Packages changed: audit-secondary bash (5.1.8 -> 5.1.12) bluez busybox-links containers-systemd (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae) efibootmgr (14 -> 17) ffmpeg-4 geoclue2 gnutls ki18n libarchive libexif (0.6.23 -> 0.6.24) libimagequant (2.15.1 -> 2.17.0) libmfx (21.3.4 -> 21.3.5) plasma5-openSUSE pngquant (2.15.1 -> 2.17.0) pulseaudio python-charset-normalizer (2.0.7 -> 2.0.8) python38 python38-core qpdf (10.3.2 -> 10.4.0) sensors tpm2.0-abrmd vulkan-loader (1.2.189.0 -> 1.2.198.0) webkit2gtk3 (2.34.1 -> 2.34.2) webkit2gtk3-soup2 (2.34.1 -> 2.34.2) xauth (1.1 -> 1.1.1) xmlsec1 (1.2.32 -> 1.2.33) === Details === ==== audit-secondary ==== Subpackages: audit python3-audit system-group-audit - Use %autosetup - Don't include sample rules as %doc, they're already installed as normal files - Fix create-augenrules-service.patch: * auditd.service needs to require augenrules.service, not the other way around - Fix documentation for enable-stop-rules.patch ==== bash ==== Version update (5.1.8 -> 5.1.12) - Update bash 5.1 to patch level 12 * Add official patch bash51-009 The bash malloc implementation of malloc_usable_size() does not follow the specification. This can cause library functions that use it to overwrite memory bounds checking. * Add official patch bash51-010 If `wait -n' is interrupted by a trapped signal other than SIGINT, it does not completely clean up state, and that can prevent subsequent calls to `wait -n' from working correctly. * Add official patch bash51-011 When reading a compound assignment, and running it through the parser to split it into words, we need to save and restore any alias we're currently expanding. * Add official patch bash51-012 There is a possible race condition that arises when a child process receives a signal trapped by the parent before it can reset the signal dispositions. The child process is not supposed to trap the signal in this circumstance. - Using package bash-sh instead of the update-alternative mechanism. ==== bluez ==== Subpackages: bluez-cups libbluetooth3 - Stop nuking the obex service, we support user systemd services just fine now. Following this, no longer hack the dbus service, leave it as a systemd service as upstream intended. - Split out obex in own package with it's needed enabledment as a systemd user service. - Add 0001-obex-Use-GLib-helper-function-to-manipulate-paths.patch: obex: Use GLib helper function to manipulate paths. Instead of trying to do it by hand. This also makes sure that relative paths aren't used by the agent. Patch from fedora. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-hostname busybox-psmisc busybox-sed busybox-xz - Removed libalternatives machanism. Using direct link from /usr/bin/busybox to /usr/bin/sh. The package is conflicting with the new packages bash-sh which has a link for /usr/bin/sh too. - Use libalternatives instead of update-alternatives. ==== containers-systemd ==== Version update (0.0+git20210507.9afe2a6 -> 0.0+git20211129.1b144ae) - Update to version 0.0+git20211129.1b144ae: * Add roundcube files ==== efibootmgr ==== Version update (14 -> 17) - Update to v17: * use efivar's logging facility more (more info in -v2 , -v3, etc) * Various bug fixes * Better -e parsing * fix pkg-config invocation for ldflags * Make efibootmgr use EFIDIR / efibootmgr.efidir like fwupdate does * make --loader default build-time configurable * sanitize set_mirror()/get_mirror() * Add support for parsing loader options as UCS2 * GCC 7 fixes * Don't use -fshort-wchar since we don't run on EFI machines. - Drop 0001-Don-t-use-fshort-wchar-when-building-63.patch (upstreamed) - Drop 0002-Remove-extra-const-keywords-gcc-7-gripes-about.patch (upstreamed) - Drop 0003-Add-support-for-parsing-optional-data-as-ucs2.patch (upstreamed) - Drop MARM-sanitize-set_mirror.diff (upstreamed) - Drop efibootmgr-derhat.diff (upstreamed) - Rebase efibootmgr-delete-multiple.diff ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libswresample3_9 - Add ffmpeg-4.keyring: properly validate the added gpg signature. ==== geoclue2 ==== Subpackages: system-user-srvGeoClue typelib-1_0-Geoclue-2_0 - Drop geoclue2-revert-2-faulty.patch: Replaced by upstream fix in geoclue2-geoip-when-wifi-unavailable.patch:. - Add geoclue2-geoip-when-wifi-unavailable.patch: [gclue-wifi] Use GeoIP when a WiFi device isn't available [glfo#geoclue/geoclue#142]. ==== gnutls ==== - Drop bogus condition "> 1550": that would mean 'more recent than Tumbleweed' which is technically impossible, as Tumbleweed is the leading project (and the condition causes issues as Tumbleweed needs to move away from 1550 due to CODE 15 SP5 plans). ==== ki18n ==== - Require iso-codes-lang. The -lang package is not optional. ==== libarchive ==== - fix permission settings on following symlinks (fix-following-symlinks.patch) this fixes also wrong permissions of /var/tmp in factory systems ==== libexif ==== Version update (0.6.23 -> 0.6.24) - libexif-0.6.24 (2021-11-25): * Translation updates: sr, vi, pl, uk, french * fixed regression in exif_data_load_data which could not load EXIF in JPEG data anymore * Decode lots of Canon tag names * removed empty strings from translation (empty string would translate to the PO info header) * various warning removals and code improvements * added sample "persistent" afl fuzzer (100x faster than normal afl fuzzer) ==== libimagequant ==== Version update (2.15.1 -> 2.17.0) - update to 2.17.0: * Do not build as unversioned DSO * use float as in SSE * Initialize rows using heap to handle large images * Free rows after remapping * Disable SSE on arm64 ==== libmfx ==== Version update (21.3.4 -> 21.3.5) - Update to version 21.3.5: * single change: Updates release notes for 21.3.4 release * New features: + VP9 Encode: Added WebRTC mode. + Samples: . Added "VuiTC" option to set VUI TransferCharacteristics in sample_multi_transcode. . Added the verification of input params before used in Init for sample_encode + Misc: . Added support of DRM_FORMAT_NV12 for console mode rendering. . Added runtimes support matrix for Media SDK and oneVPL GPU Runtime. + Software requirements: . Libdrm 2.4.84 or later . Kernel 4.14 or later (5.4 recommended, consult kernel support matrix wiki page for details) + Known issues: Kernel 5.0 have known issue with endurance on Skylake see https://bugs.freedesktop.org/show_bug.cgi?id=110285 for details. * Limited support on certain platforms: + MPEG-2 encode is not supported on Apollo Lake + H.264 Flexible Encode Infrastructure only supported on Broadwell and Skylake + Multi Frame Encode (MFE), HEVC Flexible Encode Infrastructure only supported on Skylake + VP9 decoder is supported starting from Kabylake platform + VP9 encoder is supported starting from Icelake platform + SW fallback is unsupported for all components but MJPEG + Keem Bay requires a VPU runtime library + The following features are supported by Keem Bay runtime and are not supported by Gen graphics runtime: . mfxExtInsertHeaders . mfxExtEncoderIPCMArea ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE sddm-theme-openSUSE - Update to 5.23.4 ==== pngquant ==== Version update (2.15.1 -> 2.17.0) - update to 2.17.0: - reduced stack usage, preventing stack overflow in pathological cases ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 - Improving the handling with pipewire (bsc#1188516): * Split the setup script to a sub-package pulseaudio-setup to be shared with pipewire-pulseaudio package * Modified setup script to adapt pipewire-pulse ==== python-charset-normalizer ==== Version update (2.0.7 -> 2.0.8) - update to 2.0.8: * Improvement over Vietnamese detection * MD improvement on trailing data and long foreign (non-pure latin) * Efficiency improvements in cd/alphabet_languages * call sum() without an intermediary list following PEP 289 recommendations * Code style as refactored by Sourcery-AI * Minor adjustment on the MD around european words * Remove and replace SRTs from assets / tests * Initialize the library logger with a `NullHandler` by default * Setting kwarg `explain` to True will add provisionally * Fix large (misleading) sequence giving UnicodeDecodeError * Avoid using too insignificant chunk * Add and expose function `set_logging_handler` to configure a specific StreamHandler - require lower-case name instead of breaking build - Use lower-case name of prettytable package ==== python38 ==== - Remove shebangs from from python-base libraries in _libdir (bsc#1193179). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Remove shebangs from from python-base libraries in _libdir (bsc#1193179). - Readjust patches: - bpo-31046_ensurepip_honours_prefix.patch - decimal.patch - python-3.3.0b1-fix_date_time_compiler.patch ==== qpdf ==== Version update (10.3.2 -> 10.4.0) - update to 10.4.0: * From the qpdf CLI, the --allow-weak-crypto is now required to suppress a warning when explicitly creating PDF files using RC4 encryption. While qpdf will always retain the ability to read and write such files, doing so will require explicit acknowledgment moving forward. For qpdf 10.4, this change only affects the command-line tool. Starting in qpdf 11, there will be small API changes to require explicit acknowledgment in those cases as well. For additional information, see Chapter 6, Weak Cryptography. * Fix potential bounds error when handling shell completion that could occur when given bogus input. * Properly handle overlay/underlay on completely empty pages * Fix crash that could occur under certain conditions when using --pages with files that had form fields. * Make QPDF::findPage functions public. * Add methods to Pl_Flate to be able to receive warnings on certain recoverable conditions. * Add an extra check to the library to detect when foreign objects are inserted directly (instead of using QPDF::copyForeignObject) at the time of insertion rather than when the file is written. Catching the error sooner makes it much easier to locate the incorrect code. * Improve diagnostics around parsing --pages command-line options ==== sensors ==== - Remove ProtectKernelTunables from harden_lm_sensors.service.patch, breaks service (boo#1193149) ==== tpm2.0-abrmd ==== Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_tpm2-abrmd.service.patch ==== vulkan-loader ==== Version update (1.2.189.0 -> 1.2.198.0) - Update to release SDK-1.2.198.0 * Fix loader not knowing about extensions enabled in layers * Only return pre-instance functions when instance is NULL * Fix vkGetInstanceProcAddr not handling null instance * loader: Add aarch64 unknown ext chain implementation ==== webkit2gtk3 ==== Version update (2.34.1 -> 2.34.2) Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Update to version 2.34.2: + Fix scrolling issues when pressing Home and PgDown keys. + Update effective appearance after web process switch on navigation. + Fix the build with video disabled. ==== webkit2gtk3-soup2 ==== Version update (2.34.1 -> 2.34.2) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.34.2: + Fix scrolling issues when pressing Home and PgDown keys. + Update effective appearance after web process switch on navigation. + Fix the build with video disabled. ==== xauth ==== Version update (1.1 -> 1.1.1) - update to version 1.1.1 * This is a minor bugfix release, including fixes for reported crashes. ==== xmlsec1 ==== Version update (1.2.32 -> 1.2.33) Subpackages: libxmlsec1-1 libxmlsec1-openssl1 - update to 1.2.33: * Fix decrypting session key for two recipients * Added --privkey-openssl-engine option to enhance openssl engine support