Packages changed:
Mesa (21.3.3 -> 21.3.4)
Mesa-drivers (21.3.3 -> 21.3.4)
avahi
btrfsprogs (5.15 -> 5.16)
busybox (1.34.1 -> 1.35.0)
cyrus-sasl
flatpak (1.12.2 -> 1.12.3)
frameworkintegration
gdm (41.0 -> 41.3)
ghostscript
gnome-desktop (41.2 -> 41.3)
gnome-session (40.1.1 -> 41.3)
gnome-shell (41.2 -> 41.3)
grub2
gupnp (1.4.2 -> 1.4.3)
iproute2 (5.15 -> 5.16)
keylime
libqt5-qtwebengine (5.15.7 -> 5.15.8)
mutter (41.2 -> 41.3)
nautilus (41.1 -> 41.2)
ncurses (6.3.20211127 -> 6.3.20220101)
patterns-base
perl-Bootloader (0.936 -> 0.937)
perl-HTTP-Message (6.35 -> 6.36)
podman
poppler (21.12.0 -> 22.01.0)
poppler-qt5 (21.12.0 -> 22.01.0)
pulseaudio
qemu
qpdf (10.4.0 -> 10.5.0)
shadow (4.9 -> 4.11.1)
sqlite3 (3.36.0 -> 3.37.1)
sssd
vim (8.2.3995 -> 8.2.4063)
wayland (1.19.0 -> 1.20.0)
yast2 (4.4.34 -> 4.4.36)
=== Details ===
==== Mesa ====
Version update (21.3.3 -> 21.3.4)
Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1
- update to 21.3.4
* bugfix release
==== Mesa-drivers ====
Version update (21.3.3 -> 21.3.4)
Subpackages: Mesa-dri Mesa-gallium
- update to 21.3.4
* bugfix release
==== avahi ====
Subpackages: libavahi-client3 libavahi-common3 libavahi-core7
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
==== btrfsprogs ====
Version update (5.15 -> 5.16)
Subpackages: btrfsprogs-udev-rules libbtrfs0
- Update to 5.16
* rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid
subvolume keys, caught by tree-checker
* fi du: skip inaccessible files
* prop: properly resolve to symlink targets
* send, receive: fix crash after parent subvolume lookup errors
* build:
* fix build on 5.12+ kernels due to changes in linux/kernel.h
* fix build on musl with old kernel headers
* other:
* error handling fixes, cleanups, refactoring
* extent tree v2 preparatory work
* lots of RST documentation updates (last release with asciidoc sources),
https://btrfs.readthedocs.io
- Update to 5.15.1
* fi usage: fix wrongly reported space of used or unallocated space
* fix detection of block device discard capability
* check: add more sanity checks for checksum items
* build: make sphinx optional backend for documentation
==== busybox ====
Version update (1.34.1 -> 1.35.0)
- Update to 1.35.0
- Adjust busybox.config for new features in find, date and cpio
- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
* CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
* CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
* CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
* CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
* CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
* CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
* CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
* CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
* CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
- CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
- CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
- CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data()
- CVE-2011-5325 (bsc#951562): tar directory traversal
- CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation
==== cyrus-sasl ====
Subpackages: cyrus-sasl-gssapi libsasl2-3
- postfix: sasl authentication with password fails (bsc#1194265)
Add config parameter --with-dblib=gdbm
- Avoid converting of /etc/sasldb2 by every update. Convert
/etc/sasldb2 only if it is a Berkeley DB
==== flatpak ====
Version update (1.12.2 -> 1.12.3)
Subpackages: libflatpak0 system-user-flatpak
- Update to 1.12.3:
+ CVE-2021-43860: a malicious repository could have sent invalid
application metadata in a way that hides some of the app
permissions displayed during installation (boo#1194610)
+ flatpak-builder could allow --mirror-screenshots-url commands
to create directories outside of the build directory
(boo#1194611)
+ Extra-data downloading now properly handles compressed
content-encodings which fixes checksum verification
+ Note: In some corner case server setups this may require the
extra-data checksum to be changed
+ Avoid unnecessary policy-kit dialog due to auto-pinning when
installing runtimes
+ Better handling of updates of extensions that exist in multiple
repositories
+ Fixed (initial) installation apps with renamed ids
+ Fixed regression in updates from no-enumerate remotes
+ We now verify checksums of summary caches, to better handle
local file corruption
+ Improved cli output for non-terminal targets
+ Flatpak run --session-bus now works
+ Fix build with PyParsing >= 3.0.4
+ Fixed "Since" annotations on FlatpakTransaction signals
+ bash auto completion now doesn't complete on command name
aliases
+ Minor improvements to the search command
+ Minor improvements to the list command
+ Minor improvements to the repair command
+ Add more tests
+ Updated translations.
- Drop support-new-pyparsing.patch: Fixed upstream.
==== frameworkintegration ====
Subpackages: frameworkintegration-plugin libKF5Style5
- Add upstream change to fix a regression in 5.90.0 (kde#448237)
* 0001-Fix-wrong-porting-of-KNSCore-Engine-configSearchLoca.patch
==== gdm ====
Version update (41.0 -> 41.3)
Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Update to version 41.3:
+ Juggle Xorg's -listen/-nolisten command line change better.
+ Fix session type selection.
+ Fix crash.
+ Drop vestigial gdm-pin service.
+ XDMCP fixes.
+ Wayland nvidia udev updates.
+ Updated translations.
- Rebase gdm-disable-wayland-on-mgag200-chipsets.patch.
- Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and
gdm-restart-greeter-session-after-crash.patch: fixed upstream.
==== ghostscript ====
- CVE-2021-45949.patch fixes CVE-2021-45949
heap-based buffer overflow in sampled_data_finish
cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml
(bsc#1194304)
- CVE-2021-45944 use-after-free in sampled_data_sample
is already fixed in the Ghostscript 9.54.0 upstream sources
(bsc#1194303)
==== gnome-desktop ====
Version update (41.2 -> 41.3)
Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0
- Update to version 41.3:
+ No changes, version bump only.
==== gnome-session ====
Version update (40.1.1 -> 41.3)
Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland
- Update to version 41.3:
+ No changes, just version synching.
- Changes from version 40.8:
+ data: Install GNOME on Wayland session for X11 preferred setups
+ Don't spew as much into log when falling back to non-systemd sessions
+ Work better with certain versions of meson
+ Correct screwed up check for gnome-shell
+ Various cleanups and leak fixes
+ Updated translations.
- Rebase gnome-session-better-handle-empty-xdg_session_type.patch.
- Drop gnome-session-exit-when-lost-name-on-bus.patch: no longer
applicable.
==== gnome-shell ====
Version update (41.2 -> 41.3)
Subpackages: gnome-shell-calendar
- Update to version 41.3:
+ Improve window tracking
+ Simplify scroll fade shader to work with old hardware
+ Tweak (un)minimize animations
+ Don't wake up screen in DND mode
+ Fix immediately withdrawn notifications getting stuck
+ Honor XDG SingleMainWindow key in .desktop files
+ Fixed crashes
+ Misc. bug fixes and cleanups
+ Updated translations.
- Modernize our Supplements in gnome-shell-calendar sub-package.
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch
- Power guest secure boot with static keys: GRUB2 signing portion
(jsc#SLE-18271) (bsc#1192764)
* grub2.spec
- Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144)
(bsc#1192686)
* 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch
* 0002-ieee1275-claim-more-memory.patch
* 0003-ieee1275-request-memory-with-ibm-client-architecture.patch
* 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch
* 0005-docs-grub-Document-signing-grub-under-UEFI.patch
* 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch
* 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch
* 0008-pgp-factor-out-rsa_pad.patch
* 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch
* 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch
* 0011-libtasn1-import-libtasn1-4.18.0.patch
* 0012-libtasn1-disable-code-not-needed-in-grub.patch
* 0013-libtasn1-changes-for-grub-compatibility.patch
* 0014-libtasn1-compile-into-asn1-module.patch
* 0015-test_asn1-test-module-for-libtasn1.patch
* 0016-grub-install-support-embedding-x509-certificates.patch
* 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch
* 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch
* 0019-appended-signatures-support-verifying-appended-signa.patch
* 0020-appended-signatures-verification-tests.patch
* 0021-appended-signatures-documentation.patch
* 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch
* 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch
- Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090)
* grub2-systemd-sleep-plugin
==== gupnp ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3:
+ ServiceProxy:
- Properly propagate cancelled actions in deprecated calls.
- Fix deprecated async calls, again.
==== iproute2 ====
Version update (5.15 -> 5.16)
- remove routef from links; it doesn't exist anymore
- update to 5.16:
* devlink: Fix cmd_dev_param_set() to check configuration mode
* ip: add AMT support
* iplink_can: fix configuration ranges in print_usage() and add
unit
* tc: flower: Fix buffer overflow on large labels
* ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res()
* tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH
* iplink_can: add new CAN FD bittiming parameters:
Transmitter Delay Compensation (TDC)
==== keylime ====
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime
- Add 0001-Drop-dataclasses-module-usage.patch, to support Python 3.6
- Fix cfssl bcond logic in Tumbleweed / SLE
==== libqt5-qtwebengine ====
Version update (5.15.7 -> 5.15.8)
- Update to version 5.15.8:
* Update Chromium:
[Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
in xmlEncodeEntitiesInternal() in entities.c
[Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
[Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
[Backport] CVE-2021-37987 : Use after free in Network APIs
[Backport] CVE-2021-37989 : Inappropriate implementation in Blink
[Backport] CVE-2021-37992 : Out of bounds read in WebAudio
[Backport] CVE-2021-37993 : Use after free in PDF Accessibility
[Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
[Backport] CVE-2021-38001 : Type Confusion in V8
[Backport] CVE-2021-38003 : Inappropriate implementation in V8
[Backport] CVE-2021-38005: Use after free in loader (1/3)
[Backport] CVE-2021-38005: Use after free in loader (2/3)
[Backport] CVE-2021-38005: Use after free in loader (3/3)
[Backport] CVE-2021-38007: Type Confusion in V8
[Backport] CVE-2021-38009: Inappropriate implementation in cache
[Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
[Backport] CVE-2021-38012: Type Confusion in V8
[Backport] CVE-2021-38015: Inappropriate implementation in input
[Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
[Backport] CVE-2021-38018: Inappropriate implementation in navigation
[Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
[Backport] CVE-2021-38021: Inappropriate implementation in referrer
[Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
[Backport] CVE-2021-4057: Use after free in file API
[Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
[Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
[Backport] CVE-2021-4059: Insufficient data validation in loader
[Backport] CVE-2021-4062: Heap buffer overflow in BFCache
[Backport] CVE-2021-4078: Type confusion in V8
[Backport] CVE-2021-4079: Out of bounds write in WebRTC
[Backport] CVE-2021-4098: Insufficient data validation in Mojo
[Backport] CVE-2021-4099: Use after free in Swiftshader
[Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
[Backport] CVE-2021-4102: Use after free in V8
[Backport] Dependency for CVE-2021-37989
[Backport] Dependency for CVE-2021-38009
[Backport] Security bug 1245870
[Backport] Security bug 1252858
[Backport] Security bug 1259899
Bump V8_PATCH_LEVEL
Compile with GCC 11 -std=c++20
Fix stack overflow on gpu channel recreate with an error
Use wglSetPixelFormat directly only if in software mode
[Backport] Handle long SIGSTKSZ in glibc > 2.33
[Backport] abseil-cpp: Fixes build with latest glibc
* Handle qtpdf compilation with static runtime
* Add bitcode support for qtpdf on ios
* Do not access accessibility from qt post routines
* Blacklist javascriptClipboard test on ubuntu 20.04
* Re-enable network-service-in-process
* Bump version from 5.15.7 to 5.15.8
* Update patch level
* Fix pinch gesture
* Fix leak of properties after XkbRF_GetNamesProp
* Fix leak on getDefaultScreeenId
- Drop patch:
* 0001-Fix-build-with-glibc-2.34.patch
==== mutter ====
Version update (41.2 -> 41.3)
- Update to version 41.3:
+ Check keyboard serials for activation
+ Fix mixed up refresh rates in multi-monitor setups
+ Allow disabling HW cursors
+ Improve damage handling
+ Consider xrandr flags for advertised modes
+ Ensure constraints after client resize
+ window-group: Disable culling when rendinging clone to
offscreen buffer
+ Fix workspace switch animation in default plugin
+ Fix unfullscreening of window that were mapped fullscreen
+ Fix DMA-BUF screencasts with unredirected fullscreen windows
+ Fix orientation changes on devices with 90�
+ Fixed crashes
+ Plugged leaks
+ Misc. bug fixes and cleanups.
- Drop patches fixed upstream:
+ mutter-allow-disable-hardware-cursors.patch
+ mutter-initialize-saved_rect_fullscreen.patch
- Renumber patches yet again.
==== nautilus ====
Version update (41.1 -> 41.2)
Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1
- Update to version 41.2:
+ Avoid cropping format popover in Compress dialog.
+ Fix "Move to"/"Copy to" from Starred.
+ Fix memory leak on tab switch.
+ Updated translations.
==== ncurses ====
Version update (6.3.20211127 -> 6.3.20220101)
Subpackages: libncurses6 ncurses-utils terminfo-base
- Add ncurses patch 20220101
+ add section on releasing memory to curs_termcap.3x and
curs_terminfo.3x manpages.
- Add ncurses patch 20211225
+ improve markup, e.g., for external manpage links in the manpages
(prompted by report by Helge Kreutzmann).
- Add ncurses patch 20211219
+ install ncurses-examples programs in libexecdir, adding a wrapper
script to invoke those.
+ add help-screen and screen-dump to test/combine.c
- Rename package ncurses-tests to ncurses-examples as upstream does
- Add ncurses patch 20211211
+ add test/combine.c, to demo/test combining characters.
- Add ncurses patch 20211204
+ improve configure check for getttynam (report by Werner Fink).
- Correct offsets of patch ncurses-6.3.dif
==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11
- Install PAM manual pages instead of the PDFs
- specfile cleanup
- Don't recommend ntfs-3g by default on TW, the kernel module got
improved
==== perl-Bootloader ====
Version update (0.936 -> 0.937)
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
jsc#SLE-18271).
- 0.937
==== perl-HTTP-Message ====
Version update (6.35 -> 6.36)
- updated to 6.36
see /usr/share/doc/packages/perl-HTTP-Message/Changes
6.36 2022-01-05 14:39:42Z
- Fix examples in HTTP::Request::Common synopsis: HTTP::Request::Common
does not put headers in an arrayref, unlike HTTP::Request (GH#170) (Karen
Etheridge)
- Update to contributing information (GH#171) (H�kon H�gland)
==== podman ====
Subpackages: podman-cni-config
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
path from podman < 3.1.2
==== poppler ====
Version update (21.12.0 -> 22.01.0)
Subpackages: libpoppler-cpp0 libpoppler-glib8
- Update to 22.01.0:
core:
* Allow local (relative to dll) fonts dir on Windows
* TextOutputDev: require more spacing between columns.
Issue #1093
* Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
* Fix crash when calling Form::reset()
* GfxSeparationColorSpace: Check validity of colorspace and
function. Issue #1184
* Minor code improvements
glib:
* Include glib.h before using defines from it
* Close file descriptors on error
* Plug some memory leaks
* Replace use of deprecated g_memdup/g_time_zone_new
* Remove FD-taking functions on windows
utils:
* pdfsig: Add support for documents with passwords
* pdfsig: Fix signing with -sign if nss password is needed
==== poppler-qt5 ====
Version update (21.12.0 -> 22.01.0)
- Update to 22.01.0:
core:
* Allow local (relative to dll) fonts dir on Windows
* TextOutputDev: require more spacing between columns.
Issue #1093
* Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183
* Fix crash when calling Form::reset()
* GfxSeparationColorSpace: Check validity of colorspace and
function. Issue #1184
* Minor code improvements
glib:
* Include glib.h before using defines from it
* Close file descriptors on error
* Plug some memory leaks
* Replace use of deprecated g_memdup/g_time_zone_new
* Remove FD-taking functions on windows
utils:
* pdfsig: Add support for documents with passwords
* pdfsig: Fix signing with -sign if nss password is needed
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup
- Workaround for spurious errors in dump-modules command
(bsc#1194379):
pulseaudio-dump-module-Ignore-invalid-module-init-tools.patch
==== qemu ====
- It's time to really start requiring -F when using -b in
qemu-img for us as well. Users/customers have been warned
in the relevant release notes (bsc#1190135)
* Patches dropped:
Revert-qemu-img-Improve-error-for-rebase.patch
Revert-qemu-img-Require-F-with-b-backing.patch
==== qpdf ====
Version update (10.4.0 -> 10.5.0)
- add fix-signedness-warning.patch (build for aarch64)
- update to 10.5.0:
* Since qpdf version 8, using object accessor methods on an
instance of ``QPDFObjectHandle`` may create warnings if the
object is not of the expected type. These warnings now have an
error code of ``qpdf_e_object`` instead of
``qpdf_e_damaged_pdf``. Also, comments have been added to
:file:`QPDFObjectHandle.hh` to explain in more detail what the
behavior is. See :ref:`object-accessors` for a more in-depth
discussion.
* Add ``Pl_Buffer::getMallocBuffer()`` to initialize a buffer
allocated with ``malloc()`` for better cross-language
interoperability.
* Overhaul error handling for the object handle functions C API.
Some rare error conditions that would previously have caused a
crash are now trapped and reported, and the functions that
generate them return fallback values. See comments in the
``ERROR HANDLING`` section of :file:`include/qpdf/qpdf-c.h` for
details. In particular, exceptions thrown by the underlying C++
code when calling object accessors are caught and converted into
errors. The errors can be checked by calling ``qpdf_has_error``.
Use ``qpdf_silence_errors`` to prevent the error from being
written to stderr.
* Add ``qpdf_get_last_string_length`` to the C API to get the
length of the last string that was returned. This is needed to
handle strings that contain embedded null characters.
* Add ``qpdf_oh_is_initialized`` and
``qpdf_oh_new_uninitialized`` to the C API to make it possible
to work with uninitialized objects.
* Add ``qpdf_oh_new_object`` to the C API. This allows you to
clone an object handle.
* Add ``qpdf_get_object_by_id``, ``qpdf_make_indirect_object``,
and ``qpdf_replace_object``, exposing the corresponding methods
in ``QPDF`` and ``QPDFObjectHandle``.
- add build-without-pdf.patch to fix documentation installation
- enable documentation build, enable tests, enable werror
==== shadow ====
Version update (4.9 -> 4.11.1)
Subpackages: login_defs
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
- Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
* Switch from xml2po to itstool in 'make dist'
* Fix double frees
* Add LOG_INIT configurable to useradd
* Add CREATE_MAIL_SPOOL documentation
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM
* Fix wrong SELinux labels in several possible cases
* Fix missing chmod in chadowtb_move
* Handle malformed hushlogins entries
* Fix groupdel segv when passwd does not exist
* Fix covscan-found newgrp segfault
* Remove trailing slash on hoedir
* Fix passwd -l message - it does not change expirey
* Fix SIGCHLD handling bugs in su and vipw
* Remove special case for "" in usermod
* Implement usermod -rG to remove a specific group
* call pam_end() after fork in child path for su and login
* useradd: In absence of /etc/passwd, assume 0 == root
* lib: check NULL before freeing data
* Fix pwck segfault
- Remove because upstreamed:
* shadow-4.9-pwck-segfault.patch
* shadow-4.9-newgrp-segfault.patch
* shadow-4.9-useradd-subuid.patch
* shadow-4.9-sgent-free.patch
* shadow-passwd-handle-null.patch
* shadow-fix-sigabrt.patch
* shadow-libeconf-include.patch
* libsubid-build-fix.patch
- Refreshed:
* shadow-util-linux.patch
* shadow.changes
* shadow.keyring
* shadow.spec
* useradd-script.patch
* useradd-userkeleton.patch
* userdel-script.patch
- Update shadow.keyring:
* Serge Hallyn serge@hallyn.com (B175CFA98F192AF2)
* Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
==== sqlite3 ====
Version update (3.36.0 -> 3.37.1)
- update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ("START") is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap
- Remove libsmbclient-devel BuildRequires in favor of
pkgconfig(smbclient)
==== vim ====
Version update (8.2.3995 -> 8.2.4063)
Subpackages: vim-data-common vim-small
- disable-unreliable-tests-arch.patch: refresh
- Updated to version 8.2.4063, fixes the following problems
- fixes boo#1194559 CVE-2022-0156
* Not all sshconfig files are detected as such.
* Vim9: type checking for list and dict lacks information about declared
type.
* Vim9: not enough testing for extend() and map().
* Asan error for adding zero to NULL.
* Redundant check for NUL byte.
* Coverity warns for checking for NULL pointer after using it.
* Insert complete code uses global variables.
* First char typed in Select mode can be wrong.
* Error messages are spread out.
* Old compiler complains about struct init with variable.
* Error messages are spread out.
* Vim9: crash when declaring variable on the command line.
* Session does not restore help buffer properly when "options' is missing
from 'sessionoptions'.
* Error messages are spread out.
* Reading one byte beyond the end of the line.
* Error messages are spread out.
* Test fails because of changed error number.
* Error messages are spread out.
* Build failure without the spell feature.
* Git and gitcommit file types not properly recognized.
* Build failure with tiny features. (Tony Mechelynck)
* Vim9: incorrect error for argument that is shadowing var.
* Gcc warns for misleading indent in Athena menu code.
* ml_get error when win_execute redraws with Visual selection.
* Vim9: import mechanism is too complicated.
* Debugger test fails.
* Missing part of the :import changes.
* Two error messages in the wrong file.
* Using uninitialized variable.
* Confusing error message if imported name is used directly.
* Error for import not ending in .vim does not work for .vimrc.
* ml_get error with specific win_execute() command. (Sean Dewar)
* ml_get error with :doautoall and Visual area. (Sean Dewar)
* Debugging NFA regexp my crash, cached indent may be wrong.
* A script local funcref is not found from a mapping.
* Crash in xterm with only two lines. (Dominique Pell�)
* ATTRIBUTE_NORETURN is not needed.
* Running filetype tests leaves directory behind.
* Coverity warns for possibly using a NULL pointer.
* Timer triggered at the debug prompt may cause trouble.
* Vim9: script test file is getting too long.
* Insert mode completion is insufficiently tested.
* Various code not used when features are disabled.
* The xdiff library is linked in even when not used.
* Keeping track of allocated lines in user functions is too complicated.
* Using unitialized pointer.
* Vim9: build error.
* Using int for second argument of ga_init2().
* Vim9: no error when importing the same script twice.
* Some global functions are only used in one file.
* Some error messages not in the right place.
* Depending on the build features error messages are unused.
* gcc complains about use of "%p" in printf.
* Vim9: reading before the start of the line with "$" by itself.
* Vim9: need to prefix every item in an autoload script.
* Compiler complains about possibly uninitialized variable.
* Not easy to resize a window from a plugin.
* Vim9: autoload mechanism doesn't fully work yet.
* Vim9 script test fails.
* Vim9: line break in expression causes v:errmsg to be filled. (Yegappan
Lakshmanan)
* Vim9: memory leak when exporting function in autoload script.
* Vim9: not fully implementing the autoload mechanism.
* Vim9: import test failure in wrong line.
* Vim9: an expression of a map cannot access script-local items. (Maxim Kim)
* win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick
Howe)
* Codecov bash script is deprecated.
* Match highlighting of tab too short.
* Vim9: exported function in autoload script not found. (Yegappan Lakshmanan)
==== wayland ====
Version update (1.19.0 -> 1.20.0)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0
- Add wayland-shm-Close-file-descriptors-not-needed.patch: For
platforms that support mremap(), we don't need to hold file
descriptors all the time, because programs like Xwayland will
hold a lot of file descriptors and may crash, this patch close
file descriptors earlier for those platforms (bsc#1194190).
- obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4
- Update to release 1.20
* A few protocol additions: wl_surface.offset allows clients to
update a surface's buffer offset independently from the
buffer, wl_output.name and description allow clients to
identify outputs without depending on xdg-output-unstable-v1.
* In protocol definitions, events have a new "type" attribute
and can now be marked as destructors.
* A number of bug fixes, including a race condition when
destroying proxies in multi-threaded clients.
==== yast2 ====
Version update (4.4.34 -> 4.4.36)
- Adapted Report.yesno_popup to Ruby 3 (bsc#1193192)
- 4.4.36
- Simplify slide show to support future parallel installations
(jsc#SLE-20437)
- 4.4.35