Packages changed: Mesa (21.3.0 -> 21.3.1) Mesa-drivers (21.3.0 -> 21.3.1) apache2-mod_php7 bash bind (9.16.20 -> 9.16.23) blog (2.21 -> 2.26) freerdp freetype2 (2.11.0 -> 2.11.1) gc (8.0.6 -> 8.2.0) kImageAnnotator (0.5.2 -> 0.5.3) kio libopenmpt (0.5.12 -> 0.5.13) libreoffice libvirt (7.9.0 -> 7.10.0) mozilla-nss (3.71 -> 3.73) multipath-tools (0.8.7+14+suse.5a09bfa -> 0.8.8+38+suse.2bdd3a14) openconnect perl-libwww-perl (6.58 -> 6.59) php7 poppler (21.10.0 -> 21.12.0) poppler-qt5 (21.10.0 -> 21.12.0) postgresql postgresql14 python-libvirt-python (7.9.0 -> 7.10.0) python-scrypt (0.8.18 -> 0.8.19) rdma-core (37.1 -> 38.0) strace (5.14 -> 5.15) syslogd xorg-x11-server === Details === ==== Mesa ==== Version update (21.3.0 -> 21.3.1) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.3.1 * mostly AMD, Intel & Zink fixes. ==== Mesa-drivers ==== Version update (21.3.0 -> 21.3.1) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - update to 21.3.1 * mostly AMD, Intel & Zink fixes. ==== apache2-mod_php7 ==== - provide configuration for PHP-FPM out of the box (boo#1192414) - package missing php.ini for PHP-FPM (boo#1192672) ==== bash ==== Subpackages: bash-doc bash-lang bash-sh - avoid duplicating COPYING file in bash-doc (already in main package in licensedir) ==== bind ==== Version update (9.16.20 -> 9.16.23) Subpackages: bind-doc bind-utils python3-bind - Upgrade to 9.16.23 Security issues fixed: The "lame-ttl" option is now forcibly set to 0. This effectively disables the lame server cache, as it could previously be abused by an attacker to significantly degrade resolver performance. (CVE-2021-25219) Bugs fixed: In 9.16.21: * When a dynamic zone was made available in another view using the "in-view" statement, running "rndc freeze" always reported an "already frozen" error even though the zone was successfully frozen. * Stale data in the cache could cause named to send non-minimized queries despite QNAME minimization being enabled. * When a DNSSEC-signed zone which only has a single signing key available is migrated to use KASP, that key is now treated as a Combined Signing Key (CSK). * When a member zone was removed from a catalog zone, journal files for the former were not deleted. * named-checkconf failed to detect syntactically invalid values of the "key" and "tls" parameters used to define members of remote server lists. * Fixed a regression which caused the EDNS TCP Keepalive option to be ignored inadvertently in client requests. It has now been fixed and this option is handled properly again. * Fixed a regression which altered the internal memory structure of zone databases, but neglected to update the MAPAPI value for zone files in "map" format. This caused named to attempt to load incompatible map files, triggering an assertion failure on startup. The MAPAPI value has now been updated, so named rejects outdated files when encountering them. * The thread-local isc_tid_v variable was not properly initialized when running BIND 9 as a Windows Service, leading to a crash on startup. * "map" files exceeding 2GB in size failed to load due to a size comparison that incorrectly treated the file size as a signed integer. In 9.16.22: * Remove the "adjust interface" mechanism which was responsible for setting up listeners on interfaces when the "*-source(-v6)" address and port were the same as the "listen-on(-v6)" address and port. Such a configuration is no longer supported; under certain timing conditions, that mechanism could prevent named from listening on some TCP ports. This has been fixed. * Multiple library names were mistakenly passed to the krb5-config utility when ./configure was invoked with the --with-gssapi=[/path/to/]krb5-config option. This has been fixed by invoking krb5-config separately for each required library. * Fixed a regression which broke backward compatibility for the "check-names master ..." and "check-names slave ..." options. This has been fixed. * Address a potential deadlock when checking zone content consistency. In 9.16.23: * Address Coverity warning in lib/dns/dnssec.c. * Fix a bug when comparing two RSA keys. There was a typo which caused the "p" prime factors to not being compared. * Fix an assertion failure caused by missing member zones during a reload of a catalog zone. This obsoletes bind-CVE-2021-25219.patch and bind-fix-build-with-older-sphinx.patch Other issues: A compile time waring about fall through in a switch statement has been averted by marking the cases as FALLTHROUGH. [bind-9.16.23.tar.xz, bind-9.16.23.tar.xz.sha512.asc, bind-CVE-2021-25219.patch, bind-fix-build-with-older-sphinx.patch, bind-avoid-fallthrough-warning-error.patch] ==== blog ==== Version update (2.21 -> 2.26) Subpackages: libblogger2 - Update to version 2.26 * On s390/x and PPC64 gcc misses unused arg0 - Remove patch fcb9e0c2.patch as now part of tar ball - Add upstream patch fcb9e0c2.patch * On s390/x and PPC64 gcc misses unused arg0 - Update to version 2.24 * Avoid install errror due missed directory - Update to version 2.22 * Avoid KillMode=none for newer systemd version as well as rework the systemd unit files of blog (boo#1186506) ==== freerdp ==== Subpackages: libfreerdp2-2 libwinpr2-2 - Add patch to fix connecting without H.264-enabled FFmpeg (boo#1190823): * 0001-Make-H.264-codec-optional-during-runtime.patch - Use %autosetup ==== freetype2 ==== Version update (2.11.0 -> 2.11.1) Subpackages: freetype2-devel libfreetype6 libfreetype6-32bit - update to 2.11.1: * Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and `FT_Data` structures have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. * Cmake support has been further improved. To do that various backward-incompatible changes were necessary; please see file `CMakeLists.txt` for more details. * The experimental 'COLR' v1 API has been updated to the latest OpenType standard 1.9. ==== gc ==== Version update (8.0.6 -> 8.2.0) - Add 0001-Distribute-gc_gcj.h-and-some-other-headers-in-single.patch to repair `make install` forgetting to install gc_pthread.h. - Drop C++98 build mode; just use what g++ uses. - Update to release 8.2.0 * Add API for accessing incremental GC time limit with nanosecond precision * Add API function to force start of incremental collection * Add GC_get/set_disable_automatic_collection API * New API (GC_set_markers_count) to control number of parallel markers * New API function to clear GC exclusion table * New API function to get size of object debug header * New API standalone functions to acquire and release the allocator lock * Always abort on failure to access /proc/self/maps * Avoid initial 3ms pause on world stop/start with GC_retry_signals * Enable mprotect-based incremental GC for Linux/arm and Linux/aarch64 * Enable true incremental collection even if parallel marker is on * Fix mmap(PROT_NONE) failure if RLIMIT_AS value is low (Linux) * Report memory region bounds and errno on GC_unmap/remap failure * Use mprotect-based VDB on PowerPC and S390 (Linux) * Use soft dirty bits on Linux (i386, powerpc, s390, x86_64) * Fix copyright message in de_win.rc, gc_cpp.cc, ec.h and specific.h ==== kImageAnnotator ==== Version update (0.5.2 -> 0.5.3) - Update to version 0.5.3 * Fixed: Crash while typing text on wayland. * Changed: Show scrollbar when not all tools visible. ==== kio ==== Subpackages: kio-core kio-lang - Add patch to fix KRun on Wayland (kde#446272, gh#openSUSE/kmozillahelper#33): * 0001-Fix-KRun-runApplication-when-xdg-activation-is-invol.patch ==== libopenmpt ==== Version update (0.5.12 -> 0.5.13) - Update to 0.5.13: * [Bug] Fixed various undefined behaviour found with ubsan. * IMF: Change envelope interpretation to be more like in XM instead of IT and tighten header validation. * MED: Some samples had a ping-pong loop when there should be no loop at all. * MT2: Ignore incorrect drums chunk size in early MT2 files (fixes e.g. ?A little Rock? by Csumi). * MT2: Work around initial master volume of 0 used in some files that apply a fade-in a the song start using track automation that would stay silent forever otherwise (track automation is currently not supported). * OKT: Apply portamento on every tick. * mpg123: Update to v1.29.2 (2021-10-23). ==== libreoffice ==== Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Fix UI scaling on HIDPI Wayland/KDE screens https://bugs.documentfoundation.org/show_bug.cgi?id=137924 + fix-wayland-scaling-in-plasma.patch ==== libvirt ==== Version update (7.9.0 -> 7.10.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - libxl: Fix libvirtd deadlocks and segfaults 23b51d7b-libxl-disable-death-event.patch, a4e6fba0-libxl-rename-threadinfo-struct.patch, e4f7589a-libxl-shutdown-thread-name.patch, b9a5faea-libxl-handle-death-thread.patch, 5c5df531-libxl-search-domid-in-thread.patch, a7a03324-libxl-protect-logger-access.patch bsc#1191668, bsc#1192017 - Update to libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html#v7-10-0-2021-12-01 ==== mozilla-nss ==== Version update (3.71 -> 3.73) Subpackages: libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss-certs mozilla-nss-tools - update to NSS 3.73 * bmo#1735028 - check for missing signedData field. * bmo#1737470 - Ensure DER encoded signatures are within size limits. * bmo#1729550 - NSS needs FiPS 140-3 version indicators. * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs * bmo#1738600 - sunset Coverity from NSS MFSA 2021-51 (bsc#1193170) * CVE-2021-43527 (bmo#1737470) Memory corruption via DER-encoded DSA and RSA-PSS signatures - update to NSS 3.72 * Remove newline at the end of coreconf.dep * bmo#1731911 - Fix nsinstall parallel failure. * bmo#1729930 - Increase KDF cache size to mitigate perf regression in about:logins ==== multipath-tools ==== Version update (0.8.7+14+suse.5a09bfa -> 0.8.8+38+suse.2bdd3a14) Subpackages: kpartx libmpath0 - Update to 0.8.8+38+suse.2bdd3a14.obscpio * upstream version bump. Code-wise identical to 0.8.7+138+suse.7c9afe31 - Drop versioned dependency on libmpath0 again (bsc#1190622) * Since 0.8.6, libmultipath and libmpathpersist have got proper ABI versioning, and rpmbuild auto-generates dependencies on libmultipath.so.0(LIBMULTIPATH_13.0.0) etc. - Update to version 0.8.7+138+suse.7c9afe31: New upstream version (pre-0.8.8) * deprecate "config_dir" and "multipath_dir" config options (will be removed in future version) * remove dependency on systemd-udevd-settle.service (boo#1193336) * fix crash in remove_map (boo#1193334) * CLI: add path wildcard "%I" for init state * CLI: add "reconfigure all" command * allow multiple pending "reconfigure" commands (bsc#1189551) * speed up "reconfigure" by avoiding unnecessary map reloads (bsc#1189551) * rework of CLI command handler (unix socket handler) to avoid hanging CLI commands (bsc#1189551) * fix multipathd startup after stop during reconfigure (boo#1193338) * improve error detection and warning messages in config file parser * fix exit status of multipath -T (bsc#1191900) * fix defects reported by coverity (boo#1193342) - avoid sleeping with locks held - exit if bindings file is broken - set umask before mkstemp - add bounds and consistency checks in SCSI VPD parsing code * add hardware table entry for DellEMC/ME4 (PowerVault ME4) ==== openconnect ==== Subpackages: libopenconnect5 openconnect-bash-completion openconnect-lang - Import the latest version of the vpnc-script, revision 1d35a8527e5422967514dd1d47350ff2ede55903 (boo#1140772) * This brings a lot of improvements for non-trivial network setups, IPv6 etc ==== perl-libwww-perl ==== Version update (6.58 -> 6.59) - updated to 6.59 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.59 2021-12-02 21:16:04Z - Use American English aspell master dictionary for POD spelling tests (GH#394) (Ville Skyttä) - Remove unnecessary string concatenations in mirror error messages (GH#391) (Ville Skyttä) - Spelling and grammar fixes (GH#390) (Ville Skyttä) ==== php7 ==== Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - provide configuration for PHP-FPM out of the box (boo#1192414) - package missing php.ini for PHP-FPM (boo#1192672) ==== poppler ==== Version update (21.10.0 -> 21.12.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - update to 21.12.0: * Add API to add images * CairoOutputDev: Fix de-duping of Flate images * Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393 * Minor code improvements * Add API for validation of signatures * Add API to read/save to file descriptor * pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117 * Increase C++ standard to 17 - Update to 21.11.0: core: * Fix rendering of some non-standard confirming annotations * Support rendering of some non-standard Type3 charprocs * TextOutputDev: Respect orientation when selecting words * CairoOutputDev: Don't override the antialias settings from the cairo_t * StructElement: support MCID in XObjects * Fix detection of monospace fonts * Ignore Adobe-Identity for non embedded CID fonts * PageLabelInfo::labelToIndex: work on some special no style intervals * Fix crash in malformed files * Minor code improvements utils: * pdfinfo: add -url option to print all URLs in a PDF * pdftohtml: document what zoom means in regard to DPI qt6: * Require Qt 6.1 * Minor code improvements ==== poppler-qt5 ==== Version update (21.10.0 -> 21.12.0) - update to 21.12.0: * Add API to add images * CairoOutputDev: Fix de-duping of Flate images * Fix crash on broken files when using non-default ENABLE_ZLIB_UNCOMPRESS. Issue #393 * Minor code improvements * Add API for validation of signatures * Add API to read/save to file descriptor * pdftohtml: Reduce sensitivity of duplicate detection. Issue #1117 * Increase C++ standard to 17 - Update to 21.11.0: core: * Fix rendering of some non-standard confirming annotations * Support rendering of some non-standard Type3 charprocs * TextOutputDev: Respect orientation when selecting words * CairoOutputDev: Don't override the antialias settings from the cairo_t * StructElement: support MCID in XObjects * Fix detection of monospace fonts * Ignore Adobe-Identity for non embedded CID fonts * PageLabelInfo::labelToIndex: work on some special no style intervals * Fix crash in malformed files * Minor code improvements utils: * pdfinfo: add -url option to print all URLs in a PDF * pdftohtml: document what zoom means in regard to DPI qt6: * Require Qt 6.1 * Minor code improvements ==== postgresql ==== Subpackages: postgresql-contrib postgresql-docs postgresql-llvmjit postgresql-server - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files ==== postgresql14 ==== Subpackages: libpq5 postgresql14-contrib postgresql14-docs postgresql14-llvmjit postgresql14-server - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. ==== python-libvirt-python ==== Version update (7.9.0 -> 7.10.0) - Update to 7.10.0 - Add all new APIs and constants in libvirt 7.10.0 - jsc#SLE-18260, jsc#SLE-19264 ==== python-scrypt ==== Version update (0.8.18 -> 0.8.19) - update to 0.8.19: * Use RtlGenRandom instead of CryptGenRandom on windows * Add check for c:\Program Files\OpenSSL-Win64 and c:\Program Files\OpenSSL-Win32 ==== rdma-core ==== Version update (37.1 -> 38.0) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to v38.0 (jsc#SLE-18383) - Bugfixes on all providers - New provider for irdma support - Add rdma-ndd to recommended depencies of rdma-core ==== strace ==== Version update (5.14 -> 5.15) - Update to strace 5.15 * Improvements * Implemented --strings-in-hex=non-ascii-chars option for using hexadecimal numbers instead of octal ones in escape sequences in the output strings. * Implemented --decode-pids=comm option (and its alias -Y) for printing command names for PIDs. * Implemented --decode-pids=pidns as an alias to --pidns-translation option. * Implemented printing of current working directory when AT_FDCWD constant is used with --decode-fds=path option enabled. * Improved printing of syscall names in places where the associated AUDIT_ARCH_* value is present (ptrace PTRACE_GET_SYSCALL_INFO request, SIGSYS siginfo_t). * Implemented decoding of process_mrelease syscall, introduced in Linux 5.15. * Implemented decoding of SECCOMP_GET_NOTIF_SIZES operation of seccomp syscall. * Implemented decoding of HDIO_*, KD*, and SECCOMP_* ioctl commands. * Implemented decoding of RTM_NEWCACHEREPORT, RTM_{NEW,DEL,GET}NEXTHOP, and RTM_{NEW,GET}STATS NETLINK_ROUTE netlink messages. * Implemented decoding of AF_ALG, AF_IEEE802154, AF_MCTP, AF_NFC, AF_QIPCRTR, AF_RRPC, AF_VSOCK, and AF_XDP socket addresses. * Implemented decoding of AF_BRIDGE and AF_MCTP protocols for IFLA_AF_SPEC netlink attribute. * Implemented decoding of IFLA_BR_MCAST_QUERIER_STATE, IFLA_BR_MULTI_BOOLOPT, IFLA_INET6_RA_MTU, IFLA_INFO_SLAVE_DATA, and IFLA_VFINFO_LIST netlink attributes. * Enhanced decoding of io_uring_register and times syscalls. * Enhanced IFLA_BR_FORWARD_DELAY, IFLA_BR_MAX_AGE, IFLA_EXT_MASK, IFLA_PROTINFO, *_INTVL, and *_TIMER netlink attribute decoding. * Enhanced decoding of AF_IPX and AF_NETLINK socket addresses. * Updated lists o AF_*, ARPHRD_*, BTRFS_*, DEVCONF_*, DM_*, ETH_P_*, FAN_REPORT_*, IORING_*, MOVE_MOUNT_*, MPOL_*, PACKET_*, RTM_*, SO_*, and XFRM_MSG_* constants. * Updated lists of ioctl commands from Linux 5.15. * Bug fixes * Fixed printing of struct bpf_prog_info.map_ids array. * Fixed behaviour of "dev", "pidfd", and "socket" arguments of the --print-fds option to no longer imply the "path" argument. * Fixed insufficient buffer size used for network interface name printing, that previously led to assertions on attempts of printing interface names that require quoting, for example, names longer than 4 characters in -xx mode (addresses RHBZ bug #2028146). ==== syslogd ==== Subpackages: klogd syslog-service - Remove PrivateDevices, ProtectClock and ProtectKernelLogs=true from klog.service and ProtectKernelLogs from klogd.service (bsc#1193172) ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk - u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch * Fix SEGFAULT when parsing bus IDs of NULL - u_Support-configuration-files-under-run-X11-xorg.conf..patch * Support configuration files under /run. Required for generating configuration files via udev. - u_Add-udev-scripts-for-configuration-of-platform-devic.patch * Generate configuration files for platform devices - u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch * Code has been obsoleted by udev patchset - u_Add-udev-rule-for-HyperV-devices.patch * Same as for platform devices, but on HyperV