Packages changed: atkmm1_6 ca-certificates (2+git20210723.27a0476 -> 2+git20211004.3efbea9) flatpak (1.11.3 -> 1.12.1) fwupd (1.5.8 -> 1.6.2) gjs glibmm2_4 (2.66.1 -> 2.66.2) gnome-branding-MicroOS gnome-shell gnome-shell-extensions libaom (3.1.2 -> 3.1.3) librsvg (2.52.0 -> 2.52.1) libzypp-plugin-appdata open-vm-tools (11.3.0 -> 11.3.5) pam-config (1.4 -> 1.5) pangomm1_4 xdg-desktop-portal (1.10.0 -> 1.10.1) xfsprogs === Details === ==== atkmm1_6 ==== - turn off doc build, it does not work with new doxygen ==== ca-certificates ==== Version update (2+git20210723.27a0476 -> 2+git20211004.3efbea9) - Update to version 2+git20211004.3efbea9: * Ensure --root option propagates prefix properly to other scripts ==== flatpak ==== Version update (1.11.3 -> 1.12.1) Subpackages: libflatpak0 system-user-flatpak - Update to version 1.12.1: + The security fix in the 1.12.0 release failed when used with some older versions of libseccomp (that don't know about the new syscalls). - Update to version 1.12.0: + This is the first stable release in the 1.12.x series. The major changes in this series is the support for better control of sub-sandboxes, as used by the steam flatpak. + In addition, this release fixes a security vulnerability in the portal support. Some recently added syscalls were not blocked by the seccomp rules which allowed the application to create sub-sandboxes which can confuse the sandboxing verification mechanisms of the portal. This has been fixed by extending the seccomp rules (boo#1191507, CVE-2021-41133) + Some test fixes + Support for specifying the flatpak binary to use during exports + Install translations for all languages in the locale, not just the ones in LC_MESSAGES. + Fix progress reporting in flatpak fsck + Handle cases where /var/tmp is a symlink + Expose /etc/gai.conf to the sandbox + Fix the parental control checks for root + Handle missing /etc/ld.so.cache (musl) + Updated translations ==== fwupd ==== Version update (1.5.8 -> 1.6.2) Subpackages: libfwupd2 typelib-1_0-Fwupd-2_0 - Update to version 1.6.2 - The fwupd efi program be separated to fwupd-efi package. - Removed pesign-obs-integration, moved needssslcertforbuild , SBAT and EFI signing stuff to fwupd-efi. - Moved libfwupdplugin1 to libfwupdplugin2 - Change log from upstream: https://github.com/fwupd/fwupd/blob/main/data/org.freedesktop.fwupd.metainfo.xml - This release adds the following features: * Add a plugin to check Lenovo firmware settings * Add initial support for the powerd daemon * Add support for CapsuleOnDisk * Add support for installing UEFI updates from GRUB * Add support for soft-requirements that can be ignored with --force * Allow devices to only accept version upgrades * Allow discovery of Redfish BMCs specified by VID-PID or MAC * Allow the daemon to request interactive action from the end user * Automatically connect the BMC network interface at startup * Show the build timestamp if set on the device * Show the user how to switch out of Wacom tablet Android-mode - This release fixes the following bugs: * Add the alternate vendor name into the 8BitDo allowlist * Allow multiple devices to set WAIT_FOR_REPLUG * Allow the client to watch for more property changes * Always ensure the SuperIO version string is NUL terminated * Automatically clear the update error as required * Disable all UX capsules for Lenovo hardware * Do not assume the metainfo file is NUL-terminated * Do not save invalid files on LVFS server error * Fix a VLI regression in enumerating the PD device * Fix a VLI regression when installing VL820Q7 firmware * Fix enumeration of the Synaptics Prometheus config child * Fix parsing Redfish USB/PCI network VID/PIDs * Fix the fwupdmgr progressbar spinner to actually work * Fix version number for legacy Wacom Bluetooth modules * Ignore virtual M.2 ATA devices * Preserve NEEDS_REBOOT on successful update * Prevent a corrupt PHAT table from allocating lots of memory * Read the Redfish SMBIOS table when required * Remove the vendor string from the device name where required * Save the update state to the database correctly all of the time * Switch from sysctl to ioctl for ESRT on FreeBSD * Try reading from /sys/class/dmi if SMBIOS direct access fails * Watch for children added or removed after setup has been completed * Work around a XCC-ism on Lenovo hardware - This release adds support for the following hardware: * ModemManager devices supporting Firehose or MBIM QDU * More models of RTS54HUB * More Poly DFU devices * Parade LSPCON * PixArt receiver and wireless hardware * Realtek MST with RTD2142 * SuperIO IT5570 * USB4 Dell dock ==== gjs ==== Subpackages: libgjs0 typelib-1_0-GjsPrivate-1_0 - Add upstream crash fixer patches from stable branch: + b9e122044a7ccc1e2a3374c680b6ea82066bfa59.patch: arg: Replace gsize with size_t + 62025d4a2738a36ea5f1a7cebef08b22b5eef613.patch: Handle optional out parameters in callbacks - Stop disabling lto: Following this, stop passing dtrace=true and systemtap=true to meson, aswell as dropping systemtap-sdt-devel BuildRequires, follow upstream default. - Add optional pkgconfig(gtk4) BuildRequires: meson checks for it. ==== glibmm2_4 ==== Version update (2.66.1 -> 2.66.2) Subpackages: libgiomm-2_4-1 libglibmm-2_4-1 - Update to version 2.66.2: + Glib, Gio: Replace all g_quark_from_static_string() by g_quark_from_string() + Gio: - FileEnumerator: Remove refreturn to avoid memory leak - ListModel::get_object(): Make it work for interface classes + Build: MSVC build: Remove extraneous GLIBMM_API in Glib::ustring ==== gnome-branding-MicroOS ==== - Use "Text Editor" instead of the less-supported "gEdit" ==== gnome-shell ==== Subpackages: gnome-shell-calendar - Add 380d2db1d9047ecffcef7d78f00184963b403efc.patch: inputMethod: Clear preeditStr before reset. Previously, these were performed in a different order before GNOME 41. During some other changes they were swapped. However, this causes both GTK 3 and GTK 4 applications to scroll to incorrect positions from the preedit change. ==== gnome-shell-extensions ==== Subpackages: gnome-shell-classic gnome-shell-extensions-common - Update sle-classic to version 41 + Update gse-sle-classic-ext.patch + Update sle-classic@suse.com.tar.gz ==== libaom ==== Version update (3.1.2 -> 3.1.3) - Update to version 3.1.3: * Update CHANGELOG for v3.1.3-rc2 * Detect chroma subsampling more directly * Detect chroma subsampling more directly * image2yuvconfig() should calculate uv_crop_width * aom/aom_encoder.h: remove configure option reference * aom_encoder.h: fix rc_overshoot_pct range * Update AUTHORS,CHANGELOG,CMakeLists.txt for v3.1.3 * aom_install: don't exclude msvc from install * aom_install: use relpath for install * aom_install: Install lib dlls to bindir ==== librsvg ==== Version update (2.52.0 -> 2.52.1) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0 - Update to version 2.52.1: + Fix ordering of tspan inside text elements for right-to-left languages. + Fix text-anchor positioning for right-to-left languages. + Fix regression in computing sizes when an SVG has only one of width/height and a viewBox. + Spec compliance - the writing-mode property applies only to text elements, no to individual tspan elements. + Fix build on big-endian platforms. + Clarify documentation for the rsvg_handle_write() / rsvg_handle_close() deprecated APIs. ==== libzypp-plugin-appdata ==== - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_appstream-sync-cache.service.patch ==== open-vm-tools ==== Version update (11.3.0 -> 11.3.5) Subpackages: libvmtools0 - Update to 11.3.5 (build 18557794) (boo#1190987) + New/Updated features: - Added a configurable logging capability to the network script. The network script has been updated to: use vmware-toolbox-cmd to query any network logging configuration from the tools.conf file. Use vmtoolsd --cmd "log ..." to log a message to the vmx logfile when the logging handler is configured to "vmx" or when the logfile is full or is not writeable. - The hgfsmounter (mount.vmhgfs) command has been removed from open-vm-tools. The hgfsmounter (mount.vmhgfs) command is no longer used in Linux open-vm-tools. It has been replaced by hgfs-fuse. Therefore, removing all references to the hgfsmounter in Linux builds. + Resolved issues: - Customization: Retry the Linux reboot if telinit is a soft link to systemctl. - Open-vm-tools commands would hang if configured with "--enable-valgrind". + Spec file updates for: - rpmlint errors - arg_xmlsec1 --enable-xmlsec1 for better xmlsec1/libxml2 handling. ==== pam-config ==== Version update (1.4 -> 1.5) - Update to Version 1.5 - Don't print an error message if one of the systemd PAM modules does not exist if creating the *-pc files [bsc#1191528] - Drop pam_systemd_home again [bsc#1191528] ==== pangomm1_4 ==== - turn off doc build, it does not work with new doxygen ==== xdg-desktop-portal ==== Version update (1.10.0 -> 1.10.1) - Update to version 1.10.1: + Revert a breaking change to the screencast and inhibit portal. ==== xfsprogs ==== - move fsck.xfs, mkfs.xfs and xfs_repair from /sbin to /usr/sbin (bsc#1191105) The default rpmbuild %configure macro passes --sbindir=/usr/sbin to every configure script, but the xfsprogs configure script ignores it when --exec-prefix is also set. Unset --exec-prefix since it is not really required (all other paths are explicitly passed via the rpm configure macro), so that the --sbindir is respected.