Removed rpms ============ - kernel-kvmsmall - libpoppler89 - mozilla-nss-certs - poppler-data Added rpms ========== - kernel-64kb - kernel-64kb-extra - kernel-64kb-optional - p11-kit-nss-trust Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 91.8.0 ESR (bsc#1197903) + Release candidate! Details filled in later, once it has been released + +- Adjust rust dependency for SP3 and later. TW uses always the + newest version of rust, but we don't, so we can't use the + rust+cargo notation, which would need both < and >= requirements. + (bsc#1197698) + +- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, + faster buildhosts, as the others struggle to build FF. + +- Firefox Extended Support Release 91.7.1 ESR + * Changed: Yandex and Mail.ru have been removed as optional + search providers in the drop-down search menu in Firefox. + If you previously installed a customized version of Firefox + with Yandex or Mail.ru, offered through partner distribution + channels, this release removes those customizations, + including add-ons and default bookmarks. Where applicable, + your browser will revert back to default settings, as offered + by Mozilla. All other releases of Firefox remain unaffected + by the change. + SuSEfirewall2 +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit -> systemd conversion hack (bnc#891669) + +- SuSEfirewall2, ACCEPT from services is a local variable, otherwise + "ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040) + +- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT + +- Allow incoming DHCPv6 replies, currently unlimited. + bnc#867819,bnc#868031,bnc#783002,bnc#822959 +- typo fix customary -> custom bnc#835677 + +- add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705) + +- adjust service files so manual starts work better (bnc#819499) + +- license update: GPL-2.0 + Various GPL-2.0 (only) licensed files + +- clarify what the default is in FW_MASQ_NETS (bnc#817233) +- removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719) + +- do not add dependency information about YaST2 Second Stage (bnc#800365) + +- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834) + +- move to /usr, remove init scripts + +- adjust for starting via systemd service files +- move lock files to /run +- just CT instead of NOTRACK (bnc#793459) + +- getdevinfo is gone as per commit 0c5ac93 (bnc#777271) + +- honor FW_IPv6 setting also in debug mode (bnc#769411) + +- fix logging in test mode + +- allow icmpv6 in FW_SERVICES_*_* + +- allow ICMPv6 Multicast Listener Query (bnc#767392) + +- fix typo spotted by Frederic + +- assume all interface names are correct (bnc#739084) + +- fix forward masquerading (bnc#736205) +- compat syntax for negated options no longer works (bnc#660156, bnc#731088) +- enhance debug mode + +- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583) + +- fix typo (bnc#721845) +- atomic zone status writing + +- Remove redundant tags/sections from specfile + +- sanitize FW_ZONE_DEFAULT (bnc#716013) +- add warning about iptables-batch to SuSEfirewall2-custom +- fix warning about /proc/net/ip_tables_names not readable +- don't install input rules for interfaces in default zone +- Add hook fw_custom_after_finished +- update FAQ (bnc#694464) +- clean up overrides when stopping the firewall (bnc#630961) +- change default FW_LOG_ACCEPT_CRIT to "no" +- allow redir without port specification +- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997) +- fix zonein and zoneout parameters +- fix reverse direction of forwarding rules (bnc#679192) + +- introduce rpcusers file to allow statd to run as non-root + (bnc#668553) + +- add zonein and zoneout parameters for FW_FORWARD +- fix typos + +- don't start in runlevel 4 by default (bnc#656520) +- cut off long zone names (bnc#644527) +- fix and enhance output of log command (bnc#663262) + +- don't unload rules when using systemd + +- list some known rpc services as Should-Start +- don't filter outgoing packets at all +- fix an example (bnc#641907) +- fix status check in SuSEfirewall2_init (bnc#628751) + +- don't use fillup anymore as it keeps corrupting the config file + (bnc#340926) + +- remove "batch committing..." message +- read defaults from separate file +- warn if highports config options are set +- finally drop 'highports' misfeature +- remove kernel ipv6 module detection (bnc#617033) +- silence warning about default zone (bnc#616841) +- SuSEfirewall2-open: don't add values multiple times +- Use multiprotocol xt_conntrack + +- only directories in /sys/class/net are real interfaces (bnc#609810) + +- add entry about drbd to FAQ +- update docu +- implement FW_BOOT_FULL_INIT + +- use new versioning scheme after switch of repo to git +- update and rebuild docu +- remove really old rc.config conversion code from spec file + +- fix spelling error in sysconfig file (bnc#537427) +- polishing of log drop policy (bnc#538053) + * drop multicast packets silently + * separate drop rule for broadcast packets at end of chain + * only consider NEW udp packets as critical + * don't log INVALID packets as critical + +- implement runtime override of interface zones +- allow disabling NOTRACK rules on lo (bnc#519526) + +- remove chkconfig calls (bnc#522268) + +- add note about use as bridging firewall +- allow to set FW_ZONE_DEFAULT via config file +- deprecate fw_custom_before_antispoofing and + fw_custom_after_antispoofing, use fw_custom_after_chain_creation + instead + +- add note that ulog doesn't work with IPv6 (bnc#442756) +- fix version number in help text +- allow service files to specify kernel modules and allow related packets +- silence an error from bash if a service config file is not available (bnc#487870) +- better wording for BROADCAST in template +- update firewall hook script (patch by Marius) + aaa_base +- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to + allow ICMP ping +- added patches + + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch + +- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to + current version which includes a rename of patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + as otherwise autopatch macro does not work anymore + +- Include all fixes and changes for systemwide inputrc to remove + the 8 bit escape sequence which interfere with UTF-8 multi byte + characters as well as support the vi mode of readline library. + This is done with the patches + * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch + * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch + before the changed patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + rename it to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + and also add the patches + * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch + * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch + aalib +- fix build with newer ld + +- BuildRequire gpm-devel + +- package baselibs.conf + +- fix aalib-1.4.0-477.9: possible missing call to fclose [bnc#523344] + +- remove static libraries and "la" files +- fix -devel package dependencies +- fix aalib-config so it only returns needed libraries + autoyast2 +- Respect general/signature-handling settings during the 2nd + stage (bsc#1197655). +- 4.4.36 + bcm43xx-firmware +- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) + +- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) -- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) +- Update BCM4345C0.hcd dracut +- Update to version 055+suse.248.g92d06110: + * fix(resume): correct call to block_is_netdevice function (bsc#1197737) + * chore(suse): remove fipscheck requirement (bsc#1198065) + gnome-shell-extensions +- Add gnome-shell-extensions-restore-classic-css.patch: the version + of gnome-classic.css in the tarball is wrong, somehow it contains + the CSS file for GNOME42, so restore to the right version by this + patch before the upstream release the new tarball. +- Revert gse-sle-classic-ext.patch to the last revision + (bsc#1197175, glgo#GNOME/gnome-shell-extensions#382). + gutenprint +- Version upgrade to 5.2.10: + * Added a unified CUPS backend 'gutenprint52+usb' that requires + libusb 1.0 (or newer) to support selected dye sublimation + printers. Support for all Canon SELPHY CP- and ES- printers + has been improved considerably through that CUPS backend. + * Added duplex support for the EPSON WorkForce 630, 635, + and 645, and NX635. + * Many new printers supported in this release. + * Very many new printers supported experimentally. + For details see the NEWS file. +- For openSUSE 11.4 or newer BuildRequires libusb-1_0-devel + to build the 'gutenprint52+usb' backend. When libusb-1.0 is + not installed, the configure magic does not build that backend. + The installed /usr/share/cups/usb/net.sf.gimp-print.usb-quirks + needs a current CUPS version (that supports usb quirks). + Older CUPS versions would ignore gutenprint's usb quirks + which means that the generic CUPS backend 'usb' reports + in particular the dye sublimation printers that do not work + with it but require the special 'gutenprint52+usb' backend. + +- Do no longer send SIGHUP to cupsd in RPM post install script + (which would let the cupsd recognize new and updated PPD files + see the entry dated "Fri Sep 24 10:45:28 CEST 2010" below) + because SIGHUP to cupsd makes active print jobs fail + (see bnc#637455 starting at comment#3). +- Added explicit "Requires: ghostscript" if suse_version > 1210 + because since openSUSE 12.2 cups only "Recommends: ghostscript" + (to avoid a build dependency cycle) so that gutenprint needs + an explicit "Requires: ghostscript" for the "cups" device in + Ghostscript that is required by "rastertogutenprint" (compare + the entry dated "Thu Apr 28 17:20:03 CEST 2011" below). + +- Version upgrade to 5.2.9: + Revert an inappropriate change to the internal library version + number that was introduced in the 5.2.8 release. +- Version upgrade to 5.2.8: + The Canon driver has been significantly overhauled. Its output + and functionality may be significantly different from previous + releases. Further work in future releases is expected. + Several Canon PIXMA and SELPHY printers were removed, as they + are not supported. + Several Canon printers do not offer a grayscale printing mode. + CD printing support for some Canon PIXMA printers was added. + Added borderless functionality to most Canon printers + (except S series and BJC series). + Many new Canon printers are now EXPERIMENTAL supported. + A few new Epson printers are now supported. + For details see the NEWS file. +- escputil-send_nulls-void.patch is obsolete because its fixed + in the sources. +- compile-fix.patch is obsolete because its fixed in the sources. + +- compile-fix.patch adds missing includes. + +- Add python-cups BuildRequires to have postscriptdriver() Provides + for the drivers in gutenprint. + +- Upgraded to version 5.2.7: + This release features support for many additional Canon inkjets, + some Epson inkjets, and some dye sublimation printers, + greatly upgraded support for many Epson Stylus Pro printers, + and numerous bug fixes. + For details see the NEWS file. +- escputil-send_nulls-void.patch makes send_nulls a void function + because nowhere is a return value of send_nulls used + to fix a "no-return-in-nonvoid-function escputil.c:683" error. + +- Removed the needless RPM requirement for pstoraster. +- Removed the duplicate RPM requirement for ghostscript-library + because there is a RPM requirement for cups + and cups requires ghostscript. + +- Added missing directories for /usr/lib/gimp/2.0/plug-ins/* + to the "gimpplugin" files section in the RPM spec file. +- Marked /usr/share/gutenprint/doc/* as "doc" in the RPM + spec file (see Novell/openSUSE Bugzilla bnc#661350). + +- Removed gutenprint-5.2.6-make_A4_DefaultPageSize.patch + because it is useless because the DefaultPageSize in the PPD + templates in /usr/share/cups/model/ does not matter because + the cupsd sets the DefaultPageSize for PPDs in /etc/cups/ppd/ + by default according to the locale that the cupsd runs in or + according to a DefaultPaperSize entry in /etc/cups/cupsd.conf. +- Run cups-genppdupdate in the RPM post install script to update + Gutenprint PPD files in /etc/cups/ppd/ if such PPDs exist + (see Novell/openSUSE Bugzilla bnc#637455). + +- Disable the PPD generator /usr/lib/cups/driver/gutenprint.5.2 + to avoid duplicated PPDs because we provide ready-made PPDs + in /usr/share/cups/model/gutenprint/... in the RPM package + (see Novell/openSUSE Bugzilla bnc#514994 comment#9 + the section "Regarding CUPS PPD files"). + +- gutenprint-5.2.6-make_A4_DefaultPageSize.patch + moves the paper definition for "A4" to the top of the list + to make A4 the DefaultPageSize in the Gutenprint PPDs. +- Upgraded to version 5.2.6: + This release offers additional support for Epson Stylus Pro + printers, along with some changes for other Epson printers + and support for additional Canon inkjets and PCL laser + printers over 5.2.5. For details see the NEWS file. +- Upgraded to version 5.2.5: + This release offers several fixes, new features, and support + for new printers over 5.2.4. For details see the NEWS file. + +- Split gutenprint from the cups-drivers package to have it as a + stand-alone package (see Novell/openSUSE Bugzilla bnc#514994). + The IJS driver /usr/bin/ijsgutenprint is no longer provided + because it is not recommend if CUPS is used. Only the native + CUPS driver is provided as recommend, see the README file. + inkscape +- Add upstream patches required to build on SP4 (bsc#1197731): + inkscape-poppler-build-fix.patch + inkscape-c-standard.patch + inkscape-new-glib.patch + joe +- Convert Russian and Ukrainian docs and locales from KOI8 to + UTF-8. +- Corrected License tag. +- Use full URL for Source. + +- Fix yet another case of stack smashing. + +- Remove lang_additions.bz2 obsoleted by inclusion in the gettextization + patch. + +- Fix SIGIOT in autoindent (bnc#548327) +- Minor code cleanup. +- Redo the gettextisation patch (include all files added by tarball + and gettextize). +- Update German translation. + +- Make syntax files config(noreplace) so that updates don't overwrite + modifications. + kdump +- pull sources directly from git using obs_scm +- fix bsc#1190299, bsc#1186272 +- remove patches included in upstream git: + kdump-calibrate-include-af_packet.patch, + kdump-calibrate-fix-nic-naming.patch, + kdump-calibrate.conf-depends-on-kdumptool.patch + kernel-default +- iwlwifi: fix use-after-free (bsc#1197762 git-fixes). +- commit d5140bb + +- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) + Correct the entries that have *-64.ucode instead of *-63.ucode +- commit d8b5646 + +- Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) +- commit 69353e8 + +- USB: gadget: validate interface OS descriptor requests + (CVE-2022-25258 bsc#1196095 git-fixes). +- commit 4a7f6a3 + +- Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) +- commit 5b2f9f9 + +- vdpa: clean up get_config_size ret value handling (CVE-2022-0998 + bsc#1197247). +- commit 0d2ae2e + +- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO + (bsc#1196806, bsc#1196961). +- commit 2771ae3 + +- Move upstreamed ALSA fix into sorted section +- commit 051af6b + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit 5e55cab + +- net: sched: fix use-after-free in tc_new_tfilter() + (CVE-2022-1055 bsc#1197702). +- commit 77a7f01 + +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + libdvdread +- Added baselibs.conf. Removed licenses link from spec. + +- Added Requires: pkg-config to get the .pc file to build. + libexif +- libexif-CVE-2020-0198-CVE-2020-0181.patch: adjusted overflow checking + code to in exif-data to not be optimized away. (CVE-2020-0198, + CVE-2020-0181, bsc#1172802, bsc#1172768) +- libexif-CVE-2020-0452.patch: adjusted a overflow check to not + be optimized away by the compiler (CVE-2020-0452 bsc#1178479) + -- updated to 0.6.21 - * Fixed some buffer overflows in exif_entry_format_value() - This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an off-by-one error in exif_convert_utf16_to_utf8() - This can cause a one-byte NUL write past the end of the buffer. - This fixes CVE-2012-2840 - * Don't read past the end of a tag when converting from UTF-16 - This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an out of bounds read on corrupted input - The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, - NUL-terminated. - This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed a buffer overflow problem in exif_entry_get_value - If the application passed in a buffer length of 0, then it would - be treated as the buffer had unlimited length. - This fixes CVE-2012-2841 - * Fix a buffer overflow on corrupt EXIF data. - This fixes bug #3434540 and fixes part of CVE-2012-2836 - Reported by Yunho Kim - * Fix a buffer overflow on corrupted JPEG data - An unsigned data length might wrap around when decremented - below zero, bypassing sanity checks on length. - This code path can probably only occur if exif_data_load_data() - is called directly by the application on data that wasn't parsed - by libexif itself. - This solves the other part of CVE-2012-2836 - * Fixed some possible division-by-zeros in Olympus-style makernotes - This fixes bug #3434545, a.k.a. CVE-2012-2837 - Reported by Yunho Kim - * lots and lots of translations updates. - * added more Canon lenses. - * changed "knots" to "nautical miles" - libgadu +- Update to version 1.10.1: + + improved direct connections + + improved connections over proxy server + + some minor changes + +- Update to version 1.10.0: + + ssl connections restored + + typing notifications + + multilogin support + + buddies' info enhancement + + support for additional xml events + + initial file transfer over server + + partial import of new-api branch +- Spec cleanup. + +- Update to version 1.9.1: + + fixed memory leak in html messages + + improved converting messages to html + + status flag can be changed now + + improved direct connection API +- Drop libgadu-mem-leak-fix.patch: fixed upstream. + +- Update to version 1.9.0: + + support for new version of gadu-gadu protocol (8 and 10) + + images sending fixed + + resolve name schema option + + doc and test programs +- Add libgadu-mem-leak-fix.patch. + +- Build with threads support (bnc#525312) and SSL support. + libgcrypt +- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] + * Mark RSA public key encryption and private key decryption with + padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks + peer key assurance validation requirements per SP800-56Brev2. + * Mark ECC as approved only for NIST curves P-224, P-256, P-384 + and P-521 with check for common NIST names and aliases. + * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. + * Add libgcrypt-FIPS-SLI-pk.patch + * Rebase libgcrypt-FIPS-service-indicators.patch +- Run the regression tests also in FIPS mode. + * Disable tests for non-FIPS approved algos. + * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch + libnvme +- Update to version 1.0: + * tree: Remove default port setting for TCP and RDMA ports + * tree: add 'f_args' argument to pass user data to the filter function + * tree: remove 'ctrl_get_ana_state()' + * tree: add namespace path iterators + * tree: filter out namespaces + * tree: update nvme_scan_filter_t usage + +- Update to version 1.0-rc8: + * types: Add support for get log - MI Command Supported + * types: Add new Identify constant + * types: Update persistent event entry struct added new fields + * types: Add Host Initiated Data Gen Number to telemetry log struct + * tree: always allocate config file in nvme_read_config() + * tree: rework nvme_scan_subsystem() + * tree: make subsystem name mandatory in nvme_scan_ctrl() + * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() + * tree: do not return error when filtering out subsystems + * tree: add debugging messages during scanning + * tree: Handle NULL subsysname in nvme_scan_ctrl() + * tree: Fix subsystem initialization in nvme_scan_ctrl() + * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() + * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL + * tree: Clarify NULL return values from nvme_get_attr() + * fabrics: Invoke nvmf_dim() with provided tas argument + * fabrics: add 'nvmf_update_config()' + * fabrics: Avoid out of bounds string chomping + * fabrics: Free old traddr in nvmf_add_ctrl + * fabrics: update log level for write failures + * fabrics: Streamlining documentation + * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() + * fabrics: Add missing break in a switch + * ioctl: Remove attribute packed and alignedof for args structs + * ioctl: Align arguments indentation with braces + * json: fix endless loop scanning for controllers + * Remove nvme_init_id_ns + * Add lbstm support for create-ns + * documentation updates + libotr +- add libtool as buildrequire to avoid implicit dependency + libqt5-qtdeclarative +- Increase the disk constraint to 6GB since the SLE build use + 5.5GB already (boo#1197992) + libqt5-qtwebengine +- Update to version 5.15.9: + * QPdfView: scale page rendering according to devicePixelRatio + * Update documented Chromium version + * Use IsSameDocument() rather than IsLoadingToDifferentDocument() + * Update module-split for installer + * Fix printing PDF files + * Do not override signal handlers + * Avoid using xkbcommon in non-X11 builds + * Update documentation + * Update Chromium: + * Bump V8_PATCH_LEVEL + * Do not overwrite signal handlers in the browser process. + * Replace base::ranges::set_union with std::set_union to fix + MSVC2017 build + * [Backport] CVE-2022-0100: Heap buffer overflow in Media + streams API + * [Backport] CVE-2022-0102: Type Confusion in V8 + * [Backport] CVE-2022-0103: Use after free in SwiftShader + * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE + * [Backport] CVE-2022-0108: Inappropriate implementation + in Navigation + * [Backport] CVE-2022-0109: Inappropriate implementation + in Autofill + * [Backport] CVE-2022-0111 and CVE-2022-0117 + * [Backport] CVE-2022-0113: Inappropriate implementatio + n in Blink + * [Backport] CVE-2022-0116: Inappropriate implementation + in Compositing + * [Backport] CVE-2022-0289: Use after free in Safe browsing + * [Backport] CVE-2022-0291: Inappropriate implementation + in Storage + * [Backport] CVE-2022-0293: Use after free in Web packaging + * [Backport] CVE-2022-0298: Use after free in Scheduling + * [Backport] CVE-2022-0305: Inappropriate implementation in + Service Worker API + * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium + * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow + in Task Manager + * [Backport] CVE-2022-0456: Use after free in Web Search + * [Backport] CVE-2022-0459: Use after free in Screen Capture + * [Backport] CVE-2022-0460: Use after free in Window Dialog + * [Backport] CVE-2022-0461: Policy bypass in COOP + * [Backport] CVE-2022-0606: Use after free in ANGLE + * [Backport] CVE-2022-0607: Use after free in GPU + * [Backport] CVE-2022-0608: Integer overflow in Mojo + * [Backport] CVE-2022-0609: Use after free in Animation + * [Backport] CVE-2022-0610: Inappropriate implementation + in Gamepad API + * [Backport] CVE-2022-0971 (boo#1197163) + * [Backport] CVE-2022-1096 (boo#1197552) + * [Backport] CVE-2022-23852 + * [Backport] Copy 'name_' member during StyleRuleProperty::Copy + * [Backport] Security bug 1256885 + * [Backport] Security bug 1258603 + * [Backport] Security bug 1259557 + * [Backport] Security bug 1261415 + * [Backport] Security bug 1265570 + * [Backport] Security bug 1268448 + * [Backport] Security bug 1270014 + * [Backport] Security bug 1274113 + * [Backport] Security bug 1276331 + * [Backport] Security bug 1280743 + * [Backport] Security bug 1289394 + * [Backport] Security bug 1292537 + * [Backport] sandbox: build if glibc 2.34+ dynamic stack size + is enabled +- Drop patches, now upstream: + * CVE-2022-0971-qtwebengine-5.15.patch + * CVE-2022-1096-qtwebengine-5.15.patch + librest -- Add baselibs.conf, as we need the 32bit package for - gnome-online-account libraries. - -- Split typelib files into typelib-1_0-Rest-0_7 subpackage. -- Add typelib-1_0-Rest-0_7 Requires to devel subpackage. -- Change librest0 group from Development/Libraries/GNOME to - System/Libraries. - -- Update to version 0.7.12: - + Build: Detect CA file location [bgo#663783] - + proxy: Force all SSL certificates to be trusted [bgo#663783] -- Add config(ca-certificates) BuildRequires and Recommends in the - shared library package. -- Pass --with-ca-certificates=/etc/ssl/ca-bundle.pem to configure. - -- Update to version 0.7.11: - + oauth-proxy: Fix format string warning - + oauth: - - Add GType for OAuthSignatureMethod enum - - Add property for signature type - + Build fixes. - -- Update to version 0.7.10: - + Introduce rest_proxy_call_upload to provide progress feedback. - + youtube-proxy: Added upload progress callbacks. - + Added documentation to rest_proxy_call_upload. - + bmc#13746: proxy-call: Allow customisation of data - serialization. - -- Update to version 0.7.9: - + Add "disable-cookies" construction property to RestProxy. - -- Update to version 0.7.8: - + Add youtube proxy for uploaded video. - + Fix introspection build. -- Drop librest-fix-introspection.patch: fixed upstream. - -- Update to version 0.7.7: - + Fix a few introspection issues - + oauth-proxy: - - Use POST method to do OAuth 1.0 authentication. - - Added 'signature-host' propery. -- Add librest-fix-introspection.patch: fix introspection build. - Taken from upstream, commit e9c917. - -- Update to version 0.7.6: - + API for manually constructing and outputting XML -- Changes from version 0.7.5: - + Introspection build fixes -- Changes from version 0.7.4: - + Add cookie support to rest-proxy. - + proxy-call: Add continuous call mode - + Various bug fixes. -- Changes from version 0.7.3: - + Fix memory corruption in oauth-proxy-call. -- Changes from version 0.7.2: - + post-twitter: use the correct URL endpoint - + Plug leak. -- Changes from version 0.7.1: - + Flickr: add upload support - + Various bug fixes. - + Improved documentation. -- Changes from version 0.7.0: - + Remove FacebookProxy - + Add Lastfm proxy - + Add a oauth2 proxy - + Add RestParam and RestParams types - + Flickr proxy: Allow specifying the permissions required in the - login url - + Various bug fixes. - + Improved documentation. -- Drop librest-fbconnect-url.patch: facebook features got removed - upstream. -- Change BuildRequires to pkgconfig() ones: glib2-devel to - glib-2.0, libsoup-devel to libsoup-2.4 and libsoup-gnome-2.4, - libxml2-devel to libxml-2.0. -- Add pkgconfig(gobject-introspection-1.0) BuildRequires to enable - introspection. -- Update Url tag. - -- Update to version 0.6.3: - + Fix leaks. - + Code cleanups. -- Changes from version 0.6.2: - + Add introspection support. - + Mark GErrors which shouldn't be freed as const. - + Add oauth_proxy_call_parse_token_reponse to parse token - responses. - + Build system fixes. -- Remove explicit Requires of devel packages in devel subpackage: - they will be added automatically the pkgconfig()-way. - -- (re?)add librest-fbconnect-url.patch from Moblin:Factory to fix - the build of bisho -- some spec file tidying: more explicit %files listing to avoid - unintended/unnoticed major changes -- use %soname and %abi defines throughout to spec to ease - future maintenance - -- Fix spec to comply with shared libraries policy. - -- Rename to librest, provide/obsolete rest - -- Add librest-fbconnect-url.patch to add a new fbconnect url - funciton for facebook - -- Upddate to 0.6.1 - * 四 7月 16 2009 Gary Lin 0.520090716 -- Update to commit ff4561e2a8c38f49127f6e3b2ce7c238a29e1571 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit e9a71922f5997243c45dfaaff21dd9b4a6340ca3 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit 41f91eec3d26a2514c4bc310b90829cd2d14ed4a - -- Update to commit 92e1871d3181a73a780f588689733f25e3df5b48 - -- Use configure macro to get the right options. - -- Update to commit e49d8730bfb277af59732822e78535ef37e29b6c - -- Update to commit 153d2e8c5cc3452a7275c7ea7fa6abe8750cde8b - libvirt +- qemu: Improve save operation by increasing pipe size + c61d1e9b-virfile-set-pipe-size.patch, + 47d6d185-virfile-fix-indent.patch, + cd7acb33-virfile-report-error.patch + bsc#1196625 + +- CVE-2022-0897: nwfilter: fix crash when counting number of + network filters + a4947e8f-nwfilter-CVE-2022-0897.patch + bsc#1197636 + libwmf +- Remove further redundant sections + +- Actually use "libwmf-tools" instead of wmf-utils, this goes much + more in line with the preexisting libwpd-tools and libwps-tools. + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) +- Apply shlib packaging (-> new libwmf-0_2-7 subpackage), + create "wmf-utils" subpackage as suggested by namtrac + +- fix file list + +- fix build of in-tree copy of gd to build with new libpng14 + (long deprecated function has been removed) + +- package baselibs.conf +- enable parallel build + +- rediff another patch + +- rediffed without fuzz, some spec cleanups + mousepad +- Update to version 0.5.9 + * Add Shortcuts plugin, requires libxfce4ui >= 4.17.5 and as + such remains disabled at build time until Xfce 4.18 is released + (gxo#apps/mousepad#70, gxo#apps/mousepad!121) + * Add search history (gxo#apps/mousepad!119) + * File monitoring: Add an automatic reloading option + * Move the document modification mark to the close button + (gxo#apps/mousepad#63, gxo#apps/mousepad!122) + * Add mousepad styleclass for easier theming (gxo#apps/mousepad#33) + * Hide search bar by pressing Esc key even when not focused + * Search: Escape selection when regex search is enabled + * Plugins: Add a skeleton plugin to ease writing of new plugins + * Test plugin: Sanitize memory management of sources + * Honor GTK_CSD + * Filter entries from `accels.scm` on non-detailed action name + * i18n: Check for `bind_textdomain_codeset()` + * Update Copying (gxo#apps/mousepad#160, gxo#apps/mousepad!120) + * Session history: Never clear session array on exit + (gxo#apps/mousepad#162) + * Fix broken feature "Show menubar temporarily when hidden" + * Force encoding when reloading + * Force encoding when it has been explicitly set by the user + * Do not consider encoding as always user-set in the "Open" dialog + * Fix antonym of the word "indent" in preferences dialog + (gxo#apps/mousepad!118) + * File monitoring: Try to filter out fake deletions + * Add ellipsis to preferences menu entry (gxo#apps/mousepad!117) + * Switch all labels to title case in prefs dialog + (gxo#apps/mousepad!116) + * Correctly restore font size after zooming when using system font + (gxo#apps/mousepad#158) + * Printing: Enable line wrapping by default (gxo#apps/mousepad#156) + * Fix a warning from GCC static analyzer + * Search: Do not delay the search when the text changes + * Translation Updates + nfs-utils +- Add 0023-cache.c-removed-a-couple-warning.patch + Fix compilation with new glibc (SLE15-SP4) + (bsc#1197788) + +- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch + Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch + Ensure "sloppy" is added correctly for newer kernels. Particularly + required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. + (boo#1197297) + nvme-cli +- Update to version 2.0: + * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) + * fabrics: Set KATO for discovery controller when connecting + * fabrics: Do no modify default config for discovery controller + * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) + * fabrics: Support connect even when no /etc/nvme/hostnqn file exists + * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) + * plugins/intel: make 'buckets' a json array + * plugins: Update WDC capabilities command with new commmands + * plugins: Add OCP plugin + +- Update to version 2.0-rc8: + * fabrics: Add DIM command + * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) + * fabrics: Free non-matching controller during discovery + * fabrics: add 'nvme config' command + * fabrics: Correctly stringify discovery.conf and config.json paths + * nvme-print: Add human readable print for nsattr field + * nvme-print: Update Persistent Event log fields + * nvme-print: print discovery async event support + * nvme-rpmb: Fix spelling for 'Partition' + * nvme-copy: add missing field to the command + * nvme: add get_mi_cmd_support_effects_log command + * nvme: Fixup namespace filtering yet again + * nvme: Use type bool for OPT_FLAG + * nvme: use filter for 'list-subsys ' (bsc#1195938) + * Add lbstm option to create-ns + * argconfig: Do not use default value loading by getopt_long_only + * argconfig: Rename CFG_NONE to CFG_FLAG + * plugins: Use type bool for OPT_FLAG + * documenation updates +- Drop 'ProtectKernelTunables=true' (bsc#1197076) + patterns-yast +- Neither recommend nor suggest YaST NIS packages for TW + (bsc#1183893). +- 20220411 + permissions + * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) + +- Update to version 20201225: plasma5-openSUSE +- Update to 5.24.4 + +- Use 'https://' instead of 'git://' to fetch Github changes. + polkit-default-privs +- Update to version 13.2+20220404.53052a9: + * Add missing GNOME Control Center login helper + * Reorder gnome and budgie control center entries + * Backport budgie-control-center whitelisting (bsc#1195023) + +- Update to version 13.2+20220401.c64d869: + * Backport of deepin-api whitelisting (bsc#1196681 bsc#1070943) + * Fix generation of file /etc/polkit-1/rules.d/90-default-privs.rules + python-evtx +- bsc#1197837 - FTBFS: python-evtx won't compile on SP4 + python-evtx.spec + python-pyOpenSSL +- update to 20.0.1: + - Fixed compatibility with OpenSSL 1.1.0. + +- Adjust metadata for skip-networked-test.patch and refer to the proper + upstream ticket gh#pyca/pyopenssl#68. + +- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also + skip test_verify_with_time on %ix86. + +- Update to v20.0.0 + - Backward-incompatible changes: + - The minimum cryptography version is now 3.2. + - Remove deprecated OpenSSL.tsafe module. + - Removed deprecated + OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated. + - Drop support for Python 3.4 + - Drop support for OpenSSL 1.0.1 and 1.0.2 + - Deprecations: + - Deprecated OpenSSL.crypto.loads_pkcs7 and + OpenSSL.crypto.loads_pkcs12. + - Changes: + - Added a new optional chain parameter to + OpenSSL.crypto.X509StoreContext() where additional untrusted + certificates can be specified to help chain building. #948 + - Added OpenSSL.crypto.X509Store.load_locations to set trusted + certificate file bundles and/or directories for verification. + [#943] + - Added Context.set_keylog_callback to log key material. #910 + - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve + the verified certificate chain of the peer. #894. + - Make verification callback optional in Context.set_verify. If + omitted, OpenSSL’s default verification is used. #933 + - Fixed a bug that could truncate or cause a zero-length key + error due to a null byte in private key passphrase in + OpenSSL.crypto.load_privatekey and + OpenSSL.crypto.dump_privatekey. #947 +- drop patch fix-compilation-2020.patch: no longer needed +- refreshed patch skip-networked-test.patch + +- Update to v19.1 + * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType, + X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType. + Use the classes without the ``Type`` suffix instead. + * The minimum ``cryptography`` version is now 2.8 + * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated + ALPN should be used instead. + * Support bytearray in SSL.Connection.send() by using cffi's from_buffer + * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new + NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake + to complete without an application protocol. + qemu +- Support the SGX feature (bsc#1197807) + * Patches added: + doc-Add-the-SGX-numa-description.patch + numa-Enable-numa-for-SGX-EPC-sections.patch + numa-Support-SGX-numa-in-the-monitor-and.patch + +- Backport CVE-2021-3929 (bsc#1193880) + * Patches added: + hw-nvme-fix-CVE-2021-3929.patch + +- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) + * Patches added: + Revert-python-iotests-replace-qmp-with-a.patch + Revert-python-machine-add-instance-disam.patch + Revert-python-machine-add-sock_dir-prope.patch + Revert-python-machine-handle-fast-QEMU-t.patch + Revert-python-machine-move-more-variable.patch + Revert-python-machine-remove-_remove_mon.patch + +- Add missing patch from a PTFs (bsc#1194938) + * Patches added: + scsi-generic-check-for-additional-SG_IO-.patch + +- Kill downstream patches around bifmt handling that makes + cumbersome to run multi-arch containers, and switch to the + upstream behavior, which is well documented and valid on + all other distros. This is possible thanks to Linux kernel + commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so + it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) + * Patches dropped: + qemu-binfmt-conf.sh-allow-overriding-SUS.patch + qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch + +- Fix update_git.sh wiping all the package file of the local + checkout while cloning the git repository on demand (in case they + don't exist and the user as to do so). + +- Improve test reliability + * Patches added: + Fix-the-module-building-problem-for-s390.patch + tests-qemu-iotests-040-Skip-TestCommitWi.patch + tests-qemu-iotests-testrunner-Quote-case.patch + +- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall + (bsc#1196924) + * Patches added: + tools-virtiofsd-Add-rseq-syscall-to-the-.patch + +- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 + (bsc#1197018) + * Patches added: + hw-i386-amd_iommu-Fix-maybe-uninitialize.patch + Silence-GCC-12-spurious-warnings.patch + Ignore-spurious-GCC-12-warning.patch + +- Proactive fix + * Patches added: + hw-nvram-at24-return-0xff-if-1-byte-addr.patch + rasqal +- Update to 0.9.21: + * Updated to handle aggregate expression execution as defined by the + SPARQL 1.1 Query W3C working draft of 14 October 2010 + * Executes grouping of results: GROUP BY + * Executes aggregate expressions: AVG, COUNT, GROUP_CONCAT, MAX, MIN, + SAMPLE, SUM + * Executes filtering of aggregate expressions: HAVING + * Parses new syntax: BINDINGS, isNUMERIC(), MINUS, sub SELECT and + SERVICE. + * The syntax format for parsing data graphs at URIs can be explictly + declared. + * The roqet utility can execute queries over SPARQL HTTP Protocol and + operate over data from stdin. + * Added several new APIs + * Fixed Issue: #0000388 +- Spec file updates: + * Changes based on spec-cleaner run. + * Changed License: to LGPLv2.1+ or GPLv2+ or ASLv2.0+. + * Changed rasqal Group to Productivity/Other. + * Added mpfr-devel in BuildRequires:. + * Removed gtk-doc from BuildRequires: (not needed to build html docs). + * Removed autoreconf from %build section and simplified configure. + * Install html docs in %{_docdir}/librasqal-devel/. + * Minor other updates. + +- added 32bit compatibility libraries +- removed package name from summary (fix for RPMLINT warning) + +- update to 0.9.20: + * Updated to handle more of the new syntax defined by the SPARQL 1.1 + Query and SPARQL 1.1 Update W3C working drafts of 1 June 2010 + Added execution support for new SPARQL 1.1 query built-in expressions + IF, URI, STRLANG, STRDT, BNODE, IN and NOT IN. + Added an 'html' query result table format from patch by Nicholas J + Humfrey + Added API support for group by HAVING expressions + Added XSD Date comparison support + Support building with Raptor V2 API if configured with --with-raptor2. + Many other bug fixes and improvements were made. + Fixed Issues: #0000352, #0000353, #0000354, #0000360, #0000374, + [#0000377] and #0000378 + See the Rasqal 0.9.20 Release Notes for the full details of the + changes. + +- update to 0.9.19: + * Add initial draft parsing and API (NOT execution) support for + SPARQL 1.1 Update W3C Working Draft of 2010-01-26. + * Add public APIs (row, results, result formatter, variables table) + so that query results can be built, read and written without query. + * Add API resilience checks for invalid NULL pointer arguments. + * Many other bug fixes and improvements were made. + +- update to 0.9.17: + Added a new query engine that implements the SPARQL algebra better + All constructors now take a rasqal_world argument + Added LAQRS syntax support for SUM, AVG, MIN, MAX, COALESCE() + experimental syntax + Added query result formatters for CSV, TSV and ASCII tables + Prefer pkg-config for configuring + Many resilience and resource failure fixes by Lauri Aalto + Many other bug fixes and improvements were made + Fixed Issues: Issue#0000077, Issue#0000128, Issue#0000168, + Issue#0000258, Issue#0000261, Issue#0000271, Issue#0000279 and + Issue#0000305 + re2 +- Update to 2022-04-01: + * Improve performance slightly + * Prog::Fangout() is no longer experimental + +- Update to 2022-02-01: + * Address a `-Wunused-but-set-variable' warning from Clang 13.x + * Don't specify the -std flag in Makefile or re2.pc + * Remove a redundant map access + rp-pppoe +- beautify spec + stoken +- Change gtk and libtomcrypt build requirements. +- Remove useless "--with-libtomcrypt" parameter from %%configure. + +- Add patch to avoid static CFLAGS. +- Require proper libtomcrypt version. + +- First build. + sunpinyin +- initial package 2.0.4 + +- Updated to 2.0.3.99. Thanks to csslayer! + +- Rename libsunpinyin3-devel to libsunpinyin-devel +- Add explicitly dependency from devel sub-package +- Clean up spec file + +- Check the license for open-gram. +- bz2ed all sources. + +- First build 2.0.3 for suse and Fedora. + systemd +- Import commit e62acb68de9bccfa272bef98fe5b38effc37528a + b70267d883 journald: make use of CLAMP() in cache_space_refresh() + 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) + d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut + 05499d5a30 fs-util: fix typos in comments + 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() + 4d07c034da fs-util: add openat_report_new() wrapper around openat() + 258c04836d meson: build kernel-install man page when necessary + 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set + d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi + 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) + 9145684460 build: include status of TPM2 in the feature string show by --version + +- spec: make sure /lib exists when installing conf files in /lib/modprobe.d + +- spec: enable 'efi' support regardless of whether sd_boot is enabled or not + We should support EFI systems even if systemd-boot is not enabled. + +- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE + texlive +- Make sure that texlive-texconfig package from 2017 are obsolete (bsc#1197979) + thunar +- Update to version 4.16.11 + * Don't reload the view when text is copied (gxo#xfce/thunar#706) + * NULL checks to prevent crash on malformed bookmark URI (gxo#xfce/thunar#716) + * Use 'g_timeout_add_full' to set tree-view cursor (gxo#xfce/thunar#351) + * Fix signal disconnect in thunar_window_unrealize + * Don't go beyond THUNAR_N_VISIBLE_COLUMNS while parsing col widths + * Translation Updates + timezone +- timezone update 2022a (bsc#1177460): + * Palestine will spring forward on 2022-03-27, not -03-26* + * zdump -v now outputs better failure indications + * Bug fixes for code that reads corrupted TZif data + timezone-java +- timezone update 2022a (bsc#1177460): + * Palestine will spring forward on 2022-03-27, not -03-26* + * zdump -v now outputs better failure indications + * Bug fixes for code that reads corrupted TZif data + xfce4-terminal +- Update to version 1.0.0 + * Replace the deprecated GtkActionEntries with XfceGtkActionEntries + (gxo#apps/xfce4-terminal#79) + * Opening a dialog from a drop-down window closes the window + (gxo#apps/xfce4-terminal#136) + * Add `Fill` background image style (gxo#apps/xfce4-terminal!23). + * Improved options parsing (for both short and long forms) + * Add a menu entry to send signals to the foreground process + (gxo#apps/xfce4-terminal#59) + * Fix `keep window open` preference being applied on restart. + * Rework "--tab" and "--window" behavior (gxo#apps/xfce4-terminal#13) + * Ignore unused modifiers for scroll wheel zooming + * Add alternative shortcuts for zooming (gxo#apps/xfce4-terminal#126) + * Expand scrolled window and make dialog size 70% of parent + (gxo#apps/xfce4-terminal!17) + * Support libxfce4ui XfceTitledDialog new API + * Update unsafe paste dialog text (gxo#apps/xfce4-terminal#73) + * Fix paste button focus + * Replace subtitle by infobar for Unsafe paste dialog + * Fix the `unsafe paste` dialog to actually paste + * Update `.gitignore`, HACKING, AUTHORS, COPYRIGHTS + * Update --preferences, --tab and --window documentation + * Fix various typos + * Fix compilation warnings + * Remove unnecessary function call (gxo#apps/xfce4-terminal!24) + * Add a "Do not warn me again" checkbox for the "Unsafe Paste" + dialog (gxo#apps/xfce4-terminal#129) + * Use GtkScrolledWindow for TerminalScreen and add an + overlay-scrolling preference (gxo#apps/xfce4-terminal#149) + * Support the new Shortcuts editor widget + (requires libxfce4ui 4.17.2 or greater) + * New preference: Select right click action + * Improved `scrolling-on-output` behaviour. + * Unsafe Paste Dialog temporary override (gxo#apps/xfce4-terminal#106) + * Fix regression: File Menu missing `Close Window` entry + * Fix regression: Disable Help shortcut does not work + * Fix regression: go-to accelerators not working on startup + * Fix regression: Revert accelerator paths to maintain backwards + compatibility + * Use the latest .glade file structure + * Change incorrect reference to ${XDG_CONFIG_DIRS} in man page + (gxo#apps/xfce4-terminal#47) + * Change outdated documentation links + * Use XfceTitledDialog for `Find` (gxo#apps/xfce4-terminal#168) + * Include '\r' in unsafe-paste checks + * Update tab accelerators at runtime + * Consume events that activate accelerator callbacks + (gxo#apps/xfce4-terminal#159, gxo#apps/xfce4-terminal#153) + * Center on the active terminal window. + * Change handling of goto-tab accelerators so they can be changed + through the editor. + * Menubar changes size when the window is maximized + (gxo#apps/xfce4-terminal#156) + * Context Menu: Revert changes in order and contents introduced by + the transition to XfceGtkActionEntries + * Add "Show Window Borders" entry in View menu (it was missing + in the last 2 dev releases) + * Revert view menu order (Zoom entries below checkboxes) + * Fix the visibility flag of the scrollbar + (gxo#apps/xfce4-terminal#161, could lead to broken themes) + * Replace GTimeVal with gint64 + * Fix build warnings + * Update Copyright + * Translation Updates + xz +- Fix ZDI-CAN-16587 Fix escaping of malicious filenames + (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) + * bsc1198062.patch + yaml-cpp +- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp + allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20573, bsc#1121227) +- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in + yaml-cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20574, bsc#1121230) +- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in + cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2019-6285, bsc#1122004) +- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in + yaml-cpp which cause DOS by stack consumption + (CVE-2019-6292, bsc#1122021) +- Added patch cve-2018-20574.patch + yast2-installation +- AutoYaST: move custom file creation past user creation so that + the element files/file/file_owner actually has an effect + (bsc#1196595) +- 4.4.51 + yast2-packager +- Fixed regression in repository alias name for add-ons (bsc#1193214) +- 4.4.27 +