Packages changed: SVT-AV1 (0.8.7 -> 0.9.0) ell (0.46 -> 0.48) ethtool (5.15 -> 5.16) gstreamer-plugins-bad iputils keylime libimobiledevice (1.3.0+git.20200910 -> 1.3.0+git.20210921) libplist neon (0.32.1 -> 0.32.2) polkit toolbox util-linux (2.37.2 -> 2.37.3) webkit2gtk3 webkit2gtk3-soup2 wireplumber (0.4.6 -> 0.4.7) xen yast2 (4.4.39 -> 4.4.42) === Details === ==== SVT-AV1 ==== Version update (0.8.7 -> 0.9.0) - Update to 0.9.0 * New faster presets M9-M12, M12 reaching similar complexity level to that of x264 veryfast * New multi-pass and single pass VBR implementation minimizing the quality difference vs CRF while reducing the cycle overhead * Quality vs density tradeoffs improvements across all presets in CRF mode * Added support for CRF with capped bitrate * Added support for overlay frames and super resolution * Fixed film grain synthesis bugs * Added experimental support for > 4k resolutions * Added experimental support for the low delay prediction structure * Significant memory reduction especially for faster presets in a multi-threaded environment * API configuration structure cleanup removing all invalid or out of date parameters * Speedup legacy CPUs for faster development by adding SSE code for corresponding C-kernels * Updated the code license from BSD 2-clause to BSD 3-clause clear ==== ell ==== Version update (0.46 -> 0.48) - update to 0.48: * Fix issue with memory leaking from ICMPv6 RA. * Fix issue with memory leaking from DHCP leases. * Fix issue with NULL terminating of Base64 encoding. ==== ethtool ==== Version update (5.15 -> 5.16) - update to upstream release 5.16 * Feature: use memory maps for module EEPROM parsing (-m) * Feature: show CMIS diagnostic information (-m) * Fix: fix dumping advertised FEC modes (--show-fec) * Fix: ignore cable test notifications from other devices (--cable-test) * Fix: do not show duplicate options in help text (--help) ==== gstreamer-plugins-bad ==== Subpackages: libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstcodecs-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstplayer-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstvulkan-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Add some conditionals to build as many plugins as possible in SLE-15-SP4 and move all conditional logic to the beginning of the spec file using bcond_with/without. ==== iputils ==== - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ==== keylime ==== Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Set /var/lib/keylime under the same permissions expected by the code ==== libimobiledevice ==== Version update (1.3.0+git.20200910 -> 1.3.0+git.20210921) - Add python-rpm-macros to BuildRequires (boo#1194755). - Update to version 1.3.0+git.20210921: * Remove common code in favor of new libimobiledevice-glue * tools: idevicebackup2: Exit on service startup failure and improve error messages * idevice: Reset receive length variable in internal_ssl_read retry loop and fix wrong variable in debug message * lockdown: Get DeviceClass to make sure OS version dependent code is executed correctly * Handle error cases in relevant code when retrieving pair record fails * common: Return proper error codes from userpref_read_pair_record * Add support for MbedTLS * idevice: Make sure to handle timeout condition for network connections too * installation_proxy: Ignore non-status messages instead of terminating loop * mobilesync: Set DeviceLink version to 400 to support iOS 14b4+ * tools/idevicecrashreport: Fix illegal filenames on Windows * tools: Fix entering recovery mode on iOS 14.5+ which now requires a pairing * tools: Fix delays in idevicedebugserverproxy when using SSL * debugserver: Return success when a receive timed out but actualy bytes have been read * idevice: Allow partial reads in idevice_connection_receive_timeout() and handle timeouts more adequate * Fixed bytes/strings checks in lockdown.pxi for compatibility with Python2/3 * Fixed bytes/strings check in imobiledevice.pyx for compatibility with Python2/3 * Fixed debugserver.pxi PyString_AsString compatibility with Python3 * Fixed AFC afc.pxi definitions for Python2/3 compatibility. Added missing public method 'remove_path_and_contents' * ideviceprovision: Fix date output by adding MAC_EPOCH * docs: Improve --quiet command line switch description in idevicesyslog man page * idevicescreenshot: Choose a better filename, prevent overwriting existing files * idevicedebug: Add --detach option to start an app and exit idevicedebug without killing the app * idevicebackup2: Handle DLMessagePurgeDiskSpace by sending back error code * idevicebackup2: Update errno to device error mapping * idevice: Handle -EAGAIN in case usbmuxd_send() returns it * idevicebackup2: Don't fail on restore when source backup doesn't have any application info ==== libplist ==== - Add python-rpm-macros to BuildRequires (boo#1194756). ==== neon ==== Version update (0.32.1 -> 0.32.2) - update to 0.32.2: * Fix auth handling for request-target of "*" ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 typelib-1_0-Polkit-1_0 - Switch from mozjs to duktape: * Add duktape-support.patch - Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568) CVE-2021-4034-pkexec-fix.patch ==== toolbox ==== - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ==== util-linux ==== Version update (2.37.2 -> 2.37.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - update to 2.37.3 (bsc#1194976): This release fixes two security mount(8) and umount(8) issues: * CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. * CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_1-0 libwebkit2gtk-4_1-0 webkit2gtk-4_1-injected-bundles - Add webkit2gtk3-gcc12.patch: fix the build with gcc 12. - Require glib2 2.44 to match source. ==== webkit2gtk3-soup2 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Add webkit2gtk3-gcc12.patch: fix the build with gcc 12. - Require glib2 2.44 to match source. ==== wireplumber ==== Version update (0.4.6 -> 0.4.7) Subpackages: libwireplumber-0_4-0 wireplumber-audio - Update to version 0.4.7: * Fixed a regression in 0.4.6 that caused the selection of the default audio sources and sinks to be delayed until some event, which effectively caused losing audio output in many circumstances (glfo#pipewire/wireplumber#148, glfo#pipewire/wireplumber#150, glfo#pipewire/wireplumber#151, glfo#pipewire/wireplumber#153) * Fixed a regression in 0.4.6 that caused the echo-cancellation pipewire module (and possibly others) to not work * A default sink or source is now not selected if there is no available route for it (glfo#pipewire/wireplumber#145) * Fixed an issue where some clients would wait for a bit while seeking (glfo#pipewire/wireplumber#146) * Fixed audio capture in the endpoints-based policy * Fixed an issue that would cause certain lua scripts to error out with older configuration files (glfo#pipewire/wireplumber#158) - Drop patches already included upstream: * 0001-policy-node-schedule-rescan-without-timeout-if-defined-target-is-not-found.patch * 0002-policy-node-find-best-linkable-if-default-one-cannot-be-linked.patch - Add patch from upstream to fix selection of Pro Audio nodes as default nodes: * 0001-default-nodes-handle-nodes-without-Routes.patch ==== xen ==== - bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393) xsa393.patch - bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS Xen while unmapping a grant (XSA-394) xsa394.patch - bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of passed-through device IRQs (XSA-395) xsa395.patch - bsc#1191668 - L3: issue around xl and virsh operation - virsh list not giving any output libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch ==== yast2 ==== Version update (4.4.39 -> 4.4.42) - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40