Packages changed: libqt5-qtwebengine (5.15.9 -> 5.15.10) openvpn (2.5.6 -> 2.5.7) python-gobject python-importlib-metadata (4.11.3 -> 4.11.4) python-jsonpointer (2.2 -> 2.3) runc (1.1.2 -> 1.1.3) udisks2 === Details === ==== libqt5-qtwebengine ==== Version update (5.15.9 -> 5.15.10) - Update to version 5.15.10: * Fix top level build with no widget * Fix read-after-free on EGL extensions * Update Chromium * Add workaround for unstable gn on macOS in ci * Pass archiver to gn build * Fix navigation to non-local URLs * Add support for universal builds for qtwebengine and qtpdf * Enable Apple Silicon support * Fix cross compilation x86_64->arm64 on mac * Bump version to 5.15.10 * CustomDialogs: Make custom input fields readable in dark mode * CookieBrowser: Make alternating rows readable in dark mode * Update Chromium: * Bump V8_PATCH_LEVEL * Fix clang set-but-unused-variable warning * Fix mac toolchain python linker script call * Fix missing dependency for gpu sources * Fix python calls * Fix undefined symbol for universal link * Quick fix for regression in service workers by reverting backports * [Backport] CVE-2022-0797: Out of bounds memory access in Mojo * [Backport] CVE-2022-1125 * [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor. * [Backport] CVE-2022-1305: Use after free in storage * [Backport] CVE-2022-1310: Use after free in regular expressions * [Backport] CVE-2022-1314: Type Confusion in V8 * [Backport] CVE-2022-1493: Use after free in Dev Tools * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm' * [Backport] Security Bug 1296876 * [Backport] Security bug 1269999 * [Backport] Security bug 1280852 * [Backport] Security bug 1292905 * [Backport] Security bug 1304659 * [Backport] Security bug 1306507 ==== openvpn ==== Version update (2.5.6 -> 2.5.7) - update to 2.5.7: * Limited OpenSSL 3.0 support * print OpenSSL error stack if decoding PKCS12 file fails * fix omission of cipher-negotiation.rst in tarballs * fix errno handling on Windows (Windows has different classes of error codes, GetLastError() and C runtime errno, these should now be handled correctly) * fix PATH_MAX build failure in auth-pam.c * fix t_net.sh self-test leaving around stale "ovpn-dummy0" interface * fix overlong path names, leading to missing pkcs11-helper patch in tarball ==== python-gobject ==== Subpackages: python38-gobject python38-gobject-Gdk python38-gobject-cairo - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs the actual pycairo underneath (boo#1179584). ==== python-importlib-metadata ==== Version update (4.11.3 -> 4.11.4) - update to 4.11.4: * #379: In ``PathDistribution._name_from_stem``, avoid including parts of the extension in the result. * #381: In ``PathDistribution._normalized_name``, ensure names loaded from the stem of the filename are also normalized, ensuring duplicate entry points by packages varying only by non-normalized name are hidden. ==== python-jsonpointer ==== Version update (2.2 -> 2.3) - update to 2.3: * Support setting - for arrays * Add join and / operator * Fix invalid escape sequences ==== runc ==== Version update (1.1.2 -> 1.1.3) - Update to runc v1.1.3. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3. (Includes a fix for bsc#1200088.) * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on s390 and s390x. This solves the issue where syscalls the host kernel did not support would return `-EPERM` despite the existence of the `-ENOSYS` stub code (this was due to how s390x does syscall multiplexing). * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as intended; this fix does not affect runc binary itself but is important for libcontainer users such as Kubernetes. * Inability to compile with recent clang due to an issue with duplicate constants in libseccomp-golang. * When using systemd cgroup driver, skip adding device paths that don't exist, to stop systemd from emitting warnings about those paths. * Socket activation was failing when more than 3 sockets were used. * Various CI fixes. * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container. * runc static binaries are now linked against libseccomp v2.5.4. - Remove upstreamed patches: - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch ==== udisks2 ==== Subpackages: libudisks2-0 - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_udisks2-zram-setup@.service.patch * harden_udisks2.service.patch