Packages changed: apache2 (2.4.51 -> 2.4.52) apache2-manual (2.4.51 -> 2.4.52) apache2-mod_php7 (7.4.26 -> 7.4.27) apache2-prefork (2.4.51 -> 2.4.52) apache2-utils (2.4.51 -> 2.4.52) apparmor cantarell-fonts (0.301 -> 0.303.1) epiphany (41.2 -> 41.3) erofs-utils (1.1 -> 1.4) fetchmail (6.4.22 -> 6.4.25) fwupd (1.6.4 -> 1.7.3) gnome-shell harfbuzz (3.1.1 -> 3.2.0) heaptrack (1.2.0 -> 1.3.0) imlib2 (1.7.4 -> 1.7.5) inn (2.6.3 -> 2.6.4) libapparmor libinput (1.19.2 -> 1.19.3) libqt5-qtwayland (5.15.2+kde34 -> 5.15.2+kde37) librsvg (2.52.4 -> 2.52.5) libstorage-ng (4.4.66 -> 4.4.68) live555 (2021.11.23 -> 2021.12.18) manpages-l10n (4.11.0 -> 4.12.1) mutter openvpn (2.5.4 -> 2.5.5) php7 (7.4.26 -> 7.4.27) python-chardet remmina (1.4.22 -> 1.4.23) squid (5.2 -> 5.3) suse-module-tools (16.0.16 -> 16.0.17) xfce4-whiskermenu-plugin (2.7.0 -> 2.7.1) xxhash (0.8.0 -> 0.8.1) yast2 (4.4.30 -> 4.4.31) yast2-storage-ng (4.4.27 -> 4.4.28) yast2-trans (84.87.20211204.c55adb9b7a -> 84.87.20211219.ed0ba1e469) === Details === ==== apache2 ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See . * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-manual ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See . * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-mod_php7 ==== Version update (7.4.26 -> 7.4.27) - updated to 7.4.27: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.27 ==== apache2-prefork ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See . * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apache2-utils ==== Version update (2.4.51 -> 2.4.52) - version update to 2.4.52: * fix CVE-2021-44224: NULL dereference or SSRF in forward proxy configurations [boo#1193943] * fix CVE-2021-44790: buffer overflow when parsing multipart content in mod_lua [boo#1193942] * ) http: Enforce that fully qualified uri-paths not to be forward-proxied have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. * ) OpenSSL autoconf detection improvement: pick up openssl.pc in the already sent it to the client. * ) mod_http: Correctly sent a 100 Continue status code when sending an interim response as result of an Expect: 100-Continue in the request and not the current status code of the request * ) mod_dav: Some DAV extensions, like CalDAV, specify both document elements and property elements that need to be taken into account when generating a property. The document element and property element are made available in the dav_liveprop_elem structure by calling dav_get_liveprop_element() * ) mod_dav: Add utility functions dav_validate_root_ns(), dav_find_child_ns(), dav_find_next_ns(), dav_find_attr_ns() and dav_find_attr() so that other modules get to play too. * ) mpm_event: Restart stopping of idle children after a load peak * ) mod_http2: fixes 2 regressions in server limit handling. 1. When reaching server limits, such as MaxRequestsPerChild, the HTTP/2 connection send a GOAWAY frame much too early on new connections, leading to invalid protocol state and a client failing the request The module now initializes the HTTP/2 protocol correctly and allows the client to submit one request before the shutdown via a GOAWAY frame is being announced. 2. A regression in v1.15.24 was fixed that could lead to httpd child processes not being terminated on a graceful reload or when reaching MaxConnectionsPerChild. When unprocessed h2 requests were queued at the time, these could stall. See . * ) mod_ssl: Add build support for OpenSSL v3 * ) mod_proxy_connect: Honor the smallest of the backend or client timeout while tunneling * ) mod_proxy: SetEnv proxy-nohalfclose (or alike) allows to disable TCP half-close forwarding when tunneling protocols * ) core: Be safe with ap_lingering_close() called with a socket NULL-ed by a third-party module. PR 65627. * ) mod_md: Fix memory leak in case of failures to load the private key. * ) mod_md: adding v2.4.8 with the following changes - Added support for ACME External Account Binding (EAB). Use the new directive `MDExternalAccountBinding` to provide the server with the value for key identifier and hmac as provided by your CA. While working on some servers, EAB handling is not uniform across CAs. First tests with a Sectigo Certificate Manager in demo mode are successful. But ZeroSSL, for example, seems to regard EAB values as a one-time-use-only thing, which makes them fail if you create a seconde account or retry the creation of the first account with the same EAB. - The directive 'MDCertificateAuthority' now checks if its parameter is a http/https url or one of a set of known names. Those are 'LetsEncrypt', 'LetsEncrypt-Test', 'Buypass' and 'Buypass-Test' for now and they are not case-sensitive. The default of LetsEncrypt is unchanged. - `MDContactEmail` can now be specified inside a `` section. - Treating 401 HTTP status codes for orders like 403, since some ACME servers seem to prefer that for accessing oders from other accounts. - When retrieving certificate chains, try to read the repsonse even if the HTTP Content-Type is unrecognized. - Fixed a bug that reset the error counter of a certificate renewal and prevented the increasing delays in further attempts. - Fixed the renewal process giving up every time on an already existing order with some invalid domains. Now, if such are seen in a previous order, a new order is created for a clean start over again. See - Fixed a mixup in md-status handler when static certificate files and renewal was configured at the same time. * ) mod_md: values for External Account Binding (EAB) can now also be configured to be read from a separate JSON file. This allows to keep server configuration permissions world readable without exposing secrets. * ) mod_proxy_uwsgi: Remove duplicate slashes at the beginning of PATH_INFO. ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-profiles apparmor-utils pam_apparmor python3-apparmor - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ==== cantarell-fonts ==== Version update (0.301 -> 0.303.1) - Update to version 0.303.1: + Add missing font. - Changes from version 0.303: + Actually update the version number in the fonts. - Changes from version 0.302: + Maintenance release: Make the variable font the default, only build statics on demand. Also build two packages with variable and static fonts. Packagers can chose the statics package if they run into problems with the variable font, but you should probably not install both at the same time. + Amended OS/2 super- and subscript values so that new Pango can use them properly. + Update production names for Jacute, bulletoperator, commercialMinusSign, divisionslash, notidentical, ringcomb_acutecomb and ringcomb_acutecomb.case. + Updated appstream translations. ==== epiphany ==== Version update (41.2 -> 41.3) Subpackages: gnome-shell-search-provider-epiphany - Update to version 41.3: + Fix Reload buttons on error pages. + Fix delete button in about:applications. ==== erofs-utils ==== Version update (1.1 -> 1.4) - Update to release 1.4 * mkfs.erofs: support pre-defined UUIDs and SELinux file contexts * Support new big pcluster feature together with Linux 5.13+ * Added support to override UID/GID * Introduced preliminary dump.erofs and fsck.erofs * Introduced MicroLZMA compression support ==== fetchmail ==== Version update (6.4.22 -> 6.4.25) Subpackages: fetchmailconf - update to 6.5.25: * 6.4.24's workaround for OpenSSL 1.0.2's X509_V_FLAG_TRUSTED_FIRST flag contained a typo and would not kick in properly. * Library and/or rpath setting from configure.ac was fixed. * Added an example systemd unit file and instructions to contrib/systemd/ which runs fetchmail as a daemon with 5-minute poll intervals. * fetchmail can now be used with wolfSSL 5's OpenSSL compatibility layer, see INSTALL and README.SSL. This is considered experimental. Feedback solicited. * Bison 3.8 dropped yytoknum altogether, breaking compilation due to a warning workaround. Remove the cast of yytoknum to void. This may cause a compiler warning to reappear with older Bison versions. * OpenSSL 1.0.2: Workaround for systems that keep the expired DST Root CA X3 certificate in its trust store because OpenSSL by default prefers the untrusted certificate and fails. * For common ssh-based IMAP PREAUTH setups (i. e. those that use a plugin - no matter its contents - and that set auth ssh), change the STARTTLS error message to suggest sslproto '' instead. This is a commonly reported issue after the CVE-2021-39272 fix in 6.4.22. - drop fetchmail-bison-3.8.patch (upstream) - Rebased patches: * fetchmail-add-imap-oauthbearer-support.patch * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch ==== fwupd ==== Version update (1.6.4 -> 1.7.3) Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.7.3: * This release adds the following features: + Add a sync-bkc subcommand to ensure a known set of firmware versions + Add FuArchiveFirmware for plugins that use archives as firmware files + Add quirkable page and sector size properties to FuCfiDevice + Make Upower and powerd support optional * This release fixes the following bugs: + Add some sanity checks to the elanfp firmware parser + Add the CFI JEDEC instance ID if using the vendor-extended version + Check the value range when parsing the quirk keys + Do not wait for a USB runtime if will-disappear is set + Enable the MOTD integration when using pam_motd + Fix DFU regression when merging the FuProgress work + Fix running the tests when fwupd is not installed + Fix the GLib error message when inotify max_user_instances is too low + Fix VLI VL820Q7 detection to fix flashing of the Lenovo TBT3 dock + Ignore a USB error for STM32 attach when the device goes away + Make the HSI tests optional for embedded targets + Make the plugin startup order deterministic + Set Thunderbolt ports offline on host controller + Use endian-safe version functions when enumerating Logitech hardware + Use lowercase flag names in intel-spi to prevent a runtime warning + Wait for the System76 Launch device to come back from DFU mode * This release adds support for the following hardware: + Most Nordic Semiconductor nRF Secure devices - Fix build when not on TW: add BR protobuf-c - Fix build issue in spec (references to libfwupdplugin2 -> libfwupdplugin5) ==== gnome-shell ==== Subpackages: gnome-extensions gnome-shell-calendar - Add gnome-shell-exit-crash-workaround.patch: + Backport from Ubuntu, This is a workaround to maintain a clean environment for gnome-shell and particularly JavaScript/GJS to shutdown without crashing. + Proper fixes are still pending https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1759 https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/648 (bsc#1190878 glgo#GNOME/gnome-shell#4344). ==== harfbuzz ==== Version update (3.1.1 -> 3.2.0) Subpackages: libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz-subset0 libharfbuzz0 typelib-1_0-HarfBuzz-0_0 - Update to 3.2.0: + Fixed shaping of Apple Color Emoji flags in right-to-left context + Fixed positioning of CFF fonts in HB_TINY profile + OpenType 1.9 language tags update + Add HB_NO_VERTICAL config option + Add HB_CONFIG_OVERRIDE_H for easier configuration + Improved packing of cmap, loca, and Ligature tables + Significantly improved overflow-resolution strategy in the repacker - Update to 3.1.2: + hb-shape / hb-view: revert treating text on the commandline as single paragraph (was introduced in 3.0.0); add new - -single-par to do that + Subsetter bug fixes ==== heaptrack ==== Version update (1.2.0 -> 1.3.0) Subpackages: heaptrack-gui - Update to 1.3.0: * New features: + Allocations can be filtered by time ranges + Support for suppression files, including the __lsan_default_suppressions API * Fixed bugs: + Fails to build on CentOS 7.0 (kde#441125) + Crash when filtering on a time range (kde#441132) + Heaptrack produces impossible/incorrect stack traces (kde#439897) + ERROR: failed to lock heaptrack output file (kde#408547) + Attaching to running process generates empty file (kde#394520) + heaptrack launch script help text shows wrong option name for --output-file (kde#439307) + Can the output file take hostname into account? (kde#435195) + Heaptrack GUI crash when opening a zst file (kde#427970) * More details on https://invent.kde.org/sdk/heaptrack/-/releases/v1.3.0 - Use %autosetup ==== imlib2 ==== Version update (1.7.4 -> 1.7.5) Subpackages: imlib2-loaders libImlib2-1 - update to 1.7.5: * Build .xz instead of .bz2 release tarball * Drop imlib2-config (use pkg-config) * Test: Add some minimal regression testing * Test: Fix dist * imlib2_load: Add option to use imlib_load_image_immediately() * JPEG loader: Cosmetics * JPEG loader: Parse EXIF data and handle orientation * autofoo: Drop support for libungif * Imlib.h: Add version macros * imlib2_load: Add verbose option * Fix build (Imlib2.h is now built) * test: Add icon-64.pbm * test: Add test_load_2 * imlib2_view: If verbose show error message on failure * imlib2_load: Use clock_gettime() when available * debug: Infrastructure * debug: Add some debug related to file access and image loading * Introduce im->fsize * PNG loader: Cosmetics * PNG loader: Use mmap() during signature check * TIFF loader: Use mmap() during signature check * TGA loader: Use im->fsize, cosmetics, debug * WEBP loader: Cosmetics * WEBP loader: Use mmap() for loading * FF loader: Cosmetics * FF loader: Use mmap() for loading * ARGB loader: Cosmetics * ARGB loader: Use mmap() for loading * BMP loader: Cosmetics * BMP loader: Use mmap() for loading * ICO loader: Cosmetics * ICO loader: Use mmap() for loading * LBM loader: Cleanups * LBM loader: Use mmap() for loading * PNM loader: Use mmap() for loading * XBM loader: Fix potential buffer overrun * XBM loader: Cosmetics * XBM loader: Use mmap() for loading * XBM loader: Ignore comments and other stuff in header * XPM loader: Use mmap() for loading * test: test_load improvements * imlib2_view: Add option to cache images * Introduce UPDATE_FLAG() * Introduce ARRAY_SIZE() * Loader cosmetics * Loader loading: Tweaks * Loader loading: Move to __imlib_FindBestLoaderForFormat() * Loader loading: Move __imlib_GetLoaderList() * Loader loading: Minor loader lookup refactoring * Loader loading: Avoid always loading all loaders * Loader loading: Don't bother looking up load() if we have load2() * WEBP loader: Enable loading animated images (first frame by default) * configure.ac: Fixup after recent change * Drop unnecessary free() NULL argument checks * Remove some unneeded headers * Rename X11 related files for clarity * Move ImlibImagePixmap population to __imlib_AddImagePixmapToCache() * test: Add X11 drawable grabbing test * Move pixmap stuff to x11_pixmap.c/h * Trivial changes in __imlib_Grab...() function prototypes * Refactor imlib_create_scaled_image_from_drawable() * Revert "Refactor imlib_create_scaled_image_from_drawable()" * Refactor imlib_create_scaled_image_from_drawable() - take 2 * x11_grab.c: Rename source/destination variables for clarity * Fix y-upscaling in imlib_create_scaled_image_from_drawable() * test_grab: Cleanups, cosmetics * test_grab: Add scale-down tests * Only set MAINTAINERCLEANFILES in top-level Makefile.am * imlib2_view: Enable grabbing/viewing drawables * x11_grab.c: Cosmetics * x11_grab.c: Introduce function to get shape mask * Speedup in imlib_create_scaled_image_from_drawable() * Avoid signedness warning * Avoid "exceeds maximum object size" warning * blend.c: Tweaks, cleanups * Simplify build wrt. asm files ==== inn ==== Version update (2.6.3 -> 2.6.4) - Update to version 2.6.4: + Bug Fix: nnrpd now adapts the length of the DH parameter used during a DHE key exchange so as to comply with the security level OpenSSL 1.1.0 or later expects. + New Features: * Added support for systemd notifications and socket activation. Use of more features provided by systemd, including more notifications, will come in future releases. * cnfsstat now also returns information about retired CNFS buffers: buffers mentioned in cycbuff.conf as a cycbuff but not declared in a metacycbuff. * Switch default innreport behaviour to the common practice of externalizing CSS into a separate file. Its name can be configured with the html_css_url parameter in innreport.conf. If this parameter is unset, the default innreport.css file name will be used and innreport will generate this CSS file for you. Previously generated reports are kept untouched, though, and will still contain inline CSS if you had not already set the html_css_url parameter in previous INN versions. * sm can now read and store any number of articles given in wire format on its standard input when both -s and -R are used. Only native format was previously possible. * Added new -a flag to rnews to disallow, if needed, the use of additional unpackers from the rnews.libexec sub-directory of pathbin (as set in inn.conf); only rnews and cunbatch will then be recognized as valid batch commands. * Added new -b flag to rnews to save rejected articles in the bad sub-directory of pathincoming (as set in inn.conf). Otherwise, rnews just logs and discards any articles that are rejected or cannot be parsed for some reason. * Added new -d flag to rnews to log via syslog the message-ID and the Path header body of each article rejected as a duplicate. * Added new --enable-hardening-flags configure-time option, enabled by default, to use hardening build flags like -fPIE and -fstack-protector-strong. This option can easily be disabled if the compiler or the platform does not support them well. More hardening build flags will eventually be added in future releases. - Rename inn-2.6.3.diff to inn-2.6.4.diff. - Use url in sources as far as possible. ==== libapparmor ==== - add openssl-engdef-mr818.diff: Allow reading /etc/ssl/engdef.d/ and /etc/ssl/engines.d/ in abstractions/openssl which were introduced with the latest openssl update ==== libinput ==== Version update (1.19.2 -> 1.19.3) Subpackages: libinput-udev libinput10 - Update to release 1.19.3 * quirks: add ModelBouncingKeys for A4Tech X-710BK Mouse * quirks: Dell 15R touchpad settings for firmware v3 * quirks: change touchpad pressure on Lenovo Yoga 2 Pro * gestures: cancel hold gestures on thumb detection ==== libqt5-qtwayland ==== Version update (5.15.2+kde34 -> 5.15.2+kde37) Subpackages: libQt5WaylandClient5 libQt5WaylandCompositor5 - Update to version 5.15.2+kde37: * Fix backport, context destruction was omitted * Client: do not empty clipboard when a new popup/window is opened * Wayland client: use wl_keyboard to determine active state - Add patch to fix crashes triggered by unintentional actions when showing a window (kde#421700): * 0001-Client-Avoid-processing-of-events-when-showing-windo.patch ==== librsvg ==== Version update (2.52.4 -> 2.52.5) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Update to version 2.52.5: + Fix mangled output in rsvg-convert when redirecting output to a pipe on Windows. + When outputting to SVG, rsvg-convert now uses the width/height units specified in the command line; it always used pixels before. + Fix incorrect top/left margins for SVG/PS/EPS/PDF output. + Fix incorrect placement of glyphs when text has non-uniform scaling in the X/Y axes. This is not a librsvg bug, but is fixed by Pango 1.49.3 and later. Hopefully Pango 1.48.11 will be released soon with this fix as well. Note that this release of librsvg cannot increase the minimum Pango version to 1.48.11 because it is not released yet. + Miscellaneous: Updated crate dependencies: assert_cmd, cast, clap cssparser, float-cmp, itertools, nalgebra, png, proptest, rctree, selectors, system-deps. ==== libstorage-ng ==== Version update (4.4.66 -> 4.4.68) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#851 - updated pot and po files - 4.4.68 - merge gh#openSUSE/libstorage-ng#850 - extended callbacks for probing problems - 4.4.67 ==== live555 ==== Version update (2021.11.23 -> 2021.12.18) Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 libliveMedia102 - Update to version 2021.12.18: + Fixed a bug in the way that "RTSPClient" handles its two separate TCP connections when it does RTSP-over-HTTP. + Updated "RTPInterface::sendDataOverTCP()" so that if it's necessary to do a blocking send(), we call "makeSocketNonBlocking()" immediately after the call to "send()". + Performed the annual update of the copyright years near the start of each file. - update to 2021.12.07: - Added #ifndef NO_OPENSSL/#endif around "#include " in "liveMedia/TLSState.cpp", so that the code will compile if you're compiling with no OpenSSL headers, and NO_OPENSSL defined. ==== manpages-l10n ==== Version update (4.11.0 -> 4.12.1) Subpackages: man-pages-fr man-pages-it - Update to version 4.12.1: * Bugfix: Enable new languages in po/Makefile.am. - Changes from version 4.12.0: * New languages: Finnish, Greek, Indonesian, Norwegian bokmål, Swedish, Serbian. * Persian (fa) is in a very early state; still disabled. * Updated and added many translations. - Upgrade macros: Build for Leap has been upgraded to 15.4 - build for 15.3 has been dropped upstream. ==== mutter ==== - Add mutter-allow-disable-hardware-cursors.patch: Add a debug environment variable MUTTER_DEBUG_DISABLE_HW_CURSORS to disable hardware cursors and force using software cursors to avoid some driver or hardware bug (glgo#GNOME/mutter#2045, glgo#GNOME/mutter!2150). ==== openvpn ==== Version update (2.5.4 -> 2.5.5) - update to 2.5.5: * SWEET32/64bit cipher deprecation change was postponed to 2.7 * improve "make check" to notice if "openvpn --show-cipher" crashes * improve argv unit tests * ensure unit tests work with mbedTLS builds without BF-CBC ciphers * include "--push-remove" in the output of "openvpn --help" * fix error in iptables syntax in example firewall.sh script * fix "resolvconf -p" invocation in example "up" script * fix "common_name" environment for script calls when "--username-as-common-name" is in effect (Trac #1434) * move "push-peer-info" documentation from "server options" to "client" * correct "foreign_option_{n}" typo in manpage * README.down-root: fix plugin module name ==== php7 ==== Version update (7.4.26 -> 7.4.27) Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - updated to 7.4.27: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.27 ==== python-chardet ==== - pytest-runner is not required for build ==== remmina ==== Version update (1.4.22 -> 1.4.23) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc - Updated to remmina version 1.4.23 * Patch for a Remmina segfault and stats code cleaning !2358 * Make Appindicator optional !2359 * Added check-box to force tight encoding for VNC connections !2360 * remote resolution: use multiple of four !2353 * Add Keyboard mapping per client RDP !2361 * Improve TLS error message, fixes #2364 (closed) !2362 * Triage policy language reworked !2363 ==== squid ==== Version update (5.2 -> 5.3) - update to 5.3: * Bug 5169: StoreMap.cc:517 "!s.reading()" assertion * Bug 5158: AnyP::Uri::host() mishandles [escaped] IPv6 addresses * Bug 5060: Parallel builds are not reliable * Documentation updates for logformat directive ==== suse-module-tools ==== Version update (16.0.16 -> 16.0.17) - Update to version 16.0.17: * 60-io-scheduler.rules: add rules for virtual devices (boo#1193759) * 60-io-scheduler.rules: enforce "none" for loop devices (boo#1193759) * install some modprobe.d files only for relevant architectures (apm_bios, sonypi, toshiba, legacy rtc) (bsc#1192974) ==== xfce4-whiskermenu-plugin ==== Version update (2.7.0 -> 2.7.1) Subpackages: xfce4-whiskermenu-plugin-lang - Update to version 2.7.1 * Fix not selecting second icon in search results. (gxo#panel-plugins/xfce4-whiskermenu-plugin#50) * Fix incorrect selection when leaving treeview. * Fix skipping first treeview item. * Fix unnecessary button size changes. * Translation updates ==== xxhash ==== Version update (0.8.0 -> 0.8.1) - fix racy check execution - update to 0.8.1: * perf : much improved performance for XXH3 streaming variants, notably on gcc and msvc * perf : improved XXH64 speed and latency on small inputs * perf : small XXH32 speed and latency improvement on small inputs of random size * perf : minor stack usage improvement for XXH32 and XXH64 * api : new experimental variants XXH3_*_withSecretandSeed() * api : update XXH3_generateSecret(), can no generate secret of any size (>= XXH3_SECRET_SIZE_MIN) * cli : xxhsum can now generate and check XXH3 checksums, using command `-H3` * build: can build xxhash without XXH3, with new build macro XXH_NO_XXH3 * build: fix xxh_x86dispatch build with MSVC, by @apankrat * build: XXH_INLINE_ALL can always be used safely, even after XXH_NAMESPACE or a previous XXH_INLINE_ALL * build: improved PPC64LE vector support * install: fix pkgconfig * install: compatibility with Haiku * doc : code comments made compatible with doxygen * misc : XXH_ACCEPT_NULL_INPUT_POINTER is no longer necessary, all functions can accept NULL input pointers, as long as size == 0 * misc : complete refactor of CI tests on Github Actions, offering much larger coverage * misc : xxhsum code base split into multiple specialized units, within directory cli/ - add 836f4e735cf368542f14005e41d2f84ec29dfd60.patch (fix manpage installation) ==== yast2 ==== Version update (4.4.30 -> 4.4.31) Subpackages: yast2-logs - Do not reinitialize the packaging system during offline upgrade (bsc#1193784 and bsc#1192437). - 4.4.31 ==== yast2-storage-ng ==== Version update (4.4.27 -> 4.4.28) - Partitioner: added a warning if a required mount option, eg. _netdev, is missing in a mount point (jsc#SLE-20535). - 4.4.28 ==== yast2-trans ==== Version update (84.87.20211204.c55adb9b7a -> 84.87.20211219.ed0ba1e469) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20211219.ed0ba1e469: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * New POT for text domain 'tune'. * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'packager'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'registration'. * New POT for text domain 'installation'. * New POT for text domain 'bootloader'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Catalan) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian)