Packages changed: bash busybox gpg2 (2.3.7 -> 2.3.8) kernel-source (6.0.1 -> 6.0.2) libffi libksba (1.6.1 -> 1.6.2) libsoup (3.2.0 -> 3.2.1) libxcrypt (4.4.27 -> 4.4.28) libxml2 (2.10.2 -> 2.10.3) libzypp (17.31.3 -> 17.31.4) netcfg plasma5-workspace postfix (3.7.2 -> 3.7.3) python-gevent (21.12.0 -> 22.10.1) python-incremental (21.3.0 -> 22.10.0) python-pytz (2022.2.1 -> 2022.4) qalculate (4.2.0 -> 4.3.0) tcpd tiff timezone (2022d -> 2022e) xdg-user-dirs-gtk (0.10+13 -> 0.11) yast2-network (4.5.8 -> 4.5.9) zenity === Details === ==== bash ==== Subpackages: bash-doc bash-sh - Don't strip binaries - Work around a signal mask issue with qemu linux-user emulation - Remove backup of patched tests ==== busybox ==== Subpackages: busybox-static - Annotate CVEs already fixed in upstream, but not mentioned in .changes: * CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules ==== gpg2 ==== Version update (2.3.7 -> 2.3.8) Subpackages: dirmngr - GnuPG 2.3.8: * gpg: Do not consider unknown public keys as non-compliant while decrypting. * gpg: Avoid to emit a compliance mode line if Libgcrypt is non-compliant. * gpg: Improve --edit-key setpref command to ease c+p. * gpg: Emit an ERROR status if --quick-set-primary-uid fails and allow to pass the user ID by hash. * gpg: Actually show symmetric+pubkey encrypted data as de-vs compliant. Add extra compliance checks for symkey_enc packets. * gpg: In de-vs mode use SHA-256 instead of SHA-1 as implicit preference. * gpgsm: Fix reporting of bad passphrase error during PKCS#11 import. * agent: Fix a regression in "READKEY --format=ssh". * agent: New option --need-attr for KEYINFO. * agent: New attribute "Remote-list" for use by KEYINFO. * scd: Fix problem with Yubikey 5.4 firmware. * dirmngr: Fix CRL Distribution Point fallback to other schemes. * dirmngr: New LDAP server flag "areconly" (A-record-only). * dirmngr: Fix upload of multiple keys for an LDAP server specified using the colon format. * dirmngr: Use LDAP schema v2 when a Base DN is specified. * dirmngr: Avoid caching expired certificates. * wkd: Fix path traversal attack in gpg-wks-server. Add the mail address to the pending request data. * wkd: New command --mirror for gpg-wks-client. * gpg-auth: New tool for authentication. * New common.conf option no-autostart. * Silence warnings from AllowSetForegroundWindow unless GNUPG_EXEC_DEBUG_FLAGS is used. * Rebase gnupg-detect_FIPS_mode.patch * Remove patch upstream: - gnupg-2.3.7-scd-openpgp-Fix-workaround-for-Yubikey-heuristics.patch ==== kernel-source ==== Version update (6.0.1 -> 6.0.2) - Linux 6.0.2 (bsc#1012628). - nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() (bsc#1012628). - nilfs2: fix use-after-free bug of struct nilfs_root (bsc#1012628). - nilfs2: fix leak of nilfs_root in case of writer thread creation failure (bsc#1012628). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (bsc#1012628). - nvme-pci: set min_align_mask before calculating max_hw_sectors (bsc#1012628). - random: restore O_NONBLOCK support (bsc#1012628). - random: clamp credited irq bits to maximum mixed (bsc#1012628). - ALSA: hda: Fix position reporting on Poulsbo (bsc#1012628). - efi: Correct Macmini DMI match in uefi cert quirk (bsc#1012628). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1012628). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1012628). - scsi: stex: Properly zero out the passthrough command structure (bsc#1012628). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (bsc#1012628). - Revert "USB: fixup for merge issue with "usb: dwc3: Don't switch OTG -> peripheral if extcon is present"" (bsc#1012628). - Revert "usb: dwc3: Don't switch OTG -> peripheral if extcon is present" (bsc#1012628). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1012628). - Revert "crypto: qat - reduce size of mapped region" (bsc#1012628). - random: avoid reading two cache lines on irq randomness (bsc#1012628). - random: use expired timer rather than wq for mixing fast pool (bsc#1012628). - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() (bsc#1012628). - wifi: cfg80211/mac80211: reject bad MBSSID elements (bsc#1012628). - wifi: mac80211: fix MBSSID parsing use-after-free (bsc#1012628). - wifi: cfg80211: ensure length byte is present before access (bsc#1012628). - wifi: cfg80211: fix BSS refcounting bugs (bsc#1012628). - wifi: cfg80211: avoid nontransmitted BSS list corruption (bsc#1012628). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (bsc#1012628). - wifi: mac80211: fix crash in beacon protection for P2P-device (bsc#1012628). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (bsc#1012628). - mctp: prevent double key removal and unref (bsc#1012628). - Input: xpad - add supported devices as contributed on github (bsc#1012628). - Input: xpad - fix wireless 360 controller breaking after suspend (bsc#1012628). - misc: pci_endpoint_test: Aggregate params checking for xfer (bsc#1012628). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (bsc#1012628). - commit 7fb6561 - Refresh patches.suse/ACPI-resource-Add-ASUS-model-S5402ZA-to-quirks.patch. - Refresh patches.suse/ACPI-resource-Skip-IRQ-override-on-Asus-Vivobook-K34.patch. Update upstream status. They were merged already. - commit 098c340 - ACPI: resource: do IRQ override on LENOVO IdeaPad (bsc#1203794). - ACPI: resource: Add ASUS model S5402ZA to quirks (bsc#1203794). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (bsc#1203794). - commit c7a2f55 ==== libffi ==== - add riscv64-handle-big-structures.patch ==== libksba ==== Version update (1.6.1 -> 1.6.2) - libksba 1.6.2: [bsc#1204357, CVE-2022-3515] * Fix integer overflow in the CRL parser. ==== libsoup ==== Version update (3.2.0 -> 3.2.1) Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Update to version 3.2.1: + When built against nghttp2 1.50.0+ be relaxed about header whitespace. + Fix possible crash when cancelling an HTTP/2 message. + Fix regresion where soup_server_message_get_socket() could return NULL. + Fix minor memory leak. - Disable tests on 32-bit while waiting for https://gitlab.gnome.org/GNOME/libsoup/-/issues/309 ==== libxcrypt ==== Version update (4.4.27 -> 4.4.28) - update to 4.4.28: * Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver. This was added in GNU libc 2.35. ==== libxml2 ==== Version update (2.10.2 -> 2.10.3) Subpackages: libxml2-2 libxml2-tools - Update to version 2.10.3 (bsc#1204366, CVE-2022-40303, bsc#1204367, CVE-2022-40304): + Security: - [CVE-2022-40304] Fix dict corruption caused by entity reference cycles - [CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE - Fix overflow check in SAX2.c + Build system: cmake: Set SOVERSION - Rebase patches with quilt. ==== libzypp ==== Version update (17.31.3 -> 17.31.4) - Do not clean up MediaSetAccess before using the geoip file (fixes #424) - version 17.31.4 (22) ==== netcfg ==== - Remove hosts.allow and hosts.deny config files as they are only used by tcpd, which is not installed by default, bsc#1099755 ==== plasma5-workspace ==== Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Use appmenu-gtk-module instead of unity-gtk-module on Leap 15.2+ (boo#1108846) ==== postfix ==== Version update (3.7.2 -> 3.7.3) - update to 3.7.3 * Fixed a bug where some messages were not delivered after "warning: Unexpected record type 'X'. * Workaround: in a TLS server disable Postfix's 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. * Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) introduced a missing msg_panic() argument (in code that never executes). * Code health: Postfix 3.3.0 introduced an uninitialized verify_append() request status in case of a null original recipient address. * Postfix 3.5.0 introduced debug logging noise in map_search_create(). - own /var/spool/mail (boo#1179574) ==== python-gevent ==== Version update (21.12.0 -> 22.10.1) - update to 22.10.0: * Update bundled libuv to 1.44.2. See :issue:`1913`. * Upgrade embedded c-ares to 1.18.1. * Upgrade bundled libuv to 1.42.0 from 1.40.0. * Added preliminary support for Python 3.11 (rc2 and later). Some platforms may or may not have binary wheels at this time. .. important:: Support for legacy versions of Python, including 2.7 and 3.6, will be ending soon. The maintenance burden has become too great and the maintainer's time is too limited. Ideally, there will be a release of gevent compatible with a final release of greenlet 2.0 that still supports those legacy versions, but that may not be possible; this may be the final release to support them. :class:`gevent.threadpool.ThreadPool` can now optionally expire idle threads. This is used by default in the implicit thread pool used for DNS requests and other user-submitted tasks; other uses of a thread-pool need to opt-in to this. See :issue:`1867`. * Truly disable the effects of compiling with ``-ffast-math``. ==== python-incremental ==== Version update (21.3.0 -> 22.10.0) - update to 22.10.0: * Incremental now supports type-checking with Mypy (#69) ==== python-pytz ==== Version update (2022.2.1 -> 2022.4) - update to 2022.4 ==== qalculate ==== Version update (4.2.0 -> 4.3.0) Subpackages: libqalculate22 qalculate-data - Update to 4.3.0: * Fix handling of Unicode powers for units in denominator, with adaptive parsing enabled (e.g. parse 10m/s² the same as 10m/s^2) * Fix "+" ignored after "E" in number bases where "E" is a digit * Fix scientific E notation with sign in argument when function is used without parentheses * Fix lambertw() for values very close to zero * Fix a × b^x + cx = d when a and c have different signs and d is non-zero * Fix a^x × b^x = c when a and b is negative, and c is positive * Fix segfaults in some corner cases * Fix potential issues in handling of leap seconds (e.g. during subtraction of seconds from date) * var=a syntax for variable assignment with calculated expression * Replace ounce with fluid ounce during conversion to volume unit * Solve a^x + b^x + … = c in more cases * Improve remainder/modulus for numerators with large exponents * Truncate number in output of parsed expression and end with ellipsis if unable to display all decimals * Improved floating point calculation and output speed, particularly for simple expressions with very high precision * New functions: clip(), qFormat(), qError() * "clear history" command and option to clear (not save) history on exit (CLI) * Replace selection (instead of wrap in parentheses) on operator input if selection ends with operator (GTK, Qt) * Act as if two arguments are required when applying base-N logarithm to expression (GTK, Qt) * When applying function to expression, exclude to/where expression and place cursor before closing parenthesis if operator is last in selection (GTK) * Show padlock (or "[P]") after protected expression (Qt) * Fix name field not working in argument edit dialog (Qt) * Minor bug fixes and feature enhancements ==== tcpd ==== - Add hosts.allow and hosts.deny config files from the netcfg package, as they are tcpd specific, bsc#1099755 ==== tiff ==== - security update: * CVE-2022-2519 [bsc#1202968] * CVE-2022-2520 [bsc#1202973] * CVE-2022-2521 [bsc#1202971] + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch ==== timezone ==== Version update (2022d -> 2022e) - timezone update 2022e: * Jordan and Syria switch from +02/+03 with DST to year-round +03 ==== xdg-user-dirs-gtk ==== Version update (0.10+13 -> 0.11) - Update to version 0.11: + Updated translations. ==== yast2-network ==== Version update (4.5.8 -> 4.5.9) - Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435) - 4.5.9 ==== zenity ==== - Drop pkgconfig(libnotify) and pkgconfig(webkit2gtk-4.1) BuildRequires: Upstream disabled building of libnotify and html support by default more than a year ago, and we have not been building that support in this time, so lets drop the unused dependencies.