Removed rpms ============ - cyrus-sasl-plain-32bit - db48-utils - glibc-locale-base-32bit - guestfs-data - guestfs-winsupport - alsa-oss-32bit - alsa-plugins-32bit - gettext-runtime-32bit - glibc-32bit - libXau6-32bit - libattr1-32bit - libbrotlicommon1-32bit - libcap2-32bit - libcom_err2-32bit - libcurl4-32bit - libffi7-32bit - libgobject-2_0-0-32bit - libjansson4-32bit - libldap-2_4-2-32bit - libnghttp2-14-32bit - libnsl2-32bit - libp11-kit0-32bit - libpng16-16-32bit - libpsl5-32bit - libpwquality1-32bit - libsasl2-3-32bit - libsndfile1-32bit - libtalloc2-32bit - libtdb1-32bit - libtextstyle0-32bit - libuuid1-32bit - libz1-32bit - nss-mdns-32bit - pam_pwquality-32bit - rpm-32bit - krb5-32bit - ldmtool - libFLAC8-32bit - libacl1-32bit - libavahi-client3-32bit - libbz2-1-32bit - libcups2-32bit - libdbus-1-3-32bit - libfontconfig1-32bit - libgio-2_0-0-32bit - libhivex0 - libkeyutils1-32bit - libldb2-32bit - libldm-1_0-0 - liblua5_3-5-32bit - libnss_usrfiles2-32bit - libogg0-32bit - libopenssl1_1-32bit - libssh4-32bit - libsss_nss_idmap0 - libsystemd0-32bit - libtevent0-32bit - libudev1-32bit - libunistring2-32bit - libvorbis0-32bit - libxcb1-32bit - perl-Class-Inspector - perl-File-ShareDir - perl-String-ShellQuote - perl-Sys-Guestfs - perl-Win-Hivex - perl-libintl-perl - python3-evtx - qemu-ipxe - samba-winbind-libs-32bit - sssd-wbclient - zerofree Added rpms ========== - NetworkManager-dns-bind - NetworkManager-dns-dnsmasq - alsa-oss-32bit - alsa-plugins-32bit - gettext-runtime-32bit - glibc-32bit - cyrus-sasl-plain-32bit - glibc-locale-base-32bit - krb5-32bit - libFLAC8-32bit - libacl1-32bit - libavahi-client3-32bit - libbz2-1-32bit - libdbus-1-3-32bit - libfontconfig1-32bit - libgio-2_0-0-32bit - libkeyutils1-32bit - libldb2-32bit - liblua5_3-5-32bit - libnss_usrfiles2-32bit - libogg0-32bit - libopenssl1_1-32bit - libssh4-32bit - libsystemd0-32bit - libtevent0-32bit - libudev1-32bit - libunistring2-32bit - libvorbis0-32bit - libxcb1-32bit - samba-winbind-libs-32bit - qemu-ipxe - libXau6-32bit - libattr1-32bit - libbrotlicommon1-32bit - libcap2-32bit - libcom_err2-32bit - libcurl4-32bit - libffi7-32bit - libgobject-2_0-0-32bit - libguestfs - libguestfs-xfs - libgupnp-av-1_0-3 - libjansson4-32bit - libldap-2_4-2-32bit - libnghttp2-14-32bit - libnma-gtk4-0 - libnsl2-32bit - libp11-kit0-32bit - libpng16-16-32bit - libpsl5-32bit - libpwquality1-32bit - libsasl2-3-32bit - libsndfile1-32bit - libtalloc2-32bit - libtdb1-32bit - libtextstyle0-32bit - libuuid1-32bit - libz1-32bit - nss-mdns-32bit - pam_pwquality-32bit - rpm-32bit - samba-ad-dc-libs-32bit - samba-libs-32bit - sqlite3-tcl Package Source Changes ====================== Mesa +- update to 22.2.5 + * the last planned release of the mesa 22.2.x series + * number of nice fixes in here, covering a decent amount of the + codebase, but nothing too crazy + Mesa:drivers +- update to 22.2.5 + * the last planned release of the mesa 22.2.x series + * number of nice fixes in here, covering a decent amount of the + codebase, but nothing too crazy + MozillaThunderbird +- Mozilla Thunderbird 102.6.1 + * fixed: Remote content did not load in user-defined signatures + (bmo#1803942) + * fixed: Addons that added new action buttons were not shown + for addon upgrades, requiring removal and reinstall + (bmo#1793430) + * fixed: Various stability improvements + (bmo#1798181,bmo#1797616) + * fixed: Security fix + MFSA 2022-53 (bsc#1206653) + * CVE-2022-46874 (bmo#1746139) + Drag and Dropped Filenames could have been truncated to + malicious extensions + +- Mozilla Thunderbird 102.6 + * fixed: Importing secret OpenPGP keys failed when public key + with public subkey was already present (bmo#1795698) + * fixed: Message index files were incorrectly deleted when too + many folders were opened (bmo#1787609) + * fixed: Thunderbird sometimes incorrectly formatted synced + vCards (bmo#1792542) + * fixed: Recurring events did not display past a certain number + of repetitions (bmo#1789437) + * fixed: Cookies deleted from the "Show Cookies" dialog were + not actually deleted (bmo#1803795) + * fixed: Paused RSS feeds did not actually pause updates + (bmo#1789120) + * fixed: Various visual and UX improvements + (bmo#1800189,bmo#1800537,bmo#1801080) + MFSA 2022-52 (bsc#1206242) + * CVE-2022-46880 (bmo#1749292) + Use-after-free in WebGL + * CVE-2022-46872 (bmo#1799156) + Arbitrary file read from a compromised content process + * CVE-2022-46881 (bmo#1770930) + Memory corruption in WebGL + * CVE-2022-46874 (bmo#1746139) + Drag and Dropped Filenames could have been truncated to + malicious extensions + * CVE-2022-46875 (bmo#1786188) + Download Protections were bypassed by .atloc and .ftploc + files on Mac OS + * CVE-2022-46882 (bmo#1789371) + Use-after-free in WebGL + * CVE-2022-46878 (bmo#1782219, bmo#1797370, bmo#1797685, + bmo#1801102, bmo#1801315, bmo#1802395) + Memory safety bugs fixed in Thunderbird 102.6 + NetworkManager-vpnc +- Update to version 1.2.8: + + libnm-glib compatibility (NetworkManager < 1.0) is disabled by + default. It can be enabled by passing --with-libnm-glib to + configure script. Nobody should need it by now. Users that + still use this are encourage to let us know before the + libnm-glib support is removed for good. + + The auth helper in external UI mode can now be run without a + display server. This is useful when activating connections with + "nmcli --ask". + + Gtk4 version of the editor plugin is now available (for use + with Control Center of GNOME 42 or later). + + Updated translations. +- Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and + pass --with-gtk4=yes to configure, build the gtk4 version. +- Stop passing --without-libnm-glib to configure, no longer + needed, nor recognized. +- Add optional libxml2-tools BuildRequires, build runs + xml-stripblanks preprocessing if available. + SDL2 +- Add CVE-2022-4743.patch: fix potential memory leak in + GLES_CreateTexture (boo#1206727 CVE-2022-4743). + acl -- test: Add helper library to fake passwd/group files -- quote: escape literal backslashes (bsc#953659). -- Added patch: - * 0001-test-Add-helper-library-to-fake-passwd-group-files.patch - * 0002-quote-escape-literal-backslashes.patch - -- refresh acl-2.2.52-tests.patch to work with perl 5.26 - -- BuildRequires gettext-tools-mini instead of gettext-tools: as - acl is part of the bootstrap, we want to try to keep the dep - chain as small as possible. - -- Remove --with-pic that's just for static libraries. -- Replace %__-type macro indirections. - Replace old $RPM_ by their macro equivalents for consistency. - Make the macro style consistent across the file again. - -- reenable full Larg File Support for i586 - -- Make it possible to disable tests (for Ring0) -- Add BuildRequires: system-user-daemon for the testsuite - -- Add BuildRequires for system user bin needed by test suite - -- Update to git snapshot dated 21 Sep 2015. - - Added: - * 0001-Install-the-libraries-to-the-appropriate-directory.patch - * 0002-setfacl.1-fix-typo-inclu-de-include.patch - * 0003-test-fix-insufficient-quoting-of.patch - * 0004-Makefile-rename-configure.in-to-configure.ac.patch - * 0005-Bad-markup-in-acl.5-page.patch - * 0006-.gitignore-ignore-and-config.h.in.patch - * 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch - * 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch - * 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch - * 0010-punt-debian-rpm-packaging-logic.patch - * 0011-move-gettext-logic-into-misc.h.patch - * 0012-test-make-running-parallel-out-of-tree-safe.patch - * 0013-modernize-build-system.patch - * 0014-po-regenerate-files-after-move.patch - * 0015-build-drop-aclincludedir-use-pkgincludedir.patch - * 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch - * 0017-build-ship-a-pkgconfig-file-for-libacl.patch - * 0018-read_acl_-comments-seq-rename-line-to-lineno.patch - * 0019-read_acl_-comments-seq-switch-to-next_line.patch - * 0020-telldir-return-value-and-seekdir-second-parameters-a.patch - * 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch - * 0022-add-__acl_-prefixes-to-internal-symbols.patch - * 0023-cp.test-Check-permissions-of-the-right-file.patch - * 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch - * 0025-fix-compilation-with-latest-xattr-git.patch - * 0026-getfacl-Fix-memory-leak.patch - * 0027-Fix-the-display-block-nesting-in-acl.5.patch - * 0028-setfacl-man-page-Minor-wording-improvements.patch - * 0029-getfacl-Fix-minor-resource-leak.patch - * 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch - * 0031-walk_tree-mark-internal-variables-as-static.patch - * 0032-ignore-configure.lineno.patch -- Signficant spec file restructuring due to 0013-modernize-build-system.patch -- removed builddefs.in.diff - -- Reduce size of filelist by using wildcards; - remove %doc (some locations are always %doc), - remove %attr (files already have proper permissions) - -- add acl-2.2.52-tests.patch and enable tests, check section taken - from Fedora package - -- remove gpg-offline calls from bootstrap package - -- Update to new upstream release 2.2.52 - * This release fixes a few build system issues that were found and - merges in a tree walking bug fix. -- Remove acl-fiximplicit.patch (merged upstream), - config-guess-sub-update.diff (no longer applies) -- Sync baselibs.conf with in-.spec obsoletes/provides. - -- add gpg checking - -- use source url - -- Add config-guess-sub-update.diff: - update config.guess/sub to latest state for AArch64 - -- Use OS byteswapping routines, application already Includes - "endian.h" but then goes ahead defining ad-hoc equivalent - functionality (0001-Use-OS-byteswapping-macros.patch) - -- remove useless automake deps - -- patch license to follow spdx.org standard - -- license update: GPL-2.0+;LGPL-2.1+ - SPDX format - -- add automake as buildrequire to avoid implicit dependency - -- Fix provides/Obsoletes - -- Implement shlib package (libacl1) -- Enable libacl-devel on all baselib arches - -- upgrade to 2.2.51 - - Test fixes - -- upgrade to 2.2.50 - - OPTIONS in man pages should be a section heading, not a subsection heading - - Fix a typo in the setfacl man page - - setfacl: Clarify that removing a non-existent acl entry is not an error - - Prevent setfacl --restore from SIGSEGV on malformed restore file - - setfacl: make sure that -R only calls stat(2) on symlinks when it needs to - - libacl: fix potential null pointer dereference - - setfacl: fix restore crash on malformed input - - setfacl: print useful error from read_acl_comments - - setfacl: changing owner and when S_ISUID should be set --restore fix - -- use %_smp_mflags - -- add baselibs.conf as a source -- adjust baselibs.conf for SPARC - -- readded incorrectly removed libattr-devel requires in -devel - -- fixed implicit strchr() usage. - -- do not package static libraries -- fix -devel package dependencies - -- Version bump to 2.2.48 - - Document the new flags comments - - Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "setfacl --restore=file". - - Make sure that getfacl -R only calls stat(2) on symlinks when it needs to - - Stop quoting nonprintable characters in the getfacl output - - Avoid unnecessary but destructive chown calls - - Clarify license notice - alsa-oss +- use https for urls + +- Drop the superfluous buildreq alsa-topology-devel again; + it's no longer mandatory + +- Fix build breakage by the new alsa update; now it requires + alsa-topology-devel + +- Avoid repetition of name in summary. Update description. + +- Update to alsa-oss 1.1.8 (bsc#1181571): + Fix the build with the recent glibc +- Remove obsoleted patch: + remove-libio.patch: + +- remove-libio.patch: don't use obsolete + +- Remove old kludges +- Run spec-cleaner + +- Update to alsa-oss 1.1.6: + * Change FSF address (Franklin Street) +- Use %license file tag + +- Updated to alsa-oss 1.0.28: + All pervious fix patches are obsoleted: + 0002-Add-AM_MAINTAINER_MODE-enable-to-configure.in.patch + 0003-Fix-the-argument-passed-to-snd_pcm_dump_setup.patch + 0004-Workaround-for-aoss-dmix-with-unaligned-rates.patch + +- Fix for dmix with unaligned sample rate: + 0003-Fix-the-argument-passed-to-snd_pcm_dump_setup.patch + 0004-Workaround-for-aoss-dmix-with-unaligned-rates.patch + apparmor +- Add samba-4-17.patch to update the samba profiles for samba + version 4.17 (bsc#1206626); + atkmm1_6 +- Update to version 2.28.3: + + Build: + - Support building with Visual Studio 2022 (Chun-wei Fan) + - Meson build: Specify 'check' option in run_command() + Will be necessary with future versions of Meson. + - Meson build: Perl is not required by new versions of mm-common + - Meson build: Avoid unnecessary configuration warnings + - Meson build: Require meson >= 0.55.0 (Kjell Ahlstedt) +- Require atk >= 2.12.0 + Not a new requirement, but previously it was not specified in + configure.ac and meson.build. (Kjell Ahlstedt) +- Rename README to README.md + autoyast2 +- Added XSLT transformation for easy conversion of the data types in the + AutoYaST XML profiles between the old and the new format. This allows to + convert a new profile to the format accepted in SLE15-SP2 or older + (bsc#1206597) +- 4.5.12 + bash-completion +- Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791) + * List all options for `curl --` + ca-certificates-mozilla +- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) + Removed CAs: + - Global Chambersign Root + - EC-ACC + - Network Solutions Certificate Authority + - Staat der Nederlanden EV Root CA + - SwissSign Platinum CA - G2 + Added CAs: + - DIGITALSIGN GLOBAL ROOT ECDSA CA + - DIGITALSIGN GLOBAL ROOT RSA CA + - Security Communication ECC RootCA1 + - Security Communication RootCA3 + Changed trust: + - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) +- Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" + and it is not clear how many certs were issued for SSL middleware by TrustCor: + - TrustCor RootCert CA-1 + - TrustCor RootCert CA-2 + - TrustCor ECA-1 + Patch: remove-trustcor.patch + cepces +- Make the openssl security level configurable; (bsc#1204788). + chromium +- Chromium 109.0.5414.74: + * Add support for MathML Core + * CSS: Auto range support for font descriptors inside @font-face + rule + * CSS: Add lh length unit + * CSS: Add hyphenate-limit-chars property + * CSS: Snap border, outline and column-rule widths before layout + * API: Improved screen sharing and web conferencing: hints for + suppressing local audio playback, and Conditional Focus + * API: HTTP response status code in the Resource Timing API + * API: Same-site cross-origin prerendering triggered by the + speculation rules API + * Remove Event.path API + * CVE-2023-0128: Use after free in Overview Mode + * CVE-2023-0129: Heap buffer overflow in Network Service + * CVE-2023-0130: Inappropriate implementation in Fullscreen API + * CVE-2023-0131: Inappropriate implementation in iframe Sandbox + * CVE-2023-0132: Inappropriate implementation in Permission prompts + * CVE-2023-0133: Inappropriate implementation in Permission prompts + * CVE-2023-0134: Use after free in Cart + * CVE-2023-0135: Use after free in Cart + * CVE-2023-0136: Inappropriate implementation in Fullscreen API + * CVE-2023-0137: Heap buffer overflow in Platform Apps + * CVE-2023-0138: Heap buffer overflow in libphonenumber + * CVE-2023-0139: Insufficient validation of untrusted input in Downloads + * CVE-2023-0140: Inappropriate implementation in File System API + * CVE-2023-0141: Insufficient policy enforcement in CORS + * Various fixes from internal audits, fuzzing and other initiatives +- drop patches: + * chromium-gcc11.patch - not needed + * chromium-107-system-zlib.patch - upstream + * chromium-108-compiler.patch +- add patches: + * chromium-109-compiler.patch + * chromium-109-clang-lp154.patch + +- Add chromium-disable-GlobalMediaControlsCastStartStop.patch: + disable GlobalMediaControlsCastStartStop to fix crashes + occurring when interacting with the Media UI (bsc#1198124) + +- Chromium 108.0.5359.124 (boo#1206403): + * CVE-2022-4436: Use after free in Blink Media + * CVE-2022-4437: Use after free in Mojo IPC + * CVE-2022-4438: Use after free in Blink Frames + * CVE-2022-4439: Use after free in Aura + * CVE-2022-4440: Use after free in Profiles + +- Chromium 108.0.5359.98 + * Fix regression in computing