Packages changed: busybox freetype2 (2.11.1 -> 2.12.0) gnome-shell-extensions gnome-software libnma (1.8.36 -> 1.8.38) libnvme (1.0~8 -> 1.0) libqt5-qtwebengine (5.15.8 -> 5.15.9) libsndfile (1.0.31 -> 1.1.0) nvme-cli (2.0~8 -> 2.0) webkit2gtk3 webkit2gtk3-soup2 xdpyinfo (1.3.2 -> 1.3.3) === Details === ==== busybox ==== - Enable udhcpc ==== freetype2 ==== Version update (2.11.1 -> 2.12.0) - update to 2.12.0: - FreeType now handles OT-SVG fonts, to be controlled with `FT_CONFIG_OPTION_SVG` configuration macro. By default, it can only load the 'SVG ' table of an OpenType font. However, by using the `svg-hooks` property of the new 'ot-svg' module it is possible to register an external SVG rendering engine. The FreeType demo programs have been set up to use 'librsvg' as the rendering library. - The handling of fonts with an 'sbix' table has been improved. - The internal 'zlib' code has been updated to be in sync with the current 'zlib' version (1.2.11). - The previously internal load flag `FT_LOAD_SBITS_ONLY` is now public. - Some minor improvements of the building systems, in particular handling of the 'zlib' library (internal vs. external). - Support for non-desktop Universal Windows Platform. - Various other minor bug and documentation fixes. - The `ftdump` demo program shows more information for Type1 fonts if option `-n` is given. - `ftgrid` can now display embedded bitmap strikes. ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common - Deprecate SLE-Classic in GNOME 42: + Drop 00_org.gnome.shell.extensions.sle-classic.gschema.override + Drop gse-sle-classic-ext.patch + Drop sle-classic.desktop + Drop sle-classic.json + Drop sle-classic@suse.com.tar.gz SLE-Classic is not compatible with GNOME 42 which makes this mode not usable. After careful consideration, we decide to deprecate SLE-Classic in GNOME 42, please find the reason in (boo#1197907). ==== gnome-software ==== - Add 8cbce25.patch: Fix Gnome-Software keep poping up notification "Software updates failed". ==== libnma ==== Version update (1.8.36 -> 1.8.38) Subpackages: libnma-gtk4-0 libnma0 typelib-1_0-NMA-1_0 - Update to version 1.8.38: + libnma-gtk4 is no longer considered EXPERIMENTAL. + meson now builds libnma-gtk4 properly. + Keyboard accelerator for certificate chooser works again. + Fixed libnma-gtk4 version of mobile-wizard. ==== libnvme ==== Version update (1.0~8 -> 1.0) - Update to version 1.0: * tree: Remove default port setting for TCP and RDMA ports * tree: add 'f_args' argument to pass user data to the filter function * tree: remove 'ctrl_get_ana_state()' * tree: add namespace path iterators * tree: filter out namespaces * tree: update nvme_scan_filter_t usage ==== libqt5-qtwebengine ==== Version update (5.15.8 -> 5.15.9) - Update to version 5.15.9: * QPdfView: scale page rendering according to devicePixelRatio * Update documented Chromium version * Use IsSameDocument() rather than IsLoadingToDifferentDocument() * Update module-split for installer * Fix printing PDF files * Do not override signal handlers * Avoid using xkbcommon in non-X11 builds * Update documentation * Update Chromium: * Bump V8_PATCH_LEVEL * Do not overwrite signal handlers in the browser process. * Replace base::ranges::set_union with std::set_union to fix MSVC2017 build * [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API * [Backport] CVE-2022-0102: Type Confusion in V8 * [Backport] CVE-2022-0103: Use after free in SwiftShader * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE * [Backport] CVE-2022-0108: Inappropriate implementation in Navigation * [Backport] CVE-2022-0109: Inappropriate implementation in Autofill * [Backport] CVE-2022-0111 and CVE-2022-0117 * [Backport] CVE-2022-0113: Inappropriate implementatio n in Blink * [Backport] CVE-2022-0116: Inappropriate implementation in Compositing * [Backport] CVE-2022-0289: Use after free in Safe browsing * [Backport] CVE-2022-0291: Inappropriate implementation in Storage * [Backport] CVE-2022-0293: Use after free in Web packaging * [Backport] CVE-2022-0298: Use after free in Scheduling * [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager * [Backport] CVE-2022-0456: Use after free in Web Search * [Backport] CVE-2022-0459: Use after free in Screen Capture * [Backport] CVE-2022-0460: Use after free in Window Dialog * [Backport] CVE-2022-0461: Policy bypass in COOP * [Backport] CVE-2022-0606: Use after free in ANGLE * [Backport] CVE-2022-0607: Use after free in GPU * [Backport] CVE-2022-0608: Integer overflow in Mojo * [Backport] CVE-2022-0609: Use after free in Animation * [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API * [Backport] CVE-2022-0971 (boo#1197163) * [Backport] CVE-2022-1096 (boo#1197552) * [Backport] CVE-2022-23852 * [Backport] Copy 'name_' member during StyleRuleProperty::Copy * [Backport] Security bug 1256885 * [Backport] Security bug 1258603 * [Backport] Security bug 1259557 * [Backport] Security bug 1261415 * [Backport] Security bug 1265570 * [Backport] Security bug 1268448 * [Backport] Security bug 1270014 * [Backport] Security bug 1274113 * [Backport] Security bug 1276331 * [Backport] Security bug 1280743 * [Backport] Security bug 1289394 * [Backport] Security bug 1292537 * [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled - Drop patches, now upstream: * CVE-2022-0971-qtwebengine-5.15.patch * CVE-2022-1096-qtwebengine-5.15.patch ==== libsndfile ==== Version update (1.0.31 -> 1.1.0) - update to 1.1.0: * Added MPEG Encode/Decode Support * New fuzzer for OSS-Fuzz, thanks @DavidKorczynski. Fixed: * Memory leak in caf_read_header(), credit to OSS-Fuzz (issue 30375). * Stack overflow in guess_file_type() * Abort in fuzzer, thanks @bobsayshilol, credit to OSS-Fuzz * Infinite loop in svx_read_header(), thanks @bobsayshilol, credit to OSS-Fuzz * GCC and Clang pedantic warnings, thanks @bobsayshilol. * Normalisation issue when scaling floating point data to int in replace_read_f2i(), thanks @bobsayshilol, (issue #702). * Missing samples when doing a partial read of Ogg file from index till the end of file, thanks @arthurt (issue #643). * sndfile-salvage: Handle files > 4 GB on Windows OS * Undefined shift in dyn_get_32bit(), credit to OSS-Fuzz * Integer overflow in nms_adpcm_update(), credit to OSS-Fuzz * Integer overflow in psf_log_printf(), credit to OSS-Fuzz * ABI version incompatibility between Autotools and CMake build on Apple platforms. * Heap buffer overflow in wavlike_ima_decode_block() * Heap buffer overflow in msadpcm_decode_block() * Heap buffer overflow in psf_binheader_readf() * Index out of bounds in psf_nms_adpcm_decode_block() * Heap buffer overflow in flac_buffer_copy() * Heap buffer overflow in copyPredictorTo24() * Uninitialized variable in psf_binheader_readf() - drop sndfile-deinterlace-channels-check.patch ms_adpcm-Fix-and-extend-size-checks.patch, libsndfile-CVE-2021-4156.patch (obsolete) ==== nvme-cli ==== Version update (2.0~8 -> 2.0) - Update to version 2.0: * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) * fabrics: Set KATO for discovery controller when connecting * fabrics: Do no modify default config for discovery controller * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) * fabrics: Support connect even when no /etc/nvme/hostnqn file exists * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) * plugins/intel: make 'buckets' a json array * plugins: Update WDC capabilities command with new commmands * plugins: Add OCP plugin ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Drop webkit2gtk3-gcc12.patch. It isn't needed anymore, since the relevant gcc change has been reverted for now. - Update some minimum version requirements to match cmake checks. - Remove build requirements on geoclue and libbrotlidec: they are no longer build-time dependencies. Add geoclue2 to Recommends. ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Drop webkit2gtk3-gcc12.patch. It isn't needed anymore, since the relevant gcc change has been reverted for now. - Update some minimum version requirements to match cmake checks. - Remove build requirements on geoclue and libbrotlidec: they are no longer build-time dependencies. Add geoclue2 to Recommends. ==== xdpyinfo ==== Version update (1.3.2 -> 1.3.3) - Update to version 1.3.3: * This release includes a pair of changes to align with the xserver-21.x release series - it prints the version without the leading "1." for 21.x xservers, and it changes the default for building DMX support from --with-dmx to --without-dmx as DMX is no longer included in the 21.x xservers. (The DMX support in xdpyinfo is not removed in this release, and can be enabled at build time with the --with-dmx flag to configure, but may be fully removed in a future release of xdpyinfo.)