospection usable from gobject-introspection - Fix dependencies - Update to version 1.2.6: + Fix wrong dependency on GSSDP 1.2.4 - Changes from version 1.2.5: + Fix introspection annotation for send_action_list + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Make ServiceIntrospection usable from gobject-introspection + Add Python example + Add C example + Fix JavaScript example + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacks ==== kmod ==== Version update (28 -> 29) Subpackages: libkmod2 - /usr/lib should override /lib where both are available. Support /usr/lib for depmod.d as well. * Refresh usr-lib-modprobe.patch - Remove test patches included in release 29 - kmod-populate-modules-Use-more-bash-more-quotes.patch - kmod-testsuite-compress-modules-if-feature-is-enabled.patch - kmod-also-test-xz-compression.patch - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. - Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch, 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch, 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch (all merged) ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-xcb1 - U_Check-for-NULL-strings-before-getting-their-lengths.patch * regression in libX11 1.7.1 (boo#1186643) fixes segfaults for xforms applications like fdesign ==== libcap ==== - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ==== libimagequant ==== Version update (2.13.1 -> 2.14.1) - update to 2.14.1: * improved Rust API * quality improvements for remapping overlays over a background ==== libmodulemd ==== Version update (2.12.0 -> 2.12.1) - Updated to 2.12.1 This is a bug-fix release fully compatible with the previous 2.12.0 version. Notable changes: Enhancements: - Improve diagnostic messages for compression tests. - Tests performed in a GitHub continues integration are faster. - Use GitHub actions to perform CI tests also on ArchLinux, Mageia, Mandriva, and OpenSUSE. Fixes: - Relax context value up to 13 characters including an underscore character in modulemd v2 format. This reenables scratch-builds in MBS. Migrate Packit tests from a deprecated current_version_command to a newer actions/get-current-version. ==== libtasn1 ==== Version update (4.16.0 -> 4.17.0) - libtasn1 4.17.0: * Print deprecation messages for deprecated macros * Fix some clang issues due to illegal pointers * Restore handling of SIZE nodes * Fix memory leak caught by oss-fuzz * Gtk-doc fixes * Fix bugs unveiled by Static Analysis * Update gnulib files and many build fixes - move tools to -tools packages and clarify licenses - update upstream signing keyring - remove deprecated texinfo packaging macros ==== malcontent ==== Version update (0.9.0 -> 0.10.1) Subpackages: libmalcontent-0-0 typelib-1_0-Malcontent-0 - Update to version 0.10.1 + Improve support for systems without accountsservice + Fix some data loss-causing state synchronisation problems + Hide support for flatpak user repositories, as they are typically not configured on systems + Add manpage docs for malcontent-client + Consider terminology of ?parental controls? + Improving padding/spacing in malcontent-control UI + Reload ?Restrict Apps? list when installed apps change on system + Add command line option to malcontent-control to pre-select a user + Fails closed if accountsservice isn't available on the bus + Fix partial loss of parental controls settings when partially updating them + libmalcontent-ui: Drop handling of eos-link desktop files + user-controls: Only save the app filter if it?s changed + Add Danish translation + Update Ukrainian, Italian, Swedish, and Polish translation ==== openssl ==== - Provide openssl(cli) by the meta package: Together with the suggests openssl in the base patterns, any consumer of this symbols should get the openssl meta package as candidate, which allows us to easier change the recommended default version. ==== pcre2 ==== Version update (10.36 -> 10.37) Subpackages: libpcre2-16-0 libpcre2-8-0 - pcre2 10.37: * removal of the actual POSIX names regcomp etc. from the POSIX wrapper library because these have caused issues for some applications, replacing pcre2-symbol-clash.patch * fix a hypothetical NULL dereference * fix two bugs related to over-large numbers so the behaviour is now the same as Perl * Fix propagation of \K back from the full pattern recursion * Restore single character repetition optimization in JIT ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to use the independent switch to mute Lineout or Speaker instead of setting the volume, which on some soundcards might be shared by Headphone and Lineout or Headphone and Speaker (fixes boo#1186572): * 0001-alsa-mixer-only-use-switch-to-mute-Front-in-the-Headphone-path.patch - Introduce a workaround for systems where %systemd_user_post didn't enable the user services correctly due to different reasons . This workaround is only executed once, and only if it's really needed. In order to execute only once a lock file is created in /var/lib/pipewire. The lockfile can be removed when the workaround is removed. Everyone who upgraded their TW system between (aprox.) the 14th of January and the 16th of March and who didn't enable the services manually is affected by this. It also happens for everyone who installed a new TW system since (aprox.) the 14th of January and also for everyone doing a new installation of SLE15-SP3 / Leap 15.3 from the iso (new installations using online repositories will work fine once the fix in systemd-presets-common-SUSE is released). Fixes boo#1184852, boo#1183012 and boo#1186561. ==== python-pycurl ==== - Add curl7770_compatibility.patch to have package compatible with curl 7.77.0. ==== rtkit ==== - Replace systemd-devel BuildRequires with pkgconfig(libsystemd): allow OBS to shortcut through the systemd-mini flavors. ==== vim ==== Version update (8.2.2850 -> 8.2.2918) Subpackages: vim-data-common vim-small - Updated to version 8.2.2918, fixes the following problems * Using mapping on the command line triggers CmdlineChanged. (Naohiro Ono) * Configure can add --as-needed a second time. * Window is not updated after using mapping. * Custom statusline cannot contain % items. * White space after "->" does not give E274. * Get readonly error for device that can't be written to. * Vim9: exception in ISN_INSTR caught at wrong level. * Test fails because of changed error message. * Tcl test fails because of changed error message. * Adding a text property causes the whole window to be redawn. * Vim9: "legacy return" is not recognized as a return statement. * Removing a text property causes the whole window to be redawn. * Removing a text property does not redraw optimally. * Vim9: crash when using inline function. * Skipping over function body fails. * Vim9: memory leak when using inline function. * Build failure. * Vim9: When executing a compiled expression the trylevel at start is changed but not restored. (closes #8214) * Using unified diff is not tested. * CmdlineChange event triggered twice for CTRL-R. * Unnessary VIM_ISDIGIT() calls, badly indented code. * Python tests fail without the channel feature. * Not enough tests for writing buffers. * Cancelling inputlist() after a digit does not return zero. * Configure cannot detect Python 3.10. * Insufficient tests for popup menu rightleft. * Vim9: for loop list unpack only allows for one "_". * File extension .hsig not recognized. * Unified diff fails if actually used. * Various pieces of code not covered by tests. * Vim9: memory leak when lambda has an error. * Not enough cscope code is covered by tests. * searching for \%'> does not match linewise end of line. (Tim Chase) * Various pieces of code not covered by tests. * Crash when passing null string to fullcommand(). * Vim9: "k" command recognized in Vim9 script. * Typo and verbose comment in Makefiles. * Text property duplicated when data block splits. * Cannot build with Perl 5.34. * Error message contains random characters. * Multi-byte text in popup title shows up wrong. * Vim9: random characters appear in some error messages. * Spellfile functionality not fully tested. * Vim9: can use reserved words at the script level. * QuitPre and ExitPre not triggered when GUI window is closed. * Appveyor script does not detect nmake failure. * QuitPre is triggered before :wq writes the file, which is different from other commands. * Some operators not fully tested. * Spellfile functionality not fully tested. * Cursor position wrong on wrapped line with 'signcolumn'. * "g$" causes scroll if half a double width char is visible. * No error when defaults.vim cannot be loaded. * ASAN reports errors for test_startup for unknown reasons. * Memory leak when running out of memory. * Crash when using a terminal popup window from the cmdline window. * Build error with non-Unix system. * Test for cmdline window and terminal fails on MS-Windows. * Pattern "\%V" does not match all of block selection. (Rick Howe) * MS-Windows: most users expect using Unicode. * MS-Windows conpty supports using mouse events. * Cannot paste a block without adding padding. * Operators are not fully tested. * Spellfile functionality not fully tested. * Builtin function can be shadowed by global variable. ==== wget ==== - When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the "The name is too long, ... trying to shorten" messages. The patch moves the length check code to a separate function and call it from the append_dir_structure() for each path element. [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch] - If wget for an http URL is redirected to a different site (hostname parts of URLs differ), then any "Authenticate" and "Cookie" header entries are discarded. [bsc#1175551, wget-do-not-propagate-credentials.patch] ==== xen ==== Version update (4.14.1_16 -> 4.15.0_01) - Add xen.sysconfig-fillup.patch to make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf The number of loop devices is unlimited since a while - Refresh xenstore-launch.patch to cover also daemon case - Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it, drop reproducible.patch - Update to Xen 4.15.0 FCS release xen-4.15.0-testing-src.tar.bz2 * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0. * Xen now supports Viridian enlightenments for guests with more than 64 vcpus. * Xenstored and oxenstored both now support LiveUpdate (tech preview). * Unified boot images * Switched x86 MSR accesses to deny by default policy. * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format. * Support for zstd-compressed dom0 (x86) and domU kernels. * Reduce ACPI verbosity by default. * Add ucode=allow-same option to test late microcode loading path. * Library improvements from NetBSD ports upstreamed. * x86: Allow domains to use AVX-VNNI instructions. * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts. * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend. * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging. * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests. - Dropped patches contained in new tarball 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6011bbc7-x86-timer-fix-boot-without-PIT.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch libxc-bitmap-longs.patch libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxl.fix-libacpi-dependency.patch stubdom-have-iovec.patch xenwatchdogd-options.patch ==== yast2 ==== Version update (4.4.5 -> 4.4.9) - AutoYaST: SectionWithAttributes allows to indicate whether an attribute accepts blank values (related to jsc#PM-2620). - 4.4.9 - revert disable of hibernation based on product and virtual machines (bsc#1184470) - 4.4.8 - Improve Yast2::Equatable mixin making the #hash method to be fine tuned easelly (related to bsc#11806082). - 4.4.7 - Added some names to the list of parameters handled by CFA for the login.defs configuration (related to jsc#PM-2620). - 4.4.6