Packages changed:
ImageMagick (7.1.0.37 -> 7.1.0.44)
avahi
codec2 (1.0.3 -> 1.0.5)
cups
curl (7.83.1 -> 7.84.0)
gpg2 (2.3.6 -> 2.3.7)
inkscape (1.2 -> 1.2.1)
java-11-openjdk (11.0.15.0 -> 11.0.16.0)
kdump (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742)
kernel-firmware (20220622 -> 20220714)
libcap (2.64 -> 2.65)
libdmtx (0.7.5 -> 0.7.7)
libnettle (3.8 -> 3.8.1)
libstorage-ng (4.5.31 -> 4.5.33)
libuv (1.44.1 -> 1.44.2)
perl
polkit
poppler (22.06.0 -> 22.07.0)
poppler-qt5 (22.06.0 -> 22.07.0)
shim
unbound (1.16.0 -> 1.16.1)
yast2-auth-client (4.5.0 -> 4.5.1)
yast2-bootloader (4.5.1 -> 4.5.2)
yast2-trans (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa)
=== Details ===
==== ImageMagick ====
Version update (7.1.0.37 -> 7.1.0.44)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10
- version update to 7.1.0.44
upstream changelog:
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
- modified patches
% ImageMagick-library-installable-in-parallel.patch (refreshed)
- update to 7.1.0.42:
* incorrect pointer update when computing median @ ImageMagick/ImageMagick#5298
* Added extra check because the flag was removed in 0.21-Beta1.
* the -transparent-color option accepts colornames @ ImageMagick/ImageMagick#5297
* fix MVG stroke-opacity issues
* map channel parameter to pixel channel offset @ ImageMagick/ImageMagick#5308
* beta release
* preserve input depth @ ImageMagick/ImageMagick6#188
* update to latest automake/autoconf release
* recognize SVG file if it starts with whitespace @ ImageMagick/ImageMagick#5294
* Removed unused stealth flag.
* Removed used path field.
* Removed unused target field.
* Removed unused exempt field.
* Added extra option to the skip spaces to the MagicInfo.
* Always start at the start of the string when comparing the magic value.
* cosmetic
* avoid OMP deadlock @ ImageMagick/ImageMagick#5301
* prevent undefined shift
* prevent possible buffer overflow
* correct copy/paste error
* We need to free the stream ourselves when the call to FT_Open_Face fails.
* Added missing call to DestroyString.
* MVG requires seekable stream
* Added extra malloc method to avoid early calls to the policy checks on Windows.
* Removed defines.
* Only check for dll's in non static build.
* Set the client name and path earlier.
* fix background opacity rounding @ ImageMagick/ImageMagick#5264
* empty result on conversion from tiff to pdf @ ImageMagick/ImageMagick#5256
* Corrected patch that was made for #5256.
* Pass negative interline_spacing to pango
* Also check extension to fix possible stack overflow.
* eliminate possible buffer overflow
* set group 4 photometric to min-is-white
* dasharray requires non-zero values
* eliminate compiler warning
* only permit one rows/columns keyword
* Moved allocation back to the correct spot to avoid bypassing SetImageExtent.
* Also restore setting quantum_info to null.
* eliminate uninitialized value warning
* Make sure all text strings are freed when realloc fails.
* Reset primitive_info inside RenderMVGContent because this address could point to another address.
* Always check if .text is set instead.
* eliminate uninitialized alpha pixel
* recognize read-mask & write-mask for -channel option
* eliminate compiler warning
* fix scrambled image @ ImageMagick/ImageMagick#5291
* yikes, misspelled 'level'
* Fixed possible memory leak.
* support floating point formats
* initialize date:precision in private TimerComponentGenesis() method
* check for -1 is not required
* refactor date:precision flow
* eliminate compiler warning
* correct formulation of the phash normalization
* phash normalization is conventional RMS calculation
* only check shread count once
* add private ShredMagickMemory() method to hide contents of memory buffers
before they are relinquished
* system:shred value has precedence over MAGICK_SHRED_PASSES
* support shredding memory pools
* update memory pointer
* Silenced warning.
* Corrected documentation.
* first pass is fast for performance, second is crytographically strong
* recommend shred value of 1 for performance reasons
* only set the # of shred passes one time
* if enabled, shred streams
* unmap mapped pixels
* default mapped member to false
* don't shred streaming pixels
* rework shred passes
* optimize performance
* change per lint advisement
* typecast per lint advisement
* eliminate compiler warning
* eliminate lint warnings
* eliminate lint warnings
* support date:timestamp property
* eliminate lint warnings
* set timestamp from image->timestamp member
* eliminate lint warnings
* support MAGICK_DATE_PRECISION and registrydateprecision defines
* support registry:precision define
* need at least one policy defined
* eliminate lint warnings
* note, system:precision is deprecated
* eliminate icc compiler warnings
* eliminate icc compiler warnings
* eliminate compiler warning
* Reverted incorrect patch when doing auto-orient of an image that is
right-top or left-bottom.#
* Corrected conversion from flip to Orientation.
... changelog too long, skipping 22 lines ...
* Also remove date:timestamp when stripping the image.
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7
- Move the dbus-1 system.d file to /usr (bsc#1201345)
==== codec2 ====
Version update (1.0.3 -> 1.0.5)
- Update to version 1.0.5
* Bump version to 1.0.5 to clearly delineate from various 1.0.4
tags, otherwise the same as 1.0.4_rc2
- Update to version 1.0.4
* 2020B,
* build system and tools maintenance.
* This RC fixes FreeDV API backwards compatibility issue in v1.0.4
==== cups ====
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Move the dbus-1 system.d file to /usr (bsc#1201346)
==== curl ====
Version update (7.83.1 -> 7.84.0)
Subpackages: libcurl4
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
* Security fixes:
- (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
- (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
- (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
- (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
* Changes:
- curl: add --rate to set max request rate per time unit
- curl: deprecate --random-file and --egd-file
- curl_version_info: add CURL_VERSION_THREADSAFE
- CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
- lib: make curl_global_init() threadsafe when possible
- libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
- opts: deprecate RANDOM_FILE and EGDSOCKET
- socks: support unix sockets for socks proxy
* Bugfixes:
- aws-sigv4: fix potentional NULL pointer arithmetic
- bindlocal: don't use a random port if port number would wrap
- c-hyper: mark status line as status for Curl_client_write()
- ci: avoid `cmake -Hpath`
- CI: bump FreeBSD 13.0 to 13.1
- ci: update github actions
- cmake: add libpsl support
- cmake: do not add libcurl.rc to the static libcurl library
- cmake: enable curl.rc for all Windows targets
- cmake: fix detecting libidn2
- cmake: support adding a suffix to the OS value
- configure: skip libidn2 detection when winidn is used
- configure: use the SED value to invoke sed
- configure: warn about rustls being experimental
- content_encoding: return error on too many compression steps
- cookie: address secure domain overlay
- cookie: apply limits
- copyright.pl: parse and use .reuse/dep5 for skips
- copyright: make repository REUSE compliant
- curl.1: add a few see also --tls-max
- curl.1: mention exit code zero too
- curl: re-enable --no-remote-name
- curl_easy_pause.3: remove explanation of progress function
- curl_getdate.3: document that some illegal dates pass through
- Curl_parsenetrc: don't access local pwbuf outside of scope
- curl_url_set.3: clarify by default using known schemes only
- CURLOPT_ALTSVC.3: document the file format
- CURLOPT_FILETIME.3: fix the protocols this works with
- CURLOPT_HTTPHEADER.3: improve comment in example
- CURLOPT_NETRC.3: document the .netrc file format
- CURLOPT_PORT.3: We discourage using this option
- CURLOPT_RANGE.3: remove ranged upload advice
- digest: added detection of more syntax error in server headers
- digest: tolerate missing "realm"
- digest: unquote realm and nonce before processing
- DISABLED: disable 1021 for hyper again
- docs/cmdline-opts: add copyright and license identifier to each file
- docs/CONTRIBUTE.md: document the 'needs-votes' concept
- docs: clarify data replacement policy for MIME API
- doh: remove UNITTEST macro definition
- examples/crawler.c: use the curl license
- examples: remove fopen.c and rtsp.c
- FAQ: Clarify Windows double quote usage
- fopen: add Curl_fopen() for better overwriting of files
- ftp: restore protocol state after http proxy CONNECT
- ftp: when failing to do a secure GSSAPI login, fail hard
- GHA/hyper: enable debug in the build
- gssapi: improve handling of errors from gss_display_status
- gssapi: initialize gss_buffer_desc strings
- headers api: remove EXPERIMENTAL tag
- http2: always debug print stream id in decimal with %u
- http2: reject overly many push-promise headers
- http: restore header folding behavior
- hyper: use 'alt-used'
- krb5: return error properly on decode errors
- lib: make more protocol specific struct fields #ifdefed
- libcurl-security.3: add "Secrets in memory"
- libcurl-security.3: document CRLF header injection
- libssh: skip the fake-close when libssh does the right thing
- links: update dead links to the curl-wiki
- log2changes: do not indent empty lines [ci skip]
- macos9: remove partial support
- Makefile.am: fix portability issues
- Makefile.m32: delete obsolete options, improve -On [ci skip]
- Makefile.m32: delete two obsolete OpenSSL options [ci skip]
- Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
- max-time.d: clarify max-time sets max transfer time
- mprintf: ignore clang non-literal format string
- netrc: check %USERPROFILE% as well on Windows
- netrc: support quoted strings
- ngtcp2: allow curl to send larger UDP datagrams
- ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
- ngtcp2: enable Linux GSO
- ngtcp2: extend QUIC transport parameters buffer
- ngtcp2: fix alert_read_func return value
- ngtcp2: fix typo in preprocessor condition
- ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
- ngtcp2: send appropriate connection close error code
- ngtcp2: support boringssl crypto backend
- ngtcp2: use helper funcs to simplify TLS handshake integration
- ntlm: provide a fixed fake host name
- projects: fix third-party SSL library build paths for Visual Studio
... changelog too long, skipping 40 lines ...
- x509asn1: mark msnprintf return as unchecked
==== gpg2 ====
Version update (2.3.6 -> 2.3.7)
Subpackages: dirmngr
- GnuPG 2.3.7:
* CVE-2022-34903: garbled status messages could trick gpgme and
other parsers to accept faked status lines [boo#1201225]
* A number of bug fixes to the gpg command line interface
* gpgsm gained a number of new options and got some rework on
the PKCS#12 parser to support DFN issues keys
* The gpg agent got some added options and UI tweaks
* smart card support got a number of bug fixes, and improved
support for Technology Nexus cards and Yubikey
* The Telesec ESIGN application is now supported
==== inkscape ====
Version update (1.2 -> 1.2.1)
Subpackages: inkscape-extensions-extra inkscape-extensions-gimp
- Update to version 1.2.1:
+ Important fix for a bug where a loss of data occurred
+ Ensures that objects in multipage documents show up on all pages
+ Fixes 5 crashes, over 25 bugs, 4 extension bugs, 15 improved
user interface translations, 3 improved documentation translations
+ See the full release notes for Inkscape 1.2.1 at
https://media.inkscape.org/media/doc/release_notes/1.2.1/Inkscape_1.2.1.html
==== java-11-openjdk ====
Version update (11.0.15.0 -> 11.0.16.0)
Subpackages: java-11-openjdk-headless
- Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)
* Security fixes:
+ JDK-8272243: Improve DER parsing
+ JDK-8272249: Better properties of loaded Properties
+ JDK-8277608: Address IP Addressing
+ JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class
compilation
+ JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance
MethodHandle invocations
+ JDK-8283190: Improve MIDI processing
+ JDK-8284370: Improve zlib usage
+ JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan
supports
* Other fixes:
+ JDK-6986863: ProfileDeferralMgr throwing
ConcurrentModificationException
+ JDK-7124293: [macosx] VoiceOver reads percentages rather than
the actual values for sliders.
+ JDK-7124301: [macosx] When in a tab group if you arrow
between tabs there are no VoiceOver announcements.
+ JDK-8133713: [macosx] Accessible JTables always reported as
empty
+ JDK-8139046: Compiler Control: IGVPrintLevel directive should
set PrintIdealGraph
+ JDK-8139173: [macosx] JInternalFrame shadow is not properly
drawn
+ JDK-8163498: Many long-running security libs tests
+ JDK-8166727: javac crashed: [jimage.dll+0x1942]
ImageStrings::find+0x28
+ JDK-8169004: Fix redundant @requires tags in tests
+ JDK-8181571: printing to CUPS fails on mac sandbox app
+ JDK-8182404: remove jdk.testlibrary.JDKToolFinder and
JDKToolLauncher
+ JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
+ JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with
java.net.ConnectException
+ JDK-8193682: Infinite loop in ZipOutputStream.close()
+ JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java
fails with "expected 0 to equal 10"
+ JDK-8202886: [macos] Test java/awt/MenuBar/8007006/
/bug8007006.java fails on MacOS
+ JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
+ JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld
test
+ JDK-8206187: javax/management/remote/mandatory/connection/
/DefaultAgentFilterTest.java fails with Port already in use
+ JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
+ JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003
fails to start
+ JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after
co-location
+ JDK-8208246: flags duplications in
vmTestbase_vm_g1classunloading tests
+ JDK-8208249: TriggerUnloadingByFillingMetaspace generates
garbage class names
+ JDK-8208697: vmTestbase/metaspace/stressHierarchy/
/stressHierarchy012/TestDescription.java fails with
OutOfMemoryError: Metaspace
+ JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a
different test
+ JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh
to plain java test
+ JDK-8209883: ZGC: Compile without C1 broken
+ JDK-8209920: runtime/logging/RedefineClasses.java fail with
OOME with ZGC
+ JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread
and XRun
+ JDK-8210039: move OSInfo to top level testlibrary
+ JDK-8210108: sun/tools/jstatd test build failures after
JDK-8210022
+ JDK-8210112: remove jdk.testlibrary.ProcessTools
+ JDK-8210649: AssertionError @
jdk.compiler/com.sun.tools.javac.comp.Modules.enter
(Modules.java:244)
+ JDK-8210732: remove jdk.testlibrary.Utils
+ JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader
after JDK-6788458
+ JDK-8211822: Some tests fail after JDK-8210039
+ JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
+ JDK-8212151: jdi/ExclusiveBind.java times out due to "bind
failed: Address already in use" on Solaris-X64
+ JDK-8213440: Lingering INCLUDE_ALL_GCS in
test_oopStorage_parperf.cpp
+ JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic
constant has no fixed basic type"
+ JDK-8214799: Add package declaration to each JTREG test case
in the gc folder
+ JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges
to enable MacOS tests on Mach5
+ JDK-8216137: assert(Compile::current()->live_nodes() <
Compile::current()->max_node_limit()) failed: Live Node limit
exceeded limit
+ JDK-8216265: [testbug] Introduce
Platform.sharedLibraryPathVariableName() and adapt all tests.
+ JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
+ JDK-8217233: Update build settings for AIX/xlc
+ JDK-8217340: Compilation failed:
tools/launcher/Test7029048.java
+ JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP
... changelog too long, skipping 374 lines ...
/SSLSessionImpl/NoInvalidateSocketException.java
==== kdump ====
Version update (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742)
- fix network-related dracut options handling for fadump case
- drop the elevator=deadline kernel option (bsc#1193211)
- fix broken URL in manpage (bsc#1187312)
==== kernel-firmware ====
Version update (20220622 -> 20220714)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20220714 (git commit 84661a3ba62f):
* amdgpu: update DMCUB firmware for DCN 3.1.6
* WHENCE: Correct dangling symlinks
* Correct WHENCE entry for wfx firmware
* bnx2: Drop unsupported Broadcom NetXtremeII firmware
* bnx2: drop unsupported firmwares
* bnx2: sort firmware names in filesystem order
* Remove old Broadcom Everest (bnx2x) v4/5 firmware
* drop Token Ring network firmwares
* Drop TDA7706 radio firmware
* Drop Intel WiMax firmware
* Drop Computone IntelliPort Plus serial firmware
* Drop ATM Ambassador devices firmware
* brocade: drop old unsupported firmware revs
* amdgpu: update yellow carp DMCUB firmware
* linux-firmware: update firmware for MT7622 WiFi device
* linux-firmware: update firmware for MT7922 WiFi device
* linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9462
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth 9560
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX211
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* mediatek: Add SCP firmware for MT8186
* rtw88: 8822c: Update normal firmware to v9.9.13
* rtw88: 8822c: Update normal firmware to v9.9.12
- Drop obsoleted temporary patches:
wfx-WHENCE-fix.diff
brcm-symlink-fixes.diff
- Minor update of README.build
- Fix missing aliases for qlogic (bsc#1200889)
==== libcap ====
Version update (2.64 -> 2.65)
- update to 2.65:
* Fix syntax error in DEBUG build of protected code in setcap.c.
* Prevent bash from reading the wrong startup files when the capsh --user=xxx
argument is used to invoke a shell as the user xxx. This is done by capsh now
changing the USER and HOME environment variables when --user is specified.
The argument --noenv can be used to suppress this behavior to what used to be
the problematic default. (Bug: 215926)
* Improved documentation
==== libdmtx ====
Version update (0.7.5 -> 0.7.7)
- update to 0.7.7:
* bug 9: Prevent edifact barcode encoding '31' from user input
* fix compiler warnings and build errors
* properly handle error when decoding Base256 scheme
* remove dead and irrelevant links in the README
* Add validity checks in DecodeSchemeAscii()
* Declare variables in DecodeSchemeAscii() locally.
* Implement RsFindErrorLocatorPoly fix from shm0nya
- drop libdmtx-DmtxPropRowPadBytes.patch (upstream)#
==== libnettle ====
Version update (3.8 -> 3.8.1)
Subpackages: libhogweed6 libnettle8
- update to 3.8.1:
* Avoid non-posix m4 argument references in the chacha
implementation for arm64, powerpc64 and s390x. Reported by
Christian Weisgerber, fix contributed by Mamone Tarsha.
* Use explicit .machine pseudo-ops where needed in s390x
assembly files. Bug report by Andreas K. Huettel, fix
contributed by Mamone Tarsha.
==== libstorage-ng ====
Version update (4.5.31 -> 4.5.33)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#892
- continue flushing pending holders if a device cannot be found
(see bsc#1201880)
- coding style
- removed unneeded mockups
- 4.5.33
- Translated using Weblate (Czech) (bsc#1149754)
- 4.5.32
==== libuv ====
Version update (1.44.1 -> 1.44.2)
- update to 1.44.2:
* Add SHA to ChangeLog
* aix, ibmi: handle server hang when remote sends TCP RST
* process: reset the signal mask if the fork fails
* zos: implement cmpxchgi() using assembly
* ibmi: Implement UDP disconnect
* unix: simplify getpwuid call
* process,iOS: fix build breakage in process.c
* test: remove unused declarations in tcp_rst test
* core: add thread-safe strtok implementation
* test: fix flaky file watcher test
* unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang
* win: fix unexpected ECONNRESET error on TCP socket
* doc: make sample cross-platform build
* test: separate some static variables by test cases
* sunos: fs-event callback can be called after uv_close()
* uv: re-register interest in a file after change
* uv: register UV_RENAME event for _RFIM_UNLINK
* uv: register __rfim_event 156 as UV_RENAME
* release: check versions of autogen scripts are newer
* test: rewrite embed test
* unix: use MSG_CMSG_CLOEXEC where supported
* test: remove disabled callback_order test
* kqueue: skip EVFILT_PROC when invalidating fds
* zos: don't err when killing a zombie process
* zos: avoid fs event callbacks after uv_close()
* zos: correctly format interface addresses names
* zos: add uv_interface_addresses() netmask support
* zos: improve memory management of ip addresses
* tcp,pipe: fail `bind` or `listen` after `close`
* zos: implement uv_available_parallelism()
* udp,win: fix UDP compiler warning
* zos: fix early exit of epoll_wait()
* unix,tcp: fix errno handling in uv__tcp_bind()
* shutdown,unix: reduce code duplication
* unix: fix c99 comments
* unix: retry tcgetattr/tcsetattr() on EINTR
* unix,stream: optimize uv_shutdown() codepath
* unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset()
* win,shutdown: improve how shutdown is dispatched
==== perl ====
Subpackages: perl-base perl-doc
- fix build on ppc
* updated patch: perl_skip_flaky_tests_powerpc.patch
==== polkit ====
Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0
- split out pkexec into seperate package to make system hardening
easier (to avoid installing it jsc#PED-132 jsc#PED-148).
==== poppler ====
Version update (22.06.0 -> 22.07.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler122 poppler-tools
- update to 22.07.0:
* Fix crash when filling in forms in some files. Issue #1258
* Fix first lines of Annotations sometimes being cut off. Issue #1246
* Signatures: Don't crash if the signature doesn't have a common name
* CairoFontEngine: increment font_face reference when retrieving from the cache
* Add ToUnicode support for lessorequalslant and greaterorequalslant
glib:
* Add support for stamp annotation
- add gpg keyring validation for the release tarball
- drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream)
- Add da226d346e691f7545d995d6761d43e08855a3b7.patch --
CairoFontEnginer: increment font_face reference when retrieving
from the cache; this fixes crashes with certain pdfs
[glgo#GNOME/evince#1808, glfo#poppler/poppler#1212].
==== poppler-qt5 ====
Version update (22.06.0 -> 22.07.0)
- update to 22.07.0:
* Fix crash when filling in forms in some files. Issue #1258
* Fix first lines of Annotations sometimes being cut off. Issue #1246
* Signatures: Don't crash if the signature doesn't have a common name
* CairoFontEngine: increment font_face reference when retrieving from the cache
* Add ToUnicode support for lessorequalslant and greaterorequalslant
glib:
* Add support for stamp annotation
- add gpg keyring validation for the release tarball
- drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream)
- Add da226d346e691f7545d995d6761d43e08855a3b7.patch --
CairoFontEnginer: increment font_face reference when retrieving
from the cache; this fixes crashes with certain pdfs
[glgo#GNOME/evince#1808, glfo#poppler/poppler#1212].
==== shim ====
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
==== unbound ====
Version update (1.16.0 -> 1.16.1)
Subpackages: libunbound8 unbound-anchor
- update to 1.16.1
* Features
- Fix #704: [FR] Statistics counter for number of outgoing UDP queries
sent; introduces 'num.query.udpout' to the 'unbound-control stats'
command.
* Bug Fixes
- makedist.sh picks up 32bit libssp-0.dll when 32bit compile.
- Fix for edns client subnet to respect not looking in its cache when
instructed to do so (e.g., prefetch).
- Merge PR #688: Rpz url notify issue.
- Note in the unbound.conf text that NOTIFY is allowed from the url:
addresses for auth and rpz zones.
- Remove unused LDNS function check for GOST Engine unloading.
- Fix for loading locally stored zones that have lines with blanks or
blanks and comments.
- Fix #663: use after free issue with edns options.
- Clarify -v flag manpage entry (#705)
- Fix test program dohclient close to use portability routine.
- Show the output of the exact .rpl run that failed with 'make test'.
- Fix for cached 0 TTL records to not trigger prefetching when
serve-expired-client-timeout is set.
- Add debug option to the mini_tdir.sh test code.
- Fix to not count cached NXDOMAIN for MAX_TARGET_NX.
- Allow fallback to the parent side when MAX_TARGET_NX is reached.
This will also allow MAX_TARGET_NX more NXDOMAINs.
- iana portlist update.
- Fix detection of libz on windows compile with static option.
- Fix compile warning for windows compile.
- Merge PR #706: NXNS fallback.
- From #706: Cached NXDOMAIN does not increase the target nx
responses.
- From #706: Don't generate parent side queries if we already
have the lame records in cache.
- From #706: When a lame address is the best choice, don't try to
generate target queries when the missing targets are all lame.
- Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS
mode on openssl3.
- Merge PR #660 from Petr Menšík: Sha1 runtime insecure.
- For #660: formatting, less verbose logging, add EDE information.
- Fix for correct openssl error when adding windows CA certificates to
the openssl trust store.
- Improve val_sigcrypt.c::algo_needs_missing for one loop pass.
- Reintroduce documentation and more EDE support for
val_sigcrypt.c::dnskeyset_verify_rrset_sig.
- Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for
one loop pass'.
- Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on
outbound tcp sockets.
==== yast2-auth-client ====
Version update (4.5.0 -> 4.5.1)
- Remove nss_ldap and pam_ldap support in favour of SSSD
(gh#yast/yast-auth-client#82)
- 4.5.1
==== yast2-bootloader ====
Version update (4.5.1 -> 4.5.2)
- Execute the command grub2-mkpasswd-pbkdf2 in the target system
so the module can run in a minimal container (bsc#1199840).
- 4.5.2
==== yast2-trans ====
Version update (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa)
Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu
- Update to version 84.87.20220729.608d4643aa:
* Translated using Weblate (Dutch)
* Translated using Weblate (Catalan)
* Translated using Weblate (Japanese)
* New POT for text domain 'base'.
* New POT for text domain 'auth-client'.
* Translated using Weblate (Czech)
* Translated using Weblate (Czech)
* New POT for text domain 'base'.
* Translated using Weblate (Slovak)
* Translated using Weblate (Dutch)
* Translated using Weblate (Catalan)
* Translated using Weblate (Japanese)
* New POT for text domain 'journal'.
* New POT for text domain 'pam'.
* New POT for text domain 'control'.
* New POT for text domain 'autoinst'.