Packages changed: GraphicsMagick (1.3.38 -> 1.3.39) ImageMagick SDL2 (2.26.1 -> 2.26.2) apache2-mod_php8 (8.1.13 -> 8.1.14) blog busybox (1.35.0 -> 1.36.0) busybox-links (1.35.0 -> 1.36.0) eog (43.1 -> 43.2) evolution (3.46.2 -> 3.46.3) evolution-data-server (3.46.2 -> 3.46.3) evolution-ews (3.46.2 -> 3.46.3) gcc11 gnome-maps (43.2 -> 43.3) gnome-software (43.2 -> 43.3) gvfs (1.50.2 -> 1.50.3) hidapi (0.12.0 -> 0.13.0) hunspell (1.7.1 -> 1.7.2) hwinfo (22.1 -> 22.2) libadwaita (1.2.0 -> 1.2.1) libheif (1.14.1 -> 1.14.2) libopenmpt (0.6.6 -> 0.6.7) libqt5-qtscript mailutils mailx openvpn php8 (8.1.13 -> 8.1.14) postgresql ppp procps psmisc python-greenlet qemu sendmail snapper syslogd sysvinit yast2-installation (4.5.11 -> 4.5.12) yast2-trans (84.87.20230101.7fa7ea8642 -> 84.87.20230109.3afefde4ef) === Details === ==== GraphicsMagick ==== Version update (1.3.38 -> 1.3.39) Subpackages: libGraphicsMagick++-Q16-12 libGraphicsMagick-Q16-3 libGraphicsMagick3-config - version update to 1.3.39 Special Issues: * GraphicsMagick really does need some additional productive volunteers. For several years now, the burden has entirely been on me (Bob Friesenhahn). I have been sheparding the project for 20 years already (and contributed to ImageMagick and GraphicsMagick combined for 26 years already). It is not reasonable to expect someone with a full time job (and expecting to retire in a few years) to do all of the work. Security Fixes: * GraphicsMagick is participating in Google's oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Security Fixes: * oss-fuzz: Several security fixes originating from oss-fuzz testing. * ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(), replace sprintf() with snprintf(). Prefer using bounded string functions. This change is made for the purpose of increasing safety than to address any existing demonstrated concern. Bug fixes: * Coverity: Several fixes for issues found by Coverity to reduce the number of reported issues back down to zero. * Clang Analyzer 12: Fix most discovered issues. * PNG: Fix possible use of uninitialized 'ping_num_trans' value in ReadOnePNGImage(). * MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile. * MNG: Fix heap-use-after-free in CloseBlob. * MNG: Fix indirect leak in MagickMallocCleared(). * PS: Assure that 'bounds' structure is initialized. * EPT: Assure that 'bounds' structure is initialized. * HEIF: If heif_image_handle_get_metadata_size() returns 0, then carrying on with reading image data. * configure.ac: Fix Bashism in maintainer-mode check. * TGA: Remove a defective validation of comment length, which blocked reading some sample TGA files from the "Encyclopedia Of Graphics File Formats" book. Monochromatic bilevel TGA can now be read and written. TGA "Footers" are now read and used when logging as well as converted to Image attributes. * WebP: Add configure.ac updates to check for libsharpyuv so that builds with the development version work again. * Visual Studio Build (VisualMagick): Fix project file generation. Improve portability of code for configure.exe. * Fixed mixed encoding (non-UTF-8) errors in text and source files. * DrawPrimitive(): Fix composition using "0,0" for image size. This became broken in GraphicsMagick 1.3.36. * Blob API: Fixed SEEK_END validation. SEEK_END was not used before, but now it is. New Features: * AVIF: Support reading AVIF via libheif if it supports decoding AVIF (still no writer support). * LOG: Added function IsEventLogged() to report if a particular event will be logged. Us this as much as possible throughout the software to replace use of IsEventLogging(). This avoids a possible performance hit if any logging is enabled at all and logging statements are executed which are filtered and produce no output. * FITS: Support storing multiple scenes in one file (non-standard extension). * JPEG: Optionally enable arithmetic coder in JPG images using '-define jpeg:arithmetic-coding=true'. * JPEG: Add support for reading deep gray images. * HEIF: Support reading ICC color profiles. * Produce ASCII armored ".asc" format GPG signature files. * Support reading directly from .bz2, .gz, .svgz, and .Z files (without creating a temporary file), if possible. API Updates: * Magick++: Provide a version of Image::colorMapSize() which is a 'const' method. Continue to provide the non-const version in order to avoid an ABI change. The compiler should choose the appropriate version. Feature improvements: * HTML documentation generation based on Docutils is significantly updated and improved. * PerlMagick: Added more sample input files and changed many reader tests to use hash signature rather than comparison to reduce the distribution size. * Blob: The ReadBlobString() function has been re-written to perform better when reading from files. * JXL: The JXL coder is updated to compile with what will likely become JXL 0.8.0. Support for 16-bit 'short' samples, 16-bit 'float' samples, and 32-bit float samples added. Support for reading and writing ICC, EXIF, and XMP profiles added. * MIME: GM "magick" to MIME mappings have been added for apng, avif, bmp, ico, and webp (regardless of if they are supported). * XPM: The XPM reader performance is dramatically improved and is observed to be 32x faster when reading a medium-sized XPM file (e.g. the GraphicsMagick logo). * XPM: Support reading "deep" images with more pallete entries than the maximum colormap size. Windows Delegate Updates/Additions: * Update bundled libjasper to version 1.900.26. Please note that 4.0.0 is the latest version at this time and fixes a great many security and stability issues which are present in 1.900.26. * Update bundled libjpeg to version 9e. ... changelog too long, skipping 7 lines ... - Enable JPEG-XL on Tumbleweed. ==== ImageMagick ==== Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagickCore-7_Q16HDRI10 libMagickWand-7_Q16HDRI10 - Enable JPEG-XL on Tumbleweed. ==== SDL2 ==== Version update (2.26.1 -> 2.26.2) - Update to release 2.26.2 * Fixed long delay at startup when a Razer keyboard is connected * Fixed not receiving SDLK_5 or SDL_SCANCODE_5 when using the AZERTY keyboard layout on Linux - Enable libsamplerate and libdecor components - Remove unused tslib build requirement ==== apache2-mod_php8 ==== Version update (8.1.13 -> 8.1.14) - version update to 8.1.14 * This is a security release. * fixed: CVE-2022-31631 [bsc#1206958] * https://www.php.net/ChangeLog-8.php#8.1.14 ==== blog ==== Subpackages: blog-plymouth libblogger2 - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== busybox ==== Version update (1.35.0 -> 1.36.0) Subpackages: busybox-static - Update to version 1.36.0 - awk: fix use after free (CVE-2022-30065) - various fixes for ash, bc, cut, fbset, kbuild, libbb, mkfs.vfat, mv, powertop, sed, sort, taskset, top, udhcpc6, unzip, vi, xxd - improvements in ash, cmp, crond, devmem, ed, fbset, fdisk, ls, xargs, pkill - new applets added: seedrng, tree, tsort - Adjust busybox.config for new features - ash: enable sleep built-in - enable new applets: seedrng, tree, tsort - enable SHA hardware acceleration - try LOOP_CONFIGURE for losetup/loop mounts, but fall back to LOOP_SET_FD + LOOP_SET_STATUS if not supported - drop e63d7cdf.patch (fix for CVE-2022-30065), included upstream ==== busybox-links ==== Version update (1.35.0 -> 1.36.0) Subpackages: busybox-bzip2 busybox-coreutils busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-psmisc busybox-sed busybox-sendmail busybox-tar busybox-util-linux busybox-which busybox-xz - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== eog ==== Version update (43.1 -> 43.2) - Update to version 43.2: + Bug fixes and improvements: Avoid critical warnings when saving images on exit. + Updated translations. ==== evolution ==== Version update (3.46.2 -> 3.46.3) Subpackages: evolution-plugin-spamassassin - Update to version 3.46.3: + Fix few memory leaks + EMailReader: Correct sensitivity of toolbar buttons + Add Interlingue translation into the list of supported locales + Bugs fixed: - e_task_table_get_selected: Skip non-existent comp_data - Calendar: Unset "Show Event Preview" shortcut - Duplicate attachments when forwarding - MarkdownEditor: Correct signature boundary start on text insert - RSS: Crash when reading feed with empty author - itip-formatter: iframe height miscalculated without frame flattening - Composer: Spell checking is auto-enabled on mode change + Updated translations. ==== evolution-data-server ==== Version update (3.46.2 -> 3.46.3) Subpackages: libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 - Update to version 3.46.3: + Fix a crash under source_registry_object_added_no_owner() + ESoupAuthBearer: Add debug prints + Bugs fixed: - e_util_change_uri_component: Reset default port when changing scheme - Prompting for password too often + Updated translations. ==== evolution-ews ==== Version update (3.46.2 -> 3.46.3) - Update to version 3.46.3: + ecb_ews_get_timezone: Check for non-NULL `tzid` to avoid runtime warning + Updated translations. ==== gcc11 ==== - Don't rely on %usrmerged, set it based on standard %suse_version ==== gnome-maps ==== Version update (43.2 -> 43.3) - Update to version 43.3: + Fix blurry shape layers on zoom. + Fix user location accuracy marker positioning. + Various other bug fixes. + Updated translations. ==== gnome-software ==== Version update (43.2 -> 43.3) Subpackages: gnome-software-plugin-packagekit - Update to version 43.3: + Periodically expire cached app icons. + Stop notifying about unprepared critical updates. + Updated translations. ==== gvfs ==== Version update (1.50.2 -> 1.50.3) Subpackages: gvfs-backend-afc gvfs-backend-samba gvfs-backends gvfs-fuse - Update to version 1.50.3: + dav: Prevent usage of NULL when user is not specified. + ftp: Fix hangs when the connection is released. + fuse: Decrease file handle reference when open file fail. + sftp: PATH-expand the ssh client. + test: Several smaller enhancements. + backend: Add support for xx-large and x-large thumbnails. + goa: Prevent automounts when resuming from suspension. + Updated translations. ==== hidapi ==== Version update (0.12.0 -> 0.13.0) - update to 0.13.0: * general: add hid_get_device_info (#432); * general: Meson build script (as a wrapper over CMake) (#410); * general: add HID Bus Type in hid_device_info (#308); * libusb: primary usage_page/usage is now available with hid_get_device_info regardless of the compilation flags; * hidraw: Open files with O_CLOEXEC to not leak fds to child processes (#446); * hidraw: add support for HID over SPI (#486); * cmake: libusb: Ensure Iconv is found when provided via CFLAGS/LDFLAGS (#430); ==== hunspell ==== Version update (1.7.1 -> 1.7.2) Subpackages: hunspell-tools libhunspell-1_7-0 - update to 1.7.2: * Crash fixes, code clean-up in ~200 commits * tdf#136306 don't accept/suggest typos as 3-or-more-word compound words * Prepare optional spelling mode of LibreOffice to not accept/suggest not dictionary-based words as compound words * Merge in weblate translations ==== hwinfo ==== Version update (22.1 -> 22.2) Subpackages: libhd22 - merge gh#openSUSE/hwinfo#126 - create xen usb controller device if necessary (bsc#1204294) - 22.2 ==== libadwaita ==== Version update (1.2.0 -> 1.2.1) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.2.1: + AdwActionRow: Fix spacing after removing all prefixes/suffixes + AdwAvatar: Correctly redraw on custom image changes + AdwEntryRow: - Respect use-markup property - Fix error/warning/success styles - Fix spacing after removing all prefixes/suffixes + AdwExpanderRow: Fix spacing after removing all prefixes/suffixes + AdwFlap: Fix natural width with fold-policy=never + AdwMessageDialog: Fix focus styles in RTL + AdwPreferencesWindow: Fix a memory leak + AdwSplitButton: Don't make dropdown insensitive when the button is + AdwTabBar: - Fix focus handling - Fix autoscroll for non-local drags + AdwToastOverlay: Clarify documentation + AdwViewSwitcherBar: Fix typos in examples + AdwViewSwitcherTitle: Fix typos in examples + Stylesheet: Fix GtkSpinButton inside toolbars + Updated translations. ==== libheif ==== Version update (1.14.1 -> 1.14.2) Subpackages: gdk-pixbuf-loader-libheif libheif1 - update to v1.14.2: * A function name typo in the C++ wrapper was corrected in v1.14.1, but the old function name should not have been removed from the API * (ColorProfile_nclx::set_color_primaries()). The old name is added to the API again in this release. ==== libopenmpt ==== Version update (0.6.6 -> 0.6.7) - Update to 0.6.7 * IT: In sample mode, portamento to a different sample turns off the filter if cutoff / resonance was previously 127 / 0. * S3M Detect files saved with Graoumf Tracker instead of claiming they were made with OpenMPT 4.47. * S3M: Pattern loop state was not propagated anymore since libopenmpt 0.6.0, leading to wrong song length calculation and SB0 + SBx being located on different channels not working properly anymore. ==== libqt5-qtscript ==== - Update to version 5.15.12+kde0, rebased upstream: * No code changes - Commits dropped by the rebase: * Bump version to 5.15.10 * Blacklist two tests that fail on macOS ARM * Bump version from 5.15.8 to 5.15.9 ==== mailutils ==== Subpackages: libmailutils9 - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== mailx ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== openvpn ==== - bsc#1123557: --suppress-timestamps isn't needed by default. ==== php8 ==== Version update (8.1.13 -> 8.1.14) Subpackages: php8-cli php8-ctype php8-dom php8-gd php8-gettext php8-iconv php8-mbstring php8-mysql php8-openssl php8-pdo php8-sqlite php8-tokenizer php8-xmlreader php8-xmlwriter - version update to 8.1.14 * This is a security release. * fixed: CVE-2022-31631 [bsc#1206958] * https://www.php.net/ChangeLog-8.php#8.1.14 ==== postgresql ==== Subpackages: postgresql-contrib postgresql-server - bsc#1206796: Refine the distinction of where to use sysusers and use bcond to have the expression only in one place. - riscv64 does not have llvm support yet, adapt the %postgresql_has_llvm macro accordingly. ==== ppp ==== - Migration of PAM settings to /usr/lib/pam.d. ==== procps ==== Subpackages: libprocps8 - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== psmisc ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== python-greenlet ==== - Add sphinx-6.0.0.patch to make it work with new version of Sphinx. ==== qemu ==== Subpackages: qemu-arm qemu-audio-spice qemu-block-curl qemu-block-nfs qemu-block-rbd qemu-chardev-spice qemu-guest-agent qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-ipxe qemu-ksm qemu-tools qemu-ui-curses qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios - install binfmt-misc handlers for systemd (bsc#1206838) ==== sendmail ==== Subpackages: libmilter1_0 - Migration of PAM settings to /usr/lib/pam.d. ==== snapper ==== Subpackages: libsnapper6 snapper-zypp-plugin - Replace transitional %usrmerged macro with regular version check (boo#1206798) - call generic plugins before and after the action ==== syslogd ==== Subpackages: klogd syslog-service - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== sysvinit ==== - Replace transitional %usrmerged macro with regular version check (boo#1206798) ==== yast2-installation ==== Version update (4.5.11 -> 4.5.12) - yupdate - added suport for patching the D-Installer (bsc#1206927) - 4.5.12 ==== yast2-trans ==== Version update (84.87.20230101.7fa7ea8642 -> 84.87.20230109.3afefde4ef) Subpackages: yast2-trans-af yast2-trans-ar yast2-trans-bg yast2-trans-bn yast2-trans-bs yast2-trans-ca yast2-trans-cs yast2-trans-cy yast2-trans-da yast2-trans-de yast2-trans-el yast2-trans-en_GB yast2-trans-es yast2-trans-et yast2-trans-fa yast2-trans-fi yast2-trans-fr yast2-trans-gl yast2-trans-gu yast2-trans-hi yast2-trans-hr yast2-trans-hu yast2-trans-id yast2-trans-it yast2-trans-ja yast2-trans-jv yast2-trans-ka yast2-trans-km yast2-trans-ko yast2-trans-lo yast2-trans-lt yast2-trans-mk yast2-trans-mr yast2-trans-nb yast2-trans-nl yast2-trans-pa yast2-trans-pl yast2-trans-pt yast2-trans-pt_BR yast2-trans-ro yast2-trans-ru yast2-trans-si yast2-trans-sk yast2-trans-sl yast2-trans-sr yast2-trans-sv yast2-trans-ta yast2-trans-th yast2-trans-tr yast2-trans-uk yast2-trans-vi yast2-trans-wa yast2-trans-xh yast2-trans-zh_CN yast2-trans-zh_TW yast2-trans-zu - Update to version 84.87.20230109.3afefde4ef: * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Added translation using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Added translation using Weblate (Georgian)