Packages changed: bash busybox gpg2 (2.3.7 -> 2.3.8) kernel-source (6.0.1 -> 6.0.2) libffi libksba (1.6.1 -> 1.6.2) libsoup (3.2.0 -> 3.2.1) libxcrypt (4.4.27 -> 4.4.28) libxml2 (2.10.2 -> 2.10.3) libzypp (17.31.3 -> 17.31.4) netcfg plasma5-workspace postfix (3.7.2 -> 3.7.3) python-incremental (21.3.0 -> 22.10.0) python-pytz (2022.2.1 -> 2022.4) qalculate (4.2.0 -> 4.3.0) tcpd tiff timezone (2022d -> 2022e) timezone-java (2022d -> 2022e) xdg-user-dirs-gtk (0.10+13 -> 0.11) xf86-input-vmmouse (13.1.0 -> 13.2.0) yast2-network (4.5.8 -> 4.5.9) yast2-trans (84.87.20221009.3d63202666 -> 84.87.20221016.284cfa770d) zenity === Details === ==== bash ==== Subpackages: bash-doc bash-lang bash-sh - Don't strip binaries - Work around a signal mask issue with qemu linux-user emulation - Remove backup of patched tests ==== busybox ==== Subpackages: busybox-static - Annotate CVEs already fixed in upstream, but not mentioned in .changes: * CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules ==== gpg2 ==== Version update (2.3.7 -> 2.3.8) Subpackages: dirmngr gpg2-lang - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. * Rebase gnupg-detect_FIPS_mode.patch * Remove patch upstream: - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ==== kernel-source ==== Version update (6.0.1 -> 6.0.2) - Linux 6.0.2 (bsc#1012628). - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (bsc#1012628). - nilfs2: fix use-after-free bug of struct nilfs_root (bsc#1012628). - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (bsc#1012628). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (bsc#1012628). - nvme-pci: set min_align_mask before calculating max_hw_sectors (bsc#1012628). - random: restore O_NONBLOCK support (bsc#1012628). - random: clamp credited irq bits to maximum mixed (bsc#1012628). - ALSA: hda: Fix position reporting on Poulsbo (bsc#1012628). - efi: Correct Macmini DMI match in uefi cert quirk (bsc#1012628). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1012628). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1012628). - scsi: stex: Properly zero out the passthrough command structure (bsc#1012628). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (bsc#1012628). - Revert "USB: fixup for merge issue with "usb: dwc3: Don't switch OTG -> peripheral if extcon is present"" (bsc#1012628). - Revert "usb: dwc3: Don't switch OTG -> peripheral if extcon is present" (bsc#1012628). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1012628). - Revert "crypto: qat - reduce size of mapped region" (bsc#1012628). - random: avoid reading two cache lines on irq randomness (bsc#1012628). - random: use expired timer rather than wq for mixing fast pool (bsc#1012628). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (bsc#1012628). - wifi: cfg80211/mac80211: reject bad MBSSID elements (bsc#1012628). - wifi: mac80211: fix MBSSID parsing use-after-free (bsc#1012628). - wifi: cfg80211: ensure length byte is present before access (bsc#1012628). - wifi: cfg80211: fix BSS refcounting bugs (bsc#1012628). - wifi: cfg80211: avoid nontransmitted BSS list corruption (bsc#1012628). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (bsc#1012628). - wifi: mac80211: fix crash in beacon protection for P2P-device (bsc#1012628). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (bsc#1012628). - mctp: prevent double key removal and unref (bsc#1012628). - Input: xpad - add supported devices as contributed on github (bsc#1012628). - Input: xpad - fix wireless 360 controller breaking after suspend (bsc#1012628). - misc: pci_endpoint_test: Aggregate params checking for xfer (bsc#1012628). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (bsc#1012628). - commit 7fb6561 - Refresh patches.suse/ACPI-resource-Add-ASUS-model-S5402ZA-to-quirks.patch. - Refresh patches.suse/ACPI-resource-Skip-IRQ-override-on-Asus-Vivobook-K34.patch. Update upstream status. They were merged already. - commit 098c340 - ACPI: resource: do IRQ override on LENOVO IdeaPad (bsc#1203794). - ACPI: resource: Add ASUS model S5402ZA to quirks (bsc#1203794). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (bsc#1203794). - commit c7a2f55 ==== libffi ==== - add riscv64-handle-big-structures.patch ==== libksba ==== Version update (1.6.1 -> 1.6.2) - libksba 1.6.2: [bsc#1204357, CVE-2022-3515] * Fix integer overflow in the CRL parser. ==== libsoup ==== Version update (3.2.0 -> 3.2.1) Subpackages: libsoup-3_0-0 libsoup-lang typelib-1_0-Soup-3_0 - Update to version 3.2.1: + When built against nghttp2 1.50.0+ be relaxed about header whitespace. + Fix possible crash when cancelling an HTTP/2 message. + Fix regresion where soup_server_message_get_socket() could return NULL. + Fix minor memory leak. - Disable tests on 32-bit while waiting for https://gitlab.gnome.org/GNOME/libsoup/-/issues/309 ==== libxcrypt ==== Version update (4.4.27 -> 4.4.28) - update to 4.4.28: * Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver. This was added in GNU libc 2.35. ==== libxml2 ==== Version update (2.10.2 -> 2.10.3) Subpackages: libxml2-2 libxml2-tools - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ==== libzypp ==== Version update (17.31.3 -> 17.31.4) - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) ==== netcfg ==== - Remove hosts.allow and hosts.deny config files as they are only used by tcpd, which is not installed by default, bsc#1099755 ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Use appmenu-gtk-module instead of unity-gtk-module on Leap 15.2+ (boo#1108846) ==== postfix ==== Version update (3.7.2 -> 3.7.3) - update to 3.7.3 * Fixed a bug where some messages were not delivered after "warning: Unexpected record type 'X'. * Workaround: in a TLS server disable Postfix's 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) introduced a missing msg_panic() argument (in code that never executes). * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() request status in case of a null original recipient address. * Postfix 3.5.0 introduced debug logging noise in map_search_create(). - own /var/spool/mail (boo#1179574) ==== python-incremental ==== Version update (21.3.0 -> 22.10.0) - update to 22.10.0: * Incremental now supports type-checking with Mypy (#69) ==== python-pytz ==== Version update (2022.2.1 -> 2022.4) - update to 2022.4 ==== qalculate ==== Version update (4.2.0 -> 4.3.0) Subpackages: libqalculate22 qalculate-data - Update to 4.3.0: * Fix handling of Unicode powers for units in denominator, with adaptive parsing enabled (e.g. parse 10m/s² the same as 10m/s^2) * Fix "+" ignored after "E" in number bases where "E" is a digit * Fix scientific E notation with sign in argument when function is used without parentheses * Fix lambertw() for values very close to zero * Fix a × b^x + cx = d when a and c have different signs and d is non-zero * Fix a^x × b^x = c when a and b is negative, and c is positive * Fix segfaults in some corner cases * Fix potential issues in handling of leap seconds (e.g. during subtraction of seconds from date) * var=a syntax for variable assignment with calculated expression * Replace ounce with fluid ounce during conversion to volume unit * Solve a^x + b^x + … = c in more cases * Improve remainder/modulus for numerators with large exponents * Truncate number in output of parsed expression and end with ellipsis if unable to display all decimals * Improved floating point calculation and output speed, particularly for simple expressions with very high precision * New functions: clip(), qFormat(), qError() * "clear history" command and option to clear (not save) history on exit (CLI) * Replace selection (instead of wrap in parentheses) on operator input if selection ends with operator (GTK, Qt) * Act as if two arguments are required when applying base-N logarithm to expression (GTK, Qt) * When applying function to expression, exclude to/where expression and place cursor before closing parenthesis if operator is last in selection (GTK) * Show padlock (or "[P]") after protected expression (Qt) * Fix name field not working in argument edit dialog (Qt) * Minor bug fixes and feature enhancements ==== tcpd ==== - Add hosts.allow and hosts.deny config files from the netcfg package, as they are tcpd specific, bsc#1099755 ==== tiff ==== - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch ==== timezone ==== Version update (2022d -> 2022e) - timezone update 2022e: * Jordan and Syria switch from +02/+03 with DST to year-round +03 ==== timezone-java ==== Version update (2022d -> 2022e) - timezone update 2022e: * Jordan and Syria switch from +02/+03 with DST to year-round +03 ==== xdg-user-dirs-gtk ==== Version update (0.10+13 -> 0.11) Subpackages: xdg-user-dirs-gtk-lang - Update to version 0.11: + Updated translations. ==== xf86-input-vmmouse ==== Version update (13.1.0 -> 13.2.0) - xf86-input-vmmouse 13.2.0: * Update "See Also" list in vmmouse_detect man page * Update configure.ac bug URL for gitlab migration * gitlab CI: add a basic build test * autogen.sh: Implement GNOME Build API * autogen.sh: use quoted string variables * tools: Fix declaration of xf86EnableIO() * autogen: add default patch prefix * Drop maintainer mode from autogen.sh * autogen.sh: use exec instead of waiting for configure to finish * Replace unportable test(1) operator. * Add NetBSD/amd64 support for iopl calls. ==== yast2-network ==== Version update (4.5.8 -> 4.5.9) - Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435) - 4.5.9 ==== yast2-trans ==== Version update (84.87.20221009.3d63202666 -> 84.87.20221016.284cfa770d) Subpackages: yast2-trans-cs yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-fr yast2-trans-hu yast2-trans-it yast2-trans-ja yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ru yast2-trans-zh_CN yast2-trans-zh_TW - Update to version 84.87.20221016.284cfa770d: * Translated using Weblate (Russian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) ==== zenity ==== Subpackages: zenity-lang - Drop pkgconfig(libnotify) and pkgconfig(webkit2gtk-4.1) BuildRequires: Upstream disabled building of libnotify and html support by default more than a year ago, and we have not been building that support in this time, so lets drop the unused dependencies.