Packages changed: apparmor bluez bzip2 fillup fmt freetype2 (2.12.0 -> 2.12.1) fuse3 (3.10.5 -> 3.11.0) gpg2 (2.3.4 -> 2.3.6) kustomize libapparmor libdnf (0.66.0 -> 0.67.0) libnetfilter_cthelper (1.0.0 -> 1.0.1) libnetfilter_cttimeout (1.0.0 -> 1.0.1) libqmi (1.30.4 -> 1.30.6) libseccomp (2.5.3 -> 2.5.4) libunwind (1.5.0 -> 1.6.2) libxcb (1.14 -> 1.15) libxml2 (2.9.13 -> 2.9.14) mozilla-nss (3.76.1 -> 3.77) open-iscsi python-SQLAlchemy (1.4.35 -> 1.4.36) raspberrypi-firmware-dt (2022.02.25 -> 2022.04.24) rpm snapper (0.10.1 -> 0.10.2) sqlite3 (3.38.2 -> 3.38.3) vim (8.2.4745 -> 8.2.4877) weave === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ==== bluez ==== - add Requires(post): systemd for bluez-auto-enable-devices * fixes boo#1198906 ==== bzip2 ==== - Port rpmlintrc format to rpmlint 2.x. ==== fillup ==== - use https as url ==== fmt ==== - Replace obsolete macro %make_jobs by %cmake_build ==== freetype2 ==== Version update (2.12.0 -> 2.12.1) - drop revert-ft212-subpixel-hinting-change.patch: upstream - Update to 2.12.1: - Loading CFF fonts sometimes made FreeType crash (bug introduced in version 2.12.0) - Loading a fully hinted TrueType glyph a second time (without caching) sometimes yielded different rendering results if TrueType hinting was active (bug introduced in version 2.12.0). - The generation of the pkg-config file `freetype2.pc` was broken if the build was done with cmake (bug introduced in version 2.12.0). - The meson build no longer enforces both static and dynamic versions of the library by default. - The internal zlib library was updated to version 1.2.12. Note, however, that FreeType is *not* affected by CVE-2018-25032 since it only does decompression. - Drop freetype-2.12.0-cff_slot_load-segfault.patch - Drop 079a22da037835daf5be2bd9eccf7bc1eaa2e783.patch ==== fuse3 ==== Version update (3.10.5 -> 3.11.0) - Update to version 3.11.0: * Add support for flag FOPEN_NOFLUSH for avoiding flush on close. * Fixed returning an error condition to ioctl(2) ==== gpg2 ==== Version update (2.3.4 -> 2.3.6) - GnuPG 2.3.6: * Up to five times faster verification of detached signatures, doubled detached signing speed, threefold decryption speedup for large files, nearly double the AES256.OCB encryption speed * Add support for GeNUA cards * Added and improved options for crypto options, and all-around bug fixes ==== kustomize ==== - Remove dependency on binutils-gold as the package will be removed in the future. Gold linker is unmaintained by the upstream project. ==== libapparmor ==== - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ==== libdnf ==== Version update (0.66.0 -> 0.67.0) Subpackages: libdnf-repo-config-zypp libdnf2 - Update to 0.67.0: * Add 'loongarch' support * Use dnf solv userdata to check versions and checksum (rh#2027445) * context: Substitute all repository config options (rh#2076853) ==== libnetfilter_cthelper ==== Version update (1.0.0 -> 1.0.1) - Update to release 1.0.1 * Allow build on uclinux * Resolve use-after-free in nfct_helper_free() * Resolve double free in nfct-helper-add example * Fixed incorrect netlink message building with multiple nfct helper policies - Drop fix_h_expect_policy_free.patch (merged) ==== libnetfilter_cttimeout ==== Version update (1.0.0 -> 1.0.1) - Update to release 1.0.1 * Allow building on uclinux ==== libqmi ==== Version update (1.30.4 -> 1.30.6) - Update to 1.30.6 * meson: fix 'export_packages' in GIR setup. * net-port-manager: use unaligned netlink attribute length. - Drop the unneeded rpmlintrc file ==== libseccomp ==== Version update (2.5.3 -> 2.5.4) - Deactive python3 by default, it's just not a good idea for ring0. - Update to release 2.5.4 * Update the syscall table for Linux v5.17. * Fix minor issues with binary tree testing and with empty binary trees. * Minor documentation improvements including retiring the mailing list. - buildrequire python-rpm-macros - reenable python bindings at least for the distro default python3 package: - adds make-python-build.patch ==== libunwind ==== Version update (1.5.0 -> 1.6.2) - update to 1.6.2: * Fix off-by-one error in x86_64 stack frames * Fix error in aarch64 unw_sigcontext * resolve possible null pointer dereference * Switch to C11 atomics * RISC-V support * aarch64 getcontext functionality ==== libxcb ==== Version update (1.14 -> 1.15) Subpackages: libxcb-render0 libxcb-shm0 libxcb1 - buildrequire xcb-proto >= 1.15 - Update to version 1.15 * xcb_auth: Quiet -Wimplicit-fallthrough warning in get_authptr() * Fix integer overflows in xcb_in.c * Use the 'present' field to properly check that the XC-MISC * Fix a memory leak * Increment libtool version info for libxcb-dri3 * Add newline when printing auth/connection failure string to stderr * Fix build on Windows * Fix writev emulation on Windows * c_client.py: Extract get_expr_field_names() * c_client.py: Use get_expr_field_names directly to resolve list fields * c_client: Extract _c_get_field_mapping_for_expr() * c_client.py: Implement handling of element * tests: don't use deprecated fail_unless check API * gitignore: add files generated by make check * Avoid request counter truncation in replies map after 2**32 requests * Fix hang in xcb_request_check() * Improve/fix docs for reply fds functions ==== libxml2 ==== Version update (2.9.13 -> 2.9.14) Subpackages: libxml2-2 libxml2-tools - Update to 2.9.14: * Security: + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer + Fix potential double-free in xmlXPtrStringRangeFunction + Fix memory leak in xmlFindCharEncodingHandler + Normalize XPath strings in-place + Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() + Fix leak of xmlElementContent * Bug fixes: + Fix parsing of subtracted regex character classes + Fix recursion check in xinclude.c + Reset last error in xmlCleanupGlobals + Fix certain combinations of regex range quantifiers + Fix range quantifier on subregex * Improvements: + Fix recovery from invalid HTML start tags * Build system, portability: + Define LFS macros before including system headers + Initialize XPath floating-point globals + configure: check for icu DEFS + configure.ac: produce tar.xz only (GNOME policy) + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER + Fix build with older Python versions + Fix --without-valid build ==== mozilla-nss ==== Version update (3.76.1 -> 3.77) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.77 * Bug 1762244 - resolve mpitests build failure on Windows. * bmo#1761779 - Fix link to TLS page on wireshark wiki * bmo#1754890 - Add two D-TRUST 2020 root certificates. * bmo#1751298 - Add Telia Root CA v2 root certificate. * bmo#1751305 - Remove expired explicitly distrusted certificates from certdata.txt. * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. * bmo#1756271 - Remove token member from NSSSlot struct. * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime. * bmo#1757279 - Support UTF-8 library path in the module spec string. * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. * bmo#1760827 - Add a CI Target for gcc-11. * bmo#1760828 - Change to makefiles for gcc-4.8. * bmo#1741688 - Update googletest to 1.11.0 * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API. * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts. * bmo#1755904 - Fix calculation of ECH HRR Transcript. * bmo#1758741 - Allow ld path to be set as environment variable. * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests. * bmo#1758478 - Fix DataBuffer Move Assignment. * bmo#1552254 - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 * bmo#1755092 - rework signature verification in mozilla::pkix ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Updated to latest upstream version, tagged 2.1.7. Changes included: * updated/fixed test script * updated build system * several bug fixes, including one for bsc#1199264 ==== python-SQLAlchemy ==== Version update (1.4.35 -> 1.4.36) - update to 1.4.36: * details on https://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.36 * Fixed regression where the change made for #7861, released in version 1.4.33, that brought the Insert construct to be partially recognized as an ORM-enabled statement * Modified the DeclarativeMeta metaclass to pass cls.__dict__ into the declarative scanning process to look for attributes, rather than the separate dictionary passed to the type?s __init__() method * Fixed a memory leak in the C extensions which could occur when calling upon named members of Row when the member does not exist under Python 3 * Added a warning regarding a bug which exists in the Result.columns() method when passing 0 for the index in conjunction with a Result that will return a single ORM entity, which indicates that the current behavior of Result.columns() is broken in this case as the Result object will yield scalar values and not Row objects * Fixed bug where ForeignKeyConstraint naming conventions using the referred_column_0 naming convention key would not work if the foreign key constraint were set up as a ForeignKey object rather than an explicit ForeignKeyConstraint object. ==== raspberrypi-firmware-dt ==== Version update (2022.02.25 -> 2022.04.24) - Use last patch commit date instead patch creation date when creating device tree archive and package version. Patch creation date could be much earlier than patch commit date, which could mislead which patches are included inside the package. For example: commit 7e72dd813a175ea7bf166655217ce60fbd7d4a21 Author: Dom Cobley AuthorDate: Tue Oct 19 14:15:45 2021 +0100 Commit: Dom Cobley CommitDate: Mon Nov 29 16:26:09 2021 +0000 dt: Move VEC clock to clk-raspberrypi Package which contain this commit was named 2021.11.19 while obviously it has changes from 2021.11.29. - Update to da91801ca1 (2022-04-24) * overlays: Fix pitft28/35-resistive rotate params * ARM: dts: Add i2c0mux node to Model B rev 1 * overlays: Add "drm" parameter to pitft28-resistive * overlays: mipi-dbi-spi: width-mm and height-mm are mandatory * Add support for the AudioInjector.net bare i2s sound card * dtoverlays: Add overlay for Sony IMX258 image sensor * ARM: dts: Enable PMU on Cortex-A72 in AArch32 state * overlays/rpi-display: Add support for DRM driver * Revert "update rpi-display-overlay.dts pins for 5.10+" * overlays: Add overlay for MIPI DBI displays * dtoverlays: Connect the backlight to the pitft35 display * overlays: iqs550: Enable interrupt pull-down * CM1&3 cam1_reg and cam1_reg_gpio fix * dtoverlay: Add VCM option to ov5647 overlay * dtoverlays: Add VCM option to imx219 * ARM: dts: bcm2711-rpi-ds: Disable the BCM2835 STC ==== rpm ==== Subpackages: librpmbuild9 - update rpm-shorten-changelog.diff: fix shortening of changelog, the non-primary binary packages had the full changelog - update macrosin.diff: remove binarychangelog cutoff setting, this comes from rpm-config-SUSE now ==== snapper ==== Version update (0.10.1 -> 0.10.2) Subpackages: libsnapper6 - fixed error handling when reading configs (gh#openSUSE/snapper#715) - version 0.10.2 ==== sqlite3 ==== Version update (3.38.2 -> 3.38.3) - update to 3.38.3: * Fix a case of the query planner be overly aggressive with optimizing automatic-index and Bloom-filter construction, using inappropriate ON clause terms to restrict the size of the automatic-index or Bloom filter, and resulting in missing rows in the output. * Other minor patches. See the timeline for details. ==== vim ==== Version update (8.2.4745 -> 8.2.4877) Subpackages: vim-data-common vim-small - Updated to version 8.2.4877, fixes the following problems - fixes CVE-2022-1381 ( boo#1198596 ) * Using wrong flag for using bell in the terminal. * Supercollider filetype not recognized. * No filetype override for .sys files. * Cannot use an imported function in a mapping. *