Packages changed: adobe-sourcesans3-fonts (3.046 -> 3.052) gdb glibc ibus ibus_gtk4 libXpm (3.5.14 -> 3.5.15) lua54 open-vm-tools poppler (23.03.0 -> 23.04.0) poppler-qt5 (23.03.0 -> 23.04.0) python-pytz (2023.2 -> 2023.3) wireplumber (0.4.13 -> 0.4.14) wsdd xf86-input-libinput (1.2.1 -> 1.3.0) yast2-snapper (4.6.0 -> 4.6.1) zlib-ng-compat (2.0.6 -> 2.0.7) === Details === ==== adobe-sourcesans3-fonts ==== Version update (3.046 -> 3.052) - Update to 3.052: * Adds Medium weight requested by user. (GitHub issue #253) * Updates the design of several glyphs to arrive at more compact vertical metrics ==== gdb ==== - Fix license, again (bsc#1210081). ==== glibc ==== Subpackages: glibc-extra glibc-lang glibc-locale glibc-locale-base nscd - getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) ==== ibus ==== Subpackages: ibus-dict-emoji ibus-gtk ibus-gtk3 ibus-lang libibus-1_0-5 typelib-1_0-IBus-1_0 - Fix key typing order * This prevents that keys get stuck in games with wine/proton (steam) * Added ibus-fix-key-release.patch ==== ibus_gtk4 ==== - Fix key typing order * This prevents that keys get stuck in games with wine/proton (steam) * Added ibus-fix-key-release.patch ==== libXpm ==== Version update (3.5.14 -> 3.5.15) - n_no-compress-on-sle.patch * we can't handle .Z files, since we don't have ncompress package on SLE; so disable this feature as before (bsc#1207031) - BuildRequires * removed again ncompress * added again autoconf, automake, libtool - run again autoreconf due to patch above - update to 3.5.15: * Use gzip -d instead of gunzip * Prevent a double free in the error code path * Fix CVE-2022-4883: compression commands depend on $PATH * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * test: add test cases for CVE-2022-44617 (zero-width w/enormous height) * Fix CVE-2022-46285: Infinite loop on unclosed comments * test: add test case for CVE-2022-46285 (unclosed comments) * cxpm: getc/ungetc wrappers should not adjust position when c == EOF * test: Add unit tests using glib framework * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * man pages: Apply standard man page style/formatting * man pages: Replace "See Also" entries with more useful ones * man pages: Fix typos and other minor editing - drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, U_regression-bug1207029_1207030_1207031.patch U_regression2-bug1207029_1207030_1207031.patch: upstream - switch urls to https - spec file cleanups - add gpg keyring validation ==== lua54 ==== - Added more numbered patches from upstream: * luabugs11.patch ==== open-vm-tools ==== Subpackages: libvmtools0 open-vm-tools-desktop - As per jsc-PED-1344, update spec file to only build the containerinfo plugin for TW/SLES 15 SP5 and newer. ==== poppler ==== Version update (23.03.0 -> 23.04.0) Subpackages: libpoppler-cpp0 libpoppler-glib8 poppler-tools - update to 23.04.0: * Fix memory issue when signing fails. Issue #1372 * Internal improvements of signature related code * CairoOutputDev: improve type3 font rendering * Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle * pdftocairo: Fix crash in some special situations * pdfsig: allow holes in -dump signature list * pdfsig: Support --help ==== poppler-qt5 ==== Version update (23.03.0 -> 23.04.0) - update to 23.04.0: * Fix memory issue when signing fails. Issue #1372 * Internal improvements of signature related code * CairoOutputDev: improve type3 font rendering * Fix memory leak in GlobalParams::findSystemFontFileForFamilyAndStyle * pdftocairo: Fix crash in some special situations * pdfsig: allow holes in -dump signature list * pdfsig: Support --help ==== python-pytz ==== Version update (2023.2 -> 2023.3) - update to 2023.3: * Update to IANA 2023c ==== wireplumber ==== Version update (0.4.13 -> 0.4.14) Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang - Update to version 0.4.14: * Additions - Add support for managing Bluetooth-MIDI, complementing the parts that were merged in PipeWire recently. - Add a default volume configuration option for streams whose volume has never been saved before; that allows starting new streams at a lower volume than 100% by default, if desired. - Add support for managing link errors and propagating them to the client(s) involved. This allows better error handling on the application side in case a format cannot be negotiated - useful in video streams. - snd_aloop devices are now described as being "Loopback" devices. - ALSA nodes in the pro audio profile now get increased graph priority, so that they are more likely to become the driver in the graph. - Add support for disabling libcamera nodes & devices with node.disabled and device.disabled, like it works for ALSA and V4L2. - Drop reduce-meson-required-version.patch: openSUSE Leap 15.3 is no longer supported. - Drop patches already included upstream: * 0001-alsa-monitor-handle-snd_aloop-devices-better.patch * 0001-spa-json-make-sure-we-only-add-encoded-string-data.patch * 0001-m-lua-scripting-ignore-string-integer-table-keys-when-constructing-a-JSON-Array-Object.patch ==== wsdd ==== - Fix previous change: really limit the forced change to python 3.10 on suse_version <= 1500 (up to SLE/Leap 15); newer products already use python 3.10 (or newer) as default. ==== xf86-input-libinput ==== Version update (1.2.1 -> 1.3.0) - Update to version 1.3.0 The main feature in this version is support for the new 'custom' pointer acceleration profile in libinput 1.23.0. This acceleration profile is quite flexible, so it is exposed via several properties: - "libinput Accel Custom Fallback Points" and "libinput Accel Custom Fallback Step" - "libinput Accel Custom Motion Points" and "libinput Accel Custom Motion Step" - "libinput Accel Custom Scroll Points" and "libinput Accel Custom Scroll Points" For details on what these mean, please see the man page and the libinput documentation: https://wayland.freedesktop.org/libinput/doc/latest/pointer-acceleration.html In addition, the "libinput Accel Profiles Available" and "libinput Accel Profile Enabled" properties have been expanded to 3 values. For backwards compatibility, the "libinput Accel Profile Enabled" continues to support setting 2 values only. ==== yast2-snapper ==== Version update (4.6.0 -> 4.6.1) - Fixed translations: Moved variable message part out of _(...) (bsc#1209956) - 4.6.1 ==== zlib-ng-compat ==== Version update (2.0.6 -> 2.0.7) - Update to 2.0.7: * Fix CVE-2022-37434 #1328 * Fix chunkmemset #1196 * Fix deflateBound too small #1236 * Fix Z_SOLO #1263 * Fix ACLE variant of crc32 #1274 * Fix inflateBack #1311 * Fix deflate_quick windowsize #1431 * Fix DFLTCC bugs related to adler32 #1349 and #1390 * Fix warnings #1194 #1312 #1362 * MacOS build fix #1198 * Add invalid windowBits handling #1293 * Support for Force TZCNT #1186 * Support for aligned_alloc() #1360 * Minideflate improvements #1175 #1238 * Dont use unaligned access for memcpy #1309 * Build system #1209 #1233 #1267 #1273 #1278 #1292 #1316 #1318 #1365 * Test improvements #1208 #1227 #1241 #1353 * Cleanup #1266 * Documentation #1205 #1359 * Misc improvements #1294 #1297 #1306 #1344 #1348 * Backported zlib fixes * Backported CI workflows from Develop branch - Drop upstream patches: * 1297.patch * 0001-Add-one-extra-byte-to-return-value-of-compressBound-.patch