Packages changed: PackageKit checkpolicy (3.1 -> 3.2) cups e2fsprogs (1.46.1 -> 1.46.2) elfutils enchant (2.2.8 -> 2.2.15) evolution-data-server ffmpeg-4 (4.3.1 -> 4.3.2) gnome-shell kernel-firmware (20210208 -> 20210315) libnettle (3.7.1 -> 3.7.2) libnice (0.1.17 -> 0.1.18) libselinux (3.1 -> 3.2) libselinux-bindings (3.1 -> 3.2) patterns-microos policycoreutils (3.1 -> 3.2) python-semanage (3.1 -> 3.2) setools (4.3.0 -> 4.4.0) snapper (0.8.15 -> 0.8.16) taglib (1.11.2~git20190725.79bc9ccf -> 1.12) toolbox (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) === Details === ==== PackageKit ==== Subpackages: libpackagekit-glib2-18 - Add PackageKit-remove-transaction-size-limit.patch: Remove large transaction size sanity check (gh#hughsie/PackageKit/commit#ac5c8660) ==== checkpolicy ==== Version update (3.1 -> 3.2) - Update to version 3.2 * Fix a memleak and an integer overflow ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960) - Remove code comments from expanded scriptlets to reduce size ==== e2fsprogs ==== Version update (1.46.1 -> 1.46.2) Subpackages: libcom_err2 libext2fs2 - e2fsprogs 1.46.2: * tune2fs -c now takes "random" argument * Add support for the FS_NOCOMP_FL flag to chattr and lsattr * Fix warnings when resizing small file systems to a super-large * Fix the debugfs rdump and ls commands so they will work correctly for uid's and gid's => 65536 * Fix the debugfs write and symlink commands so they support targets which contain a pathname * Fix Direct I/O support on block devices where the logical block size is greater 1k * Fix debugfs's logdump so it works on file systems whose block size is greater than 8k * Fix a crash when there is error while e2fsck is trying to open the file system, and e2fsck calls ext2fs_mmp_stop() before MMP has been initialized * Improved error checking in the fast commit replay code in e2fsck * Fix various compiler and Coverity warnings * Update the Spanish translation from the translation project ==== elfutils ==== Subpackages: libasm1 libdw1 libelf1 - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ==== enchant ==== Version update (2.2.8 -> 2.2.15) Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Update to version 2.2.15: + Specify that nuspell >= 4.1.0 is required. + Fix some space leaks in the tests. + The nuspell backend is updated for newer versions. + Make the enchant program output its version to standard output, not standard error. This may help some programs that use this output. + Fix a bug in the Voikko and Zemberek back-ends that could cause spell checking and suggestion to fail. + Make enchant silently ignore -B flag, for better Emacs compatibility. + Make enchant_broker_list_dicts sort the tags, so that enchant-lsmod?s output is sorted. + Minor build system improvement: don?t use -D_FORTIFY_SOURCE, which can cause problems on Windows, and should be configured by the compiler vendor if desired. + Fix Hunspell backend to treat apostrophes as Hunspell does: if either straight or curly apostrophe is a word character, allow both. + Fix a couple of space leaks in the Nuspell back end. - Drop Fix_back-ends_that_want_a_NUL-terminated_string.patch: fixed upstream. ==== evolution-data-server ==== Subpackages: libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-25 libedataserverui-1_2-2 - Add evolution-data-server-boo1182882.patch: fix buffer overrun when parsing base64 data (boo#1182882). ==== ffmpeg-4 ==== Version update (4.3.1 -> 4.3.2) Subpackages: libavcodec58_91 libavformat58_45 libavutil56_51 libswresample3_7 - update to 4.3.2: * lots of oss-fuzz reported overflow fixes, see included ChangeLog - drop ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch 0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Disable gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: Clears existing keyboard on gnome-shell restart (boo#1183823). - Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: Modify the Japanese input engine load order which will more fit for our community(bnc#1183475); ==== kernel-firmware ==== Version update (20210208 -> 20210315) - Update to version 20210315 (git commit 3568f962908c): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtw88: 8822c: Update normal firmware to v9.9.6 * iwlwifi: add new FWs from core59-66 release * iwlwifi: update 9000-family firmwares * iwlwifi: update 7265D firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406 * linux-firmware: add frimware for mediatek bluetooth chip (MT7921) * rtw89: 8852a: add firmware v0.9.12.2 * WHENCE: add missing symlink for BananaPi M3 * Add symlink for BananaPi M2 to brcmfmac43430-sdio config * brcm: Fix Raspberry Pi 4B NVRAM file * silabs: add new firmware for WF200 * amdgpu: add initial firmware for green sardine * rtw88: RTL8822C: Update normal firmware to v9.9.5 - Drop obsoleted patch: Revert-brcm-rpi4-boardflags3-bit.patch - Update topics and aliases ==== libnettle ==== Version update (3.7.1 -> 3.7.2) Subpackages: libhogweed6 libnettle8 - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (boo#1183835) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger ==== libnice ==== Version update (0.1.17 -> 0.1.18) - Update descriptions to be closer to the other GNOME packages. - Update to 0.1.18: * Remove the autotools build system, now only meson is available * Accept receiving messages in multiple steps over TCP * Accept duplicated ports as last option instead of spinning forever * Use sendmmsg if possible to send multiple packets in one call * Fail gathering if no port is available * Hide the implementation of NiceCandidate, this hides some parts that were previously visible * Enable TURN server connects where both TCP and UDP use the same port number * Don't count rejected STUN messages as keepalive packets * On Windows, the improvements and fixes - use crypto library instead of CryptGenRandom() which is deprecated - use GetBestInterfaceEx() for UWP compatibility - fix the listing of interfaces to use the correct APIs - implement ignoring interfaces * Add buildrquires: gobject-introspection-devel and meson * The move from autoFOO to meson ==== libselinux ==== Version update (3.1 -> 3.2) Subpackages: libselinux1 selinux-tools - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. + Replace pkgconfig(libpcre) Requires in -devel static with pkgconfig(libpcre2-8). - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== libselinux-bindings ==== Version update (3.1 -> 3.2) - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Remove gnome-calculator and add gnome-branding-MicroOS to MicroOS GNOME Desktop - Add gnome-shell-search-provider-nautilus and gnome-color-manager to MicroOS GNOME Desktop - gnome-color-manager needed for Night Light - Use busybox hostname and gzip for MicroOS except for the Desktop - Require util-linux instead of "login" alias - Remove supportutils, we didn't use it and it pulls in more than we want - Ensure that a repository configuration package is installed for Micro DNF or PackageKit patterns - Split base pattern into separate patterns for Zypper, Micro DNF, and PackageKit - Make GNOME and KDE Plasma patterns require PackageKit pattern ==== policycoreutils ==== Version update (3.1 -> 3.2) Subpackages: policycoreutils-python-utils python3-policycoreutils - Update to version 3.2 * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * `setfiles` doesn't abort on labeling errors - Refreshed get_os_version.patch ==== python-semanage ==== Version update (3.1 -> 3.2) - Minor spec file cleanups - Update to version 3.2 * dropped old and deprecated symbols and functions libsemanage version was bumped to libsemanage.so.2 * libsemanage tries to sync data to prevent empty files in SELinux module store ==== setools ==== Version update (4.3.0 -> 4.4.0) - Update to the version 4.4.0: * Added support for old Boolean name substitution in seinfo and sesearch. * Added sechecker tool which is a configuration file driven analysis tool. ==== snapper ==== Version update (0.8.15 -> 0.8.16) Subpackages: libsnapper5 - fixed creating root config (root prefix handling) (gh#openSUSE/snapper#627) ==== taglib ==== Version update (1.11.2~git20190725.79bc9ccf -> 1.12) - Add missing zlib dependency in devel package - reference download url of tarball - Update to version 1.12: * Added support for WinRT. * Added support for Linux on POWER. * Added support for classical music tags of iTunes 12.5. * Added support for file descriptor to FileStream. * Added support for 'cmID', 'purl', 'egid' MP4 atoms. * Added support for 'GRP1' ID3v2 frame. * Added support for extensible WAV subformat. * Enabled FileRef to detect file types based on the stream content. * Dropped support for Windows 9x and NT 4.0 or older. * Check for mandatory header objects in ASF files. * More tolerant handling of RIFF padding, WAV files, broken MPEG streams. * Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates. * Improved Windows compatibility by storing FLAC picture after comments. * Fixed numerical genres in ID3v2.3.0 'TCON' frames. * Fixed consistency of API removing MP4 items when empty values are set. * Fixed consistency of API preferring COMM frames with no description. * Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439). * Fixed handling of empty MPEG files. * Fixed parsing MP4 mdhd timescale. * Fixed reading MP4 atoms with zero length. * Fixed reading FLAC files with zero-sized seektables. * Fixed handling of lowercase field names in Vorbis Comments. * Fixed handling of 'rate' atoms in MP4 files. * Fixed handling of invalid UTF-8 sequences. * Fixed possible file corruptions when saving Ogg files. * Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files. * TableOfContentsFrame::toString() improved. * UserTextIdentificationFrame::toString() improved. * Marked FileRef::create() deprecated. * Marked MPEG::File::save() with boolean parameters deprecated, provide overloads with enum parameters. * Several smaller bug fixes and performance improvements. - Remove obsolete patches: * taglib-versionbump.patch * 0001-Changed-libdir-includedir-variables-to-change-based-.patch ==== toolbox ==== Version update (2.1+git20210305.ca2bc53 -> 2.1+git20210311.15cb3ad) - Update to version 2.1+git20210311.15cb3ad: * Don't check for subuid if root calls toolbox [bsc#1183375]