Packages changed: 7zip bash (5.2.12 -> 5.2.15) brltty cracklib (2.9.7 -> 2.9.8) dracut (057+suse.351.ge78c8ff6 -> 057+suse.353.g6dab83eb) elfutils-debuginfod exiv2 gcc13 (12.2.1+git537 -> 13.0.0+git197351) git gnutls groff groff-full gtkmm3 highway irqbalance krb5 libjxl libqt5-qtbase (5.15.7+kde167 -> 5.15.7+kde177) libqt5-qtdeclarative (5.15.7+kde18 -> 5.15.7+kde25) libqt5-qtquickcontrols2 (5.15.7+kde6 -> 5.15.7+kde7) libtool libwnck mozilla-nss (3.84 -> 3.85) mozjs102 (102.5.0 -> 102.6.0) mpc (1.2.1 -> 1.3.0) nano (7.0 -> 7.1) open-vm-tools (12.1.0 -> 12.1.5) openssh openssl-1_1 openssl-3 osinfo-db (20221018 -> 20221130) pipewire (0.3.62 -> 0.3.63) protobuf (21.11 -> 21.12) python-anyio python-lark (1.1.4 -> 1.1.5) python-pycares (4.2.2 -> 4.3.0) selinux-policy shadow speech-dispatcher (0.10.2 -> 0.11.4) sqlite3 webkit2gtk3 webkit2gtk4 xorg-x11-server xscreensaver (6.05.1 -> 6.06) xwayland xz yast2-add-on (4.5.2 -> 4.5.3) yast2-packager (4.5.8 -> 4.5.9) zlib === Details === ==== 7zip ==== - build for x86_64 subarchs the same way like for baseline ==== bash ==== Version update (5.2.12 -> 5.2.15) Subpackages: bash-doc bash-sh - Add upstream patches * bash52-013 Bash can leak memory when referencing a non-existent associative array element. * bash52-014 Bash defers processing additional terminating signals when running the EXIT trap while exiting due to a terminating signal. This patch allows the new terminating signal to kill the shell immediately. * bash52-015 There are several cases where bash is too aggressive when optimizing out forks in subshells. For example, `eval' and traps should never be optimized. ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Use tmpfiles_create_package - Use sysuser-tools unconditionally (bsc#1205161) ==== cracklib ==== Version update (2.9.7 -> 2.9.8) Subpackages: libcrack2 - update to 2.9.8: * rules: Drop using register keyword * add exec perms * translation updates * Use what's in the build environment and use a current autoconf * util/Makefile.am: fix link with lintl * Force grep to treat the input as text when formatting word files ==== dracut ==== Version update (057+suse.351.ge78c8ff6 -> 057+suse.353.g6dab83eb) Subpackages: dracut-ima dracut-mkinitrd-deprecated - Update to version 057+suse.353.g6dab83eb: * revert(fips): check for fipscheck in libexec (bsc#1206431) ==== elfutils-debuginfod ==== Subpackages: debuginfod-profile libdebuginfod1 - Remove dependency to not used sysconfig package - Weaken systemd dependency, no hard requires necessary ==== exiv2 ==== - switch to pkgconfig(zlib) so that alternative providers can be used ==== gcc13 ==== Version update (12.2.1+git537 -> 13.0.0+git197351) Subpackages: libgcc_s1 libgfortran5 libgomp1 libobjc4 libstdc++6 libstdc++6-pp libubsan1 - check each header separately - Redo floatn fixinclude pick-up to simply keep what is there. - Bump to 0a43f7b1a73c8e3b9cefffe430274d0a3d6d3291, git197351. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Sync cross.spec.in changes from gcc12 package. - Bump to 380d62c14c99d8df13b7a86660e7ee67d01ad827, git197210. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Bump to de144fdab17dbbb64ccb540056ab78b4ffb3fbbc, git197173. - Depend on at least LLVM 13 for GCN cross compiler. - Bump to 4304e09a1617bcf1c87f5bc96017ae5017379d75, git197155. - Rebase gcc44-rename-info-files.patch. - Bump to d13c359a49291f0a1206adbad4065677010b7e4b, git197143. - Sync changes from gcc12 package - Update embedded newlib to version 4.2.0 * includes newlib-4.1.0-aligned_alloc.patch - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. - Bump to 2b0ae7fb91f64fb005abf7d7903fd4c0764bb45c, git197102. - Handle new libstdc++exp.a lib. - Bump to 5c0d171f67d082c353ddc319859111d3b9126c17, git196938. - Add 2 new headers. - Bump to b457b779427b0f7b3fbac447811c9c52db5bc79e, git196485. ==== git ==== - switch to pkgconfig(zlib) so that alternative providers can be used ==== gnutls ==== - switch to pkgconfig(zlib) so that alternative providers can be used ==== groff ==== - set doc-default-operating-system and doc-volume-operating-system to $PRETTY_NAME [bsc#1185613] ==== groff-full ==== Subpackages: gxditview - set doc-default-operating-system and doc-volume-operating-system to $PRETTY_NAME [bsc#1185613] ==== gtkmm3 ==== - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== highway ==== - Added missing baselibs.conf so that 32bit library packages become available ==== irqbalance ==== Subpackages: irqbalance-ui - build for x86_64 subarchs the same way like for baseline ==== krb5 ==== - Drop 0009-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch, already fixed in release 1.20.0 ==== libjxl ==== - Added missing baselibs.conf so that 32bit library packages become available ==== libqt5-qtbase ==== Version update (5.15.7+kde167 -> 5.15.7+kde177) Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3 - Update to version 5.15.7+kde177: * Fix wrong to linear conversion * QKeySequence: Add missing modifier names * Scale BMP color samples with periodic bit expansion * Send accessible focus event after list view has focus * update function argument of SSL_CTX_set_options * Openssl backend: reinsert a missing C in qCDebug * Annotate QMutex with TSAN annotations * Handle allocation failure in QImage rotate 90/180/270 functions * xcb: Replace qCWarning by qCDebug in QXcbConnection::printXcbError() * a11y: support GetAccessibleId for at-spi - Drop patches, now upstream: * 0001-Fix-wrong-to-linear-conversion.patch ==== libqt5-qtdeclarative ==== Version update (5.15.7+kde18 -> 5.15.7+kde25) - Update to version 5.15.7+kde25: * Make QaccessibleQuickWidget private API * a11y: track item enabled state * QQuickItem: avoid emitting signals during destruction * Send ObjectShow event for visible components after initialized * Implement accessibility for QQuickWidget * Fix build after 95290f66b806a307b8da1f72f8fc2c69801933d0 * Don't convert QByteArray in `startDrag` ==== libqt5-qtquickcontrols2 ==== Version update (5.15.7+kde6 -> 5.15.7+kde7) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.7+kde7: * Fix the popup position of a Menu ==== libtool ==== - switch to pkgconfig(zlib) so that alternative providers can be used ==== libwnck ==== Subpackages: libwnck-3-0 typelib-1_0-Wnck-3_0 - Drop baselibs.conf: there is no known consumer of the -32bit package. ==== mozilla-nss ==== Version update (3.84 -> 3.85) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs - update to NSS 3.85 * bmo#1792821 - Modification of the primes.c and dhe-params.c in order to have better looking tables * bmo#1796815 - Update zlib in NSS to 1.2.13 * bmo#1796504 - Skip building modutil and shlibsign when building in Firefox * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15 * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare and -Wtype-limits warnings * bmo#1796281 - Followup: add missing stdint.h include * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable} warnings on Windows * bmo#1796079 - Fix -Wstring-conversion warnings * bmo#1796075 - Fix -Wempty-body warnings * bmo#1795242 - Fix unused-but-set-parameter warning * bmo#1795241 - Fix unreachable-code warnings * bmo#1795222 - Mark _nss_version_c unused on clang-cl * bmo#1795668 - Remove redundant variable definitions in lowhashtest * Add note about python executable to build instructions. ==== mozjs102 ==== Version update (102.5.0 -> 102.6.0) - Update to version 102.6.0: + Various stability, functionality, and security fixes. + CVE-2022-46880: Use-after-free in WebGL. + CVE-2022-46872: Arbitrary file read from a compromised content process. + CVE-2022-46881: Memory corruption in WebGL. + CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions. + CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS. + CVE-2022-46882: Use-after-free in WebGL. + CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6. ==== mpc ==== Version update (1.2.1 -> 1.3.0) - Add mpc-1.3.0-gmpdep.patch to avoid dependence on stdio.h when including mpc.h - Update to version 1.3.0. * New function: mpc_agm * New rounding modes "away from zero", indicated by the letter "A" and corresponding to MPFR_RNDA on the designated real or imaginary part. * New experimental ball arithmetic. * New experimental function: mpc_eta_fund * Bug fixes: - mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)| - mpc_pow_fr: sign of zero part of result when the base has up to sign the same real and imaginary part, and the exponent is an even positive integer - mpc_fma: the returned int value was incorrect in some cases (indicating whether the rounded real/imaginary parts were smaller/equal/greater than the exact values), but the computed complex value was correct. ==== nano ==== Version update (7.0 -> 7.1) - update to 7.1: * When --autoindent and --breaklonglines are combined, pressing at a specific position no longer eats characters. ==== open-vm-tools ==== Version update (12.1.0 -> 12.1.5) Subpackages: libvmtools0 open-vm-tools-desktop - Don't list libgrpc++, libgrpc, and libprotobuf in the containerinfo Requires section. The dependencies will be added automatically. - Don't use new LDFLAGS, -labsl_synchronization -lgpr, when building for SLE. - Add containerInfo plugin (jsc-PED-1344) - Add dependencies on grpc, protobuf, and containerd for container introspection - Added patches (jsc-PED-1344) + detect-suse-location.patch - Add _service to handle open-vm-tools sources - Update to 12.1.5 (build 20735119) (boo#1205962) - A number of Coverity reported issues have been addressed. - The deployPkg plugin may prematurely reboot the guest VM before cloud-init has completed user data setup. If both the Perl based Linux customization script and cloud-init run when the guest VM boots, the deployPkg plugin may reboot the guest before cloud-init has finished. The deployPkg plugin has been updated to wait for a running cloud-init process to finish before the guest VM reboot is initiated. This issue is fixed in this release. - A SIGSEGV may be encountered when a non-quiesing snapshot times out. This issue is fixed in this release. - Unwanted vmtoolsd service error message if not on a VMware hypervisor. When open-vm-tools comes preinstalled in a base Linux release, the vmtoolsd services are started automatically at system start and desktop login. If running on physical hardware or in a non-VMware hypervisor, the services will emit an error message to the Systemd's logging service before stopping. This issue is fixed in this release. ==== openssh ==== Subpackages: openssh-clients openssh-common openssh-server - limit to openssl < 3.0 as this version is not compatible (bsc#1205042) next version update will fix it ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - POWER10 performance enhancements for cryptography [jsc#PED-512] * openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch * openssl-1_1-Fixed-counter-overflow.patch * openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch * openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch * openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch ==== openssl-3 ==== - Fix X.509 Policy Constraints Double Locking [bsc#1206374, CVE-2022-3996] * Add patch: openssl-3-Fix-double-locking-problem.patch ==== osinfo-db ==== Version update (20221018 -> 20221130) - Update to database version 20221130 osinfo-db-20221130.tar.xz - Add support for SLE Micro 5.4 add-slem5.4-support.patch - Fix value add-slem5.3-support.patch ==== pipewire ==== Version update (0.3.62 -> 0.3.63) Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.63: * Highlights - Fix a critical bug that causes audio distortion in some cases when using AVX2. - Fix a crash in mpv caused by deinit of PipeWire. - Resample the convolver IR to match the graph samplerate for better results. - Many more small bugfixes and improvements. * PipeWire - Fix a segfault in the PipeWire deinit code triggered by mpv in some cases. - Fix docs about SPA_PLUGIN_DIR. - Always dlclose by default (even under valgrind). Add an option with PIPEWIRE_DLCLOSE to select alternative behaviour. - Improve PIPEWIRE_DEBUG category handling. * modules - Resample the IR for the convolver when the IR samplerate and graph rate don't match. * SPA - Handle spurious reads from timerfd gracefully. - Fix potential stack-use-after-scope when starting Audacity. - Fix distorted audio when using AVX2. - Remove fallback to default channel map in channelmix. - Improve sorting of MIDI events, use the same order as Ardour. - Enable LFE downmixing by default. - Make IEC958/AC3 and IEC958/DTS work better by enforcing a fixed minimal buffering for the encoder to avoid stuttering. * Pulse-Server - Add a new pulse.cmd config section to execute pulse commands, currently only for loading modules. This removes the dependency on pactl. - Improve debug of messages. - Rebase reduce-meson-dependency.patch. - Add patch to add channel-map in the echo-cancel module: * 0001-pulse-server-add-channel-map-in-echo-cancel-module.patch ==== protobuf ==== Version update (21.11 -> 21.12) - update to v21.12: * Python * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. ==== python-anyio ==== - Skip trio exception tests for now * https://github.com/agronholm/anyio/issues/508 * https://github.com/agronholm/anyio/commit/787cb0c2e53c2a3307873d202fbd49dc5eac4e96 ==== python-lark ==== Version update (1.1.4 -> 1.1.5) - Update to v1.1.5 * What's Changed setup.cfg: Replace deprecated license_file with license_files by @mgorny in #1209 Fix Github shenanigans by @erezsh in #1220 Fix AmbiguousExpander (Issue #1214) by @chanicpanic in #1216 Fix EOF line information in InteractiveParser.resume_parse() by @erezsh in #1224 Use generator instead of list expand or add method by @jmishra01 in #1225 ==== python-pycares ==== Version update (4.2.2 -> 4.3.0) - Update to version 4.3.0 * Bump cibuildwheel to build for Python 3.11 + CI total time speedups by @Jackenmen in #174 Fix tests that depended on external sites by @Jackenmen in #180 Complete the Python 3.11 support by @Jackenmen in #179 Drop CPython 3.6 by @saghul in #181 Improve test compatibility with pytest by @saghul in #182 Update c-ares submodule to 1.18.1 by @saghul in #183 ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Added fix_ipsec.patch: Allow AF_ALG socket creation for strongswan (bnc#1206445) - Added policy for wicked scripts under /etc/sysconfig/network/scripts (bnc#1205770) - Add fix_sendmail.patch * fix context of custom sendmail startup helper * fix context of /var/run/sendmail and add necessary rules to manage content in there ==== shadow ==== Subpackages: libsubid4 login_defs - bsc#1205502: Fix useradd audit event logging of ID field * Add shadow-audit-no-id.patch ==== speech-dispatcher ==== Version update (0.10.2 -> 0.11.4) Subpackages: libspeechd2 python3-speechd - Update to version 0.11.4: - Update CLDR to version 42 and symbols from NVDA. - Fix audio plugin loading with dlopen. - Fix atomicity of getting reply in threaded mode. - Changes from 0.11.3: - Fix back DefaultModule configuration. - pico: Avoid falling to english when passed a bogus voice name. - espeak: Fix setting voice type. - Changes from 0.11.2: - Fix loading xx-yy locales. - Various memory leaks fixes. - Add mimic3 configuration file. - pico: Fix setting language vs voice. - Make sure that modules report a list of voices. - Update CLDR to version 41, symbols from NVDA and orca. - Allow building without ltdl. - Re-enable SSML in espeak-ng-mbrola module. - Changes from 0.11.1: - Add SPEECHD_PLUGIN_DIR environment variable. - Fix listing voices of the default module. - Changes from 0.11 - Support playing audio through the server. - modules: Add support for loading from user's .local/libexec/speech-dispatcher. - symbols: Process symbols.dic before emojis.dic. - symbols: Enable speechd symbols processing by default. - modules: Moved speech dispatcher modules to /usr/libexec/speech-dispatcher-modules - espeak-ng: Add support for mbrola voices. - mary: Add auto-detection. - mary: Add newer voices. - mary: Add volume, pitch, and rate support. - ivona: Add auto-detection. - festival: Strip head silence. - generic: Add DefaultVoice option. - es_ES: Add some gender neutral rules. - Add SPEECHD_CMD environment variable. - modules: Rewrite main functions with BSD licence, to let proprietary modules easily reuse this as a basis. - modules: Add skeletons ready for use as a basis for new modules. - Add script to run speechd from the build tree. - Update CLDR to version 39, symbols from NVDA and orca. - Add Esperanto translation. - Sort modules by quality, let the best quality module be the default. - Rebase harden_speech-dispatcherd.service.patch. - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_speech-dispatcherd.service.patch ==== sqlite3 ==== Subpackages: libsqlite3-0 sqlite3-tcl - bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch: relying on --safe for execution of an untrusted CLI script ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-WebKit2-4_1 webkit2gtk-4_1-injected-bundles - Add upstream patch b7ac5d0c.patch: Fix build with Ruby 3.2. ==== webkit2gtk4 ==== Subpackages: libjavascriptcoregtk-5_0-0 libwebkit2gtk-5_0-0 webkit2gtk-5_0-injected-bundles - Add upstream patch b7ac5d0c.patch: Fix build with Ruby 3.2. ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra - U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283, bsc#1206017) - U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265, CVE-2022-46340, bsc#1205874) - U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch * Xi: return an error from XI property changes if verification failed (no ZDI-CAN id, no CVE id, bsc#1205875) - U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405, CVE-2022-46344, bsc#1205876) - U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381, CVE-2022-46341, bsc#1205877) - U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404, CVE-2022-46343, bsc#1205878) - U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400, CVE-2022-46342, bsc#1205879) ==== xscreensaver ==== Version update (6.05.1 -> 6.06) Subpackages: xscreensaver-data xscreensaver-lang - update to 6.06: * New hack hextrail * marbling works again * Adjust old hacks for higher resolution displays * X11: More robust desktop image grabbing. * X11: Various improvements to xscreensaver-settings * X11: Supports "Lock" messages from systemd, e.g. when logind.conf has "HandleLidSwitch=lock" instead of "suspend". * Retired thornbird, which is redundant with discrete. - drop xscreensaver-gtk3.patch, upstream ==== xwayland ==== - U_0007-xkb-reset-the-radio_groups-pointer-to-NULL-after-fre.patch * XkbGetKbdByName use-after-free (ZDI-CAN-19530, CVE-2022-4283, bsc#1206017) - U_0001-Xtest-disallow-GenericEvents-in-XTestSwapFakeInput.patch * Server XTestSwapFakeInput stack overflow (ZDI-CAN 19265, CVE-2022-46340, bsc#1205874) - U_0002-Xi-return-an-error-from-XI-property-changes-if-verif.patch * Xi: return an error from XI property changes if verification failed (no ZDI-CAN id, no CVE id, bsc#1205875) - U_0003-Xi-avoid-integer-truncation-in-length-check-of-ProcX.patch * Server XIChangeProperty out-of-bounds access (ZDI-CAN 19405, CVE-2022-46344, bsc#1205876) - U_0004-Xi-disallow-passive-grabs-with-a-detail-255.patch * Server XIPassiveUngrabDevice out-of-bounds access (ZDI-CAN 19381, CVE-2022-46341, bsc#1205877) - U_0005-Xext-free-the-screen-saver-resource-when-replacing-i.patch * Server ScreenSaverSetAttributes use-after-free (ZDI-CAN 19404, CVE-2022-46343, bsc#1205878) - U_0006-Xext-free-the-XvRTVideoNotify-when-turning-off-from-.patch * Server XvdiSelectVideoNotify use-after-free (ZDI-CAN 19400, CVE-2022-46342, bsc#1205879) ==== xz ==== Subpackages: liblzma5 - Rename xz-static-devel -> xz-devel-static to follow the general naming used in openSUSE. ==== yast2-add-on ==== Version update (4.5.2 -> 4.5.3) - Fixed failure with the "media_url" element in AutoYaST profile containing CDATA block with spaces (bsc#1205928) - 4.5.3 ==== yast2-packager ==== Version update (4.5.8 -> 4.5.9) - Merged PR https://github.com/yast/yast-packager/pull/623 by Christopher Yeleighton : Do not call [Install done] on aborted packages (boo#1203302) - 4.5.9 ==== zlib ==== Subpackages: libminizip1 libz1 - build zlib with optflags again