Packages changed:
389-ds
MozillaFirefox (92.0.1 -> 93.0)
MozillaThunderbird (91.1.2 -> 91.2.0)
atkmm1_6
ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
evince (40.4 -> 41.2)
fetchmail (6.4.21 -> 6.4.22)
flatpak (1.11.3 -> 1.12.1)
fwupd (1.5.8 -> 1.6.2)
gc (8.0.4 -> 8.0.6)
gegl (0.4.30 -> 0.4.32)
gjs
glibmm2_4 (2.66.1 -> 2.66.2)
glusterfs (9.1 -> 9.3)
gnome-shell
gnome-shell-extensions
grilo (0.3.13 -> 0.3.14)
grilo-plugins (0.3.13 -> 0.3.14)
libaom (3.1.2 -> 3.1.3)
librsvg (2.52.0 -> 2.52.1)
libstorage-ng (4.4.43 -> 4.4.44)
libzypp-plugin-appdata
nano (5.8 -> 5.9)
ntp
open-vm-tools (11.3.0 -> 11.3.5)
pam-config (1.4 -> 1.5)
pangomm1_4
perl-Image-ExifTool
postfix
postgresql (13 -> 14)
postgresql14 (13.4 -> 14.0)
rubygem-ffi (1.15.3 -> 1.15.4)
rubygem-nokogiri (1.12.3 -> 1.12.5)
rubygem-parallel (1.20.1 -> 1.21.0)
rubygem-unf_ext (0.0.7.7 -> 0.0.8)
rubygem-yast-rake (0.2.41 -> 0.2.42)
sscep (0.9.1 -> 0.10.0)
xdg-desktop-portal (1.10.0 -> 1.10.1)
xfsprogs
yast2-installation (4.4.19 -> 4.4.20)
yast2-python-bindings (4.4.1 -> 4.4.2)
=== Details ===
==== 389-ds ====
Subpackages: lib389 libsvrcore0
- Add missing dependency on iproute2 for lib389
==== MozillaFirefox ====
Version update (92.0.1 -> 93.0)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 93.0
* supports the new AVIF image format
* PDF viewer now supports filling more forms (XFA-based forms)
* now blocks downloads that rely on insecure connections,
protecting against potentially malicious or unsafe downloads
* Improved web compatibility for privacy protections with SmartBlock 3.0
* Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing
* TLS ciphersuites that use 3DES have been disabled. Such
ciphersuites can only be enabled when deprecated versions of
TLS are also enabled
* The download panel now follows the Firefox visual styles
MFSA 2021-43 (bsc#1191332)
* CVE-2021-38496 (bmo#1725335)
Use-after-free in MessageTask
* CVE-2021-38497 (bmo#1726621)
Validation message could have been overlaid on another origin
* CVE-2021-38498 (bmo#1729642)
Use-after-free of nsLanguageAtomService object
* CVE-2021-32810 (bmo#1729813)
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321)
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
* CVE-2021-38499 (bmo#1667102, bmo#1723170, bmo#1725356, bmo#1727364)
Memory safety bugs fixed in Firefox 93
- removed obsolete mozilla-bmo1708709.patch
- require NSS >= 3.70
- allow to override wayland detection by defining MOZ_ENABLE_WAYLAND
explicitely as 0 or 1
- fix aarch64 build by updating constraints
- add mozilla-bmo1725828.patch to fix widevine (bsc#1190842)
- add mozilla-bmo531915.patch to fix build for i586
==== MozillaThunderbird ====
Version update (91.1.2 -> 91.2.0)
Subpackages: MozillaThunderbird-translations-common
- Mozilla Thunderbird 91.2.0
* Saving a single message as .eml now uses a unique filename
* New mail notifications did not properly take subfolders into account
* Decrypting binary attachments when using an external GnuPG
configuration failed
* Account name fields in the account manager were not big enough
for long names
* LDAP searches using an extensibleMatch filter returned no results
* Read-only CalDAV calendars and CardDAV address books were not detected
* Multipart messages containing a calendar invite did not display
any of the human-readable alternatives
* Some calendar days were displayed incorrectly or duplicated
(eg. two "29th" days of a particular month)
* Phantom event was shown at the end of each day in Calendar week view
MFSA 2021-46 (bsc#1191332)
* CVE-2021-38496 (bmo#1725335)
Use-after-free in MessageTask
* CVE-2021-38497 (bmo#1726621)
Validation message could have been overlaid on another origin
* CVE-2021-38498 (bmo#1729642)
Use-after-free of nsLanguageAtomService object
* CVE-2021-32810 (bmo#1729813,
https://github.com/crossbeam-
rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw)
Data race in crossbeam-deque
* CVE-2021-38500 (bmo#1725854, bmo#1728321)
Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
and Firefox ESR 91.2
* CVE-2021-38501 (bmo#1685354, bmo#1715755, bmo#1723176)
Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
==== atkmm1_6 ====
- turn off doc build, it does not work with new doxygen
==== ca-certificates ====
Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9)
- Update to version 2+git20211004.3efbea9:
* Ensure --root option propagates prefix properly to other scripts
==== evince ====
Version update (40.4 -> 41.2)
Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0
- Update to version 41.2:
+ data: Remove alphanumeric version from AppStream.
+ Include subproject (libhandy) as part of the tarball.
- Update to version 41.1:
+ build: Revert project name capitalization.
- Changes from version 41.0:
+ backends:
- Add format attribute to stop warning on string literal
- Make function static as only used in this file
- Simplify metadata tags getters
- Use SaveToBufferData only with "struct" before
+ browser-plugin: Remove browser-plugin support
+ build:
- Add option to control internal vs external synctex
- Allow building without libhandy-1 available
- Bump version requirement for Poppler
- Fix conversion to match new version scheme
- Modernize and simplify meson files
- Remove Changelog target
- Update build libtiff-4 dependency
- Use devel icon for unstable version installed
- Remove c++ dependency, and use only C
- Fix compilation error when DBus is disabled
+ data:
- Update URL to submit issues
- Fix AppData urls for issues
- Add new-window desktop action
- Fix donation link
+ help:
- Fix 404 link to on-wiki bug reporting guidelines
- Update Evince icon as svg
- Correct Window action
+ libview:
- Open new annotation window only for text annotation
- Fix dual page option ignored for single page documents
+ shell:
- Add mnemonics to annotations contextual menus
- Added mnemonic for highlight option in context menu
- Adding padding to improve readability
- Always show the annotation window on new annotations
- Enable annotation actions only in document that supports them
- Enable odd pages left when dual page is on
- Expand sidebar annotations by default
- Fix libhandy includes
- Implemented headerbar for Annotation Properties dialog
- Reload annotation sidebar on annotation properties changes
- Reload the annotation sidebar when the type changes
- Show annotation contents in sidebar when available
- Show content in tooltip popup in annotations sidebar
- Fix g_critical about removing non-existant timer
- Show filename in recent view when title has only spaces
- Show None when missing creation/modification date
- Add comment about logic of 'first_iteration'
- Use a constant for GString init size
- Support duration in decimal value
- Be able to collapse/expand all entries
+ Updated translations.
- Replace c++_compiler with c_compiler BuildRequires.
- Replace libtiff-devel with pkgconfig(libtiff-4) BuildRequires.
- Remove obsolete translation-update-upstream support
(jsc#SLE-21105).
- Update to version 41.alpha:
+ Backends:
- Add format attribute to stop warning on string literal.
- Make function static as only used in this file.
- Simplify metadata tags getters.
- Use SaveToBufferData only with "struct" before.
+ browser-plugin: Remove browser-plugin support.
+ Help:
- Update Evince icon as svg.
- Correct Window action.
+ libview: dual page option is ignored for single page documents.
+ Shell:
- Add mnemonics to annotations contextual menus.
- Added mnemonic for highlight option in context menu.
- Adding padding to improve readability.
- Always show the annotation window on new annotations.
- Enable odd pages left when dual page is on.
- Expand sidebar annotations by default.
- Implemented headerbar for Annotation Properties dialog.
- Reload annotation sidebar on annotation properties changes.
- Reload the annotation sidebar when the type changes.
- Show annotation contents in sidebar when available.
- Show content in tooltip popup in annotations sidebar.
- Show filename in recent view when title has only spaces.
- Support duration in decimal value.
- Be able to collapse/expand all entries.
- Fix g_critical about removing non-existant timer.
- Fix compilation error when DBus is disabled.
- Add new-window desktop action.
- Show None when missing creation/modification date.
+ Updated translations.
==== fetchmail ====
Version update (6.4.21 -> 6.4.22)
Subpackages: fetchmailconf
- Update to 6.4.22: [bsc#1190069, CVE-2021-39272]
* OPENSSL AND LICENSING NOTE:
- fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
OpenSSL's licensing changed between these releases from dual
OpenSSL/SSLeay license to Apache License v2.0, which is
considered incompatible with GPL v2 by the FSF. For
implications and details, see the file COPYING.
* SECURITY FIXES:
- CVE-2021-39272: fetchmail-SA-2021-02: On IMAP connections,
without --ssl and with nonempty --sslproto, meaning that
fetchmail is to enforce TLS, and when the server or an attacker
sends a PREAUTH greeting, fetchmail used to continue an
unencrypted connection. Now, log the error and abort the
connection. --Recommendation for servers that support
SSL/TLS-wrapped or "implicit" mode on a dedicated port
(default 993): use --ssl, or the ssl user option in an rcfile.
- On IMAP and POP3 connections, --auth ssh no longer prevents
STARTTLS negotiation.
- On IMAP connections, fetchmail does not permit overriding
a server-side LOGINDISABLED with --auth password any more.
- On POP3 connections, the possibility for RPA authentication
(by probing with an AUTH command without arguments) no longer
prevents STARTTLS negotiation.
- For POP3 connections, only attempt RPA if the authentication
type is "any".
* BUG FIXES:
- On IMAP connections, when AUTHENTICATE EXTERNAL fails and we
have received the tagged (= final) response, do not send "*".
- On IMAP connections, AUTHENTICATE EXTERNAL without username
will properly send a "=" for protocol compliance.
- On IMAP connections, AUTHENTICATE EXTERNAL will now check if
the server advertised SASL-IR (RFC-4959) support and otherwise
refuse (fetchmail <= 6.4 has not supported and does not support
the separate challenge/response with command continuation)
- On IMAP connections, when --auth external is requested but not
advertised by the server, log a proper error message.
- Fetchmail no longer crashes when attempting a connection with
- -plugin "" or --plugout "".
- Fetchmail no longer leaks memory when processing the arguments
of --plugin or --plugout on connections.
- On POP3 connections, the CAPAbilities parser is now caseblind.
- Fix segfault on configurations with "defaults ... no envelope".
This is a regression in fetchmail 6.4.3 and happened when
plugging memory leaks, which did not account for that the
envelope parameter is special when set as "no envelope". The
segfault happens in a constant strlen(-1), triggered by trusted
local input => no vulnerability.
- Fix program abort (SIGABRT) with "internal error" when invalid
sslproto is given with OpenSSL 1.1.0 API compatible SSL
implementations.
* CHANGES:
- IMAP: When fetchmail is in not-authenticated state and the server
volunteers CAPABILITY information, use it and do not re-probe.
(After STARTTLS, fetchmail must and will re-probe explicitly.)
- For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl
option do not match, emit a warning and continue.
- fetchmail.man and README.SSL were updated in line with
RFC-8314/8996/8997 recommendations to prefer Implicit TLS
(--ssl/ssl) and TLS v1.2 or newer, placing --sslproto tls1.2+
more prominently. The defaults shall not change between 6.4.X
releases for compatibility.
* Rebase patches:
fetchmail-add-imap-oauthbearer-support.patch
fetchmail-add-query_to64_outsize-utility-function.patch
fetchmail-support-oauthbearer-xoauth2-with-pop3.patch
==== flatpak ====
Version update (1.11.3 -> 1.12.1)
Subpackages: libflatpak0 system-user-flatpak
- Update to version 1.12.1:
+ The security fix in the 1.12.0 release failed when used with
some older versions of libseccomp (that don't know about the
new syscalls).
- Update to version 1.12.0:
+ This is the first stable release in the 1.12.x series. The
major changes in this series is the support for better control
of sub-sandboxes, as used by the steam flatpak.
+ In addition, this release fixes a security vulnerability in the
portal support. Some recently added syscalls were not blocked
by the seccomp rules which allowed the application to create
sub-sandboxes which can confuse the sandboxing verification
mechanisms of the portal. This has been fixed by extending the
seccomp rules (boo#1191507, CVE-2021-41133)
+ Some test fixes
+ Support for specifying the flatpak binary to use during exports
+ Install translations for all languages in the locale, not just
the ones in LC_MESSAGES.
+ Fix progress reporting in flatpak fsck
+ Handle cases where /var/tmp is a symlink
+ Expose /etc/gai.conf to the sandbox
+ Fix the parental control checks for root
+ Handle missing /etc/ld.so.cache (musl)
+ Updated translations
==== fwupd ====
Version update (1.5.8 -> 1.6.2)
Subpackages: fwupd-lang libfwupd2 typelib-1_0-Fwupd-2_0
- Update to version 1.6.2
- The fwupd efi program be separated to fwupd-efi package.
- Removed pesign-obs-integration, moved needssslcertforbuild
, SBAT and EFI signing stuff to fwupd-efi.
- Moved libfwupdplugin1 to libfwupdplugin2
- Change log from upstream:
https://github.com/fwupd/fwupd/blob/main/data/org.freedesktop.fwupd.metainfo.xml
- This release adds the following features:
* Add a plugin to check Lenovo firmware settings
* Add initial support for the powerd daemon
* Add support for CapsuleOnDisk
* Add support for installing UEFI updates from GRUB
* Add support for soft-requirements that can be ignored with --force
* Allow devices to only accept version upgrades
* Allow discovery of Redfish BMCs specified by VID-PID or MAC
* Allow the daemon to request interactive action from the end user
* Automatically connect the BMC network interface at startup
* Show the build timestamp if set on the device
* Show the user how to switch out of Wacom tablet Android-mode
- This release fixes the following bugs:
* Add the alternate vendor name into the 8BitDo allowlist
* Allow multiple devices to set WAIT_FOR_REPLUG
* Allow the client to watch for more property changes
* Always ensure the SuperIO version string is NUL terminated
* Automatically clear the update error as required
* Disable all UX capsules for Lenovo hardware
* Do not assume the metainfo file is NUL-terminated
* Do not save invalid files on LVFS server error
* Fix a VLI regression in enumerating the PD device
* Fix a VLI regression when installing VL820Q7 firmware
* Fix enumeration of the Synaptics Prometheus config child
* Fix parsing Redfish USB/PCI network VID/PIDs
* Fix the fwupdmgr progressbar spinner to actually work
* Fix version number for legacy Wacom Bluetooth modules
* Ignore virtual M.2 ATA devices
* Preserve NEEDS_REBOOT on successful update
* Prevent a corrupt PHAT table from allocating lots of memory
* Read the Redfish SMBIOS table when required
* Remove the vendor string from the device name where required
* Save the update state to the database correctly all of the time
* Switch from sysctl to ioctl for ESRT on FreeBSD
* Try reading from /sys/class/dmi if SMBIOS direct access fails
* Watch for children added or removed after setup has been completed
* Work around a XCC-ism on Lenovo hardware
- This release adds support for the following hardware:
* ModemManager devices supporting Firehose or MBIM QDU
* More models of RTS54HUB
* More Poly DFU devices
* Parade LSPCON
* PixArt receiver and wireless hardware
* Realtek MST with RTD2142
* SuperIO IT5570
* USB4 Dell dock
==== gc ====
Version update (8.0.4 -> 8.0.6)
- Update to release 8.0.6
* Allocate start_info struct on the stack in GC_pthread_create.
* Allow GC_PAUSE_TIME_TARGET environment variable values
smaller than 5 ms.
* Disable mprotect-based incremental GC if /proc roots are used.
* Enable sbrk-to-mmap fallback on major supported Unix-like
platforms.
* Ensure process is running on one CPU core if AO ops are
emulated with locks.
* Fix data race regarding *rlh value in generic_malloc_many.
* Fix handling of areas smaller than page size in
GC_scratch_recycle.
* Limit number of unmapped regions.
==== gegl ====
Version update (0.4.30 -> 0.4.32)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0
- disable docs until the upstream bug is solved
https://gitlab.gnome.org/GNOME/gegl/-/issues/294#note_1281553
==== gjs ====
Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0
- Add upstream crash fixer patches from stable branch:
+ b9e122044a7ccc1e2a3374c680b6ea82066bfa59.patch: arg: Replace
gsize with size_t
+ 62025d4a2738a36ea5f1a7cebef08b22b5eef613.patch: Handle optional
out parameters in callbacks
- Stop disabling lto: Following this, stop passing dtrace=true and
systemtap=true to meson, aswell as dropping systemtap-sdt-devel
BuildRequires, follow upstream default.
- Add optional pkgconfig(gtk4) BuildRequires: meson checks for it.
==== glibmm2_4 ====
Version update (2.66.1 -> 2.66.2)
Subpackages: libgiomm-2_4-1 libglibmm-2_4-1
- Update to version 2.66.2:
+ Glib, Gio: Replace all g_quark_from_static_string() by
g_quark_from_string()
+ Gio:
- FileEnumerator: Remove refreturn to avoid memory leak
- ListModel::get_object(): Make it work for interface classes
+ Build: MSVC build: Remove extraneous GLIBMM_API in
Glib::ustring
==== glusterfs ====
Version update (9.1 -> 9.3)
Subpackages: libgfapi0 libgfrpc0 libgfxdr0 libglusterfs0
- Update to release 9.3
* New reset-brick command
* Ability to get node level status of a cluster
* Multi-threaded self-heal for Disperse volumes
* Lock revocation feature
* On-demand scrubbing for bitrot detection
* Real time Cluster notifications using Events APIs
- Move mount helper to /usr/sbin [boo#1191062]
==== gnome-shell ====
Subpackages: gnome-extensions gnome-shell-calendar gnome-shell-lang
- Add 380d2db1d9047ecffcef7d78f00184963b403efc.patch: inputMethod:
Clear preeditStr before reset. Previously, these were performed
in a different order before GNOME 41. During some other changes
they were swapped.
However, this causes both GTK 3 and GTK 4 applications to scroll
to incorrect positions from the preedit change.
==== gnome-shell-extensions ====
Subpackages: gnome-shell-classic gnome-shell-extensions-common gnome-shell-extensions-common-lang
- Update sle-classic to version 41
+ Update gse-sle-classic-ext.patch
+ Update sle-classic@suse.com.tar.gz
==== grilo ====
Version update (0.3.13 -> 0.3.14)
Subpackages: grilo-lang libgrilo-0_3-0 libgrlnet-0_3-0 libgrlpls-0_3-0 typelib-1_0-Grl-0_3
- Update to version 0.3.14:
+ CVE-2021-39365: Fix TLS cert validation not being done for any
network call.
+ Fix double-free when using GrlNet in Python.
+ Load config from GRL_CONFIG_PATH if set.
+ Clarify LGPLv2.1 or later license.
+ Handle numeric limits for GrlOperationOptions.
+ Updated translations.
- Drop grilo-CVE-2021-39365.patch: fixed upstream.
==== grilo-plugins ====
Version update (0.3.13 -> 0.3.14)
Subpackages: grilo-plugin-tracker grilo-plugin-youtube grilo-plugins-lang
- Update to version 0.3.14:
+ Fix lua-factory crash on >= 5.4.3.
+ Clarify LGPLv2.1 or later license.
+ tracker3: Make resolve async.
+ euronews: Use YouTube feeds.
+ Updated translations.
- Drop 108.patch: fixed upstream.
==== libaom ====
Version update (3.1.2 -> 3.1.3)
- Update to version 3.1.3:
* Update CHANGELOG for v3.1.3-rc2
* Detect chroma subsampling more directly
* Detect chroma subsampling more directly
* image2yuvconfig() should calculate uv_crop_width
* aom/aom_encoder.h: remove configure option reference
* aom_encoder.h: fix rc_overshoot_pct range
* Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.3
* aom_install: don't exclude msvc from install
* aom_install: use relpath for install
* aom_install: Install lib dlls to bindir
==== librsvg ====
Version update (2.52.0 -> 2.52.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0
- Update to version 2.52.1:
+ Fix ordering of tspan inside text elements for right-to-left
languages.
+ Fix text-anchor positioning for right-to-left languages.
+ Fix regression in computing sizes when an SVG has only one of
width/height and a viewBox.
+ Spec compliance - the writing-mode property applies only to
text elements, no to individual tspan elements.
+ Fix build on big-endian platforms.
+ Clarify documentation for the rsvg_handle_write() /
rsvg_handle_close() deprecated APIs.
==== libstorage-ng ====
Version update (4.4.43 -> 4.4.44)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#836
- added non-const versions of several existing functions
- added detect_remove_info()
- 4.4.44
==== libzypp-plugin-appdata ====
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_appstream-sync-cache.service.patch
==== nano ====
Version update (5.8 -> 5.9)
Subpackages: nano-lang
- GNU nano 5.9:
* The extension of a filename is added to the name of a
corresponding temporary file, so that spell checking a C file,
for example, will check only the comments and strings
(when using 'aspell').
* The process number is added to the name of an emergency save
file, so that when multiple nanos die they will not fight over
a filename.
* Undoing a cutting operation will restore an anchor that was
located in the cut area to its original line.
* When using --locking, saving a new buffer will create a lock
file.
* Syntax highlighting for YAML files has been added
==== ntp ====
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* conf.ntp-wait.service
* conf.ntpd.service
==== open-vm-tools ====
Version update (11.3.0 -> 11.3.5)
Subpackages: libvmtools0 open-vm-tools-desktop
- Update to 11.3.5 (build 18557794) (boo#1190987)
+ New/Updated features:
- Added a configurable logging capability to the network script.
The network script has been updated to:
use vmware-toolbox-cmd to query any network logging configuration from
the tools.conf file. Use vmtoolsd --cmd "log ..." to log a message to
the vmx logfile when the logging handler is configured to "vmx" or when
the logfile is full or is not writeable.
- The hgfsmounter (mount.vmhgfs) command has been removed from
open-vm-tools.
The hgfsmounter (mount.vmhgfs) command is no longer used in
Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore,
removing all references to the hgfsmounter in Linux builds.
+ Resolved issues:
- Customization: Retry the Linux reboot if telinit is a soft link to
systemctl.
- Open-vm-tools commands would hang if configured with "--enable-valgrind".
+ Spec file updates for:
- rpmlint errors
- arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling.
==== pam-config ====
Version update (1.4 -> 1.5)
- Update to Version 1.5
- Don't print an error message if one of the systemd PAM modules
does not exist if creating the *-pc files [bsc#1191528]
- Drop pam_systemd_home again [bsc#1191528]
==== pangomm1_4 ====
- turn off doc build, it does not work with new doxygen
==== perl-Image-ExifTool ====
Subpackages: exiftool
- require File::RandomAccess otherwise exiftool(1) won't start
==== postfix ====
Subpackages: postfix-doc
- config.postfix not updatet after lmdb switch
(bsc#1190945)
Adapt config.postfix
==== postgresql ====
Version update (13 -> 14)
Subpackages: postgresql-contrib postgresql-docs postgresql-llvmjit postgresql-server
- Bump version and default to 14.
==== postgresql14 ====
Version update (13.4 -> 14.0)
- Let genlists skip non-existing binaries to avoid lots of version
conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
is unclear. This affects only the test subpackage.
- Upgrade to 14.0
https://www.postgresql.org/about/news/postgresql-14-released-2318/
https://www.postgresql.org/docs/14/release-14.html
- Let genlists skip non-existing binaries to avoid lots of version
conditionals in the file lists.
- Upgrade to 14~rc1
https://www.postgresql.org/about/news/postgresql-14-rc-1-released-2309/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- Upgrade to 14~beta2
https://www.postgresql.org/about/news/postgresql-14-beta-2-released-2249/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- Upgrade to 14~beta1
https://www.postgresql.org/about/news/postgresql-14-beta-1-released-2213/
https://www.postgresql.org/docs/14/release-14.html
https://wiki.postgresql.org/wiki/PostgreSQL_14_Open_Items
- disable postgresql-testsuite-int8.sql.patch:
it seems it is not needed anymore, need to be double checked.
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
Use llvm11 as a workaround.
- Upgrade to version 13.3:
* https://www.postgresql.org/docs/13/release-13-3.html
* CVE-2021-32027, bsc#1185924:
Prevent integer overflows in array subscripting calculations.
* CVE-2021-32028, bsc#1185925: Fix mishandling of ?junk?
columns in INSERT ... ON CONFLICT ... UPDATE target lists.
* CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
computation of UPDATE ... RETURNING
"pg_psql_temporary_savepoint" does not exist?.
- Don't use %_stop_on_removal, because it was meant to be private
and got removed from openSUSE. %_restart_on_update is also
private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will
only be delivered on PackageHub for now (boo#1183118).
- Remove leftover PreReq on chkconfig, we stopped using it long
time ago.
- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
- Upgrade to version 13.2:
* https://www.postgresql.org/docs/13/release-13-2.html
* Updating stored views and reindexing might be needed after
applying this update.
* CVE-2021-3393, bsc#1182040: Fix information leakage in
constraint-violation error messages.
* CVE-2021-20229, bsc#1182039: Fix failure to check per-column
SELECT privileges in some join queries.
* Obsoletes postgresql-icu68.patch.
- Add postgresql-icu68.patch: fix build with ICU 68
- bsc#1178961: %ghost the symlinks to pg_config and ecpg.
- boo#1179765: BuildRequire libpq5 and libecpg6 when not building
them to avoid dangling symlinks in the devel package.
- Upgrade to version 13.1:
* CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD
and firing of deferred triggers within index expressions and
materialized view queries.
* CVE-2020-25694, bsc#1178667:
a) Fix usage of complex connection-string parameters in pg_dump,
pg_restore, clusterdb, reindexdb, and vacuumdb.
b) When psql's \connect command re-uses connection parameters,
ensure that all non-overridden parameters from a previous
connection string are re-used.
* CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from
modifying specially-treated variables.
* Fix recently-added timetz test case so it works when the USA
is not observing daylight savings time.
(obsoletes postgresql-timetz.patch)
* https://www.postgresql.org/about/news/2111/
* https://www.postgresql.org/docs/13/release-13-1.html
- Fix a DST problem in the test suite: postgresql-timetz.patch
https://postgr.es/m/16689-57701daa23b377bf@postgresql.org
- Initial packaging of PostgreSQL 13:
* https://www.postgresql.org/about/news/2077/
* https://www.postgresql.org/docs/13/release-13.html
==== rubygem-ffi ====
Version update (1.15.3 -> 1.15.4)
Subpackages: ruby2.7-rubygem-ffi ruby3.0-rubygem-ffi
- updated to version 1.15.4
Fixed:
* Fix build for uClibc. #913
* Correct module lookup when including `ffi-module` gem. #912
Changed:
* Use ruby code of the ffi gem in JRuby-9.2.20+. #915
==== rubygem-nokogiri ====
Version update (1.12.3 -> 1.12.5)
Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri
- updated to version 1.12.5
[#]# 1.12.5 / 2021-09-27
[#]## Security
[JRuby] Address CVE-2021-41098 ([GHSA-2rr5-8q37-2w7h](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h)).
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.
CRuby users are not affected by this CVE.
[#]## Fixed
* [CRuby] `Document#to_xhtml` properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., `
`) instead of a self-closing tag (e.g., `
`) in previous Nokogiri versions. [[#2324](https://github.com/sparklemotion/nokogiri/issues/2324)]
[#]# 1.12.4 / 2021-08-29
[#]## Notable fix: Namespace inheritance
Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.
This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.
[#]### Compensating Feature in XML::Document
This release of Nokogiri introduces a new `Document` boolean attribute, `namespace_inheritance`, which controls whether children should inherit a namespace when they are reparented. `Nokogiri::XML:Document` defaults this attribute to `false` meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.
CRuby users who desire the pre-v1.12.0 behavior may set `document.namespace_inheritance = true` before reparenting nodes.
See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.
[#]### Fix for XML::Builder
However, recognizing that we want `Builder`-created children to inherit namespaces, Builder now will set `namespace_inheritance=true` on the underlying document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 behavior is restored.
Users who want to turn this behavior off may pass a keyword argument to the Builder constructor like so:
``` ruby
Nokogiri::XML::Builder.new(namespace_inheritance: false)
```
See https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance for example usage.
[#]### Downstream gem maintainers
Note that any downstream gems may want to specifically omit Nokogiri v1.12.0--v1.12.3 from their dependency specification if they rely on child namespace inheritance:
``` ruby
Gem::Specification.new do |gem|
[#] ...
gem.add_runtime_dependency 'nokogiri', '!=1.12.3', '!=1.12.2', '!=1.12.1', '!=1.12.0'
[#] ...
end
```
[#]## Fixed
* [JRuby] Fix NPE in Schema parsing when an imported resource doesn't have a `systemId`. [[#2296](https://github.com/sparklemotion/nokogiri/issues/2296)] (Thanks, [@pepijnve](https://github.com/pepijnve)!)
==== rubygem-parallel ====
Version update (1.20.1 -> 1.21.0)
- updated to version 1.21.0
* no changelog found
==== rubygem-unf_ext ====
Version update (0.0.7.7 -> 0.0.8)
- updated to version 0.0.8
* No functional change in the library code.
* Include Windows binaries for Ruby 3.0.
* Drop support for Ruby 2.1 and earlier.
* Replace Travis CI with Github Actions.
* Fix cross-build after upgrading rake-compiler/rake-compiler-dock to 1.1.1/1.1.0.
==== rubygem-yast-rake ====
Version update (0.2.41 -> 0.2.42)
- Fixed running the GitHub Actions locally ("rake actions:run"),
allow settting additional Docker options in the YAML config
or via DOCKER_OPTIONS environment variable (bsc#1191400)
- 0.2.42
==== sscep ====
Version update (0.9.1 -> 0.10.0)
- Update to version 0.10.0
* Added auto-selection of default protection algorithms (-E, -S
and -F) based on getcaps, unless specified explicitly.
* Added parameter -W sec to wait for network connectivity
(default 0).
* Engines are now disabled by default and need to be enabled by
./configure --enable-engines or cmake . -DENABLE_ENGINES=ON
* Compatible with OpenSSL 3.0.0
* Removed support for OpenSSL < 1.1.0
==== xdg-desktop-portal ====
Version update (1.10.0 -> 1.10.1)
Subpackages: xdg-desktop-portal-lang
- Update to version 1.10.1:
+ Revert a breaking change to the screencast and inhibit portal.
==== xfsprogs ====
Subpackages: libhandle1 xfsprogs-scrub
- move fsck.xfs, mkfs.xfs and xfs_repair from /sbin to /usr/sbin
(bsc#1191105)
The default rpmbuild %configure macro passes --sbindir=/usr/sbin to
every configure script, but the xfsprogs configure script ignores it
when --exec-prefix is also set. Unset --exec-prefix since it is not
really required (all other paths are explicitly passed via the rpm
configure macro), so that the --sbindir is respected.
==== yast2-installation ====
Version update (4.4.19 -> 4.4.20)
- Fix file copying when using relurl:// and file:// naming schemes
(bsc#1191160).
- 4.4.20
==== yast2-python-bindings ====
Version update (4.4.1 -> 4.4.2)
- Fix yast2-python-bindings requires Python (bsc#1190890).
- 4.4.2