Packages changed: alsa (1.2.5.1 -> 1.2.6) alsa-plugins (1.2.5 -> 1.2.6) alsa-ucm-conf (1.2.5.1 -> 1.2.6) alsa-utils (1.2.5.1 -> 1.2.6) dbus-1-glib double-conversion (3.1.5 -> 3.1.6) emacs fftw3 (3.3.9 -> 3.3.10) fltk (1.3.7 -> 1.3.8) grub2 inkscape kmod libXfixes libserf libyui (4.2.21 -> 4.2.22) libyui-ncurses (4.2.21 -> 4.2.22) libyui-ncurses-pkg (4.2.21 -> 4.2.22) libyui-qt (4.2.21 -> 4.2.22) libyui-qt-graph (4.2.21 -> 4.2.22) libyui-qt-pkg (4.2.21 -> 4.2.22) live555 (2021.08.23 -> 2021.11.23) orca (41.0 -> 41.1) ovmf pcsc-lite (1.9.4 -> 1.9.5) perl-Try-Tiny (0.30 -> 0.31) python qemu re2 soundtouch (2.2 -> 2.3.1) sudo (1.9.7p2 -> 1.9.8p2) suse-module-tools (16.0.14+2 -> 16.0.16) susepaste virt-manager yast2-journal (4.4.0 -> 4.4.1) yast2-trans (84.87.20211126.cedf3cc035 -> 84.87.20211204.c55adb9b7a) yast2-users (4.4.9 -> 4.4.10) === Details === ==== alsa ==== Version update (1.2.5.1 -> 1.2.6) Subpackages: libasound2 libasound2-32bit libatopology2 - Update to version 1.2.6: lots of changes, including UCM and config updates and rawmidi framing mode support: for details, see below https://www.alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-lib - Add *.sig file for the source tarball ==== alsa-plugins ==== Version update (1.2.5 -> 1.2.6) Subpackages: alsa-plugins-pulse alsa-plugins-pulse-32bit alsa-plugins-speexrate alsa-plugins-upmix - Update to version 1.2.6: Fixes for a52 plugin, jack, rate-lav. For details, see URL: https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-plugins - Add *.sig file for the source tarball ==== alsa-ucm-conf ==== Version update (1.2.5.1 -> 1.2.6) - Update to version 1.2.6: various profile updates. See URL below for details: https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-ucm-conf - Add *.sig file for the tarball - Explicit Requires for the libasound2 with the same or newer version ==== alsa-utils ==== Version update (1.2.5.1 -> 1.2.6) - Update to alsa-utils 1.2.6: various updates / fixes for alsactl, amidi, alsaloop, alsamixer, alsatplg, amixer, aplay and aseqnet. Details are found in https://alsa-project.org/wiki/Changes_v1.2.5.1_v1.2.6#alsa-utils - Update the download URL - Add *.sig file for the tarball ==== dbus-1-glib ==== - Add relevant dbus-1-glib- provides/obsoletes also in baselibs.conf (boo#1193502). ==== double-conversion ==== Version update (3.1.5 -> 3.1.6) - update to 3.1.6: * Features some code cleanups. * Adds the following new architectures: loongarch, xtensa, nios2, e2k. ==== emacs ==== Subpackages: emacs-info emacs-nox emacs-x11 etags - Use %make_build macro. ==== fftw3 ==== Version update (3.3.9 -> 3.3.10) Subpackages: libfftw3-3 libfftw3_threads3 - update to 3.3.10: * Fix bug that would cause 2-way SIMD (notably SSE2 in double precision) to attempt unaligned accesses in certain obscure cases, causing segfaults. * This test computes a pair of length-4 real->complex transforms where the second input is 5 real numbers away from the first input. That is, there is a gap of one real number between the first and second input array. The -oexhaustive level allow FFTW to attempt to compute this transform by reducing it to a pair of complex transforms of length 2, but now the second input is not aligned to a complex-number boundary. The fact that 5 is odd is the problem. * The bug cannot occur in complex->complex transforms because the complex interface accepts strides in units of complex numbers, so strides are aligned by construction. ==== fltk ==== Version update (1.3.7 -> 1.3.8) - Update to 1.3.8: * Add new dialog with extended return values * Make "FLTK_CONSOLIDATE_MOTION" user-definable - Use bzip2 compressed sources ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-xen - Fix extent not found when initramfs contains shared extents (bsc#1190982) * 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch ==== inkscape ==== Subpackages: inkscape-extensions-extra inkscape-extensions-gimp inkscape-lang - Enable RPATH in cmake (bsc#1193183, bsc#1193261). ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Ensure that kmod and packages linking to libkmod provide same features (bsc#1193430). ==== libXfixes ==== Subpackages: libXfixes-devel libXfixes3 libXfixes3-32bit - update to version 6.0 is needed for GNOME41, particularly the gnome-settings-daemon's new feature to disconnect from Xwayland (JIRA #SLE-22829) ==== libserf ==== - Update Source links - add openssl3.patch to avoid using removed functionality in an irrelvant place ==== libyui ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== libyui-ncurses ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== libyui-ncurses-pkg ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== libyui-qt ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== libyui-qt-graph ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== libyui-qt-pkg ==== Version update (4.2.21 -> 4.2.22) - Send a proper notify event from the YMultiSelectionBox widget when checking a check box via the REST API (bsc#1192574) - 4.2.22 ==== live555 ==== Version update (2021.08.23 -> 2021.11.23) Subpackages: libBasicUsageEnvironment1 libUsageEnvironment3 libgroupsock30 - update to 2021.11.23: * Updated the "RTSPServer::setTLSState()" function to take an optional parameter "weServeSRTP". For now, the default value of this parameter is False, but it will get changed to True later, when we implement server-side SRTP. * Updated the RTSP server implementation to (optionally) support connections via TLS. * Updated the "TLSState" interface and implementation to (1) reduce the amount of stuff that the compiler gets to see if you're compiling with NO_OPENSSL defined, and (2) add a new subclass "ServerTLSState" that will eventually be used to implement optional TLS connections to our RTSP server. * Split the "TLSState" class into two classes: "TLSState" (an abstract base class), and "ClientTLSState" (a subclass). This is in preparation for later defining second subclass "ServerTLSState" that will eventually be used to implement TLS connections in our RTSP server. * Updated the implementation of AES encryption/decryption (used by our client SRTP implementation) to use the new OpenSSL EVP interface. This makes it possible to use hardware acceleration (e.g., AES-NI), when it is available. * Updated the "RTSPClient"s implementation of receiving RTP/RTCP-over-TCP so that it will also work over a RTSP-over-TLS (including RTSPS) connection. * Fixed a bug in "MatroskaFileParser" that could cause delivery of data to a downstream object that wasn't expecting it (potentially causing an invalid memory access). * The final (I hope!) update to eliminate a "depends on uninitialised value" report from 'valgrind'. ==== orca ==== Version update (41.0 -> 41.1) Subpackages: orca-lang - Update to version 41.1: + Web: - Fix presentation of selected items in datalist - Fix issue causing non-rendered headings being combined with other, rendered elements when presenting line contents - Improve behavior when focused back/forward button is pressed - Improve presentation of subscript and superscript elements (requires implementations exposing the associated AT-SPI2 roles) - Attempt to identify and present custom-element images - Fix SayAll for rich-text editors - Treat all list items inside listboxes as focus mode widgets regardless of authoring - Clear cached objects when not dumping full cache for child change to prevent skipping over newly-added content - Fix speech generator for browser alerts - Fix issues causing certain spin buttons to not be presented correctly + General: - Modify collections module import for Python3.10 compatibility - Event Manager: Handle name/description change floods - Adjust string for repeats when presenting text changes - Clear flat review context when page tab lists emit selection-changed to eliminate stale context (e.g. in a wizard) - Improve presentation of indeterminate progress bars (busy indicators) + Updated translations. ==== ovmf ==== Subpackages: qemu-ovmf-x86_64 qemu-uefi-aarch64 - cross-i386-binutils and cross-i386-gcc have been dropped from Factory, so use only cross-x86_64-* - boo#1193424 - Merge the difference from SLE for pushing back to SLE15-SP4 - Add/Update 50-xen-hvm-x86_64.json in descriptors.tar.xz - Add the json descriptor for xen-hvm (bsc#1180050) - Add "nvram-template" and change the firmware file to ovmf-x86_64-ms-4m.bin (bsc#1180050, bsc#1181264) - The following patches in SLE are already in edk2-edk2-stable202108 in factory, so they will be removed from 15-SP4 - ovmf-bsc1177789-cryptopkg-fix-null-dereference.patch to fix the potential NULL dereference in AuthenticodeVerify() (bsc#1177789, CVE-2019-14584) - 26442d11e620a9 edk2-stable202011~124 - ovmf-bsc1180079-amd-sev-es-mitigation.patch to mitigate the potential AMD SEV-ES security issues (bsc#1180079) - a91b700e385e74 edk2-stable202102~181 - ovmf-jscSLE-16075-SEV-ES-use-physical-address.patch as the follow-up patch for SEV-ES to fix the flash writing (jsc#SLE-16075) - 3a3501862f7309 edk2-stable202102~105 - ovmf-bsc1183578-lzma-catch-4GB.patch to fix the possible heap corruption (bsc#1183578, CVE-2021-28211) - e7bd0dd26db7e5 edk2-stable202011~7 - ovmf-bsc1183579-fix-fv-recursion.patch to fix unlimited FV recursion (bsc#1183579, CVE-2021-28210) - b9bdfc72853fe9 edk2-stable202011~9 - Add ovmf-bsc1186151-fix-iscsi-overflows.patch to fix the possible overflows in IScsiDxe (bsc#1186151) - 83761337ec91fb edk2-stable202108-rc0~171 ==== pcsc-lite ==== Version update (1.9.4 -> 1.9.5) Subpackages: libpcsclite1 - version 1.9.5 * pcscd: autoexit even if no client connects * Fix variable substitution in systemd units * fix potential race conditions with powerState handling * Add and use tag TAG_IFD_DEVICE_REMOVED * UnitaryTests: port code to Python 3 ==== perl-Try-Tiny ==== Version update (0.30 -> 0.31) - updated to 0.31 see /usr/share/doc/packages/perl-Try-Tiny/Changes 0.31 2021-11-23 20:29:12Z - plug Syntax::Keyword::Try and Feature::Compat::Try in the docs ==== python ==== - build against openssl 1.1.x (incompatible with openssl 3.0x) for now ==== qemu ==== Subpackages: qemu-accel-qtest qemu-accel-tcg-x86 qemu-arm qemu-audio-spice qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-kvm qemu-lang qemu-microvm qemu-ppc qemu-s390x qemu-seabios qemu-sgabios qemu-skiboot qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu qemu-x86 * Patches added (bsc#1186256): qemu-binfmt-conf.sh-allow-overriding-SUS.patch - cross-i386-binutils and cross-i386-gcc are not needed and were dropped from Factory - boo#1193424 ==== re2 ==== - Use newer libs and GCC on Leap 15.3 & 15.4 ==== soundtouch ==== Version update (2.2 -> 2.3.1) - update to 2.3.1: * Adjusted cmake build settings and header files that cmake installs * Disable setting "SOUNDTOUCH_ALLOW_NONEXACT_SIMD_OPTIMIZATION" by default. The original purpose of this setting was to avoid performance penalty due to unaligned SIMD memory accesses in old CPUs, but that is not any more issue in concurrent CPU SIMD implementations and having this setting enabled can cause slight compromise in result quality. * soundtouch.clear() to really clear whole processing pipeline state. Earlier individual variables were left uncleared, which caused slightly different result if the same audio stream were processed again after calling clear(). * TDstretch to align initial offset position to be in middle of correlation search window. This ensures that with zero tempo change the output will be same as input. * Fix a bug in TDstrectch with too small initial skipFract value that occurred with certain processing parameter settings: Replace assert with assignment that corrects the situation. * Remove OpenMP "_init_threading" workaround from Android build as it's not needed with concurrent Android SDKs any more. ==== sudo ==== Version update (1.9.7p2 -> 1.9.8p2) Subpackages: sudo-plugin-python - update to 1.9.8p2 * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. - update to 1.9.8p1 * Fixed support for passing a prompt (sudo -p) or a login class (sudo -l) on the command line. This is a regression introduced in sudo 1.9.8. Bug #993. * Fixed a crash with "sudo ALL" rules in the LDAP and SSSD back-ends. This is a regression introduced in sudo 1.9.8. Bug #994. * Fixed a compilation error when the --enable-static-sudoers configure option was specified. This is a regression introduced in sudo 1.9.8 caused by a symbol clash with the intercept and log server protobuf functions. * It is now possible to transparently intercepting sub-commands executed by the original command run via sudo. Intercept support is implemented using LD_PRELOAD (or the equivalent supported by the system) and so has some limitations. The two main limitations are that only dynamic executables are supported and only the execl, execle, execlp, execv, execve, execvp, and execvpe library functions are currently intercepted. Its main use case is to support restricting privileged shells run via sudo. To support this, there is a new "intercept" Defaults setting and an INTERCEPT command tag that can be used in sudoers. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh Defaults!SHELLS intercept would cause sudo to run the listed shells in intercept mode. This can also be set on a per-rule basis. For example: Cmnd_Alias SHELLS=/bin/bash, /bin/sh, /bin/csh, /bin/ksh, /bin/zsh chuck ALL = INTERCEPT: SHELLS would only apply intercept mode to user "chuck" when running one of the listed shells. In intercept mode, sudo will not prompt for a password before running a sub-command and will not allow a set-user-ID or set-group-ID program to be run by default. The new intercept_authenticate and intercept_allow_setid sudoers settings can be used to change this behavior. * The new "log_subcmds" sudoers setting can be used to log additional commands run in a privileged shell. It uses the same mechanism as the intercept support described above and has the same limitations. * The new "log_exit_status" sudoers setting can be used to log the exit status commands run via sudo. This is also a corresponding "log_exit" setting in the sudo_logsrvd.conf eventlog stanza. * Support for logging sudo_logsrvd errors via syslog or to a file. Previously, most sudo_logsrvd errors were only visible in the debug log. * Better diagnostics when there is a TLS certificate validation error. * Using the "+=" or "-=" operators in a Defaults setting that takes a string, not a list, now produces a warning from sudo and a syntax error from inside visudo. * Fixed a bug where the "iolog_mode" setting in sudoers and sudo_logsrvd had no effect when creating I/O log parent directories if the I/O log file name ended with the string "XXXXXX". * Fixed a bug in the sudoers custom prompt code where the size parameter that was passed to the strlcpy() function was incorrect. No overflow was possible since the correct amount of memory was already pre-allocated. * The mksigname and mksiglist helper programs are now built with the host compiler, not the target compiler, when cross-compiling. Bug #989. * Fixed compilation error when the --enable-static-sudoers configure option was specified. This was due to a typo introduced in sudo 1.9.7. GitHub PR #113. - pack /usr/libexec/sudo/sudo/sudo_intercept.so ==== suse-module-tools ==== Version update (16.0.14+2 -> 16.0.16) - Update to version 16.0.16: * modprobe.d: split conf files (jsc#SLE-21626, boo#1193059) - Rather than shipping two large files with modprobe.d options (00-system.conf and 50-blacklist.conf), ship multiple small per-module files. This makes it easier for users to override distribution defaults. * blacklist isst_if_mbox_msr (bsc#1187196) * boot-sysctl: make sure file exists (fix for containers) * remove blacklist entry for snd_bt87x (bsc#1192974, bsc#51718) ==== susepaste ==== Subpackages: susepaste-screenshot - Add 0002-susepaste-add-image-paste-info.patch: Add info on posting an image to susepaste in the man page, (boo#1193400). ==== virt-manager ==== Subpackages: virt-install virt-manager-common - jsc#SLE-17735 - Support Oracle Linux as a guest VM. See also bsc#1192238 [Build58.2][KVM] The latest supported OracleLinux as guest versions are not included anywhere virtinst-add-oracle-linux-support.patch - bsc#1188223 - L3: Sles12sp3 DomU won't boot after adding phys hard drive virtinst-xenbus-disk-index-fix.patch - jsc#SLE-21540 Dev: Prefer UEFI when creating new virtual machines. Add a preferences option to allow users to default to UEFI when creating a new VM. Libvirt decides which firmware file to use. virtman-add-firmware-preferences.patch - Renamed patch virtinst-modify-gui-defaults.patch to virtman-modify-gui-defaults.patch ==== yast2-journal ==== Version update (4.4.0 -> 4.4.1) - Prepare code for ruby3 (bsc#1193192) - 4.4.1 ==== yast2-trans ==== Version update (84.87.20211126.cedf3cc035 -> 84.87.20211204.c55adb9b7a) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20211204.c55adb9b7a: * New POT for text domain 'installation'. * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * New POT for text domain 'update'. * New POT for text domain 'storage'. * New POT for text domain 'packager'. * New POT for text domain 'installation'. * New POT for text domain 'base'. * New POT for text domain 'add-on'. * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * Translated using Weblate (Portuguese) * New POT for text domain 'users'. * New POT for text domain 'installation'. * New POT for text domain 'autoinst'. * New POT for text domain 'update'. * Translated using Weblate (Japanese) ==== yast2-users ==== Version update (4.4.9 -> 4.4.10) - Prepare code for ruby3 (bsc#1193192) - 4.4.10