Removed rpms ============ - libavahi-common3-32bit - libblkid1-32bit - libdbus-1-3-32bit - libelf1-32bit - libzstd1-32bit - samba-client-32bit - libavahi-client3-32bit - libgcrypt20-32bit - libgnutls30-32bit - libhogweed6-32bit - libmount1-32bit - libopenssl1_1-32bit - libpoppler89 - mozilla-nss-certs - poppler-data - samba-client-libs-32bit - systemd-32bit Added rpms ========== - libavahi-client3-32bit - libgcrypt20-32bit - libgnutls30-32bit - libhogweed6-32bit - libmount1-32bit - libopenssl1_1-32bit - samba-client-libs-32bit - systemd-32bit - libavahi-common3-32bit - libblkid1-32bit - libdbus-1-3-32bit - libelf1-32bit - libzstd1-32bit - p11-kit-nss-trust - samba-client-32bit Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 91.8.0 ESR (bsc#1197903) + Release candidate! Details filled in later, once it has been released + +- Adjust rust dependency for SP3 and later. TW uses always the + newest version of rust, but we don't, so we can't use the + rust+cargo notation, which would need both < and >= requirements. + (bsc#1197698) + +- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, + faster buildhosts, as the others struggle to build FF. + +- Firefox Extended Support Release 91.7.1 ESR + * Changed: Yandex and Mail.ru have been removed as optional + search providers in the drop-down search menu in Firefox. + If you previously installed a customized version of Firefox + with Yandex or Mail.ru, offered through partner distribution + channels, this release removes those customizations, + including add-ons and default bookmarks. Where applicable, + your browser will revert back to default settings, as offered + by Mozilla. All other releases of Firefox remain unaffected + by the change. + SuSEfirewall2 +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit -> systemd conversion hack (bnc#891669) + +- SuSEfirewall2, ACCEPT from services is a local variable, otherwise + "ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040) + +- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT + +- Allow incoming DHCPv6 replies, currently unlimited. + bnc#867819,bnc#868031,bnc#783002,bnc#822959 +- typo fix customary -> custom bnc#835677 + +- add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705) + +- adjust service files so manual starts work better (bnc#819499) + +- license update: GPL-2.0 + Various GPL-2.0 (only) licensed files + +- clarify what the default is in FW_MASQ_NETS (bnc#817233) +- removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719) + +- do not add dependency information about YaST2 Second Stage (bnc#800365) + +- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834) + +- move to /usr, remove init scripts + +- adjust for starting via systemd service files +- move lock files to /run +- just CT instead of NOTRACK (bnc#793459) + +- getdevinfo is gone as per commit 0c5ac93 (bnc#777271) + +- honor FW_IPv6 setting also in debug mode (bnc#769411) + +- fix logging in test mode + +- allow icmpv6 in FW_SERVICES_*_* + +- allow ICMPv6 Multicast Listener Query (bnc#767392) + +- fix typo spotted by Frederic + +- assume all interface names are correct (bnc#739084) + +- fix forward masquerading (bnc#736205) +- compat syntax for negated options no longer works (bnc#660156, bnc#731088) +- enhance debug mode + +- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583) + +- fix typo (bnc#721845) +- atomic zone status writing + +- Remove redundant tags/sections from specfile + +- sanitize FW_ZONE_DEFAULT (bnc#716013) +- add warning about iptables-batch to SuSEfirewall2-custom +- fix warning about /proc/net/ip_tables_names not readable +- don't install input rules for interfaces in default zone +- Add hook fw_custom_after_finished +- update FAQ (bnc#694464) +- clean up overrides when stopping the firewall (bnc#630961) +- change default FW_LOG_ACCEPT_CRIT to "no" +- allow redir without port specification +- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997) +- fix zonein and zoneout parameters +- fix reverse direction of forwarding rules (bnc#679192) + +- introduce rpcusers file to allow statd to run as non-root + (bnc#668553) + +- add zonein and zoneout parameters for FW_FORWARD +- fix typos + +- don't start in runlevel 4 by default (bnc#656520) +- cut off long zone names (bnc#644527) +- fix and enhance output of log command (bnc#663262) + +- don't unload rules when using systemd + +- list some known rpc services as Should-Start +- don't filter outgoing packets at all +- fix an example (bnc#641907) +- fix status check in SuSEfirewall2_init (bnc#628751) + +- don't use fillup anymore as it keeps corrupting the config file + (bnc#340926) + +- remove "batch committing..." message +- read defaults from separate file +- warn if highports config options are set +- finally drop 'highports' misfeature +- remove kernel ipv6 module detection (bnc#617033) +- silence warning about default zone (bnc#616841) +- SuSEfirewall2-open: don't add values multiple times +- Use multiprotocol xt_conntrack + +- only directories in /sys/class/net are real interfaces (bnc#609810) + +- add entry about drbd to FAQ +- update docu +- implement FW_BOOT_FULL_INIT + +- use new versioning scheme after switch of repo to git +- update and rebuild docu +- remove really old rc.config conversion code from spec file + +- fix spelling error in sysconfig file (bnc#537427) +- polishing of log drop policy (bnc#538053) + * drop multicast packets silently + * separate drop rule for broadcast packets at end of chain + * only consider NEW udp packets as critical + * don't log INVALID packets as critical + +- implement runtime override of interface zones +- allow disabling NOTRACK rules on lo (bnc#519526) + +- remove chkconfig calls (bnc#522268) + +- add note about use as bridging firewall +- allow to set FW_ZONE_DEFAULT via config file +- deprecate fw_custom_before_antispoofing and + fw_custom_after_antispoofing, use fw_custom_after_chain_creation + instead + +- add note that ulog doesn't work with IPv6 (bnc#442756) +- fix version number in help text +- allow service files to specify kernel modules and allow related packets +- silence an error from bash if a service config file is not available (bnc#487870) +- better wording for BROADCAST in template +- update firewall hook script (patch by Marius) + aaa_base +- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to + allow ICMP ping +- added patches + + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch + +- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to + current version which includes a rename of patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + as otherwise autopatch macro does not work anymore + +- Include all fixes and changes for systemwide inputrc to remove + the 8 bit escape sequence which interfere with UTF-8 multi byte + characters as well as support the vi mode of readline library. + This is done with the patches + * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch + * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch + before the changed patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + rename it to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + and also add the patches + * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch + * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch + aalib +- fix build with newer ld + +- BuildRequire gpm-devel + +- package baselibs.conf + +- fix aalib-1.4.0-477.9: possible missing call to fclose [bnc#523344] + +- remove static libraries and "la" files +- fix -devel package dependencies +- fix aalib-config so it only returns needed libraries + alsa-oss -- Add upstream patch to fix build with current glibc: - * alsa-drop-libio.patch - -- Updated to alsa-oss 1.0.28: - All pervious fix patches are obsoleted: - 0002-Add-AM_MAINTAINER_MODE-enable-to-configure.in.patch - 0003-Fix-the-argument-passed-to-snd_pcm_dump_setup.patch - 0004-Workaround-for-aoss-dmix-with-unaligned-rates.patch - -- Fix for dmix with unaligned sample rate: - 0003-Fix-the-argument-passed-to-snd_pcm_dump_setup.patch - 0004-Workaround-for-aoss-dmix-with-unaligned-rates.patch - -- Revert 0001-Fix-path-to-libaoss.so.patch, as this causes - regressions on multi-arch (bnc#874331) - -- Backport upstream fixes: - 0001-Fix-path-to-libaoss.so.patch - 0002-Add-AM_MAINTAINER_MODE-enable-to-configure.in.patch - -- stop recommending alsa-oss-32bit - -- updated to version 1.0.25; - pcm: check for XRUN state for GETxSPACE and GETxPTR ioctls - select: better check for null bit arrays - -- add libtool as buildrequire to make the spec file more reliable - -- Remove redundant tags/sections from specfile -- Use %_smp_mflags for parallel build - -- package baselibs.conf - autoyast2 +- Respect general/signature-handling settings during the 2nd + stage (bsc#1197655). +- 4.4.36 + bcm43xx-firmware +- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) + +- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) -- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) +- Update BCM4345C0.hcd chromium +- Chromium 100.0.4896.88 (boo#1198361) + * CVE-2022-1305: Use after free in storage + * CVE-2022-1306: Inappropriate implementation in compositing + * CVE-2022-1307: Inappropriate implementation in full screen + * CVE-2022-1308: Use after free in BFCache + * CVE-2022-1309: Insufficient policy enforcement in developer tools + * CVE-2022-1310: Use after free in regular expressions + * CVE-2022-1311: Use after free in Chrome OS shell + * CVE-2022-1312: Use after free in storage + * CVE-2022-1313: Use after free in tab groups + * CVE-2022-1314: Type Confusion in V8 + * Various fixes from internal audits, fuzzing and other initiatives + +- Patches for GCC 12: + * chromium-fix-swiftshader-template.patch + * chromium-missing-include-tuple.patch + * chromium-webrtc-stats-missing-vector.patch + +- Chromium 100.0.4896.75: + * CVE-2022-1232: Type Confusion in V8 (boo#1198053) + +- Chromium 100.0.4896.60 (boo#1197680) + * CVE-2022-1125: Use after free in Portals + * CVE-2022-1127: Use after free in QR Code Generator + * CVE-2022-1128: Inappropriate implementation in Web Share API + * CVE-2022-1129: Inappropriate implementation in Full Screen Mode + * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP + * CVE-2022-1131: Use after free in Cast UI + * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard + * CVE-2022-1133: Use after free in WebRTC + * CVE-2022-1134: Type Confusion in V8 + * CVE-2022-1135: Use after free in Shopping Cart + * CVE-2022-1136: Use after free in Tab Strip + * CVE-2022-1137: Inappropriate implementation in Extensions + * CVE-2022-1138: Inappropriate implementation in Web Cursor + * CVE-2022-1139: Inappropriate implementation in Background Fetch API + * CVE-2022-1141: Use after free in File Manager + * CVE-2022-1142: Heap buffer overflow in WebUI + * CVE-2022-1143: Heap buffer overflow in WebUI + * CVE-2022-1144: Use after free in WebUI + * CVE-2022-1145: Use after free in Extensions + * CVE-2022-1146: Inappropriate implementation in Resource Timing +- Added patches: + * chromium-100-compiler.patch + * chromium-100-GLImplementationParts-constexpr.patch + * chromium-100-InMilliseconds-constexpr.patch + * chromium-100-SCTHashdanceMetadata-move.patch + * chromium-100-macro-typo.patch +- Removed patches: + * chromium-98-compiler.patch + * chromium-86-nearby-explicit.patch + * chromium-glibc-2.34.patch + * chromium-v8-missing-utility-include.patch + * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch + +- Update disk constraints + +- Chromium 99.0.4844.84: + * CVE-2022-1096: Type Confusion in V8 (boo#1197552) + +- Chromium 99.0.4844.82: + * Fix potential problem in Hangouts (boo#1197332) + dracut +- Update to version 055+suse.248.g92d06110: + * fix(resume): correct call to block_is_netdevice function (bsc#1197737) + * chore(suse): remove fipscheck requirement (bsc#1198065) + gnome-shell-extensions +- Add gnome-shell-extensions-restore-classic-css.patch: the version + of gnome-classic.css in the tarball is wrong, somehow it contains + the CSS file for GNOME42, so restore to the right version by this + patch before the upstream release the new tarball. +- Revert gse-sle-classic-ext.patch to the last revision + (bsc#1197175, glgo#GNOME/gnome-shell-extensions#382). + inkscape +- Add upstream patches required to build on SP4 (bsc#1197731): + inkscape-poppler-build-fix.patch + inkscape-c-standard.patch + inkscape-new-glib.patch + joe +- Convert Russian and Ukrainian docs and locales from KOI8 to + UTF-8. +- Corrected License tag. +- Use full URL for Source. + +- Fix yet another case of stack smashing. + +- Remove lang_additions.bz2 obsoleted by inclusion in the gettextization + patch. + +- Fix SIGIOT in autoindent (bnc#548327) +- Minor code cleanup. +- Redo the gettextisation patch (include all files added by tarball + and gettextize). +- Update German translation. + +- Make syntax files config(noreplace) so that updates don't overwrite + modifications. + kdump +- pull sources directly from git using obs_scm +- fix bsc#1190299, bsc#1186272 +- remove patches included in upstream git: + kdump-calibrate-include-af_packet.patch, + kdump-calibrate-fix-nic-naming.patch, + kdump-calibrate.conf-depends-on-kdumptool.patch + kernel-default +- iwlwifi: fix use-after-free (bsc#1197762 git-fixes). +- commit d5140bb + +- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) + Correct the entries that have *-64.ucode instead of *-63.ucode +- commit d8b5646 + +- Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) +- commit 69353e8 + +- USB: gadget: validate interface OS descriptor requests + (CVE-2022-25258 bsc#1196095 git-fixes). +- commit 4a7f6a3 + +- Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) +- commit 5b2f9f9 + +- vdpa: clean up get_config_size ret value handling (CVE-2022-0998 + bsc#1197247). +- commit 0d2ae2e + +- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO + (bsc#1196806, bsc#1196961). +- commit 2771ae3 + +- Move upstreamed ALSA fix into sorted section +- commit 051af6b + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit 5e55cab + +- net: sched: fix use-after-free in tc_new_tfilter() + (CVE-2022-1055 bsc#1197702). +- commit 77a7f01 + kernel-kvmsmall +- iwlwifi: fix use-after-free (bsc#1197762 git-fixes). +- commit d5140bb + +- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) + Correct the entries that have *-64.ucode instead of *-63.ucode +- commit d8b5646 + +- Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) +- commit 69353e8 + +- USB: gadget: validate interface OS descriptor requests + (CVE-2022-25258 bsc#1196095 git-fixes). +- commit 4a7f6a3 + +- Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) +- commit 5b2f9f9 + +- vdpa: clean up get_config_size ret value handling (CVE-2022-0998 + bsc#1197247). +- commit 0d2ae2e + +- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO + (bsc#1196806, bsc#1196961). +- commit 2771ae3 + +- Move upstreamed ALSA fix into sorted section +- commit 051af6b + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit 5e55cab + +- net: sched: fix use-after-free in tc_new_tfilter() + (CVE-2022-1055 bsc#1197702). +- commit 77a7f01 + libexif +- libexif-CVE-2020-0198-CVE-2020-0181.patch: adjusted overflow checking + code to in exif-data to not be optimized away. (CVE-2020-0198, + CVE-2020-0181, bsc#1172802, bsc#1172768) +- libexif-CVE-2020-0452.patch: adjusted a overflow check to not + be optimized away by the compiler (CVE-2020-0452 bsc#1178479) + -- updated to 0.6.21 - * Fixed some buffer overflows in exif_entry_format_value() - This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an off-by-one error in exif_convert_utf16_to_utf8() - This can cause a one-byte NUL write past the end of the buffer. - This fixes CVE-2012-2840 - * Don't read past the end of a tag when converting from UTF-16 - This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an out of bounds read on corrupted input - The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, - NUL-terminated. - This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed a buffer overflow problem in exif_entry_get_value - If the application passed in a buffer length of 0, then it would - be treated as the buffer had unlimited length. - This fixes CVE-2012-2841 - * Fix a buffer overflow on corrupt EXIF data. - This fixes bug #3434540 and fixes part of CVE-2012-2836 - Reported by Yunho Kim - * Fix a buffer overflow on corrupted JPEG data - An unsigned data length might wrap around when decremented - below zero, bypassing sanity checks on length. - This code path can probably only occur if exif_data_load_data() - is called directly by the application on data that wasn't parsed - by libexif itself. - This solves the other part of CVE-2012-2836 - * Fixed some possible division-by-zeros in Olympus-style makernotes - This fixes bug #3434545, a.k.a. CVE-2012-2837 - Reported by Yunho Kim - * lots and lots of translations updates. - * added more Canon lenses. - * changed "knots" to "nautical miles" - libexttextcat -- Remove pointless file. - -- Initial commit of 3.4.0 release. - libgcrypt +- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] + * Mark RSA public key encryption and private key decryption with + padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks + peer key assurance validation requirements per SP800-56Brev2. + * Mark ECC as approved only for NIST curves P-224, P-256, P-384 + and P-521 with check for common NIST names and aliases. + * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. + * Add libgcrypt-FIPS-SLI-pk.patch + * Rebase libgcrypt-FIPS-service-indicators.patch +- Run the regression tests also in FIPS mode. + * Disable tests for non-FIPS approved algos. + * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch + libnvme +- Update to version 1.0: + * tree: Remove default port setting for TCP and RDMA ports + * tree: add 'f_args' argument to pass user data to the filter function + * tree: remove 'ctrl_get_ana_state()' + * tree: add namespace path iterators + * tree: filter out namespaces + * tree: update nvme_scan_filter_t usage + +- Update to version 1.0-rc8: + * types: Add support for get log - MI Command Supported + * types: Add new Identify constant + * types: Update persistent event entry struct added new fields + * types: Add Host Initiated Data Gen Number to telemetry log struct + * tree: always allocate config file in nvme_read_config() + * tree: rework nvme_scan_subsystem() + * tree: make subsystem name mandatory in nvme_scan_ctrl() + * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() + * tree: do not return error when filtering out subsystems + * tree: add debugging messages during scanning + * tree: Handle NULL subsysname in nvme_scan_ctrl() + * tree: Fix subsystem initialization in nvme_scan_ctrl() + * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() + * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL + * tree: Clarify NULL return values from nvme_get_attr() + * fabrics: Invoke nvmf_dim() with provided tas argument + * fabrics: add 'nvmf_update_config()' + * fabrics: Avoid out of bounds string chomping + * fabrics: Free old traddr in nvmf_add_ctrl + * fabrics: update log level for write failures + * fabrics: Streamlining documentation + * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() + * fabrics: Add missing break in a switch + * ioctl: Remove attribute packed and alignedof for args structs + * ioctl: Align arguments indentation with braces + * json: fix endless loop scanning for controllers + * Remove nvme_init_id_ns + * Add lbstm support for create-ns + * documentation updates + libqt5-qtdeclarative +- Increase the disk constraint to 6GB since the SLE build use + 5.5GB already (boo#1197992) + libqt5-qtwebengine +- Update to version 5.15.9: + * QPdfView: scale page rendering according to devicePixelRatio + * Update documented Chromium version + * Use IsSameDocument() rather than IsLoadingToDifferentDocument() + * Update module-split for installer + * Fix printing PDF files + * Do not override signal handlers + * Avoid using xkbcommon in non-X11 builds + * Update documentation + * Update Chromium: + * Bump V8_PATCH_LEVEL + * Do not overwrite signal handlers in the browser process. + * Replace base::ranges::set_union with std::set_union to fix + MSVC2017 build + * [Backport] CVE-2022-0100: Heap buffer overflow in Media + streams API + * [Backport] CVE-2022-0102: Type Confusion in V8 + * [Backport] CVE-2022-0103: Use after free in SwiftShader + * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE + * [Backport] CVE-2022-0108: Inappropriate implementation + in Navigation + * [Backport] CVE-2022-0109: Inappropriate implementation + in Autofill + * [Backport] CVE-2022-0111 and CVE-2022-0117 + * [Backport] CVE-2022-0113: Inappropriate implementatio + n in Blink + * [Backport] CVE-2022-0116: Inappropriate implementation + in Compositing + * [Backport] CVE-2022-0289: Use after free in Safe browsing + * [Backport] CVE-2022-0291: Inappropriate implementation + in Storage + * [Backport] CVE-2022-0293: Use after free in Web packaging + * [Backport] CVE-2022-0298: Use after free in Scheduling + * [Backport] CVE-2022-0305: Inappropriate implementation in + Service Worker API + * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium + * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow + in Task Manager + * [Backport] CVE-2022-0456: Use after free in Web Search + * [Backport] CVE-2022-0459: Use after free in Screen Capture + * [Backport] CVE-2022-0460: Use after free in Window Dialog + * [Backport] CVE-2022-0461: Policy bypass in COOP + * [Backport] CVE-2022-0606: Use after free in ANGLE + * [Backport] CVE-2022-0607: Use after free in GPU + * [Backport] CVE-2022-0608: Integer overflow in Mojo + * [Backport] CVE-2022-0609: Use after free in Animation + * [Backport] CVE-2022-0610: Inappropriate implementation + in Gamepad API + * [Backport] CVE-2022-0971 (boo#1197163) + * [Backport] CVE-2022-1096 (boo#1197552) + * [Backport] CVE-2022-23852 + * [Backport] Copy 'name_' member during StyleRuleProperty::Copy + * [Backport] Security bug 1256885 + * [Backport] Security bug 1258603 + * [Backport] Security bug 1259557 + * [Backport] Security bug 1261415 + * [Backport] Security bug 1265570 + * [Backport] Security bug 1268448 + * [Backport] Security bug 1270014 + * [Backport] Security bug 1274113 + * [Backport] Security bug 1276331 + * [Backport] Security bug 1280743 + * [Backport] Security bug 1289394 + * [Backport] Security bug 1292537 + * [Backport] sandbox: build if glibc 2.34+ dynamic stack size + is enabled +- Drop patches, now upstream: + * CVE-2022-0971-qtwebengine-5.15.patch + * CVE-2022-1096-qtwebengine-5.15.patch + librest -- Add baselibs.conf, as we need the 32bit package for - gnome-online-account libraries. - -- Split typelib files into typelib-1_0-Rest-0_7 subpackage. -- Add typelib-1_0-Rest-0_7 Requires to devel subpackage. -- Change librest0 group from Development/Libraries/GNOME to - System/Libraries. - -- Update to version 0.7.12: - + Build: Detect CA file location [bgo#663783] - + proxy: Force all SSL certificates to be trusted [bgo#663783] -- Add config(ca-certificates) BuildRequires and Recommends in the - shared library package. -- Pass --with-ca-certificates=/etc/ssl/ca-bundle.pem to configure. - -- Update to version 0.7.11: - + oauth-proxy: Fix format string warning - + oauth: - - Add GType for OAuthSignatureMethod enum - - Add property for signature type - + Build fixes. - -- Update to version 0.7.10: - + Introduce rest_proxy_call_upload to provide progress feedback. - + youtube-proxy: Added upload progress callbacks. - + Added documentation to rest_proxy_call_upload. - + bmc#13746: proxy-call: Allow customisation of data - serialization. - -- Update to version 0.7.9: - + Add "disable-cookies" construction property to RestProxy. - -- Update to version 0.7.8: - + Add youtube proxy for uploaded video. - + Fix introspection build. -- Drop librest-fix-introspection.patch: fixed upstream. - -- Update to version 0.7.7: - + Fix a few introspection issues - + oauth-proxy: - - Use POST method to do OAuth 1.0 authentication. - - Added 'signature-host' propery. -- Add librest-fix-introspection.patch: fix introspection build. - Taken from upstream, commit e9c917. - -- Update to version 0.7.6: - + API for manually constructing and outputting XML -- Changes from version 0.7.5: - + Introspection build fixes -- Changes from version 0.7.4: - + Add cookie support to rest-proxy. - + proxy-call: Add continuous call mode - + Various bug fixes. -- Changes from version 0.7.3: - + Fix memory corruption in oauth-proxy-call. -- Changes from version 0.7.2: - + post-twitter: use the correct URL endpoint - + Plug leak. -- Changes from version 0.7.1: - + Flickr: add upload support - + Various bug fixes. - + Improved documentation. -- Changes from version 0.7.0: - + Remove FacebookProxy - + Add Lastfm proxy - + Add a oauth2 proxy - + Add RestParam and RestParams types - + Flickr proxy: Allow specifying the permissions required in the - login url - + Various bug fixes. - + Improved documentation. -- Drop librest-fbconnect-url.patch: facebook features got removed - upstream. -- Change BuildRequires to pkgconfig() ones: glib2-devel to - glib-2.0, libsoup-devel to libsoup-2.4 and libsoup-gnome-2.4, - libxml2-devel to libxml-2.0. -- Add pkgconfig(gobject-introspection-1.0) BuildRequires to enable - introspection. -- Update Url tag. - -- Update to version 0.6.3: - + Fix leaks. - + Code cleanups. -- Changes from version 0.6.2: - + Add introspection support. - + Mark GErrors which shouldn't be freed as const. - + Add oauth_proxy_call_parse_token_reponse to parse token - responses. - + Build system fixes. -- Remove explicit Requires of devel packages in devel subpackage: - they will be added automatically the pkgconfig()-way. - -- (re?)add librest-fbconnect-url.patch from Moblin:Factory to fix - the build of bisho -- some spec file tidying: more explicit %files listing to avoid - unintended/unnoticed major changes -- use %soname and %abi defines throughout to spec to ease - future maintenance - -- Fix spec to comply with shared libraries policy. - -- Rename to librest, provide/obsolete rest - -- Add librest-fbconnect-url.patch to add a new fbconnect url - funciton for facebook - -- Upddate to 0.6.1 - * 四 7月 16 2009 Gary Lin 0.520090716 -- Update to commit ff4561e2a8c38f49127f6e3b2ce7c238a29e1571 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit e9a71922f5997243c45dfaaff21dd9b4a6340ca3 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit 41f91eec3d26a2514c4bc310b90829cd2d14ed4a - -- Update to commit 92e1871d3181a73a780f588689733f25e3df5b48 - -- Use configure macro to get the right options. - -- Update to commit e49d8730bfb277af59732822e78535ef37e29b6c - -- Update to commit 153d2e8c5cc3452a7275c7ea7fa6abe8750cde8b - libvirt +- qemu: Improve save operation by increasing pipe size + c61d1e9b-virfile-set-pipe-size.patch, + 47d6d185-virfile-fix-indent.patch, + cd7acb33-virfile-report-error.patch + bsc#1196625 + +- CVE-2022-0897: nwfilter: fix crash when counting number of + network filters + a4947e8f-nwfilter-CVE-2022-0897.patch + bsc#1197636 + mariadb +- Build mariadb-galera on SLE (jsc#SLE-22245) +- Add dependency on galera-4 for mariadb-galera +- Remove old constraints for mariadb-galera + +- Update to 10.6.7 (bsc#1196016): + * release notes and changelog: + https://mariadb.com/kb/en/library/mariadb-1067-release-notes + https://mariadb.com/kb/en/library/mariadb-1067-changelog + https://mariadb.com/kb/en/library/mariadb-1066-release-notes + https://mariadb.com/kb/en/library/mariadb-1066-changelog + * fixes for the following security vulnerabilities: + 10.6.7: CVE-2021-46665 + CVE-2021-46664 + CVE-2021-46661 + CVE-2021-46668 + CVE-2021-46663 + 10.6.6: CVE-2022-24052 + CVE-2022-24051 + CVE-2022-24050 + CVE-2022-24048 + CVE-2021-46659, bsc#1195339 +- Skip failing tests for s390x, fixes bsc#1195076 + * suse_skipped_tests.list +- Remove upstreamed patches: + * mariadb-10.0.15-logrotate-su.patch + * mariadb-10.1.1-mysqld_multi-features.patch +- Refresh mariadb-10.2.4-logrotate.patch +- The following issues have already been fixed in this package but weren't + previously mentioned in the changes file: + CVE-2021-46658, bsc#1195334 + CVE-2021-46657, bsc#1195325 + mousepad +- Update to version 0.5.9 + * Add Shortcuts plugin, requires libxfce4ui >= 4.17.5 and as + such remains disabled at build time until Xfce 4.18 is released + (gxo#apps/mousepad#70, gxo#apps/mousepad!121) + * Add search history (gxo#apps/mousepad!119) + * File monitoring: Add an automatic reloading option + * Move the document modification mark to the close button + (gxo#apps/mousepad#63, gxo#apps/mousepad!122) + * Add mousepad styleclass for easier theming (gxo#apps/mousepad#33) + * Hide search bar by pressing Esc key even when not focused + * Search: Escape selection when regex search is enabled + * Plugins: Add a skeleton plugin to ease writing of new plugins + * Test plugin: Sanitize memory management of sources + * Honor GTK_CSD + * Filter entries from `accels.scm` on non-detailed action name + * i18n: Check for `bind_textdomain_codeset()` + * Update Copying (gxo#apps/mousepad#160, gxo#apps/mousepad!120) + * Session history: Never clear session array on exit + (gxo#apps/mousepad#162) + * Fix broken feature "Show menubar temporarily when hidden" + * Force encoding when reloading + * Force encoding when it has been explicitly set by the user + * Do not consider encoding as always user-set in the "Open" dialog + * Fix antonym of the word "indent" in preferences dialog + (gxo#apps/mousepad!118) + * File monitoring: Try to filter out fake deletions + * Add ellipsis to preferences menu entry (gxo#apps/mousepad!117) + * Switch all labels to title case in prefs dialog + (gxo#apps/mousepad!116) + * Correctly restore font size after zooming when using system font + (gxo#apps/mousepad#158) + * Printing: Enable line wrapping by default (gxo#apps/mousepad#156) + * Fix a warning from GCC static analyzer + * Search: Do not delay the search when the text changes + * Translation Updates + nfs-utils +- Add 0023-cache.c-removed-a-couple-warning.patch + Fix compilation with new glibc (SLE15-SP4) + (bsc#1197788) + +- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch + Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch + Ensure "sloppy" is added correctly for newer kernels. Particularly + required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. + (boo#1197297) + nvme-cli +- Update to version 2.0: + * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) + * fabrics: Set KATO for discovery controller when connecting + * fabrics: Do no modify default config for discovery controller + * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) + * fabrics: Support connect even when no /etc/nvme/hostnqn file exists + * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) + * plugins/intel: make 'buckets' a json array + * plugins: Update WDC capabilities command with new commmands + * plugins: Add OCP plugin + +- Update to version 2.0-rc8: + * fabrics: Add DIM command + * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) + * fabrics: Free non-matching controller during discovery + * fabrics: add 'nvme config' command + * fabrics: Correctly stringify discovery.conf and config.json paths + * nvme-print: Add human readable print for nsattr field + * nvme-print: Update Persistent Event log fields + * nvme-print: print discovery async event support + * nvme-rpmb: Fix spelling for 'Partition' + * nvme-copy: add missing field to the command + * nvme: add get_mi_cmd_support_effects_log command + * nvme: Fixup namespace filtering yet again + * nvme: Use type bool for OPT_FLAG + * nvme: use filter for 'list-subsys ' (bsc#1195938) + * Add lbstm option to create-ns + * argconfig: Do not use default value loading by getopt_long_only + * argconfig: Rename CFG_NONE to CFG_FLAG + * plugins: Use type bool for OPT_FLAG + * documenation updates +- Drop 'ProtectKernelTunables=true' (bsc#1197076) + patterns-yast +- Neither recommend nor suggest YaST NIS packages for TW + (bsc#1183893). +- 20220411 + permissions + * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) + +- Update to version 20201225: plasma5-openSUSE +- Update to 5.24.4 + +- Use 'https://' instead of 'git://' to fetch Github changes. + polkit-default-privs +- Update to version 13.2+20220404.53052a9: + * Add missing GNOME Control Center login helper + * Reorder gnome and budgie control center entries + * Backport budgie-control-center whitelisting (bsc#1195023) + +- Update to version 13.2+20220401.c64d869: + * Backport of deepin-api whitelisting (bsc#1196681 bsc#1070943) + * Fix generation of file /etc/polkit-1/rules.d/90-default-privs.rules + python-evtx +- bsc#1197837 - FTBFS: python-evtx won't compile on SP4 + python-evtx.spec + python-pyOpenSSL +- update to 20.0.1: + - Fixed compatibility with OpenSSL 1.1.0. + +- Adjust metadata for skip-networked-test.patch and refer to the proper + upstream ticket gh#pyca/pyopenssl#68. + +- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also + skip test_verify_with_time on %ix86. + +- Update to v20.0.0 + - Backward-incompatible changes: + - The minimum cryptography version is now 3.2. + - Remove deprecated OpenSSL.tsafe module. + - Removed deprecated + OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated. + - Drop support for Python 3.4 + - Drop support for OpenSSL 1.0.1 and 1.0.2 + - Deprecations: + - Deprecated OpenSSL.crypto.loads_pkcs7 and + OpenSSL.crypto.loads_pkcs12. + - Changes: + - Added a new optional chain parameter to + OpenSSL.crypto.X509StoreContext() where additional untrusted + certificates can be specified to help chain building. #948 + - Added OpenSSL.crypto.X509Store.load_locations to set trusted + certificate file bundles and/or directories for verification. + [#943] + - Added Context.set_keylog_callback to log key material. #910 + - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve + the verified certificate chain of the peer. #894. + - Make verification callback optional in Context.set_verify. If + omitted, OpenSSL’s default verification is used. #933 + - Fixed a bug that could truncate or cause a zero-length key + error due to a null byte in private key passphrase in + OpenSSL.crypto.load_privatekey and + OpenSSL.crypto.dump_privatekey. #947 +- drop patch fix-compilation-2020.patch: no longer needed +- refreshed patch skip-networked-test.patch + +- Update to v19.1 + * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType, + X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType. + Use the classes without the ``Type`` suffix instead. + * The minimum ``cryptography`` version is now 2.8 + * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated + ALPN should be used instead. + * Support bytearray in SSL.Connection.send() by using cffi's from_buffer + * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new + NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake + to complete without an application protocol. + qemu +- Support the SGX feature (bsc#1197807) + * Patches added: + doc-Add-the-SGX-numa-description.patch + numa-Enable-numa-for-SGX-EPC-sections.patch + numa-Support-SGX-numa-in-the-monitor-and.patch + +- Backport CVE-2021-3929 (bsc#1193880) + * Patches added: + hw-nvme-fix-CVE-2021-3929.patch + +- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) + * Patches added: + Revert-python-iotests-replace-qmp-with-a.patch + Revert-python-machine-add-instance-disam.patch + Revert-python-machine-add-sock_dir-prope.patch + Revert-python-machine-handle-fast-QEMU-t.patch + Revert-python-machine-move-more-variable.patch + Revert-python-machine-remove-_remove_mon.patch + +- Add missing patch from a PTFs (bsc#1194938) + * Patches added: + scsi-generic-check-for-additional-SG_IO-.patch + +- Kill downstream patches around bifmt handling that makes + cumbersome to run multi-arch containers, and switch to the + upstream behavior, which is well documented and valid on + all other distros. This is possible thanks to Linux kernel + commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so + it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) + * Patches dropped: + qemu-binfmt-conf.sh-allow-overriding-SUS.patch + qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch + +- Fix update_git.sh wiping all the package file of the local + checkout while cloning the git repository on demand (in case they + don't exist and the user as to do so). + +- Improve test reliability + * Patches added: + Fix-the-module-building-problem-for-s390.patch + tests-qemu-iotests-040-Skip-TestCommitWi.patch + tests-qemu-iotests-testrunner-Quote-case.patch + +- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall + (bsc#1196924) + * Patches added: + tools-virtiofsd-Add-rseq-syscall-to-the-.patch + +- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 + (bsc#1197018) + * Patches added: + hw-i386-amd_iommu-Fix-maybe-uninitialize.patch + Silence-GCC-12-spurious-warnings.patch + Ignore-spurious-GCC-12-warning.patch + +- Proactive fix + * Patches added: + hw-nvram-at24-return-0xff-if-1-byte-addr.patch + re2 +- Update to 2022-04-01: + * Improve performance slightly + * Prog::Fangout() is no longer experimental + +- Update to 2022-02-01: + * Address a `-Wunused-but-set-variable' warning from Clang 13.x + * Don't specify the -std flag in Makefile or re2.pc + * Remove a redundant map access + sunpinyin +- initial package 2.0.4 + +- Updated to 2.0.3.99. Thanks to csslayer! + +- Rename libsunpinyin3-devel to libsunpinyin-devel +- Add explicitly dependency from devel sub-package +- Clean up spec file + +- Check the license for open-gram. +- bz2ed all sources. + +- First build 2.0.3 for suse and Fedora. + systemd +- Import commit e62acb68de9bccfa272bef98fe5b38effc37528a + b70267d883 journald: make use of CLAMP() in cache_space_refresh() + 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) + d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut + 05499d5a30 fs-util: fix typos in comments + 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() + 4d07c034da fs-util: add openat_report_new() wrapper around openat() + 258c04836d meson: build kernel-install man page when necessary + 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set + d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi + 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) + 9145684460 build: include status of TPM2 in the feature string show by --version + +- spec: make sure /lib exists when installing conf files in /lib/modprobe.d + texlive +- Make sure that texlive-texconfig package from 2017 are obsolete (bsc#1197979) + thunar +- Update to version 4.16.11 + * Don't reload the view when text is copied (gxo#xfce/thunar#706) + * NULL checks to prevent crash on malformed bookmark URI (gxo#xfce/thunar#716) + * Use 'g_timeout_add_full' to set tree-view cursor (gxo#xfce/thunar#351) + * Fix signal disconnect in thunar_window_unrealize + * Don't go beyond THUNAR_N_VISIBLE_COLUMNS while parsing col widths + * Translation Updates + timezone +- timezone update 2022a (bsc#1177460): + * Palestine will spring forward on 2022-03-27, not -03-26* + * zdump -v now outputs better failure indications + * Bug fixes for code that reads corrupted TZif data + timezone-java +- timezone update 2022a (bsc#1177460): + * Palestine will spring forward on 2022-03-27, not -03-26* + * zdump -v now outputs better failure indications + * Bug fixes for code that reads corrupted TZif data + xen +- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, + CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity + map (AMD-Vi) handling issues (XSA-400) + 624ebcef-VT-d-dont-needlessly-look-up-DID.patch + 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch + 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch + +- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions + between dirty vram tracking and paging log dirty hypercalls + (XSA-397) + xsa397.patch +- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID + cleanup (XSA-399) + xsa399.patch +- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, + CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity + map (AMD-Vi) handling issues (XSA-400) + xsa400-01.patch + xsa400-02.patch + xsa400-03.patch + xsa400-04.patch + xsa400-05.patch + xsa400-06.patch + xsa400-07.patch + xsa400-08.patch + xsa400-09.patch + xsa400-10.patch + xsa400-11.patch + xsa400-12.patch +- Additional upstream bug fixes for XSA-400 (bsc#1027519) + 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch + 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch + 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch + xfce4-terminal +- Update to version 1.0.0 + * Replace the deprecated GtkActionEntries with XfceGtkActionEntries + (gxo#apps/xfce4-terminal#79) + * Opening a dialog from a drop-down window closes the window + (gxo#apps/xfce4-terminal#136) + * Add `Fill` background image style (gxo#apps/xfce4-terminal!23). + * Improved options parsing (for both short and long forms) + * Add a menu entry to send signals to the foreground process + (gxo#apps/xfce4-terminal#59) + * Fix `keep window open` preference being applied on restart. + * Rework "--tab" and "--window" behavior (gxo#apps/xfce4-terminal#13) + * Ignore unused modifiers for scroll wheel zooming + * Add alternative shortcuts for zooming (gxo#apps/xfce4-terminal#126) + * Expand scrolled window and make dialog size 70% of parent + (gxo#apps/xfce4-terminal!17) + * Support libxfce4ui XfceTitledDialog new API + * Update unsafe paste dialog text (gxo#apps/xfce4-terminal#73) + * Fix paste button focus + * Replace subtitle by infobar for Unsafe paste dialog + * Fix the `unsafe paste` dialog to actually paste + * Update `.gitignore`, HACKING, AUTHORS, COPYRIGHTS + * Update --preferences, --tab and --window documentation + * Fix various typos + * Fix compilation warnings + * Remove unnecessary function call (gxo#apps/xfce4-terminal!24) + * Add a "Do not warn me again" checkbox for the "Unsafe Paste" + dialog (gxo#apps/xfce4-terminal#129) + * Use GtkScrolledWindow for TerminalScreen and add an + overlay-scrolling preference (gxo#apps/xfce4-terminal#149) + * Support the new Shortcuts editor widget + (requires libxfce4ui 4.17.2 or greater) + * New preference: Select right click action + * Improved `scrolling-on-output` behaviour. + * Unsafe Paste Dialog temporary override (gxo#apps/xfce4-terminal#106) + * Fix regression: File Menu missing `Close Window` entry + * Fix regression: Disable Help shortcut does not work + * Fix regression: go-to accelerators not working on startup + * Fix regression: Revert accelerator paths to maintain backwards + compatibility + * Use the latest .glade file structure + * Change incorrect reference to ${XDG_CONFIG_DIRS} in man page + (gxo#apps/xfce4-terminal#47) + * Change outdated documentation links + * Use XfceTitledDialog for `Find` (gxo#apps/xfce4-terminal#168) + * Include '\r' in unsafe-paste checks + * Update tab accelerators at runtime + * Consume events that activate accelerator callbacks + (gxo#apps/xfce4-terminal#159, gxo#apps/xfce4-terminal#153) + * Center on the active terminal window. + * Change handling of goto-tab accelerators so they can be changed + through the editor. + * Menubar changes size when the window is maximized + (gxo#apps/xfce4-terminal#156) + * Context Menu: Revert changes in order and contents introduced by + the transition to XfceGtkActionEntries + * Add "Show Window Borders" entry in View menu (it was missing + in the last 2 dev releases) + * Revert view menu order (Zoom entries below checkboxes) + * Fix the visibility flag of the scrollbar + (gxo#apps/xfce4-terminal#161, could lead to broken themes) + * Replace GTimeVal with gint64 + * Fix build warnings + * Update Copyright + * Translation Updates + xz +- Fix ZDI-CAN-16587 Fix escaping of malicious filenames + (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) + * bsc1198062.patch + yaml-cpp +- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp + allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20573, bsc#1121227) +- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in + yaml-cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20574, bsc#1121230) +- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in + cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2019-6285, bsc#1122004) +- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in + yaml-cpp which cause DOS by stack consumption + (CVE-2019-6292, bsc#1122021) +- Added patch cve-2018-20574.patch + yast2-installation +- AutoYaST: move custom file creation past user creation so that + the element files/file/file_owner actually has an effect + (bsc#1196595) +- 4.4.51 + yast2-packager +- Fixed regression in repository alias name for add-ons (bsc#1193214) +- 4.4.27 +