Packages changed: brltty evolution icu (73.1 -> 73.2) libevdev (1.13.0 -> 1.13.1) librsvg libwebp nghttp2 (1.53.0 -> 1.54.0) nodejs20 (20.3.0 -> 20.3.1) open-vm-tools openexr (3.1.7 -> 3.1.8) python-gobject subversion tiff (4.5.0 -> 4.5.1) zlib-ng-compat (2.0.7 -> 2.1.2) === Details === ==== brltty ==== Subpackages: brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-speech-dispatcher brltty-driver-xwindow brltty-lang libbrlapi0_8 python3-brlapi system-user-brltty xbrlapi - Use conditionals for sysusers_requires to allow quilt setup - Remove workarounds for old TCL - Enable parallel build again - Don't use %tmpfiles_create_package anymore. This macro cannot work on transactional systems. However this macro was supposed to be used only when the tmpfiles stuff was needed in advance, which doesn't seem to be the case for brltty. ==== evolution ==== Subpackages: evolution-lang evolution-plugin-spamassassin - Add abdcc5af227972da8db1731f05e66a14eb4f6656.patch: fix "HTML attachment viewport is tiny" (glgo#GNOME/evolution#2400). ==== icu ==== Version update (73.1 -> 73.2) Subpackages: libicu73 libicu73-ledata - Update to release 73.2 * CLDR extends the support for “short” Chinese sort orders to cover some additional, required characters for Level 2. This is carried over into ICU collation. * ICU has a modified character conversion table, mapping some GB18030 characters to Unicode characters that were encoded after GB18030-2005. - Delete icu-UCHAR-uint16t.patch (merged) ==== libevdev ==== Version update (1.13.0 -> 1.13.1) Subpackages: libevdev-tools libevdev2 - update to 1.13.1: * include: sync event codes with kernel 6.2 * CI fixes ==== librsvg ==== Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0 - Use %build_rustflags instead of the deprecated %__default_rustflags macro. Requires at least cargo-packaging 1.2.0+3 (boo#1212333). ==== libwebp ==== Subpackages: libsharpyuv0 libwebp7 libwebpdemux2 libwebpmux3 - Add libwebp-double-free.patch: Avoid a double free, upstream commit a486d800 (bsc#1210212 CVE-2023-1999). ==== nghttp2 ==== Version update (1.53.0 -> 1.54.0) - update to 1.54.0: * nghttpx: Consistent error handling and use of high-level API * h2load: Fix http3 upload stall * h2load: Use std::chrono::steady_clock for quic timestamp ==== nodejs20 ==== Version update (20.3.0 -> 20.3.1) Subpackages: npm20 - Update to version 20.3.1 (security fixes only). The following CVEs are fixed in this release: * (CVE-2023-30581, bsc#1212574): mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * (CVE-2023-30584, bsc#1212575): Path Traversal Bypass in Experimental Permission Model (High) * (CVE-2023-30587, bsc#1212576): Bypass of Experimental Permission Model via Node.js Inspector (High) * (CVE-2023-30582, bsc#1212577): Inadequate Permission Model Allows Unauthorized File Watching (Medium) * (CVE-2023-30583, bsc#1212578): Bypass of Experimental Permission Model via fs.openAsBlob() (Medium) * (CVE-2023-30585, bsc#1212579): Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * (CVE-2023-30586, bsc#1212580): Bypass of Experimental Permission Model via Arbitrary OpenSSL Engines (Medium) * (CVE-2023-30588, bsc#1212581): Process interuption due to invalid Public Key information in x509 certificates (Medium) * (CVE-2023-30589, bsc#1212582): HTTP Request Smuggling via Empty headers separated by CR (Medium) * (CVE-2023-30590, bsc#1212583): DiffieHellman does not generate keys after setting a private key (Medium) ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - Fix (bsc#1212143) - (CVE-2023-20867) - VUL-0: CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module + Add patch: 2023-20867-Remove-some-dead-code.patch ==== openexr ==== Version update (3.1.7 -> 3.1.8) Subpackages: libIex-3_1-30 libIlmThread-3_1-30 libOpenEXR-3_1-30 - update to 3.1.8: * Support for DWA compression in OpenEXRCore * Fix OSS-fuzz 59070 Stack-buffer-overflow in DwaCompressor_readChannelRules ==== python-gobject ==== Subpackages: python311-gobject python311-gobject-Gdk python311-gobject-cairo - Add %{?sle15_python_module_pythons}: build additional python flavors besides the 'default' when building for SLE15. ==== subversion ==== Subpackages: libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion-bash-completion subversion-perl - Update _constraints to avoid some aarch64 workers for subversion:testsuite to avoid to hang ==== tiff ==== Version update (4.5.0 -> 4.5.1) - Update to version 4.5.1: * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c * Do not install libtiff-4.pc when tiff-install is reset. * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW. * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts. * CMake: make WebP component name compatible with upstream ConfigWebP.cmake * CMake: make Findliblzma with upstream CMake config file * CMake: FindDeflate.cmake: fix several errors (issue #526). * CMake: FindLERC.cmake: version string return added. * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN. * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets. * Improve internal IFD offset and directory number map handling. * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux. * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484). * tif_ojpeg.c: checking for division by zero (fixes issue #554). * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548). * Fixed runtime error: applying zero offset to null pointer in countInkNamesString(). * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory. * tif_luv: check and correct for NaN data in uv_encode() (issue #530). * TIFFClose() avoid NULL pointer dereferencing (issue #515). * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick. * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513). * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343). * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo(). * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548). - Drop no longer needed patches: * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch * tiff-CVE-2022-48281.patch * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch ==== zlib-ng-compat ==== Version update (2.0.7 -> 2.1.2) - Update to version 2.1.2: * Many improvements to the CMake scripts. * Improved support for detecting memory alignment functions. * Improved support for unaligned access by letting the compiler promote code to unaligned if supported by the CPU. * Remove x86 cpu feature detection for TZCNT, safely fallback to BSF. * Enable using AVX512 intrinsics with GCC <9. * Decompression is a lot faster (56% faster measured on AVX2-capable x86-64) * Compresson is improved for Level 9, at the cost of a little performance. * Compression is improved for Level 3, by switching from deflate_fast to deflate_medium. * Levels 3 and 4 have been reconfigured to provide a better gradual tradeoff for speed/compression between levels 2 and 5. * Deflate_quick (Level 1) has been improved to default to a bigger windowsize and support changing the window size like the other levels. * Deflate_rle has been optimized with its own compare_256 implementation. * Adler32 implementation using AVX512, AVX512-VNNI, VMX. * CRC32-B implementation using VPCLMULQDQ & IBM-Z. * Slide hash implementation using VMX. * Compare256 implementations using SSE2, Neon, & POWER9. * Inflate chunk copying using SSSE3 & VSX.