Packages changed: ImageMagick (7.1.0.37 -> 7.1.0.44) avahi codec2 (1.0.3 -> 1.0.5) cups curl (7.83.1 -> 7.84.0) gpg2 (2.3.6 -> 2.3.7) inkscape (1.2 -> 1.2.1) java-11-openjdk (11.0.15.0 -> 11.0.16.0) kdump (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742) kernel-firmware (20220622 -> 20220714) libcap (2.64 -> 2.65) libdmtx (0.7.5 -> 0.7.7) libnettle (3.8 -> 3.8.1) libstorage-ng (4.5.31 -> 4.5.33) libuv (1.44.1 -> 1.44.2) perl polkit poppler (22.06.0 -> 22.07.0) poppler-qt5 (22.06.0 -> 22.07.0) shim unbound (1.16.0 -> 1.16.1) yast2-auth-client (4.5.0 -> 4.5.1) yast2-bootloader (4.5.1 -> 4.5.2) yast2-trans (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa) === Details === ==== ImageMagick ==== Version update (7.1.0.37 -> 7.1.0.44) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.0.44 upstream changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md - modified patches % ImageMagick-library-installable-in-parallel.patch (refreshed) - update to 7.1.0.42: * incorrect pointer update when computing median @ ImageMagick/ImageMagick#5298 * Added extra check because the flag was removed in 0.21-Beta1. * the -transparent-color option accepts colornames @ ImageMagick/ImageMagick#5297 * fix MVG stroke-opacity issues * map channel parameter to pixel channel offset @ ImageMagick/ImageMagick#5308 * beta release * preserve input depth @ ImageMagick/ImageMagick6#188 * update to latest automake/autoconf release * recognize SVG file if it starts with whitespace @ ImageMagick/ImageMagick#5294 * Removed unused stealth flag. * Removed used path field. * Removed unused target field. * Removed unused exempt field. * Added extra option to the skip spaces to the MagicInfo. * Always start at the start of the string when comparing the magic value. * cosmetic * avoid OMP deadlock @ ImageMagick/ImageMagick#5301 * prevent undefined shift * prevent possible buffer overflow * correct copy/paste error * We need to free the stream ourselves when the call to FT_Open_Face fails. * Added missing call to DestroyString. * MVG requires seekable stream * Added extra malloc method to avoid early calls to the policy checks on Windows. * Removed defines. * Only check for dll's in non static build. * Set the client name and path earlier. * fix background opacity rounding @ ImageMagick/ImageMagick#5264 * empty result on conversion from tiff to pdf @ ImageMagick/ImageMagick#5256 * Corrected patch that was made for #5256. * Pass negative interline_spacing to pango * Also check extension to fix possible stack overflow. * eliminate possible buffer overflow * set group 4 photometric to min-is-white * dasharray requires non-zero values * eliminate compiler warning * only permit one rows/columns keyword * Moved allocation back to the correct spot to avoid bypassing SetImageExtent. * Also restore setting quantum_info to null. * eliminate uninitialized value warning * Make sure all text strings are freed when realloc fails. * Reset primitive_info inside RenderMVGContent because this address could point to another address. * Always check if .text is set instead. * eliminate uninitialized alpha pixel * recognize read-mask & write-mask for -channel option * eliminate compiler warning * fix scrambled image @ ImageMagick/ImageMagick#5291 * yikes, misspelled 'level' * Fixed possible memory leak. * support floating point formats * initialize date:precision in private TimerComponentGenesis() method * check for -1 is not required * refactor date:precision flow * eliminate compiler warning * correct formulation of the phash normalization * phash normalization is conventional RMS calculation * only check shread count once * add private ShredMagickMemory() method to hide contents of memory buffers before they are relinquished * system:shred value has precedence over MAGICK_SHRED_PASSES * support shredding memory pools * update memory pointer * Silenced warning. * Corrected documentation. * first pass is fast for performance, second is crytographically strong * recommend shred value of 1 for performance reasons * only set the # of shred passes one time * if enabled, shred streams * unmap mapped pixels * default mapped member to false * don't shred streaming pixels * rework shred passes * optimize performance * change per lint advisement * typecast per lint advisement * eliminate compiler warning * eliminate lint warnings * eliminate lint warnings * support date:timestamp property * eliminate lint warnings * set timestamp from image->timestamp member * eliminate lint warnings * support MAGICK_DATE_PRECISION and registrydateprecision defines * support registry:precision define * need at least one policy defined * eliminate lint warnings * note, system:precision is deprecated * eliminate icc compiler warnings * eliminate icc compiler warnings * eliminate compiler warning * Reverted incorrect patch when doing auto-orient of an image that is right-top or left-bottom.# * Corrected conversion from flip to Orientation. ... changelog too long, skipping 22 lines ... * Also remove date:timestamp when stripping the image. ==== avahi ==== Subpackages: libavahi-client3 libavahi-common3 libavahi-core7 - Move the dbus-1 system.d file to /usr (bsc#1201345) ==== codec2 ==== Version update (1.0.3 -> 1.0.5) - Update to version 1.0.5 * Bump version to 1.0.5 to clearly delineate from various 1.0.4 tags, otherwise the same as 1.0.4_rc2 - Update to version 1.0.4 * 2020B, * build system and tools maintenance. * This RC fixes FreeDV API backwards compatibility issue in v1.0.4 ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Move the dbus-1 system.d file to /usr (bsc#1201346) ==== curl ==== Version update (7.83.1 -> 7.84.0) Subpackages: libcurl4 - add tests-for-32bit.patch to fix testsuite on 32bit platforms - Update to 7.84.0: * Security fixes: - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service * Changes: - curl: add --rate to set max request rate per time unit - curl: deprecate --random-file and --egd-file - curl_version_info: add CURL_VERSION_THREADSAFE - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl - lib: make curl_global_init() threadsafe when possible - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION - opts: deprecate RANDOM_FILE and EGDSOCKET - socks: support unix sockets for socks proxy * Bugfixes: - aws-sigv4: fix potentional NULL pointer arithmetic - bindlocal: don't use a random port if port number would wrap - c-hyper: mark status line as status for Curl_client_write() - ci: avoid `cmake -Hpath` - CI: bump FreeBSD 13.0 to 13.1 - ci: update github actions - cmake: add libpsl support - cmake: do not add libcurl.rc to the static libcurl library - cmake: enable curl.rc for all Windows targets - cmake: fix detecting libidn2 - cmake: support adding a suffix to the OS value - configure: skip libidn2 detection when winidn is used - configure: use the SED value to invoke sed - configure: warn about rustls being experimental - content_encoding: return error on too many compression steps - cookie: address secure domain overlay - cookie: apply limits - copyright.pl: parse and use .reuse/dep5 for skips - copyright: make repository REUSE compliant - curl.1: add a few see also --tls-max - curl.1: mention exit code zero too - curl: re-enable --no-remote-name - curl_easy_pause.3: remove explanation of progress function - curl_getdate.3: document that some illegal dates pass through - Curl_parsenetrc: don't access local pwbuf outside of scope - curl_url_set.3: clarify by default using known schemes only - CURLOPT_ALTSVC.3: document the file format - CURLOPT_FILETIME.3: fix the protocols this works with - CURLOPT_HTTPHEADER.3: improve comment in example - CURLOPT_NETRC.3: document the .netrc file format - CURLOPT_PORT.3: We discourage using this option - CURLOPT_RANGE.3: remove ranged upload advice - digest: added detection of more syntax error in server headers - digest: tolerate missing "realm" - digest: unquote realm and nonce before processing - DISABLED: disable 1021 for hyper again - docs/cmdline-opts: add copyright and license identifier to each file - docs/CONTRIBUTE.md: document the 'needs-votes' concept - docs: clarify data replacement policy for MIME API - doh: remove UNITTEST macro definition - examples/crawler.c: use the curl license - examples: remove fopen.c and rtsp.c - FAQ: Clarify Windows double quote usage - fopen: add Curl_fopen() for better overwriting of files - ftp: restore protocol state after http proxy CONNECT - ftp: when failing to do a secure GSSAPI login, fail hard - GHA/hyper: enable debug in the build - gssapi: improve handling of errors from gss_display_status - gssapi: initialize gss_buffer_desc strings - headers api: remove EXPERIMENTAL tag - http2: always debug print stream id in decimal with %u - http2: reject overly many push-promise headers - http: restore header folding behavior - hyper: use 'alt-used' - krb5: return error properly on decode errors - lib: make more protocol specific struct fields #ifdefed - libcurl-security.3: add "Secrets in memory" - libcurl-security.3: document CRLF header injection - libssh: skip the fake-close when libssh does the right thing - links: update dead links to the curl-wiki - log2changes: do not indent empty lines [ci skip] - macos9: remove partial support - Makefile.am: fix portability issues - Makefile.m32: delete obsolete options, improve -On [ci skip] - Makefile.m32: delete two obsolete OpenSSL options [ci skip] - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] - max-time.d: clarify max-time sets max transfer time - mprintf: ignore clang non-literal format string - netrc: check %USERPROFILE% as well on Windows - netrc: support quoted strings - ngtcp2: allow curl to send larger UDP datagrams - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types - ngtcp2: enable Linux GSO - ngtcp2: extend QUIC transport parameters buffer - ngtcp2: fix alert_read_func return value - ngtcp2: fix typo in preprocessor condition - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data - ngtcp2: send appropriate connection close error code - ngtcp2: support boringssl crypto backend - ngtcp2: use helper funcs to simplify TLS handshake integration - ntlm: provide a fixed fake host name - projects: fix third-party SSL library build paths for Visual Studio ... changelog too long, skipping 40 lines ... - x509asn1: mark msnprintf return as unchecked ==== gpg2 ==== Version update (2.3.6 -> 2.3.7) Subpackages: dirmngr - GnuPG 2.3.7: * CVE-2022-34903: garbled status messages could trick gpgme and other parsers to accept faked status lines [boo#1201225] * A number of bug fixes to the gpg command line interface * gpgsm gained a number of new options and got some rework on the PKCS#12 parser to support DFN issues keys * The gpg agent got some added options and UI tweaks * smart card support got a number of bug fixes, and improved support for Technology Nexus cards and Yubikey * The Telesec ESIGN application is now supported ==== inkscape ==== Version update (1.2 -> 1.2.1) Subpackages: inkscape-extensions-extra inkscape-extensions-gimp - Update to version 1.2.1: + Important fix for a bug where a loss of data occurred + Ensures that objects in multipage documents show up on all pages + Fixes 5 crashes, over 25 bugs, 4 extension bugs, 15 improved user interface translations, 3 improved documentation translations + See the full release notes for Inkscape 1.2.1 at https://media.inkscape.org/media/doc/release_notes/1.2.1/Inkscape_1.2.1.html ==== java-11-openjdk ==== Version update (11.0.15.0 -> 11.0.16.0) Subpackages: java-11-openjdk-headless - Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) * Security fixes: + JDK-8272243: Improve DER parsing + JDK-8272249: Better properties of loaded Properties + JDK-8277608: Address IP Addressing + JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class compilation + JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance MethodHandle invocations + JDK-8283190: Improve MIDI processing + JDK-8284370: Improve zlib usage + JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan supports * Other fixes: + JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException + JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders. + JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements. + JDK-8133713: [macosx] Accessible JTables always reported as empty + JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph + JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn + JDK-8163498: Many long-running security libs tests + JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28 + JDK-8169004: Fix redundant @requires tags in tests + JDK-8181571: printing to CUPS fails on mac sandbox app + JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher + JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests + JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException + JDK-8193682: Infinite loop in ZipOutputStream.close() + JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10" + JDK-8202886: [macos] Test java/awt/MenuBar/8007006/ /bug8007006.java fails on MacOS + JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java + JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test + JDK-8206187: javax/management/remote/mandatory/connection/ /DefaultAgentFilterTest.java fails with Port already in use + JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java + JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start + JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location + JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests + JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names + JDK-8208697: vmTestbase/metaspace/stressHierarchy/ /stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace + JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test + JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test + JDK-8209883: ZGC: Compile without C1 broken + JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC + JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun + JDK-8210039: move OSInfo to top level testlibrary + JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022 + JDK-8210112: remove jdk.testlibrary.ProcessTools + JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter (Modules.java:244) + JDK-8210732: remove jdk.testlibrary.Utils + JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458 + JDK-8211822: Some tests fail after JDK-8210039 + JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound + JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64 + JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp + JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type" + JDK-8214799: Add package declaration to each JTREG test case in the gc folder + JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5 + JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit + JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests. + JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265 + JDK-8217233: Update build settings for AIX/xlc + JDK-8217340: Compilation failed: tools/launcher/Test7029048.java + JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP ... changelog too long, skipping 374 lines ... /SSLSessionImpl/NoInvalidateSocketException.java ==== kdump ==== Version update (1.0.2+git13.ge715180 -> 1.0.2+git17.g491c742) - fix network-related dracut options handling for fadump case - drop the elevator=deadline kernel option (bsc#1193211) - fix broken URL in manpage (bsc#1187312) ==== kernel-firmware ==== Version update (20220622 -> 20220714) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20220714 (git commit 84661a3ba62f): * amdgpu: update DMCUB firmware for DCN 3.1.6 * WHENCE: Correct dangling symlinks * Correct WHENCE entry for wfx firmware * bnx2: Drop unsupported Broadcom NetXtremeII firmware * bnx2: drop unsupported firmwares * bnx2: sort firmware names in filesystem order * Remove old Broadcom Everest (bnx2x) v4/5 firmware * drop Token Ring network firmwares * Drop TDA7706 radio firmware * Drop Intel WiMax firmware * Drop Computone IntelliPort Plus serial firmware * Drop ATM Ambassador devices firmware * brocade: drop old unsupported firmware revs * amdgpu: update yellow carp DMCUB firmware * linux-firmware: update firmware for MT7622 WiFi device * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * mediatek: Add SCP firmware for MT8186 * rtw88: 8822c: Update normal firmware to v9.9.13 * rtw88: 8822c: Update normal firmware to v9.9.12 - Drop obsoleted temporary patches: wfx-WHENCE-fix.diff brcm-symlink-fixes.diff - Minor update of README.build - Fix missing aliases for qlogic (bsc#1200889) ==== libcap ==== Version update (2.64 -> 2.65) - update to 2.65: * Fix syntax error in DEBUG build of protected code in setcap.c. * Prevent bash from reading the wrong startup files when the capsh --user=xxx argument is used to invoke a shell as the user xxx. This is done by capsh now changing the USER and HOME environment variables when --user is specified. The argument --noenv can be used to suppress this behavior to what used to be the problematic default. (Bug: 215926) * Improved documentation ==== libdmtx ==== Version update (0.7.5 -> 0.7.7) - update to 0.7.7: * bug 9: Prevent edifact barcode encoding '31' from user input * fix compiler warnings and build errors * properly handle error when decoding Base256 scheme * remove dead and irrelevant links in the README * Add validity checks in DecodeSchemeAscii() * Declare variables in DecodeSchemeAscii() locally. * Implement RsFindErrorLocatorPoly fix from shm0nya - drop libdmtx-DmtxPropRowPadBytes.patch (upstream)# ==== libnettle ==== Version update (3.8 -> 3.8.1) Subpackages: libhogweed6 libnettle8 - update to 3.8.1: * Avoid non-posix m4 argument references in the chacha implementation for arm64, powerpc64 and s390x. Reported by Christian Weisgerber, fix contributed by Mamone Tarsha. * Use explicit .machine pseudo-ops where needed in s390x assembly files. Bug report by Andreas K. Huettel, fix contributed by Mamone Tarsha. ==== libstorage-ng ==== Version update (4.5.31 -> 4.5.33) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#892 - continue flushing pending holders if a device cannot be found (see bsc#1201880) - coding style - removed unneeded mockups - 4.5.33 - Translated using Weblate (Czech) (bsc#1149754) - 4.5.32 ==== libuv ==== Version update (1.44.1 -> 1.44.2) - update to 1.44.2: * Add SHA to ChangeLog * aix, ibmi: handle server hang when remote sends TCP RST * process: reset the signal mask if the fork fails * zos: implement cmpxchgi() using assembly * ibmi: Implement UDP disconnect * unix: simplify getpwuid call * process,iOS: fix build breakage in process.c * test: remove unused declarations in tcp_rst test * core: add thread-safe strtok implementation * test: fix flaky file watcher test * unix,win: fix UV_RUN_ONCE + uv_idle_stop loop hang * win: fix unexpected ECONNRESET error on TCP socket * doc: make sample cross-platform build * test: separate some static variables by test cases * sunos: fs-event callback can be called after uv_close() * uv: re-register interest in a file after change * uv: register UV_RENAME event for _RFIM_UNLINK * uv: register __rfim_event 156 as UV_RENAME * release: check versions of autogen scripts are newer * test: rewrite embed test * unix: use MSG_CMSG_CLOEXEC where supported * test: remove disabled callback_order test * kqueue: skip EVFILT_PROC when invalidating fds * zos: don't err when killing a zombie process * zos: avoid fs event callbacks after uv_close() * zos: correctly format interface addresses names * zos: add uv_interface_addresses() netmask support * zos: improve memory management of ip addresses * tcp,pipe: fail `bind` or `listen` after `close` * zos: implement uv_available_parallelism() * udp,win: fix UDP compiler warning * zos: fix early exit of epoll_wait() * unix,tcp: fix errno handling in uv__tcp_bind() * shutdown,unix: reduce code duplication * unix: fix c99 comments * unix: retry tcgetattr/tcsetattr() on EINTR * unix,stream: optimize uv_shutdown() codepath * unix,tcp: allow EINVAL errno from setsockopt in uv_tcp_close_reset() * win,shutdown: improve how shutdown is dispatched ==== perl ==== Subpackages: perl-base perl-doc - fix build on ppc * updated patch: perl_skip_flaky_tests_powerpc.patch ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - split out pkexec into seperate package to make system hardening easier (to avoid installing it jsc#PED-132 jsc#PED-148). ==== poppler ==== Version update (22.06.0 -> 22.07.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 libpoppler122 poppler-tools - update to 22.07.0: * Fix crash when filling in forms in some files. Issue #1258 * Fix first lines of Annotations sometimes being cut off. Issue #1246 * Signatures: Don't crash if the signature doesn't have a common name * CairoFontEngine: increment font_face reference when retrieving from the cache * Add ToUnicode support for lessorequalslant and greaterorequalslant glib: * Add support for stamp annotation - add gpg keyring validation for the release tarball - drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream) - Add da226d346e691f7545d995d6761d43e08855a3b7.patch -- CairoFontEnginer: increment font_face reference when retrieving from the cache; this fixes crashes with certain pdfs [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212]. ==== poppler-qt5 ==== Version update (22.06.0 -> 22.07.0) - update to 22.07.0: * Fix crash when filling in forms in some files. Issue #1258 * Fix first lines of Annotations sometimes being cut off. Issue #1246 * Signatures: Don't crash if the signature doesn't have a common name * CairoFontEngine: increment font_face reference when retrieving from the cache * Add ToUnicode support for lessorequalslant and greaterorequalslant glib: * Add support for stamp annotation - add gpg keyring validation for the release tarball - drop da226d346e691f7545d995d6761d43e08855a3b7.patch (upstream) - Add da226d346e691f7545d995d6761d43e08855a3b7.patch -- CairoFontEnginer: increment font_face reference when retrieving from the cache; this fixes crashes with certain pdfs [glgo#GNOME/evince#1808, glfo#poppler/poppler#1212]. ==== shim ==== - Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282) - Revoked the change in shim.spec for "use common SBAT values (boo#1193282)" - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory is unstable for building out a stable shim binary for signing. (bsc#1198458) - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4 because closing-the-leap-gap. So sbat_distro_* variables are SLE version, not for openSUSE. (bsc#1198458) ==== unbound ==== Version update (1.16.0 -> 1.16.1) Subpackages: libunbound8 unbound-anchor - update to 1.16.1 * Features - Fix #704: [FR] Statistics counter for number of outgoing UDP queries sent; introduces 'num.query.udpout' to the 'unbound-control stats' command. * Bug Fixes - makedist.sh picks up 32bit libssp-0.dll when 32bit compile. - Fix for edns client subnet to respect not looking in its cache when instructed to do so (e.g., prefetch). - Merge PR #688: Rpz url notify issue. - Note in the unbound.conf text that NOTIFY is allowed from the url: addresses for auth and rpz zones. - Remove unused LDNS function check for GOST Engine unloading. - Fix for loading locally stored zones that have lines with blanks or blanks and comments. - Fix #663: use after free issue with edns options. - Clarify -v flag manpage entry (#705) - Fix test program dohclient close to use portability routine. - Show the output of the exact .rpl run that failed with 'make test'. - Fix for cached 0 TTL records to not trigger prefetching when serve-expired-client-timeout is set. - Add debug option to the mini_tdir.sh test code. - Fix to not count cached NXDOMAIN for MAX_TARGET_NX. - Allow fallback to the parent side when MAX_TARGET_NX is reached. This will also allow MAX_TARGET_NX more NXDOMAINs. - iana portlist update. - Fix detection of libz on windows compile with static option. - Fix compile warning for windows compile. - Merge PR #706: NXNS fallback. - From #706: Cached NXDOMAIN does not increase the target nx responses. - From #706: Don't generate parent side queries if we already have the lame records in cache. - From #706: When a lame address is the best choice, don't try to generate target queries when the missing targets are all lame. - Merge PR #671 from Petr Menšík: Disable ED25519 and ED448 in FIPS mode on openssl3. - Merge PR #660 from Petr Menšík: Sha1 runtime insecure. - For #660: formatting, less verbose logging, add EDE information. - Fix for correct openssl error when adding windows CA certificates to the openssl trust store. - Improve val_sigcrypt.c::algo_needs_missing for one loop pass. - Reintroduce documentation and more EDE support for val_sigcrypt.c::dnskeyset_verify_rrset_sig. - Fix bug introduced in 'improve val_sigcrypt.c::algo_needs_missing for one loop pass'. - Merge PR #668 from Cristian Rodríguez: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets. ==== yast2-auth-client ==== Version update (4.5.0 -> 4.5.1) - Remove nss_ldap and pam_ldap support in favour of SSSD (gh#yast/yast-auth-client#82) - 4.5.1 ==== yast2-bootloader ==== Version update (4.5.1 -> 4.5.2) - Execute the command grub2-mkpasswd-pbkdf2 in the target system so the module can run in a minimal container (bsc#1199840). - 4.5.2 ==== yast2-trans ==== Version update (84.87.20220709.5ead98f887 -> 84.87.20220729.608d4643aa) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20220729.608d4643aa: * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'base'. * New POT for text domain 'auth-client'. * Translated using Weblate (Czech) * Translated using Weblate (Czech) * New POT for text domain 'base'. * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'journal'. * New POT for text domain 'pam'. * New POT for text domain 'control'. * New POT for text domain 'autoinst'.