Packages changed: ImageMagick (7.1.1.6 -> 7.1.1.8) ca-certificates-mozilla cyrus-sasl gettext-runtime iproute2 (6.2 -> 6.3) kmod krb5 less (632 -> 633) libXi (1.8 -> 1.8.1) libcddb libfastjson (0.99.9 -> 1.2304.0) libjpeg-turbo libreoffice (7.5.2.2 -> 7.5.3.1) libwebp (1.2.4 -> 1.3.0) mc newt postfix python-ply qca-qt5 (2.3.5 -> 2.3.6) qtkeychain-qt5 talloc tevent virtualbox (7.0.6 -> 7.0.8) virtualbox-kmp (7.0.6_k6.3.1_1 -> 7.0.8_k6.3.1_1) wxWidgets-3_0 zenity (3.91.0 -> 3.92.0) === Details === ==== ImageMagick ==== Version update (7.1.1.6 -> 7.1.1.8) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - version update to 7.1.1.8 - https://github.com/ImageMagick/Website/blob/main/ChangeLog.md#711-8---2023-04-22 ==== ca-certificates-mozilla ==== - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== cyrus-sasl ==== Subpackages: cyrus-sasl-crammd5 cyrus-sasl-digestmd5 cyrus-sasl-gssapi cyrus-sasl-plain libsasl2-3 libsasl2-3-32bit - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== gettext-runtime ==== Subpackages: libtextstyle0 - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. ==== iproute2 ==== Version update (6.2 -> 6.3) Subpackages: iproute2-bash-completion - Update to release 6.3: * New release of iproute2 corresponding to the 6.3 kernel. No large feature improvements only incremental improvements to the bridge mdb support, mostly just bug fixes. - Rebase patches. ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== krb5 ==== Subpackages: krb5-32bit krb5-client - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. ==== less ==== Version update (632 -> 633) - Update to 633 * This release fixes a build problem found in less-632 on systems which have termcap.h in a subdirectory (ncurses/termcap.h or ncursesw/termcap.h). There is no functional difference between less-632 and less-633 ==== libXi ==== Version update (1.8 -> 1.8.1) - Update to version 1.8.1 * Fix spelling/wording issues * gitlab CI: enable commit & merge request checks * gitlab CI: enable gitlab's builtin static analysis * XInput_find_display: Don't dereference NULL dpyinfo * configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * Initialize a few stack vars to zero ==== libcddb ==== - Transform into a proper _multibuild package: the spec is already prepared and uses a few variables to distinguish flavors. ==== libfastjson ==== Version update (0.99.9 -> 1.2304.0) - update to 1.2304.0: * CVE-2020-12762: integer overflow and out-of-bounds write via large JSON file (boo#1171479) ==== libjpeg-turbo ==== Subpackages: libjpeg8 libturbojpeg0 - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== libreoffice ==== Version update (7.5.2.2 -> 7.5.3.1) Subpackages: libreoffice-base libreoffice-calc libreoffice-draw libreoffice-filters-optional libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-cs libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-es libreoffice-l10n-fr libreoffice-l10n-hu libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-ru libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-mailmerge libreoffice-math libreoffice-pyuno libreoffice-qt5 libreoffice-writer libreofficekit - Update to 7.5.3.1 https://wiki.documentfoundation.org/Releases/7.5.3/RC1 ==== libwebp ==== Version update (1.2.4 -> 1.3.0) Subpackages: libwebp7 libwebpdemux2 libwebpmux3 - update baselibs.conf for the new libsharpyuv - update to 1.3.0 This is a binary compatible release. * add libsharpyuv, which exposes -sharp_yuv/config.use_sharp_yuv functionality to other libraries; libwebp now depends on this library * major updates to the container and lossless bitstream docs (#448, #546, [#551]) * miscellaneous warning, bug & build fixes (#576, #583, #584) ==== mc ==== Subpackages: mc-lang - Replace xorg-x11-devel by pkgconfig(...) ==== newt ==== - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== postfix ==== - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== python-ply ==== - Move documentation into main package for SLE15 ==== qca-qt5 ==== Version update (2.3.5 -> 2.3.6) Subpackages: libqca-qt5-2 qca-qt5-plugins - Update to 2.3.6. No changelog. - Drop patches, merged upstream: * 0001-Remove-test-that-openssl-has-decided-it-s-wrong.patch * 0001-hashunittest-run-sha384longtest-only-for-providers-t.patch ==== qtkeychain-qt5 ==== Subpackages: libqt5keychain1 libqt5keychain1-lang - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== talloc ==== Subpackages: libtalloc2 libtalloc2-32bit python3-talloc - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== tevent ==== Subpackages: libtevent0 libtevent0-32bit python3-tevent - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== virtualbox ==== Version update (7.0.6 -> 7.0.8) - VirtualBox 7.0.8 (released April 18 2023) This is a maintenance release. The following items were fixed and/or added: VMM: Introduced general improvements in nested visualization area GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491) GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored GUI: Fixes for VM name and OS type embedded editors of Details pane GUI: Cloud related wizards should now propose enabled profiles before disabled Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption E1000: Fixed possible guru meditation when changing network attachments (bug #21488) virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201) 3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521) Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key) VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key Guest Control/Main: Fixed deleting files via built-in toolbox Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3 Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450) Fixes for (boo#1210616) CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Prior to 6.1.44, Prior to 7.0.8 Removed file fixes_for_kernel_6.3.patch - removed upstream. Removed file fix_kmp_build.patch. Thanks to Javier de San Pedro for the simplfication of the KMP build. - Fix some memory leaks in file "fix_7.0.6_locking_problems.patch" Fix bug in /usr/bin/VirtualBox, aka "virtualbox-wrapper.sh". The wrapper failed whenever the user declined USB passthru. boo#1208941. ==== virtualbox-kmp ==== Version update (7.0.6_k6.3.1_1 -> 7.0.8_k6.3.1_1) - VirtualBox 7.0.8 (released April 18 2023) This is a maintenance release. The following items were fixed and/or added: VMM: Introduced general improvements in nested visualization area GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491) GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored GUI: Fixes for VM name and OS type embedded editors of Details pane GUI: Cloud related wizards should now propose enabled profiles before disabled Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption E1000: Fixed possible guru meditation when changing network attachments (bug #21488) virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201) 3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521) Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key) VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key Guest Control/Main: Fixed deleting files via built-in toolbox Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3 Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450) Fixes for (boo#1210616) CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Prior to 6.1.44, Prior to 7.0.8 Removed file fixes_for_kernel_6.3.patch - removed upstream. Removed file fix_kmp_build.patch. Thanks to Javier de San Pedro for the simplfication of the KMP build. - Fix some memory leaks in file "fix_7.0.6_locking_problems.patch" Fix bug in /usr/bin/VirtualBox, aka "virtualbox-wrapper.sh". The wrapper failed whenever the user declined USB passthru. boo#1208941. ==== wxWidgets-3_0 ==== - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. ==== zenity ==== Version update (3.91.0 -> 3.92.0) Subpackages: zenity-lang - Update to version 3.92.0: + progress: don't update responses that aren't there + Set dialog 'heading', not 'title' for the --title option + tree: fix handling of multi-row stdin input + tree-column-view: don't steal children + Port to webkitgtk 6.0 + webkit: Fix leak by removing unnecessary ref sink + option: Add non-fatal deprecation warning for - -confirm-overwrite + help: Fix typo in Basque help translation + Updated translations.