Packages changed: argyllcms (2.1.2 -> 2.2.0) c-ares ghostscript irqbalance libqt5-qtwebengine (5.15.5 -> 5.15.6) libsrtp2 (2.4.0 -> 2.4.1) patterns-base util-linux util-linux-systemd === Details === ==== argyllcms ==== Version update (2.1.2 -> 2.2.0) - Update to version 2.2.0: * Added native i1Pro3 and i1Pro3 Plus driver. * Fix bug in applycal.c where it gets an "Error - Write file: 1, icmTextDescription_write: ascii string is shorter" error on replacing one calibration with another. * Improved i1pro & Munki patch recognition to work much more reliably with a slow swipe speed. * Fixed oeminst to work with spyder V5.5. setup.exe * Fixed bug in oemdld that prevented HTML encoded characters in download file decoding properly, which prevented certain filenames from working. * Fixed bug in ccxxmake -S -f where save error wasn't being fully reported, and display technology presence check was faulty. * Fixed typo in display technology, VPA -> PVA. * Made Klein K10A "Lights Off" command timeout a soft error. For some reason this command doesn't seem to be implemented on some K10A's. * Added CIE dE2000 to spotread output. * Fixed accidental global "wrl" in gamut/gamut.h that cases compile warnings. * For more see http://www.argyllcms.com/doc/ChangesSummary.html - Drop argyllcms--gcc--fno-common.patch (upstreamed with exception of static declaration of struct huft, which is not required). ==== c-ares ==== - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ==== ghostscript ==== - CVE-2021-3781.patch fixes CVE-2021-3781 Trivial -dSAFER bypass cf. https://bugs.ghostscript.com/show_bug.cgi?id=704342 (bsc#1190381) ==== irqbalance ==== - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ==== libqt5-qtwebengine ==== Version update (5.15.5 -> 5.15.6) - Update to version 5.15.6: * Update Chromium: + [Backport] CVE-2021-30560: Use after free in Blink XSLT + [Backport] CVE-2021-30566: Stack buffer overflow in Printing + [Backport] CVE-2021-30585: Use after free in sensor handling + Bump V8_PATCH_LEVEL + [Backport] Security bug 1228036 + [Backport] CVE-2021-30604: Use after free in ANGLE + [Backport] CVE-2021-30603: Race in WebAudio + [Backport] CVE-2021-30602: Use after free in WebRTC + [Backport] CVE-2021-30599: Type Confusion in V8 + [Backport] CVE-2021-30598: Type Confusion in V8 + [Backport] Security bug 1227933 + [Backport] Security bug 1205059 + [Backport] Security bug 1184294 + [Backport] Security bug 1198385 + [Backport] CVE-2021-30588: Type Confusion in V8 + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows + [Backport] CVE-2021-30573: Use after free in GPU + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL + [Backport] CVE-2021-30541: Use after free in V8 + [Backport] Security bugs 1197786 and 1194330 + [Backport] Security bug 1194689 + [Backport] CVE-2021-30563: Type Confusion in V8 + [Backport] Security bug 1211215 + [Backport] Security bug 1209558 + [Backport] CVE-2021-30553: Use after free in Network service + [Backport] CVE-2021-30548: Use after free in Loader + [Backport] CVE-2021-30547: Out of bounds write in ANGLE + [Backport] CVE-2021-30556: Use after free in WebAudio + [Backport] CVE-2021-30559: Out of bounds write in ANGLE + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker + [Backport] Security bug 1202534 + [Backport] CVE-2021-30536: Out of bounds read in V8 + [Backport] CVE-2021-30522: Use after free in WebAudio + [Backport] CVE-2021-30554 Use after free in WebGL + [Backport] CVE-2021-30551: Type Confusion in V8 + [Backport] CVE-2021-30544: Use after free in BFCache + [Backport] CVE-2021-30535: Double free in ICU + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio + [Backport] CVE-2021-30523: Use after free in WebRTC + Generate mojo bindings before compiling extension API registration * Bump version from 5.15.5 to 5.15.6 * Always send phased wheel events beginning with Began - Import patch from the chromium package: * 0001-return-ENOSYS-for-clone3.patch - Add changes from the chromium package to 0001-Fix-build-with-glibc-2.34.patch ==== libsrtp2 ==== Version update (2.4.0 -> 2.4.1) - Update to release 2.4.1 * Use a full-length key even with null ciphers ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Fix typo in the icon name for the fips pattern (bsc#1189550) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. ==== util-linux-systemd ==== - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. - login.pamd: use pam_motd to unify motd handling [bsc#1185897]. Else motd snippets of e.g. cockpit will not be shown.