Removed rpms ============ Added rpms ========== - fontconfig-lang - libfontconfig1 Package Source Changes ====================== ImageMagick + fix CVE-2021-4219 [bsc#1196337], denial of service in MagicCore/draw.c via crafted SVG file + + ImageMagick-CVE-2021-4219.patch + +- security update +- added patches MozillaThunderbird +- Mozilla Thunderbird 91.6.1 + * changed: Thunderbird generated views of meeting invitations + are now expanded by default + * fixed: Emails were not downloading at startup under some + conditions + * fixed: Port numbers were not shown in "Confirm Security + Exception" dialog for CalDAV connections + * fixed: Various security fixes + MFSA 2022-07 (bsc#1196072) + * CVE-2022-0566 (bmo#1753094) + Crafted email could trigger an out-of-bounds write + +- Mozilla Thunderbird 91.6 + * new: Thunderbird will now offer to send large forwarded + attachments via FileLink + * fixed: Partially signed unencrypted messages displayed an + incorrect "partially encrypted" notification + * fixed: Attachments filenames were not sanitized before saving + to disk + * fixed: In the attachment bar, the "Import OpenPGP Key" item + displayed for public keys displayed an error and did not + import the key + * fixed: "Open with" attachment dialog did not have a selected + radio button option + * fixed: Various security fixes + MFSA 2022-06 (bsc#1195682) + * CVE-2022-22753 (bmo#1732435) + Privilege Escalation to SYSTEM on Windows via Maintenance + Service + * CVE-2022-22754 (bmo#1750565) + Extensions could have bypassed permission confirmation during + update + * CVE-2022-22756 (bmo#1317873) + Drag and dropping an image could have resulted in the dropped + object being an executable + * CVE-2022-22759 (bmo#1739957) + Sandboxed iframes could have executed script if the parent + appended elements + * CVE-2022-22760 (bmo#1740985, bmo#1748503) + Cross-Origin responses could be distinguished between script + and non-script content-types + * CVE-2022-22761 (bmo#1745566) + frame-ancestors Content Security Policy directive was not + enforced for framed extension pages + * CVE-2022-22763 (bmo#1740534) + Script Execution during invalid object state + * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, + bmo#1748210, bmo#1748279) + Memory safety bugs fixed in Thunderbird 91.6 + avahi +- remove avahi-mono* subspecfiles, they are no longer required + by anything. this makes the spec file slightly more readable. + +- Replace avahi-0.6.31-systemd-order.patch with + avahi-add-resolv-conf-to-inotify.patch: re-read configuration + when resolv.conf changes, per discussion on the bug + (boo#1194561). + +- Change to systemd-sysusers + +- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561). + This can probably go away if/when gh#lathiat/avahi#118 is fixed. +- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should + no longer need this given the above patch. +- Add several patches from git: + 0001-man-fix-reference-to-avahi-autoipd.action-8-in-avahi.patch + 0005-avahi-dnsconfd.service-Drop-Also-avahi-daemon.socket.patch + 0006-man-add-missing-bshell.1-symlink.patch + 0007-Ship-avahi-discover-1-bssh-1-and-bvnc-1-also-for-GTK.patch + 0009-fix-bytestring-decoding-for-proper-display.patch 0010-avahi_dns_packet_consume_uint32-fix-potential-undefi.patch +- Build manpages with xmltoman. Currently needed for bssh. +- Minor spec file clean-up. +- Require python-rpm-macros for all builds (boo#1194744 boo#1194745). + +- Move sftp-ssh and ssh services to the doc directory. They allow + a host's up/down status to be easily discovered and should not + be enabled by default (boo#1179060). + blog +- Update to version 2.26 + * On s390/x and PPC64 gcc misses unused arg0 +- Remove patch fcb9e0c2.patch as now part of tar ball + +- Add upstream patch fcb9e0c2.patch + * On s390/x and PPC64 gcc misses unused arg0 + +- Update to version 2.24 + * Avoid install errror due missed directory + +- Update to version 2.22 + * Avoid KillMode=none for newer systemd version as well as rework + the systemd unit files of blog (boo#1186506) + +- Move to /usr for UsrMerge (boo#1191057) + +- Update to version 2.21 + * Merge pull request #4 from samueldr/fix/makefile + Fixup Makefile for better build system support + * Silent new gcc compiler + fontconfig -- fontconfig-devel-32bit needs to require fontconfig-32bit, - needed for Wine development (bsc#1172301) +- adding bug reference to this changelog [bsc#1172301] + +- Add fontconfig-do-not-remove-UUID-file.patch: Removing .uuid + files caused frequent rescanning of all system fonts causing + intermittent CPU usage surges, for example, when browsing using + firefox; patch taken from upstream commit (boo#1124816, + https://gitlab.freedesktop.org/fontconfig/fontconfig/merge_requests/8). + +- Implement shared library packaging guideline +- Split documentation to soothe rpmlint's + "W: package-with-huge-docs 86%" + +- Fix self obsoletion ipa-fonts-config and IPA-fonts-config. +- Fix build error in Leap 42.3. +- Fix location of fontconfig-devel.* doc-files. + +- Package AUTHORS, ChangeLog and README via standard doc macro. + +- Update to 2.13.1: + * conf.d: Drop aliases for (URW)++ fonts + * variable fonts support + * Use uuid-based cache filename if uuid is assigned to dirs + * Add new API to find out a font from current search path + * Add FONTCONFIG_SYSROOT environment variable + * [varfonts] Add FC_FONT_VARIATIONS + * [varfonts] Add FC_VARIABLE + * Add Simplified Chinese translations + * Fix memory leaks, double frees etc. + * See README for details +- Drop fontconfig-remove-debug-output.patch gdm +- Use _pam_vendordir instead of _distconfdir/pam.d (boo#1195996). + AS this means /etc/pam.d on SLE15, we mark those files as + %config(noreplace). + +- Update to version 41.3: + + Juggle Xorg's -listen/-nolisten command line change better. + + Fix session type selection. + + Fix crash. + + Drop vestigial gdm-pin service. + + XDMCP fixes. + + Wayland nvidia udev updates. + + Updated translations. +- Rebase gdm-disable-wayland-on-mgag200-chipsets.patch. +- Drop gdm-daemon-Infer-session-type-from-desktop-file.patch and + gdm-restart-greeter-session-after-crash.patch: fixed upstream. + +- Move + %{_datadir}/glib-2.0/schemas/org.gnome.login-screen.gschema.xml + from main package to new gdm-schema split package and make + libgdm1 depend on the new gdm-schema split package. Currently, + the gdm-schema is required for gnome-shell to work, but + gnome-shell only depends on libgdm1 and not on gdm as a whole, + causing a crash of gnome-shell if the gdm main package is not + installed. By moving the gdm-schema to it's own split package and + making libgdm1 actually require it, the crash can be prevented. + Fixes boo#1194183. + +- Add gdm-restart-greeter-session-after-crash.patch: When active vt + is gdm initial vt, restart greeter session. Avoiding the blank + screen when greeter session crashed + (bsc#1190230 glgo#GNOME/gdm#735). + +- Update gdm-add-runtime-option-to-disable-starting-X-server-as-u.patch: + With GDM_DISABLE_USER_DISPLAY_SERVER=1 environment variable, make + X server logging to /var/log/Xorg.*.log and journal log + (bsc#1192177). + glib2 +- Update to version 2.70.4: + + Bugs fixed: glgo#GNOME/GLib!2462 “Fix memory leak in + gio/gdbusauthmechanismsha1.c” to glib-2-70. + + Updated translations. + +- Update to version 2.70.3: + + Several important fixes to FD handling in gspawn. + + Several important fixes to GDBus message and GVariant parsing + of invalid data. + + Fix potential data loss due to missing fsync when saving files + on btrfs. + + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, + glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, + glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, + glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, + glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + + Updated translations. + harfbuzz +- update to 3.4.0: + + Perform sanity checks on shaping results is now part of + “harfbuzz” library and can be enabled by setting the buffer + flag HB_BUFFER_FLAG_VERIFY + + Arabic Mark Transient Reordering Algorithm have been updated + to revision 6 + + ISO 15924 code for mathematical notation, ‘Zmth’, now maps to + the OpenType ‘math’ tag + + It is now possible to get at once all math kerning values for a + given glyph at a given corner + + Fix locale_t portability issues on systems the typedef’s it to + a void pointer + +- update to 3.3.2: + + Revert splitting of pair positioning values introduced in 3.3.0 + as it proved problematic +- includes changes from 3.3.1: + + Fix heap-use-after-free in harfbuzz-subset introduced in + previous release +- includes changes from 3.3.0: + + Improved documentation, code cleanup + + The low 16-bits of face index will be used by hb_face_create() + to select a face inside a font collection file format, while the + high 16-bits will be used by hb_font_create() to load the named + instance + + Glyph positions and other font metrics now apply synthetic slant + set by hb_font_set_synthetic_slant(), for improved positioning + for synthetically slanted fonts + + Fixed unintentional locale dependency in hb_variation_to_string() + for decimal point representation + + When applying pair positioning (kerning) the positioning value + is split between the two sides of the pair for improved cursor + positioning between such pairs + + Introduced new HB_GLYPH_FLAG_UNSAFE_TO_CONCAT, to be used in + conjunction with HB_GLYPH_FLAG_UNSAFE_TO_BREAK for optimizing + re-shaping during line breaking. Check the documentation for + further details + + Improved handling of macrolanguages when mapping BCP 47 codes + to OpenType tags + jasper +- bsc#1188437 CVE-2021-27845: Fix divide-by-zery in cp_create() + Add jasper-CVE-2021-27845.patch + kbd +- Fix build without %_distconfdir (see bsc#1195679) + kernel-default +- arch/x86/mm/numa: Do not initialize nodes twice (bsc#1195752 + bsc#1196248). +- commit a9cb651 + +- powerpc/64s/hash: Make hash faults work in NMI context + (bsc#1195655 ltc#1195655). +- commit 9801a29 + +- brcmfmac: firmware: Fix crash in brcm_alt_fw_path (bsc#1195501) +- commit 21498fa + +- Update kabi files. + Update after the nvme-fc map_queues callback addition. +- commit ba2de57 + +- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352) + Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch + Also update blacklist +- commit dd99303 + +- nvme-fc: add support for ->map_queues (bsc#1195823). +- commit f890a27 + +- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012). +- commit 5a50415 + +- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). +- commit a0f28e5 + +- Move upstreamed sound fix into sorted section +- commit 80571bb + libeconf +- Update to version 0.4.4+git20220104.962774f: + * Fixed i586 build (#158) + +- Update to version 0.4.2+git20220104.5dfd69d: + * Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) + +- Update to version libeconf-0.4.2+git20211111.c7a2c52: + * CMake fixes regarding document installation. + * Fixed different issues while writing string values to file. + * Writing comments to file too. + * Fixed memory leaks. + * Fixed crash while merging values. + +- Update to version 0.4.1+git20210709.cf671f2: + * CMake fixes regarding installation of econftool and man pages. + +- Update to version 0.4.0+git20210708.6918ea1: + * Fixed covscan FORWARD_NULL_issues warnings + +- Update to version 0.4.0+git20210707.537a8a: + * Fixed resource leaks found by Iker Pedrosa. + +- Removed doxygen from build requires. + +- Update to version 0.4.0+git20210413.fdb8025: + * Installing man pages via meson. (#147) + +- Update to version 0.4.0+git20210412.1513a26: + * Added econftool cat option (#146) + * new API call: econf_readDirsHistory (showing ALL locations) + * new API call: econf_getPath (absolute path of the configuration file) + +- Update to version 0.4.0+git20210408.6d33e5e: + * Man pages libeconf.3 and econftool.8. + * Handling multiline strings. + * Added libeconf_ext which returns more information like + line_nr, comments, path of the configuration file,... + * Econftool, an command line interface for handling configuration + files. + * Generating HTML API documentation with doxygen. + * Improving error handling and semantic file check. + * Joining entries with the same key to one single entry if + env variable ECONF_JOIN_SAME_ENTRIES has been set. + libpwquality +- Add python-rpm-macros to BuildRequires (boo#1194757). + librsvg +- Update to version 2.52.6: + + Fix incorrect text rendering when text has different scales in + the X/Y axes. This regressed after librsvg 2.52.5, when Pango + had to revert its fix for the same bug. Now librsvg renders all + text as paths, and does the scaling itself. Please file a bug + if you have evidence that this presents a performance problem + for you. + libzypp +- Hint on ptf<>patch resolver conflicts (bsc#1194848) +- version 17.29.5 (22) + pango +- Update to version 1.50.4: + + Tweak synthetic space size. + + itemize: Try harder to avoid NULL fonts. + + docs: Some additions. + + Pass synthetic slant to harfbuzz. + + Make sloped carets work with uneven scales. + + Fix serialiation on arm. + + Avoid an uninitialized variable warning. + + Reinstate previous behavior of pango_attr_list_splice. + + Deprecated pango_coverage_ref/unref. + + Fix serialization on non-glibc systems. + + Fix allow-breaks handling. + +- Update to version 1.50.3: + + pango-view: Add --serialize-to option for easy bug reporting. + + Revert a transformation change that broke metrics for vertical + text. + + Handle fonts without space glyph (such as icon fonts) better. + + Fix some corner cases of line width accounting. + + Fix line height with emulated Small Caps. + +- Update to version 1.50.2: + + Fix a problem with font fallback for Arabic. + + Fix handling of fonts without a space glyph. + + Various documentation improvements. + + Fix build issues. + +- Update to version 1.50.1: + + Fix a crash in tab handling. + + Fix tab positioning without line wrapping. + + Fix an assertion failure found by fuzzing. + + Make underlines work again for broken fonts. + +- Update to version 1.50.0: + + Fix glyph placement in gravity east + + Fix line heights in improper gravities + + Only shown selected ignorables with nicks + + Support tab alignments other than left + + Support custom decimal points on decimal tabs + + Fix a pango-view crash + + Optimize handling of many tabs + + Drop json-glib dependency +- Drop pkgconfig(json-glib-1.0) BuildRequires, no longer needed. + +- Update to version 1.49.4: + + Require fontconfig 2.13 + + Require harfbuzz 2.6 + + Many fixes to line breaking accuracy + + coretext: Correctly clamp text weights at min/max values + + Add serialization api for PangoLayout, PangoFont and + PangoAttrList + + Require json-glib + + tests: + - Use serialized layouts for test cases + - Include fonts in git + + pango-view: Accept serialized layouts + + Fix a rounding problem with font metrics + + Fix visible space display using ␣ +- Changes from version 1.49.3: + + Fix hinting of glyph metrics + + Fix logical glyph extents in vertical gravities + + Visualize more default-ignorable glyphs + + Fix advance widths in transformed contexts + + Implement Small Caps and other casing variations +- Changes from version 1.49.2: + + Update Unicode data to Unicode 14 + + Fix underlining of spaces + + Round font metrics when appropriate + + Fix some corner cases of cursor positioning + + Handle Catalan middle-dot in text segmentation +- Changes from version 1.49.1: + + Only recompute log attrs when needed + + Validate log attrs + + Fix conformance issues in Thai and Indic linebreaking + + Add pango_attr_break to support customizing line and word + breaks + + Add font-dependent baseline shifts and sizing for super- and + subscripts + + Improve hyphenation support + + pango-view: + - Visualize caret positions and slopes + - Show glyph rects + - Make --annotate easier to use + + Add pango_layout_get_caret_pos to support sloped carets + + Improve caret positioning for ligatures + + Better under- and overline placement + + layout: + - Allocate a bit less + - Fix cluster extents with rise + + Add pango_layout_iter_get_run_baseline + + Add pango_glyph_string_index_to_x_full + + coretext: Set size on font descriptions + + Add color information to PangoGlyphVisAttr +- Changes from version 1.49.0: + + Require fribidi 1.0.6 + + Fix threadsafety issues with Thai + + Fix a rounding problem on i386 + + Fix font choice for ellipsis + + New api: + - pango_font_get_languages + - Introspection helpers for attributes + + Ignore width in horizontal context when itemizing + + markup: + - Allow specifying size and rise in points + - Allow specifying size as percentage + + Rewrite pango_layout_move_cursor_visually + + Add a line-height attribute and make logical line extents + respect it + + Add pango_justify_last_line + + Add pango_shape_item + + Add a text-transform attribute and implement it + + Clean up fribidi api usage + + Fix a bug in the gravity data table + + pango-view: Improve the --annotate option + + Fix a possible crash in rendering strikethroughs +- Add pkgconfig(json-glib-1.0) BuildRequires, new dependency. + php7 +- security update +- added patches + fix CVE-2021-21708 [bsc#1196252], Use after free due to php_filter_float() failing for ints + + php7-CVE-2021-21708.patch + php7:apache2 +- security update +- added patches + fix CVE-2021-21708 [bsc#1196252], Use after free due to php_filter_float() failing for ints + + php7-CVE-2021-21708.patch + psmisc + * Determine the namespace of a process only once to speed + up the parsing of fdinfo (bsc#1194172). + +- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch python-pip +- Switch this package to use update-alternatives for all files + in %{_bindir} so it doesn't collide with the versions on + "the latest" versions of Python interpreter (jsc#SLE-18038, + bsc#1195831). + rpm-config-SUSE +- Remove definition of _distconfdir, as this should not be defined + for SLE-15. Else this will conflict with our non-usr-merged + environment and cause problems with transactional-update, openssh + and other packages (bsc#1195679) + s390-tools +- Added s390-tools-sles15sp4-zdev-modify-the-lsblk-output-parser-in-lszdev.patch + for bsc#1196255. Version 2.37+ of util-linux modified the output + characters of lsblk,which breaks the parser function. +- Added s390-tools-sles15sp4-zdev-Fix-path-resolution-for-multi-mount-point-file-.patch + for bsc#1196254. Path resolution fails when a device provides + multiple mount points such as, for example, when using btrfs + subvolumes, or when mounting the same file system at multiple + mount points. + sg3_utils +- Update to version 1.47+4.82fb156: + * rescan_scsi_bus.sh: restore numeric ordering of hosts (bsc#1196244) + systemd +- Fix a regression caused by the split of the sysusers config files shipped by + systemd (bsc#1196322) + Calls to %sysusers_create were not updated accordingly. + +- %_pam_vendordir is still wrong on SLE, let's define our own definition for + now. + +- Add in quarantine the following patches: + 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch + 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch + They might help with predictable network device naming issues. They will be + moved to the git repo if nothing wrong happens. + +- Import commit d150ab3db99dea63a546567b3227baf0d85e4265 (merge of v249.10) + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/26736aafa1df67d222fe46c54bf74b5c7a44d8a1...d150ab3db99dea63a546567b3227baf0d85e4265 + +- Import commit 26736aafa1df67d222fe46c54bf74b5c7a44d8a1 + 8973cb2462 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23866) + +- Fix build if %_distconfdir is not defined (see bsc#1195679) + +- Always create systemd-network system user, even if systemd-networkd is not + installed (bsc#1195559) +- Don't rely on %{_distconfdir}, it's broken on SLE (bsc#1195998) + webkit2gtk3:gtk3-soup2 +- Update to version 2.34.6: + + Fix accessibility not working when the Bubblewrap sandbox is + enabled. + + Fix rendering of scrollbars when overlay scrollbars are + disabled. + + Fix the build when the X11 support is disabled. + + Fix the build in a number of situations where the main OpenGL + library is not called libGL or libgl, as is the case on + systems that use libglvnd. + + Fix several crashes and rendering issues. + +- Update to version 2.34.5 (boo#1195735): + + Improve VP8 codec selection when using GStreamer 1.20. + + Fix connecting to the accessiblity bus when using the + Bubblewrap sandbox. + + Fix links being incorrectly activated when starting a pinch + zoom gesture. + + Fix touch-based scrolling. + + Fix the build with recent toolchains based on GCC 12 and on + older ones as included e.g. in Ubuntu 18.04. + + Fix the build with ICU 60, version 61 is no longer required. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592,. + + Drop webkit2gtk3-gcc12.patch: fixed upstream. + +- Update constraints for disk space even more, now at 20 gig. + +- Add webkit2gtk3-gcc12.patch: fix the build with gcc 12. +- Require glib2 2.44 to match source. + +- Update to version 2.34.4 (boo#1195064): + + Fix several crashes and rendering issues. + + This release fixes numerous security issues, including an + especially severe issue that allowed websites to read the names + of IndexedDB databases created by other websites. + + Security fixes: CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, + CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, + CVE-2022-22594. + +- Update _constraints, needs more disk space to build. + - CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, - CVE-2021-30897. + CVE-2021-30823, CVE-2021-30884, CVE-2021-30888, CVE-2021-30889, + CVE-2021-30897, CVE-2021-45481, CVE-2021-45483. - CVE-2021-30809, CVE-2021-30836. + CVE-2021-30809, CVE-2021-30836, CVE-2021-45482. - CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, - CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, - CVE-2021-30799. - + Changes in version 2.32.2: - + Improve calculation of initial WebKitWebView size. - + Fix kinetic scrolling on touchpad with async scrolling off. - + Fix a crash on empty drag operation in X11. - + Fix rendering on HiDPI /4k screen and scaling. - + Handle null native surface for for surfaceless rendering. - + Fix JavaScriptCore crash on 32-bit big endian systems. - + Fix several crashes and rendering issues. - + Security fixes: CVE-2021-30758. - + Changes in version 2.32.1: - + Support building against the Musl C library. - + Support building against ICU version 69 or newer. - + Improve handling of Media Capture devices. - + Improve WebAudio playback. - + Improve video orientation handling. - + Improve seeking support for MSE playback. - + Improve flush support in EME decryptors. - + Fix HTTP status codes for requests done through a custom URI - handler. - + Fix the Bubblewrap sandbox in certain 32-bit systems. - + Fix inconsistencies between the WebKitWebView.is-muted property - state and values returned by - webkit_web_view_is_playing_audio(). - + Fix the build with ENABLE_VIDEO=OFF. - + Fix wrong timestamps for long-lived cookies. - + Fix UI process crash when failing to load favicons. - + Fix several crashes and rendering issues. - + Updated translations. + CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, + CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, + CVE-2021-30799. -- Update to version 2.32.3 (boo#1188697): - + Properly set the cookies settings after a network process - crash. - + Fix accessibility tree after a cross site navigation with PSON - enabled. - + Ensure WebKitScriptWorld::window-object-cleared signal is - always emitted. - + Fix several crashes and rendering issues. - + Security fixes: CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, - CVE-2021-30665, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, - CVE-2021-30744, CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, - CVE-2021-30799. - - + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 + + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765, - CVE-2021-30682. + CVE-2021-30682. - CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, - CVE-2021-21806. + CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870, + CVE-2021-21806. - CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, - CVE-2021-30661. + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, + CVE-2021-30661. - ++ Security fixes: CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, + + Security fixes: CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, - CVE-2021-30666, CVE-2021-30761. + CVE-2021-30666, CVE-2021-30761. yast2 +- do not strip surrounding white space in CDATA XML elements (bsc#1195910) +- 4.4.45 + +- Keep the user defined $Y2STYLE and $XCURSOR_THEME environment + variables, allow changing the installer theme via these + environment variables (related to jsc#SLE-20547) +- 4.4.44 + yast2-installation +- LSM: Adjusted installation summary labels (bsc#1196013). +- 4.4.41 + yast2-schema-default +- Added fcoe-client schema (bsc#1194895) +- 4.4.11 + zypper +- info: print the packages upstream URL if available (fixes #426) +- info: Fix SEGV with not installed PTFs (bsc#1196317) +- Don't prevent less restrictive umasks (bsc#1195999) +- version 1.14.52 +