Packages changed: aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) alsa (1.2.4 -> 1.2.5) alsa-oss alsa-plugins (1.2.2 -> 1.2.5) alsa-ucm-conf (1.2.4 -> 1.2.5) boost-base boost-extra chrony (3.5.1 -> 4.1) cups-filters (1.27.2 -> 1.28.8) curl (7.76.1 -> 7.77.0) epiphany (40.1 -> 40.2) gnutls (3.7.1 -> 3.7.2) gupnp (1.2.4 -> 1.2.6) kimap kmod (28 -> 29) libX11 libcap libimagequant (2.13.1 -> 2.14.1) libkgapi libmodulemd (2.12.0 -> 2.12.1) libtasn1 (4.16.0 -> 4.17.0) libvirt (7.2.0 -> 7.4.0) malcontent (0.9.0 -> 0.10.1) openssl ovmf (202102 -> 202105) pcre2 (10.36 -> 10.37) perl-Convert-ASN1 (0.27 -> 0.29) pipewire python-libvirt-python (7.2.0 -> 7.4.0) python-pycurl rtkit rubygem-ffi (1.15.0 -> 1.15.1) rubygem-mini_portile2 (2.5.1 -> 2.6.1) rubygem-nokogiri (1.11.3 -> 1.11.6) skopeo (1.2.1 -> 1.2.3) suitesparse sushi (3.38.0 -> 3.38.1) unbound vim (8.2.2850 -> 8.2.2918) wget xen (4.14.1_16 -> 4.15.0_01) xorgproto yast2 (4.4.5 -> 4.4.9) yast2-bootloader (4.4.0 -> 4.4.1) yast2-network (4.4.12 -> 4.4.13) === Details === ==== aaa_base ==== Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) Subpackages: aaa_base-extras - Update to version 84.87+git20210601.8cb043f: * Use shell builtins for $HOSTTYPE and others (boo#1186296) ==== alsa ==== Version update (1.2.4 -> 1.2.5) Subpackages: libasound2 libasound2-32bit libatopology2 - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ==== alsa-oss ==== Subpackages: alsa-oss-32bit - Use https for URL and SourceURL ==== alsa-plugins ==== Version update (1.2.2 -> 1.2.5) Subpackages: alsa-plugins-pulse alsa-plugins-pulse-32bit alsa-plugins-speexrate alsa-plugins-upmix - Update to 1.2.5 * Support alsa 1.2.5 * Fixed A52 Output plugin * upmix: complete generalizing format * jack: add option to allow non-jack-aligned period size * oss: fix the config (port -> device) * pulse: pcm - handle reading pulse stream hole * usb_stream: use snd_config_get_card() to decode the card number ==== alsa-ucm-conf ==== Version update (1.2.4 -> 1.2.5) - Update to version 1.2.5 * tegra: Add UCM for more devices * codecs/rt5640: Make headset optional * rt715: add mic led support * bytcr-rt5640: Add support for controlling a speaker-mute LED * cht-bsw-rt5672: Add support for controlling speaker- and mic-mute LEDs, Add support for the components string * ucm2: add support to for Qualcomm RB5 Platform * codecs/rt5672: Add hardware volume-control support * codecs/rt5640: Add hardware volume-control support * bytcr-wm5102: Add new UCM profile for BYT boards with a WM5102 codec * bytcr-rt5640: Add support for devices without speakers and/or an internal mic * chtrt5645: Enable Internal MIC of ECS EF20EA * chtnau8824: Add support for laptops using stereo DMICs and fix mono speaker config not working * Full changes: https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-ucm-conf - Drop upstream fixes * 0001-fix-the-ucm2-codecs-hda-hdmi.conf-use.patch * 0002-codecs-hda-hdmi.conf-add-DisplayPort-to-the-device-d.patch * 0003-sof-soundwire-use-the-codecs-hda-hdmi.conf-macro.patch * 0004-Revert-ucm2-HDA-acp-add-Capture-simple-mixer-element.patch * 0005-chtnau8824-Fix-mono-speaker-config-not-working.patch * 0006-chtnau8824-Add-support-for-laptops-using-stereo-DMIC.patch * 0007-chtnau8824-Boost-analog-mic-volumes-a-bit.patch * 0008-rt715-init-setup-ADC07-to-a-proper-volume.patch * 0009-sof-hda-dsp-Set-Master-Playback-Switch-on-in-the-Boo.patch * 0010-HDA-Intel-HiFi-dual-Add-EnableSequence-and-DisableSe.patch * 0011-HDA-Intel-HiFi-dual-Add-BootSequence-and-disable-pla.patch * 0012-chtrt5645-Enable-Internal-MIC-of-ECS-EF20EA.patch * 0013-bytcr-rt5640-Add-support-for-devices-without-speaker.patch * 0014-rt5640-Move-standard-DAC-setup-to-EnableSeq.conf.patch * 0015-bytcr-rt5640-fix-the-execution-order.patch * 0016-ucm2-add-initial-configuration-for-TRX40-Gigabyte-Ao.patch * 0017-USB-Audio-ALC1220-Bump-analog-Speaker-priority-over-.patch * 0018-USB-Audio-ALC1220-fix-indentation-for-Speaker-device.patch * 0019-USB-Audio-fix-indentation-in-Gigabyte-Aorus-Master-M.patch * 0020-chtnau8824-Add-a-SST-define-variable.patch * 0021-kblrt5660-Fix-file-permissions.patch ==== boost-base ==== Subpackages: boost-license1_76_0 libboost_date_time1_76_0 libboost_filesystem1_76_0 libboost_iostreams1_76_0 libboost_locale1_76_0 libboost_program_options1_76_0 libboost_thread1_76_0 - Compile boost iostreams with lzma support for reading .xz files ==== boost-extra ==== - Compile boost iostreams with lzma support for reading .xz files ==== chrony ==== Version update (3.5.1 -> 4.1) Subpackages: chrony-pool-openSUSE - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally [boo#1181826]. - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. - Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don?t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don?t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - add BuildRequires for gnutls-devel (which also pulls nettle to enable the new features) - drop patches which are included in the update: chrony-test-update-processing-of-packet-log.patch chrony-test-fix-util-unit-test-for-NTP-era-split.patch - refreshed chrony-config.patch - track series file for easier quilt setup - added option to turn off testsuite with osc build --without=testsuite testsuite still runs by default ==== cups-filters ==== Version update (1.27.2 -> 1.28.8) - Version upgrade to 1.28.8 * libcupsfilters: Made check whether the driverless PPD to generate should be a fax out PPD more reliable (Issue #343). * foomatic-rip: Options in the 5th command line argument of the CUPS filter command line are separated only by white space and not by comma, also make sure that an option "none" is not considered a custom page size (Issue #348). * implicitclass: Raise timeout for cups-browsed's answer from 20s to 60s (Pull request #346). * libcupsfilters: In the PPD generator really give priority to Apple Raster against PDF (Issue #331). - Version upgrade to 1.28.7 * driverless: Removed the support quality check from Pull request #235 as it takes significant time for each printer being listed, making cups-driverd (`lpinfo -m`) timing out when there are many printers (OpenPrinting CUPS issue #65). * libcupsfilters: In the PPD generator give priority to Apple Raster against PDF (Issue #331). * libcupsfilters: Added NULL check when removing ".Borderless" suffixes from page size names (Issue #314, Pull request #328). * libcupsfilters: In the cupsRasterParseIPPOptions() map the color spaces the same way as in the PPD generator (Issue #326, Pull request #327). * libcupsfilters: Fixed addition of grayscale mode in generated PPD files, to avoid duplicate entries (OpenPrinting CUPS issue #59). - Version upgrade to 1.28.6 * libcupsfilters: In generated PPDs add a grayscale mode if there are only color printing modes (from OpenPrinting CUPS). * libcupsfilters: In generated PPDs add an "OutputBin" option also if it has only one choice (OpenPrinting CUPS pull request #18). * libcupsfilters: Generated PPDs could have an "Unknown" default InputSlot (OpenPrinting CUPS issue #44). * cups-browsed: Removed unneeded IPP attribute additions preventing the created local queues from preserving a location or description the user assigns to them (Issue #323). * cups-browsed: Removed all calls of the resolve_uri() function of libcupsfilters, as these are not actually needed and in case the supplied DNS-SD-based URI is not resolvable, the function gets stuck for ~5 seconds. * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #322). * cups-browsed: Silenced compiler warning. * foomatic-rip: Fix infinite loop and input from file on raw printing (Pull request #318). * foomatic-rip: Remove temporary file created during pdf-to-ps conversion (Pull request #313). - Version upgrade to 1.28.5 * cups-browsed: UUID from IPP response was used after its pointer was freed by ippDelete() (Pull request #311). - Version upgrade to 1.28.4 * driverless: Avoid duplicate PPD list entries from the same device via UUID * driverless: Reduce ippfind calls by "driverless" and "driverless-fax"called by CUPS. Let "driverless list" list both print and fax PPDs and "driverless-fax list" do nothing. * driverless: Avoid duplicate listings in printer discovery, by "driverless-fax" not listing any URI as "driverless" lists them all already. * driverless: Vastly improve performance by doing only one ippfind call instead of two (IPP, IPPS) as ippfind accepts more than one reg type on the command line. * Sample PPDs: Corrected manufacturer name in Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd. - Version upgrade to 1.28.3 * libcupsfilters, cups-browsed: Fixed inconsistency between resolvers for DNS-SD-based URIs, resolve_uri() and ippfind_based_uri_converter(). Now both return a freeable string. * libcupsfilters: Fix uninitialized buffer and parsing ippfind output in ippfind_based_uri_converter() function (Issue #308, Pull request #309). - Version upgrade to 1.28.2 * driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull request #304). * driverless: Make the two ippfind tasks(for IPP and IPPS) run in parallel (Pull request #302, #305, #306). * braille: Support new liblouis tables not containing a display name (Pull request #303) * Build system: Let ./configure not error out when there is more than one DejaVuSans.ttf test font candidate (Issue #300). * cups-browsed: Crash when a remote printer set as default gets removed, due to missing variable in printf() call (Issue #299). * libcupsfilters: Removed all signal handling and global variables from get_printer_attributes() and ippfind_based_uri_converter(). This is overkill for these quick operations and causes problems when shutting down cups-browsed (Issue #298). - Version upgrade to 1.28.1 * COPYING: Fixed several typos * libcupsfilters: Fixed typo in log message of get_printer_attributes functions. * cups-browsed: Fixed typos in configuration file and man page * libcupsfilters: Let the PPD generator not suffix page size names with ".Borderless" if all page sizes would get this suffix, for example for printers which generally print borderless. * libcupsfilters: Added "faxPrefix" option for generated IPP Fax Out PPDs, so that this option also appears in print dialogs. * driverless: List addresses for local services correctly when using "--std-ipp-uris" (with "localhost" hostname). * driverless: Make calls of the ippfind utility somewhat faster, setting the timeout of ippfind to automatic. * libcupsfilters: Resolve DNS-SD-based URIs for local services correctly (using hostname "localhost"). * libcupsfilters: In get_printer_attributes() functions do not try to convert URIs which are not DNS-SD-based (Issue #294). * libcupsfilters: In get_printer_attributes() functions also support URIs with "dnssd://..." scheme. * libcupsfilters: Moved signal handling back into main function of the get_printer_attributes() variants, it got moved out accidentally. * driverless: For generating a PPD, independent whether via "driverless URI" or "driverless cat URI", always allow CUPS driver URIs (prefixed with "driverless: " or "driverless-fax:") and pure IPP URIs. * driverless: Accept clean IPP URIs also for 'driverless cat ...' (Issue #295, Pull request #296). * driverless-fax: Do not use fixed path for call of driverless itself (Pull request #293). - Version upgrade to 1.28.0 * driverless, driverless-fax, libcupsfilters: Added IPP Fax Out support. Now printer setup tools list an additional fax "driver". A fax queue is created by selecting this driver. Jobs have to be sent with "-o phone=12345" to supply the destination phone number (Pull request #280). * libfontembed: Silenced warning with gcc 10.x (Pull request #287). * cups-browsed: Added ./configure options --enable-saving-created-queues and --with-remote-cups-local-queue-naming (Pull request: #253, #285). * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #281, #283). * driverless: Added "--std-ipp-uris" command line option to show listed URIs in standard hostname-based form (not the CUPS DNS-SD-service-name-based form. Only for manual call of the utility, for debugging purposes (Pull request #277). * libfontembed: Removed assert() calls which cause crashes when unsupported emoji fonts are installed (Issue #254, Pull request #276). * driverless: Added support for IPPS (use "ipps://..." URIs if possible, Issue #251, Pull request #270, #273). * gstoraster, gstopdf: When converting PostScript to PDF use the "pdfwrite" output device with "-dPDFSETTINGS=/default" instead of with "-dPDFSETTINGS=/printer". This reproduces bitmaps in the PostScript file with their original image quality (Issue #272). * cups-browsed: Limit log file size and add backup file for previous log entries. Introduced the configuration option DebugLogFileSize in cups-browsed.conf to set the actual limit in kilobytes or 0 to get the old behavior of an unlimited size for the log file (Issue #260, Pull request #267). * gstoraster, gstopdf: Do not apply margins when output format is PDF, as then we convert an incoming PostScript file to PDF (pre-pdftopdf) and do not prepare the pages for the printer (post-pdftopdf, Issue #250). * cups-browsed: Do not write any log messages directly to stderr, there were some concerning timeouts on queue creation (Issue #260). * Build system: Fix cross-compilation without DejaVu test font in configure.ac (Issue #262, Pull request #263). * libcupsfilters: Respect the fact that PPD keywords are case-sensitive when adding "*cupsManualCopies: True" in PPD file (Issue #242). * libcupsfilters: Older versions of libcups (< 2.3.1) had the enum name for fold-accordion finishings mistyped. Added a workaround. * cups-browsed: Remove left-over local queues from the previous session more quickly when CUPS legacy browsing is turned on. * cups-browsed: Left-over local queues from the previous session for which the corresponding remote printer did not appear again did not get removed as they were considered externally overwritten. * gstoraster, gstopdf: Add option "-dDoNumCopies" to Ghostscript command line if we are outputting PDF (called via gstopdf wrapper) and the number of copies supplied to CUPS is 1 (4th command line argument). In this case we convert incoming PostScript to PDF and need to respect embedded PostScript commands to implement the number of copies (Issue #255, CUPS Issue #5796, OpenSUSE bug #1173345). * imagetoraster: Potential null dereference fix (when no valid PPD is supplied, Pull request #256). * cups-browsed: Call cupsGetNamedDest() only if "OnlyUnsupportedByCUPS No" * Sample PPDs: Corrected ColorModel default for Generic PWG Raster PPD to Color (Pull request #247). * cups-browsed: Mark the temp queue as cups-browsed-generated during setting printer-is-shared (Pull request #246). * cups-browsed: Remove mentions of README and AUTHORS files in the man page (Pull request #244). * pclmtoraster: Added new filter to extract Raster data from raster-only PDF files, here for the special case of PCLm files (Pull request #243, #257). * Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to switch between color and grayscale printing (Pull request #237). - Version upgrade to 1.27.5 * cups-browsed: Do not remove the created local queues on shutdown, to avoid their re-creation on restart, so that desktops get no cluttered with notifications of new queues being created. One can return to the old behavior via "KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf (Ubuntu bug #1869981, #1878241). * cups-browsed: Do not accept DNS-SD broadcasts of IPPS type of "remote" CUPS queues of another CUPS instance on the local machine. This way we get a local queue pointing to such a printer only in unencrypted version (IPP). For some reason printing from one CUPS server to another on the same machine works only unencrypted. * foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull request #236) * Build system: In configure.ac use AS_IF instead of AC_CHECK_FILE for font check (Issue #239, Pull request #240) * cups-browsed: Cleaned up code for determining to which CUPS server (host/port/domain socket) to connect, so that connection via DomainSocket cups-browsed.conf directive, CUPS_SERVER and IPP_PORT environment variables and all defaults and methods of libcups, including CUPS' client.conf work. * gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull request #230). * libcupsfilters: Silence compiler warning (Pull request #229). - Version upgrade to 1.27.4 * libcupsfilters, cups-browsed: Fix memory issues in ppdgenerator and cups-browsed (Pull request #226). * pdftops: Mention cups-filters README, CUPS README in debug log (Pull request #225). * pdftopdf, gstoraster, foomatic-rip: Use "-dSAFER" Ghostscript option, instead of the deprecated "-dPARANOIDSAFER" (Pull request #224). * Build System: Replace '==' in configure.ac test with '=', as the former is a bashism (Pull request #222). - Version upgrade to 1.27.3 * cups-browsed: Allow sharing local queues pointing to remote CUPS queues and re-sharing printers discovered via BrowsePoll by default, using AllowResharingRemoteCUPSPrinters and NewBrowsePollQueuesShared directives in cups-browsed.conf (Issue #101, Pull request #218). * driverless: Correctly unlink temporary file when generating PPD file (Pull request #220). * cups-browsed: Fixed memory leaks (Pull request #219). * foomatic-rip: PDF page count side-loads the PDF file to count the pages in, so it cannot be run in -dSAFER mode. Run even in -dNOSAFER mode to override the -dSAFER default of newer Ghostscript versions. This should not cause a security problem as we do not take an input file which could do arbitrary side-loads but we run hard-coded PostScript commands instead (Issue #216). * libfontembed: Add checks to the test programs to not segfault if the test font file is not found (Pull request #214). * Build System: Let ./configure fail if the supplied test font file path (or the default) does not exist (Pull request #214), also use the "find" command to find the test font file DejaVuSans.ttf under /usr/share/fonts, as every distribution has it somewhere else. - fix_upstream_issue348.patch is no longer needed because it is now fixed in the upstream sources, see the above entry about "Issue #348". Entries like "Issue #NNN" or "Pull request #NNN" mean cups-filters upstream issues or cups-filters upstream GitHub pull requests at https://github.com/OpenPrinting/cups-filters ==== curl ==== Version update (7.76.1 -> 7.77.0) Subpackages: libcurl4 - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don't allow TLS 1.3 for versions that don't support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket ==== epiphany ==== Version update (40.1 -> 40.2) Subpackages: epiphany-lang gnome-shell-search-provider-epiphany - Update to version 40.2: + Fix some memory leaks. + Fix memory corruption in history dialog. + Fix crash when checking for modified forms. ==== gnutls ==== Version update (3.7.1 -> 3.7.2) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale - Rework the crypto-policies dependencies in libraries [bsc#1186385] ==== gupnp ==== Version update (1.2.4 -> 1.2.6) - Update to version 1.2.6 + Fix CVE-2021-33516 ( boo#1186590 ) + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacs + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Fix introspection annotation for send_action_list + Make ServiceIntrospection usable from gobject-introspection - Fix dependencies - Update to version 1.2.6: + Fix wrong dependency on GSSDP 1.2.4 - Changes from version 1.2.5: + Fix introspection annotation for send_action_list + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Make ServiceIntrospection usable from gobject-introspection + Add Python example + Add C example + Fix JavaScript example + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacks ==== kimap ==== Subpackages: kimap-lang libKF5IMAP5 - Add hard dependency on SASL modules (boo#1186591) ==== kmod ==== Version update (28 -> 29) Subpackages: kmod-bash-completion libkmod2 - /usr/lib should override /lib where both are available. Support /usr/lib for depmod.d as well. * Refresh usr-lib-modprobe.patch - Remove test patches included in release 29 - kmod-populate-modules-Use-more-bash-more-quotes.patch - kmod-testsuite-compress-modules-if-feature-is-enabled.patch - kmod-also-test-xz-compression.patch - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. - Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch, 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch, 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch (all merged) ==== libX11 ==== Subpackages: libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-xcb1 - U_Check-for-NULL-strings-before-getting-their-lengths.patch * regression in libX11 1.7.1 (boo#1186643) fixes segfaults for xforms applications like fdesign ==== libcap ==== Subpackages: libcap2 libcap2-32bit - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ==== libimagequant ==== Version update (2.13.1 -> 2.14.1) - update to 2.14.1: * improved Rust API * quality improvements for remapping overlays over a background ==== libkgapi ==== Subpackages: libKPimGAPICalendar5 libKPimGAPIContacts5 libKPimGAPICore5 libKPimGAPITasks5 libkgapi-lang sasl2-kdexoauth2 - Add hard dep on sasl2-kdexoauth2, needed for authentication ==== libmodulemd ==== Version update (2.12.0 -> 2.12.1) - Updated to 2.12.1 This is a bug-fix release fully compatible with the previous 2.12.0 version. Notable changes: Enhancements: - Improve diagnostic messages for compression tests. - Tests performed in a GitHub continues integration are faster. - Use GitHub actions to perform CI tests also on ArchLinux, Mageia, Mandriva, and OpenSUSE. Fixes: - Relax context value up to 13 characters including an underscore character in modulemd v2 format. This reenables scratch-builds in MBS. Migrate Packit tests from a deprecated current_version_command to a newer actions/get-current-version. ==== libtasn1 ==== Version update (4.16.0 -> 4.17.0) Subpackages: libtasn1-6 libtasn1-6-32bit - libtasn1 4.17.0: * Print deprecation messages for deprecated macros * Fix some clang issues due to illegal pointers * Restore handling of SIZE nodes * Fix memory leak caught by oss-fuzz * Gtk-doc fixes * Fix bugs unveiled by Static Analysis * Update gnulib files and many build fixes - move tools to -tools packages and clarify licenses - update upstream signing keyring - remove deprecated texinfo packaging macros ==== libvirt ==== Version update (7.2.0 -> 7.4.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - Update to libvirt 7.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: ee890f25-libxl-mock-funcs.patch - Update to libvirt 7.3.0 - libvirt-admin package merged with libvirt-daemon - libvirt-bash-completion package merged with libvirt-client and libvirt-daemon packages - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: suse-bump-xen-version.patch - Added patches: ee890f25-libxl-mock-funcs.patch ==== malcontent ==== Version update (0.9.0 -> 0.10.1) Subpackages: libmalcontent-0-0 libmalcontent-ui-0-0 malcontent-control malcontent-lang typelib-1_0-Malcontent-0 - Update to version 0.10.1 + Improve support for systems without accountsservice + Fix some data loss-causing state synchronisation problems + Hide support for flatpak user repositories, as they are typically not configured on systems + Add manpage docs for malcontent-client + Consider terminology of ?parental controls? + Improving padding/spacing in malcontent-control UI + Reload ?Restrict Apps? list when installed apps change on system + Add command line option to malcontent-control to pre-select a user + Fails closed if accountsservice isn't available on the bus + Fix partial loss of parental controls settings when partially updating them + libmalcontent-ui: Drop handling of eos-link desktop files + user-controls: Only save the app filter if it?s changed + Add Danish translation + Update Ukrainian, Italian, Swedish, and Polish translation ==== openssl ==== - Provide openssl(cli) by the meta package: Together with the suggests openssl in the base patterns, any consumer of this symbols should get the openssl meta package as candidate, which allows us to easier change the recommended default version. ==== ovmf ==== Version update (202102 -> 202105) Subpackages: qemu-ovmf-x86_64 qemu-uefi-aarch64 - Update to edk2-stable202105 * MdeModulePkg/UfsPassThruDxe: Improve Device initialization polling Loop * MdePkg: MmUnblockMemoryLib: Added definition and null instance * OvmfPkg: resolve MmUnblockMemoryLib (mainly for VariableSmmRuntimeDxe) * MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock memory interface * SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst * SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules * SecurityPkg: Tcg2Smm: Added support for Standalone Mm * SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region * UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset * UefiCpuPkg/MpInitLib: Remove unused Lock from MP_CPU_EXCHANGE_INFO * UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl to header * UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c * UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors * UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber * UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support * UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp * RedfishPkg/Library: RedfishLib * OvmfPkg/CpuHotplugSmm: refactor hotplug logic * OvmfPkg/CpuHotplugSmm: collect hot-unplug events * OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper * OvmfPkg/CpuHotplugSmm: introduce UnplugCpus() * OvmfPkg: define CPU_HOT_EJECT_DATA * OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state * OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler * OvmfPkg/CpuHotplugSmm: add EjectCpu() * OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject * OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug * EmbeddedPkg/PrePiHobLib: replace duplicate GUID * MdePkg/UefiLib: Correct the arguments passed to IsLanguageSupported() * UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type * UefiCpuPkg/MpInitLib: avoid printing debug messages in AP * UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding standard * UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB * BaseTools/Ecc: Make Ecc only check first include guard * ShellPkg/SmbiosView: add more items for smbiosview -t 3 * MdePkg: Support standalone MM Driver Unload capability * OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine * ShellPkg/Pci: Add valid check for PCI extended config space parser * CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j * OvmfPkg: strip build paths in release builds * MdeModulePkg: Initialize local variable value before they are used * UefiCpuPkg/SmmCommunication: Remove out-dated comments * MdePkg: use CpuPause() in CpuDeadLoop() * MdePkg/Include: EFI Redfish Discover protocol * ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols * MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate declaration * MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL duplicate * CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function type * MdePkg/BaseLib: Add support for the XSETBV instruction * MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to avoid dup symbol * MdePkg/IoLib: Filter/trace port IO/MMIO access * MdePkg/Baseib: Filter/trace MSR access for IA32/X64 * UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib. * UefiCpuPkg: Add MicrocodeLib for loading microcode * OvmfPkg: Add MicrocodeLib in DSC files. * UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib * UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated code * UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow * ShellPkg: Fix smbiosview system enclosure type table * UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance. * RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol * RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler Protocol * UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing * BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template * MdeModulePkg: Initialize temp variable in VarCheckPolicyLib * SecurityPkg/Tcg2Smm: Initialize local Status variable * DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid * OvmfPkg/XenResetVector: Silent a warning from nasm * MdePkg: Allow PcdFSBClock to by Dynamic * OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to XEN_VCPU_TIME_INFO * OvmfPkg/IndustryStandard: Introduce PageTable.h * OvmfPkg/XenPlatformPei: Map extra physical address * OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency * OvmfPkg/OvmfXen: Set PcdFSBClock * DynamicTablesPkg: Re-order GicItsIdentifierArray struct * DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo * MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC toolchain * BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes * RedfishPkg/RestJsonStructureDxe: Fix typo in function header * MdePkg/Include: Allow CPU specific defines to be predefined * CryptoPkg/Library/Include: Allow CPU specific defines to be predefined * ArmPlatformPkg: Fix Ecc error 8001 * ArmPlatformPkg: Fix Ecc error 9001 * ArmPlatformPkg: Remove package dependency in NorFlashStandaloneMm * ArmPkg: Fix Ecc error 8001 in Chipset * ArmPkg: Fix Ecc error 8001 in SemihostLib * ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib * ArmPkg: Fix Ecc error 9005 in CpuDxe * ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc * ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib * ArmPkg: Fix Ecc error 10014 in ArmScmiDxe * ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe * ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe * ArmPkg: Fix Ecc error 10014 in SemihostLib * ArmPkg: Remove ArmGic/ArmGicSecLib.c * ArmPkg: Fix Ecc error 5003 in ArmExceptionLib * ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe * ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib * ArmPkg: Rename include guard in ArmGicLib.h * ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE * ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM * ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib * ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE * ArmPkg: Fix Ecc error 8005 for SCMI_STATUS * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK * ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE * RedfishPkg: Add EDK2 Redfish Foundation diagrams * SecurityPkg/FvReportPei: remove redundant sizeof * ShellPkg: Rename Address Size to Access size * DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO * DynamicTablesPkg: Set the Access size for the SPCR table * DynamicTablesPkg: Set the Access size for the DBG2 table * UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During Static Paging * MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data structure. * SecurityPkg: Add constraints on PK strength * ArmPkg: Allow platforms to supply more data for SMBIOS Type3 record * ArmPkg: Allow platforms to report their boot status via OemMiscLib call * ArmPkg: Fix calculation of offset of chassis SKU Number in SmbiosMiscDxe * ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe * ArmPkg: Fix Ecc error 8003 * ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib * ArmPkg: Add missing library headers to ArmPkg.dec * ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec * ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc * ArmPkg: Correct small typos * ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml * OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes * OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes * OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability * OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as unencrypted for SEV-ES * OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 * ArmPkg: Update SCMI Base Protocol version to 0x20000 * MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions * SecurityPkg: Add support for RngDxe on AARCH64 * UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump table pointer * BaseTools: Add support for version 3 of FMP Image Header structure * CryptoPkg: BaseCryptLib: Add RSA PSS verify support * ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning * OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings * UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception name array * UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation * MdeModulePkg: Retrieve boot manager menu from any fv * ShellPkg/HttpDynamicCommand: Fix possible uninitialized use * MdeModulePkg/PciBusDxe: Fix possible uninitialized use * CryptoPkg/BaseCryptLib: Fix possible uninitialized use * MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check * MdeModulePkg/VariableLock: downgrade compatibility warnings to DEBUG_WARN * ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 - Update openssl to 1.1.1j - Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch - Add the new Xen flavor for x86_64 + Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as the default firmware for Xen ==== pcre2 ==== Version update (10.36 -> 10.37) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-8-0-32bit - pcre2 10.37: * removal of the actual POSIX names regcomp etc. from the POSIX wrapper library because these have caused issues for some applications, replacing pcre2-symbol-clash.patch * fix a hypothetical NULL dereference * fix two bugs related to over-large numbers so the behaviour is now the same as Perl * Fix propagation of \K back from the full pattern recursion * Restore single character repetition optimization in JIT ==== perl-Convert-ASN1 ==== Version update (0.27 -> 0.29) - Update to version 0.29 * typo fixes * Fix unsafe decoding CVE-2013-7488 - Drop upstream fixed perl-Convert-ASN1-CVE-2013-7488.patch ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to use the independent switch to mute Lineout or Speaker instead of setting the volume, which on some soundcards might be shared by Headphone and Lineout or Headphone and Speaker (fixes boo#1186572): * 0001-alsa-mixer-only-use-switch-to-mute-Front-in-the-Headphone-path.patch - Introduce a workaround for systems where %systemd_user_post didn't enable the user services correctly due to different reasons . This workaround is only executed once, and only if it's really needed. In order to execute only once a lock file is created in /var/lib/pipewire. The lockfile can be removed when the workaround is removed. Everyone who upgraded their TW system between (aprox.) the 14th of January and the 16th of March and who didn't enable the services manually is affected by this. It also happens for everyone who installed a new TW system since (aprox.) the 14th of January and also for everyone doing a new installation of SLE15-SP3 / Leap 15.3 from the iso (new installations using online repositories will work fine once the fix in systemd-presets-common-SUSE is released). Fixes boo#1184852, boo#1183012 and boo#1186561. ==== python-libvirt-python ==== Version update (7.2.0 -> 7.4.0) - Update to 7.4.0 - Add all new APIs and constants in libvirt 7.4.0 - Update to 7.3.0 - Add all new APIs and constants in libvirt 7.3.0 ==== python-pycurl ==== - Add curl7770_compatibility.patch to have package compatible with curl 7.77.0. ==== rtkit ==== - Replace systemd-devel BuildRequires with pkgconfig(libsystemd): allow OBS to shortcut through the systemd-mini flavors. ==== rubygem-ffi ==== Version update (1.15.0 -> 1.15.1) Subpackages: ruby2.7-rubygem-ffi ruby3.0-rubygem-ffi - updated to version 1.15.1 Fixed: * Append -pthread to linker options. #893 * Use arm or aarch64 to identify Apple ARM CPU arch. #899 * Allow overriding `gcc` with the `CC` env var in `const_generator.rb` and `struct_generator.rb`. #897 ==== rubygem-mini_portile2 ==== Version update (2.5.1 -> 2.6.1) - updated to version 2.6.1 [#]### Dependencies Make `net-ftp` an optional dependency, since requiring it as a hard dependency in v2.5.2 caused warnings to be emitted by Ruby 2.7 and earlier. A warning message is emitted if FTP functionality is called and `net-ftp` isn't available; this should only happen in Ruby 3.1 and later. ==== rubygem-nokogiri ==== Version update (1.11.3 -> 1.11.6) Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri - updated to version 1.11.6 [#]# 1.11.6 / 2021-05-26 [#]## Fixed * [CRuby] `DocumentFragment#path` now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling `DocumentFragment#path` could result in a segfault. [#]# 1.11.5 / 2021-05-19 [#]## Fixed [Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs. libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see [libxml/!66](https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66)). Early testing caught this segfault on non-Windows platforms (see [#2059](https://github.com/sparklemotion/nokogiri/issues/2059) and [libxml@956534e](https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d)) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs. We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. `Nokogiri::VERSION_INFO["libxml"]["memory_management"]` will allow you to verify when the default memory management functions are being used. [[#2241](https://github.com/sparklemotion/nokogiri/issues/2241)] [#]## Added `Nokogiri::VERSION_INFO["libxml"]` now contains the key `"memory_management"` to declare whether libxml2 is using its `default` memory management functions, or whether it uses the memory management functions from `ruby`. See above for more details. [#]# 1.11.4 / 2021-05-14 [#]## Security [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses: - [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388) - [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977) - [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517) - [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518) - [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537) - [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541) Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see [#1992](https://github.com/sparklemotion/nokogiri/issues/1992)). Please see [nokogiri/GHSA-7rrm-v45f-jp64 ](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64) or [#2233](https://github.com/sparklemotion/nokogiri/issues/2233) for a more complete analysis of these CVEs and patches. [#]## Dependencies * [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.) ==== skopeo ==== Version update (1.2.1 -> 1.2.3) - Update to version 1.2.3: * Fix for login / logout registry argument * Upgrade dsnet/compress to avoid vulnerable xz version * Enable 'OptimizeDestinationImageAlreadyExists' feature * 020-copy.bats: check that we set the manifest type correctly * Set User-Agent to skopeo/$VERSION * Rebase against master and improve comment about gpgme-config * Fix Makefile to handle PREFIX correctly - Add bash-completion package ==== suitesparse ==== Subpackages: libamd2 libcamd2 libccolamd2 libcholmod3 libcolamd2 libsuitesparseconfig5 libumfpack5 - Update to version 5.10.1 - Drop disable-Wmisleading-indentation.patch which is no longer required due to an upstream fix ==== sushi ==== Version update (3.38.0 -> 3.38.1) Subpackages: sushi-lang - Update to version 3.38.1: + Account for scaling factor while estimating window size ==== unbound ==== Subpackages: libunbound8 unbound-anchor - Enable DNS-over-HTTPS support - Use --disable-explicit-port-randomisation, the linux kernel has source port randomization by default if port is 0 since ages. ==== vim ==== Version update (8.2.2850 -> 8.2.2918) Subpackages: gvim vim-data vim-data-common - Updated to version 8.2.2918, fixes the following problems * Using mapping on the command line triggers CmdlineChanged. (Naohiro Ono) * Configure can add --as-needed a second time. * Window is not updated after using mapping. * Custom statusline cannot contain % items. * White space after "->" does not give E274. * Get readonly error for device that can't be written to. * Vim9: exception in ISN_INSTR caught at wrong level. * Test fails because of changed error message. * Tcl test fails because of changed error message. * Adding a text property causes the whole window to be redawn. * Vim9: "legacy return" is not recognized as a return statement. * Removing a text property causes the whole window to be redawn. * Removing a text property does not redraw optimally. * Vim9: crash when using inline function. * Skipping over function body fails. * Vim9: memory leak when using inline function. * Build failure. * Vim9: When executing a compiled expression the trylevel at start is changed but not restored. (closes #8214) * Using unified diff is not tested. * CmdlineChange event triggered twice for CTRL-R. * Unnessary VIM_ISDIGIT() calls, badly indented code. * Python tests fail without the channel feature. * Not enough tests for writing buffers. * Cancelling inputlist() after a digit does not return zero. * Configure cannot detect Python 3.10. * Insufficient tests for popup menu rightleft. * Vim9: for loop list unpack only allows for one "_". * File extension .hsig not recognized. * Unified diff fails if actually used. * Various pieces of code not covered by tests. * Vim9: memory leak when lambda has an error. * Not enough cscope code is covered by tests. * searching for \%'> does not match linewise end of line. (Tim Chase) * Various pieces of code not covered by tests. * Crash when passing null string to fullcommand(). * Vim9: "k" command recognized in Vim9 script. * Typo and verbose comment in Makefiles. * Text property duplicated when data block splits. * Cannot build with Perl 5.34. * Error message contains random characters. * Multi-byte text in popup title shows up wrong. * Vim9: random characters appear in some error messages. * Spellfile functionality not fully tested. * Vim9: can use reserved words at the script level. * QuitPre and ExitPre not triggered when GUI window is closed. * Appveyor script does not detect nmake failure. * QuitPre is triggered before :wq writes the file, which is different from other commands. * Some operators not fully tested. * Spellfile functionality not fully tested. * Cursor position wrong on wrapped line with 'signcolumn'. * "g$" causes scroll if half a double width char is visible. * No error when defaults.vim cannot be loaded. * ASAN reports errors for test_startup for unknown reasons. * Memory leak when running out of memory. * Crash when using a terminal popup window from the cmdline window. * Build error with non-Unix system. * Test for cmdline window and terminal fails on MS-Windows. * Pattern "\%V" does not match all of block selection. (Rick Howe) * MS-Windows: most users expect using Unicode. * MS-Windows conpty supports using mouse events. * Cannot paste a block without adding padding. * Operators are not fully tested. * Spellfile functionality not fully tested. * Builtin function can be shadowed by global variable. ==== wget ==== Subpackages: wget-lang - When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the "The name is too long, ... trying to shorten" messages. The patch moves the length check code to a separate function and call it from the append_dir_structure() for each path element. [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch] - If wget for an http URL is redirected to a different site (hostname parts of URLs differ), then any "Authenticate" and "Cookie" header entries are discarded. [bsc#1175551, wget-do-not-propagate-credentials.patch] ==== xen ==== Version update (4.14.1_16 -> 4.15.0_01) Subpackages: xen-libs xen-tools xen-tools-domU - Add xen.sysconfig-fillup.patch to make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf The number of loop devices is unlimited since a while - Refresh xenstore-launch.patch to cover also daemon case - Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it, drop reproducible.patch - Update to Xen 4.15.0 FCS release xen-4.15.0-testing-src.tar.bz2 * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0. * Xen now supports Viridian enlightenments for guests with more than 64 vcpus. * Xenstored and oxenstored both now support LiveUpdate (tech preview). * Unified boot images * Switched x86 MSR accesses to deny by default policy. * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format. * Support for zstd-compressed dom0 (x86) and domU kernels. * Reduce ACPI verbosity by default. * Add ucode=allow-same option to test late microcode loading path. * Library improvements from NetBSD ports upstreamed. * x86: Allow domains to use AVX-VNNI instructions. * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts. * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend. * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging. * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests. - Dropped patches contained in new tarball 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6011bbc7-x86-timer-fix-boot-without-PIT.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch libxc-bitmap-longs.patch libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxl.fix-libacpi-dependency.patch stubdom-have-iovec.patch xenwatchdogd-options.patch ==== xorgproto ==== - package licenses as %%license - modernize spec file - list files in files-section to avoid directory permission conflict with filesystem package ==== yast2 ==== Version update (4.4.5 -> 4.4.9) Subpackages: yast2-logs - AutoYaST: SectionWithAttributes allows to indicate whether an attribute accepts blank values (related to jsc#PM-2620). - 4.4.9 - revert disable of hibernation based on product and virtual machines (bsc#1184470) - 4.4.8 - Improve Yast2::Equatable mixin making the #hash method to be fine tuned easelly (related to bsc#11806082). - 4.4.7 - Added some names to the list of parameters handled by CFA for the login.defs configuration (related to jsc#PM-2620). - 4.4.6 ==== yast2-bootloader ==== Version update (4.4.0 -> 4.4.1) - arm can boot on uefi (boo#1183795) - 4.4.1 ==== yast2-network ==== Version update (4.4.12 -> 4.4.13) - bnc#1185524 - do not crash at the end of installation when storing wifi configuration for NetworkManager at the target - 4.4.13