Packages changed: Mesa (21.3.3 -> 21.3.4) Mesa-drivers (21.3.3 -> 21.3.4) avahi btrfsprogs (5.15 -> 5.16) busybox (1.34.1 -> 1.35.0) cyrus-sasl flatpak (1.12.2 -> 1.12.3) frameworkintegration gdm (41.0 -> 41.3) ghostscript gnome-desktop (41.2 -> 41.3) gnome-session (40.1.1 -> 41.3) gnome-shell (41.2 -> 41.3) grub2 gupnp (1.4.2 -> 1.4.3) iproute2 (5.15 -> 5.16) keylime libqt5-qtwebengine (5.15.7 -> 5.15.8) mutter (41.2 -> 41.3) nautilus (41.1 -> 41.2) ncurses (6.3.20211127 -> 6.3.20220101) patterns-base perl-Bootloader (0.936 -> 0.937) perl-HTTP-Message (6.35 -> 6.36) podman poppler (21.12.0 -> 22.01.0) poppler-qt5 (21.12.0 -> 22.01.0) pulseaudio qemu qpdf (10.4.0 -> 10.5.0) shadow (4.9 -> 4.11.1) sqlite3 (3.36.0 -> 3.37.1) sssd vim (8.2.3995 -> 8.2.4063) wayland (1.19.0 -> 1.20.0) yast2 (4.4.34 -> 4.4.36) === Details === ==== Mesa ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.3.4 * bugfix release ==== Mesa-drivers ==== Version update (21.3.3 -> 21.3.4) Subpackages: Mesa-dri Mesa-gallium - update to 21.3.4 * bugfix release ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (boo#1179060). ==== btrfsprogs ==== Version update (5.15 -> 5.16) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.16 * rescue: new subcommand clear-uuid-tree to fix failed mount due to bad uuid subvolume keys, caught by tree-checker * fi du: skip inaccessible files * prop: properly resolve to symlink targets * send, receive: fix crash after parent subvolume lookup errors * build: * fix build on 5.12+ kernels due to changes in linux/kernel.h * fix build on musl with old kernel headers * other: * error handling fixes, cleanups, refactoring * extent tree v2 preparatory work * lots of RST documentation updates (last release with asciidoc sources), https://btrfs.readthedocs.io - Update to 5.15.1 * fi usage: fix wrongly reported space of used or unallocated space * fix detection of block device discard capability * check: add more sanity checks for checksum items * build: make sphinx optional backend for documentation ==== busybox ==== Version update (1.34.1 -> 1.35.0) - Update to 1.35.0 - Adjust busybox.config for new features in find, date and cpio - Annotate CVEs already fixed in upstream, but not mentioned in .changes: * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() - CVE-2011-5325 (bsc#951562): tar directory traversal - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation ==== cyrus-sasl ==== Subpackages: cyrus-sasl-gssapi libsasl2-3 - postfix: sasl authentication with password fails (bsc#1194265) Add config parameter --with-dblib=gdbm - Avoid converting of /etc/sasldb2 by every update. Convert /etc/sasldb2 only if it is a Berkeley DB ==== flatpak ==== Version update (1.12.2 -> 1.12.3) Subpackages: libflatpak0 system-user-flatpak - Update to 1.12.3: + CVE-2021-43860: a malicious repository could have sent invalid application metadata in a way that hides some of the app permissions displayed during installation (boo#1194610) + flatpak-builder could allow --mirror-screenshots-url commands to create directories outside of the build directory (boo#1194611) + Extra-data downloading now properly handles compressed content-encodings which fixes checksum verification + Note: In some corner case server setups this may require the extra-data checksum to be changed + Avoid unnecessary policy-kit dialog due to auto-pinning when installing runtimes + Better handling of updates of extensions that exist in multiple repositories + Fixed (initial) installation apps with renamed ids + Fixed regression in updates from no-enumerate remotes + We now verify checksums of summary caches, to better handle local file corruption + Improved cli output for non-terminal targets + Flatpak run --session-bus now works + Fix build with PyParsing >= 3.0.4 + Fixed "Since" annotations on FlatpakTransaction signals + bash auto completion now doesn't complete on command name aliases + Minor improvements to the search command + Minor improvements to the list command + Minor improvements to the repair command + Add more tests + Updated translations. - Drop support-new-pyparsing.patch: Fixed upstream. ==== frameworkintegration ==== Subpackages: frameworkintegration-plugin libKF5Style5 - Add upstream change to fix a regression in 5.90.0 (kde#448237) * 0001-Fix-wrong-porting-of-KNSCore-Engine-configSearchLoca.patch ==== gdm ==== Version update (41.0 -> 41.3) Subpackages: gdm-schema gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Update to version 41.3: + Juggle Xorg's -listen/-nolisten command line change better. + Fix session type selection. + Fix crash. + Drop vestigial gdm-pin service. + XDMCP fixes. + Wayland nvidia udev updates. + Updated translations. - Rebase gdm-disable-wayland-on-mgag200-chipsets.patch. - Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and gdm-restart-greeter-session-after-crash.patch: fixed upstream. ==== ghostscript ==== - CVE-2021-45949.patch fixes CVE-2021-45949 heap-based buffer overflow in sampled_data_finish cf. https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-803.yaml (bsc#1194304) - CVE-2021-45944 use-after-free in sampled_data_sample is already fixed in the Ghostscript 9.54.0 upstream sources (bsc#1194303) ==== gnome-desktop ==== Version update (41.2 -> 41.3) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 41.3: + No changes, version bump only. ==== gnome-session ==== Version update (40.1.1 -> 41.3) Subpackages: gnome-session-core gnome-session-default-session gnome-session-wayland - Update to version 41.3: + No changes, just version synching. - Changes from version 40.8: + data: Install GNOME on Wayland session for X11 preferred setups + Don't spew as much into log when falling back to non-systemd sessions + Work better with certain versions of meson + Correct screwed up check for gnome-shell + Various cleanups and leak fixes + Updated translations. - Rebase gnome-session-better-handle-empty-xdg_session_type.patch. - Drop gnome-session-exit-when-lost-name-on-bus.patch: no longer applicable. ==== gnome-shell ==== Version update (41.2 -> 41.3) Subpackages: gnome-shell-calendar - Update to version 41.3: + Improve window tracking + Simplify scroll fade shader to work with old hardware + Tweak (un)minimize animations + Don't wake up screen in DND mode + Fix immediately withdrawn notifications getting stuck + Honor XDG SingleMainWindow key in .desktop files + Fixed crashes + Misc. bug fixes and cleanups + Updated translations. - Modernize our Supplements in gnome-shell-calendar sub-package. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch - Power guest secure boot with static keys: GRUB2 signing portion (jsc#SLE-18271) (bsc#1192764) * grub2.spec - Power guest secure boot with static keys: GRUB2 portion (jsc#SLE-18144) (bsc#1192686) * 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch * 0002-ieee1275-claim-more-memory.patch * 0003-ieee1275-request-memory-with-ibm-client-architecture.patch * 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch * 0005-docs-grub-Document-signing-grub-under-UEFI.patch * 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch * 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch * 0008-pgp-factor-out-rsa_pad.patch * 0009-crypto-move-storage-for-grub_crypto_pk_-to-crypto.c.patch * 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch * 0011-libtasn1-import-libtasn1-4.18.0.patch * 0012-libtasn1-disable-code-not-needed-in-grub.patch * 0013-libtasn1-changes-for-grub-compatibility.patch * 0014-libtasn1-compile-into-asn1-module.patch * 0015-test_asn1-test-module-for-libtasn1.patch * 0016-grub-install-support-embedding-x509-certificates.patch * 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch * 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch * 0019-appended-signatures-support-verifying-appended-signa.patch * 0020-appended-signatures-verification-tests.patch * 0021-appended-signatures-documentation.patch * 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch * 0023-x509-allow-Digitial-Signature-plus-other-Key-Usages.patch - Fix no menuentry is found if hibernation on btrfs RAID1 (bsc#1193090) * grub2-systemd-sleep-plugin ==== gupnp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3: + ServiceProxy: - Properly propagate cancelled actions in deprecated calls. - Fix deprecated async calls, again. ==== iproute2 ==== Version update (5.15 -> 5.16) - remove routef from links; it doesn't exist anymore - update to 5.16: * devlink: Fix cmd_dev_param_set() to check configuration mode * ip: add AMT support * iplink_can: fix configuration ranges in print_usage() and add unit * tc: flower: Fix buffer overflow on large labels * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res() * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH * iplink_can: add new CAN FD bittiming parameters: Transmitter Delay Compensation (TDC) ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Add 0001-Drop-dataclasses-module-usage.patch, to support Python 3.6 - Fix cfssl bcond logic in Tumbleweed / SLE ==== libqt5-qtwebengine ==== Version update (5.15.7 -> 5.15.8) - Update to version 5.15.8: * Update Chromium: [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c [Backport] CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium [Backport] CVE-2021-37987 : Use after free in Network APIs [Backport] CVE-2021-37989 : Inappropriate implementation in Blink [Backport] CVE-2021-37992 : Out of bounds read in WebAudio [Backport] CVE-2021-37993 : Use after free in PDF Accessibility [Backport] CVE-2021-37996 : Insufficient validation of untrusted input in Downloads [Backport] CVE-2021-38001 : Type Confusion in V8 [Backport] CVE-2021-38003 : Inappropriate implementation in V8 [Backport] CVE-2021-38005: Use after free in loader (1/3) [Backport] CVE-2021-38005: Use after free in loader (2/3) [Backport] CVE-2021-38005: Use after free in loader (3/3) [Backport] CVE-2021-38007: Type Confusion in V8 [Backport] CVE-2021-38009: Inappropriate implementation in cache [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers [Backport] CVE-2021-38012: Type Confusion in V8 [Backport] CVE-2021-38015: Inappropriate implementation in input [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe sandbox [Backport] CVE-2021-38018: Inappropriate implementation in navigation [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS [Backport] CVE-2021-38021: Inappropriate implementation in referrer [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication [Backport] CVE-2021-4057: Use after free in file API [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2) [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2) [Backport] CVE-2021-4059: Insufficient data validation in loader [Backport] CVE-2021-4062: Heap buffer overflow in BFCache [Backport] CVE-2021-4078: Type confusion in V8 [Backport] CVE-2021-4079: Out of bounds write in WebRTC [Backport] CVE-2021-4098: Insufficient data validation in Mojo [Backport] CVE-2021-4099: Use after free in Swiftshader [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader. [Backport] CVE-2021-4102: Use after free in V8 [Backport] Dependency for CVE-2021-37989 [Backport] Dependency for CVE-2021-38009 [Backport] Security bug 1245870 [Backport] Security bug 1252858 [Backport] Security bug 1259899 Bump V8_PATCH_LEVEL Compile with GCC 11 -std=c++20 Fix stack overflow on gpu channel recreate with an error Use wglSetPixelFormat directly only if in software mode [Backport] Handle long SIGSTKSZ in glibc > 2.33 [Backport] abseil-cpp: Fixes build with latest glibc * Handle qtpdf compilation with static runtime * Add bitcode support for qtpdf on ios * Do not access accessibility from qt post routines * Blacklist javascriptClipboard test on ubuntu 20.04 * Re-enable network-service-in-process * Bump version from 5.15.7 to 5.15.8 * Update patch level * Fix pinch gesture * Fix leak of properties after XkbRF_GetNamesProp * Fix leak on getDefaultScreeenId - Drop patch: * 0001-Fix-build-with-glibc-2.34.patch ==== mutter ==== Version update (41.2 -> 41.3) - Update to version 41.3: + Check keyboard serials for activation + Fix mixed up refresh rates in multi-monitor setups + Allow disabling HW cursors + Improve damage handling + Consider xrandr flags for advertised modes + Ensure constraints after client resize + window-group: Disable culling when rendinging clone to offscreen buffer + Fix workspace switch animation in default plugin + Fix unfullscreening of window that were mapped fullscreen + Fix DMA-BUF screencasts with unredirected fullscreen windows + Fix orientation changes on devices with 90° + Fixed crashes + Plugged leaks + Misc. bug fixes and cleanups. - Drop patches fixed upstream: + mutter-allow-disable-hardware-cursors.patch + mutter-initialize-saved_rect_fullscreen.patch - Renumber patches yet again. ==== nautilus ==== Version update (41.1 -> 41.2) Subpackages: gnome-shell-search-provider-nautilus libnautilus-extension1 - Update to version 41.2: + Avoid cropping format popover in Compress dialog. + Fix "Move to"/"Copy to" from Starred. + Fix memory leak on tab switch. + Updated translations. ==== ncurses ==== Version update (6.3.20211127 -> 6.3.20220101) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20220101 + add section on releasing memory to curs_termcap.3x and curs_terminfo.3x manpages. - Add ncurses patch 20211225 + improve markup, e.g., for external manpage links in the manpages (prompted by report by Helge Kreutzmann). - Add ncurses patch 20211219 + install ncurses-examples programs in libexecdir, adding a wrapper script to invoke those. + add help-screen and screen-dump to test/combine.c - Rename package ncurses-tests to ncurses-examples as upstream does - Add ncurses patch 20211211 + add test/combine.c, to demo/test combining characters. - Add ncurses patch 20211204 + improve configure check for getttynam (report by Werner Fink). - Correct offsets of patch ncurses-6.3.dif ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Install PAM manual pages instead of the PDFs - specfile cleanup - Don't recommend ntfs-3g by default on TW, the kernel module got improved ==== perl-Bootloader ==== Version update (0.936 -> 0.937) - merge gh#openSUSE/perl-bootloader#137 - grub2 install: Support secure boot on powerpc (bsc#1192764 jsc#SLE-18271). - 0.937 ==== perl-HTTP-Message ==== Version update (6.35 -> 6.36) - updated to 6.36 see /usr/share/doc/packages/perl-HTTP-Message/Changes 6.36 2022-01-05 14:39:42Z - Fix examples in HTTP::Request::Common synopsis: HTTP::Request::Common does not put headers in an arrayref, unlike HTTP::Request (GH#170) (Karen Etheridge) - Update to contributing information (GH#171) (Håkon Hægland) ==== podman ==== Subpackages: podman-cni-config - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 ==== poppler ==== Version update (21.12.0 -> 22.01.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 - Update to 22.01.0: core: * Allow local (relative to dll) fonts dir on Windows * TextOutputDev: require more spacing between columns. Issue #1093 * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183 * Fix crash when calling Form::reset() * GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184 * Minor code improvements glib: * Include glib.h before using defines from it * Close file descriptors on error * Plug some memory leaks * Replace use of deprecated g_memdup/g_time_zone_new * Remove FD-taking functions on windows utils: * pdfsig: Add support for documents with passwords * pdfsig: Fix signing with -sign if nss password is needed ==== poppler-qt5 ==== Version update (21.12.0 -> 22.01.0) - Update to 22.01.0: core: * Allow local (relative to dll) fonts dir on Windows * TextOutputDev: require more spacing between columns. Issue #1093 * Fix crash in Splash::gouraudTriangleShadedFill. Issue #1183 * Fix crash when calling Form::reset() * GfxSeparationColorSpace: Check validity of colorspace and function. Issue #1184 * Minor code improvements glib: * Include glib.h before using defines from it * Close file descriptors on error * Plug some memory leaks * Replace use of deprecated g_memdup/g_time_zone_new * Remove FD-taking functions on windows utils: * pdfsig: Add support for documents with passwords * pdfsig: Fix signing with -sign if nss password is needed ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-setup - Workaround for spurious errors in dump-modules command (bsc#1194379): pulseaudio-dump-module-Ignore-invalid-module-init-tools.patch ==== qemu ==== - It's time to really start requiring -F when using -b in qemu-img for us as well. Users/customers have been warned in the relevant release notes (bsc#1190135) * Patches dropped: Revert-qemu-img-Improve-error-for-rebase.patch Revert-qemu-img-Require-F-with-b-backing.patch ==== qpdf ==== Version update (10.4.0 -> 10.5.0) - add fix-signedness-warning.patch (build for aarch64) - update to 10.5.0: * Since qpdf version 8, using object accessor methods on an instance of ``QPDFObjectHandle`` may create warnings if the object is not of the expected type. These warnings now have an error code of ``qpdf_e_object`` instead of ``qpdf_e_damaged_pdf``. Also, comments have been added to :file:`QPDFObjectHandle.hh` to explain in more detail what the behavior is. See :ref:`object-accessors` for a more in-depth discussion. * Add ``Pl_Buffer::getMallocBuffer()`` to initialize a buffer allocated with ``malloc()`` for better cross-language interoperability. * Overhaul error handling for the object handle functions C API. Some rare error conditions that would previously have caused a crash are now trapped and reported, and the functions that generate them return fallback values. See comments in the ``ERROR HANDLING`` section of :file:`include/qpdf/qpdf-c.h` for details. In particular, exceptions thrown by the underlying C++ code when calling object accessors are caught and converted into errors. The errors can be checked by calling ``qpdf_has_error``. Use ``qpdf_silence_errors`` to prevent the error from being written to stderr. * Add ``qpdf_get_last_string_length`` to the C API to get the length of the last string that was returned. This is needed to handle strings that contain embedded null characters. * Add ``qpdf_oh_is_initialized`` and ``qpdf_oh_new_uninitialized`` to the C API to make it possible to work with uninitialized objects. * Add ``qpdf_oh_new_object`` to the C API. This allows you to clone an object handle. * Add ``qpdf_get_object_by_id``, ``qpdf_make_indirect_object``, and ``qpdf_replace_object``, exposing the corresponding methods in ``QPDF`` and ``QPDFObjectHandle``. - add build-without-pdf.patch to fix documentation installation - enable documentation build, enable tests, enable werror ==== shadow ==== Version update (4.9 -> 4.11.1) Subpackages: login_defs - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge@hallyn.com (B175CFA98F192AF2) * Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624) ==== sqlite3 ==== Version update (3.36.0 -> 3.37.1) - update to 3.37.1: * Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that can cause incorrect byte-code to be generated for some obscure but valid SQL, possibly resulting in a NULL- pointer dereference. * Fix an OOB read that can occur in FTS5 when reading corrupt database files. * Improved robustness of the --safe option in the CLI. * Other minor fixes to assert() statements and test cases. - SQLite3 3.37.0: * STRICT tables provide a prescriptive style of data type management, for developers who prefer that kind of thing. * When adding columns that contain a CHECK constraint or a generated column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now checks new constraints against preexisting rows in the database and will only proceed if no constraints are violated. * Added the PRAGMA table_list statement. * Add the .connection command, allowing the CLI to keep multiple database connections open at the same time. * Add the --safe command-line option that disables dot-commands and SQL statements that might cause side-effects that extend beyond the single database file named on the command-line. * CLI: Performance improvements when reading SQL statements that span many lines. * Added the sqlite3_autovacuum_pages() interface. * The sqlite3_deserialize() does not and has never worked for the TEMP database. That limitation is now noted in the documentation. * The query planner now omits ORDER BY clauses on subqueries and views if removing those clauses does not change the semantics of the query. * The generate_series table-valued function extension is modified so that the first parameter ("START") is now required. This is done as a way to demonstrate how to write table-valued functions with required parameters. The legacy behavior is available using the -DZERO_ARGUMENT_GENERATE_SERIES compile-time option. * Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces. * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). * Use less memory to hold the database schema. ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Remove libsmbclient-devel BuildRequires in favor of pkgconfig(smbclient) ==== vim ==== Version update (8.2.3995 -> 8.2.4063) Subpackages: vim-data-common vim-small - disable-unreliable-tests-arch.patch: refresh - Updated to version 8.2.4063, fixes the following problems - fixes boo#1194559 CVE-2022-0156 * Not all sshconfig files are detected as such. * Vim9: type checking for list and dict lacks information about declared type. * Vim9: not enough testing for extend() and map(). * Asan error for adding zero to NULL. * Redundant check for NUL byte. * Coverity warns for checking for NULL pointer after using it. * Insert complete code uses global variables. * First char typed in Select mode can be wrong. * Error messages are spread out. * Old compiler complains about struct init with variable. * Error messages are spread out. * Vim9: crash when declaring variable on the command line. * Session does not restore help buffer properly when "options' is missing from 'sessionoptions'. * Error messages are spread out. * Reading one byte beyond the end of the line. * Error messages are spread out. * Test fails because of changed error number. * Error messages are spread out. * Build failure without the spell feature. * Git and gitcommit file types not properly recognized. * Build failure with tiny features. (Tony Mechelynck) * Vim9: incorrect error for argument that is shadowing var. * Gcc warns for misleading indent in Athena menu code. * ml_get error when win_execute redraws with Visual selection. * Vim9: import mechanism is too complicated. * Debugger test fails. * Missing part of the :import changes. * Two error messages in the wrong file. * Using uninitialized variable. * Confusing error message if imported name is used directly. * Error for import not ending in .vim does not work for .vimrc. * ml_get error with specific win_execute() command. (Sean Dewar) * ml_get error with :doautoall and Visual area. (Sean Dewar) * Debugging NFA regexp my crash, cached indent may be wrong. * A script local funcref is not found from a mapping. * Crash in xterm with only two lines. (Dominique Pellé) * ATTRIBUTE_NORETURN is not needed. * Running filetype tests leaves directory behind. * Coverity warns for possibly using a NULL pointer. * Timer triggered at the debug prompt may cause trouble. * Vim9: script test file is getting too long. * Insert mode completion is insufficiently tested. * Various code not used when features are disabled. * The xdiff library is linked in even when not used. * Keeping track of allocated lines in user functions is too complicated. * Using unitialized pointer. * Vim9: build error. * Using int for second argument of ga_init2(). * Vim9: no error when importing the same script twice. * Some global functions are only used in one file. * Some error messages not in the right place. * Depending on the build features error messages are unused. * gcc complains about use of "%p" in printf. * Vim9: reading before the start of the line with "$" by itself. * Vim9: need to prefix every item in an autoload script. * Compiler complains about possibly uninitialized variable. * Not easy to resize a window from a plugin. * Vim9: autoload mechanism doesn't fully work yet. * Vim9 script test fails. * Vim9: line break in expression causes v:errmsg to be filled. (Yegappan Lakshmanan) * Vim9: memory leak when exporting function in autoload script. * Vim9: not fully implementing the autoload mechanism. * Vim9: import test failure in wrong line. * Vim9: an expression of a map cannot access script-local items. (Maxim Kim) * win_execute() is slow on systems where getcwd() or chdir() is slow. (Rick Howe) * Codecov bash script is deprecated. * Match highlighting of tab too short. * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) ==== wayland ==== Version update (1.19.0 -> 1.20.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Add wayland-shm-Close-file-descriptors-not-needed.patch: For platforms that support mremap(), we don't need to hold file descriptors all the time, because programs like Xwayland will hold a lot of file descriptors and may crash, this patch close file descriptors earlier for those platforms (bsc#1194190). - obsolete/provide libwayland-egl-devel 18.0.2 also on sle15-sp4 - Update to release 1.20 * A few protocol additions: wl_surface.offset allows clients to update a surface's buffer offset independently from the buffer, wl_output.name and description allow clients to identify outputs without depending on xdg-output-unstable-v1. * In protocol definitions, events have a new "type" attribute and can now be marked as destructors. * A number of bug fixes, including a race condition when destroying proxies in multi-threaded clients. ==== yast2 ==== Version update (4.4.34 -> 4.4.36) - Adapted Report.yesno_popup to Ruby 3 (bsc#1193192) - 4.4.36 - Simplify slide show to support future parallel installations (jsc#SLE-20437) - 4.4.35