Packages changed: libbpf (1.0.1 -> 1.1.0) libqt5-qtwebengine (5.15.11 -> 5.15.12) librepo (1.14.5 -> 1.15.1) vim (9.0.1075 -> 9.0.1107) zvbi (0.2.38 -> 0.2.39) === Details === ==== libbpf ==== Version update (1.0.1 -> 1.1.0) - update to v1.1.0: User space-side features and APIs: * user-space ring buffer (BPF_MAP_TYPE_USER_RINGBUF) support; * new documentation page listing all recognized SEC() definitions; * BTF dedup improvements: * unambiguous fwd declaration resolution for structs and unions; * better handling of some corner cases with identical structs and arrays; * mixed enum and enum64 forward declaration resolution logic; * bpf_{link,btf,pro,mapg}_get_fd_by_id_opts() and bpf_get_fd_by_id_opts() APIs; * libbpf supports loading raw BTF for BPF CO-RE from known search paths; * support for new cgroup local storage (BPF_MAP_TYPE_CGRP_STORAGE); * libbpf will only add BPF_F_MMAPABLE flag for data maps with global (i.e., non-static) vars; * latest Linux UAPI headers with lots of changes synced into include/uapi/linux. BPF-side features and APIs; * BPF_PROG2() macro added that supports struct-by-value arguments; * new BPF helpers: * bpf_user_ringbuf_drain(); * cgrp_storage_get() and cgrp_storage_delete(). Bug fixes * better handling of padding corner cases; * btf__align_of() determines packed structs better now; * improved handling of enums of non-standard sizes; * USDT spec parsing improvements; * overflow handling fixes for ringbufs; * Makefile fixes to support cross-compilation for 32-bit targets; * fix crash if SEC("freplace") programs don't have attach_prog_fd set; * better handling of file existence checks when running as non-root with enhanced capabilities; * a bunch of small fixes: * ELF handling improvements; * fix memory leak in USDT argument parsing logic; * fix NULL dereferences in few corner cases; * improved netlink attribute iteration handling. - drop libbpf-Use-elf_getshdrnum-instead-of-e_shnum.patch, libbpf-Fix-use-after-free-in-btf_dump_name_dups.patch, libbpf-Fix-memory-leak-in-parse_usdt_arg.patch libbpf-Fix-null-pointer-dereference-in-find_prog_by_.patch (upstream) ==== libqt5-qtwebengine ==== Version update (5.15.11 -> 5.15.12) - Update to version 5.15.12: * Bump version to 5.15.12 * Update Chromium: * Bump V8_PATCH_LEVEL * Fixup for patch for CVE-2022-3200 on OpenSuse 15.1 * Fixup the patch for CVE-2022-3200 on 87-based / 5.15 * [Backport] CVE-2022-3038: Use after free in Network Service * [Backport] CVE-2022-3040: Use after free in Layout * [Backport] CVE-2022-3041: Use after free in WebSQL * [Backport] CVE-2022-3046: Use after free in Browser Tag * [Backport] CVE-2022-3075: Insufficient data validation in Mojo * [Backport] CVE-2022-3196: Use after free in PDF * [Backport] CVE-2022-3197: Use after free in PDF * [Backport] CVE-2022-3198: Use after free in PDF * [Backport] CVE-2022-3199: Use after free in Frames. * [Backport] CVE-2022-3200: Heap buffer overflow in Internals * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2) * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2) * [Backport] CVE-2022-3304: Use after free in CSS * [Backport] CVE-2022-3370: Use after free in Custom Elements * [Backport] CVE-2022-3373: Out of bounds write in V8 * [Backport] CVE-2022-3445: Use after free in Skia. * [Backport] CVE-2022-3446 and CVE-2022-35737 * [Backport] CVE-2022-3885: Use after free in V8 * [Backport] CVE-2022-3887: Use after free in Web Workers * [Backport] CVE-2022-3889: Type Confusion in V8 * [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad * [Backport] CVE-2022-4174: Type Confusion in V8 * [Backport] CVE-2022-4180: Use after free in Mojo * [Backport] CVE-2022-4181: Use after free in Forms * [Backport] CVE-2022-4262: Type Confusion in V8 * [Backport] Security bug 1356308 * [Backport] Security bug 1378916 * [Backport] Security bugs 1346938 and 1338114 ==== librepo ==== Version update (1.14.5 -> 1.15.1) - update to 1.15.1: * Add API support for waiting on network in an event driven manner * OpenPGP API extension and fixes - lincense updated to LGPL-2.1-or-later ==== vim ==== Version update (9.0.1075 -> 9.0.1107) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1107, fixes the following problems * build fails if the compiler doesn't allow for a declaration right after "case". * ASAN complains about NULL argument. * Can add text property with negative ID before virtual text property. * With the +vartabs feature indent folding may use wrong 'tabstop'. * Leaking memory when defining a user command fails. * The "kitty" terminfo entry is not widespread, resulting in the kitty terminal not working properly. * Using "->" with split lines does not always work. * Some jsonc files are not recognized. * Empty and comment lines in a class cause an error. * Code handling low level MS-Windows events cannot be tested. * Compiler warns for uninitialized variable. * Display wrong in Windows terminal after exiting Vim. * Autocommand test sometimes fails. * Clang warns for unused variable. * unnessary assignment * FHIR Shorthand files are not recognized. * Assignment to non-existing member causes a crash. (Yegappan Lakshmanan) * Search error message doesn't show used pattern. * Using freed memory of object member. (Yegappan Lakshmanan) * Compiler warning when HAS_MESSAGE_WINDOW is not defined. * Using freed memory when declaration fails. (Yegappan Lakshmanan) * Reallocating hashtab when the size didn't change. * Tests are failing. * Code uses too much indent. * Trying to resize a hashtab may cause a problem. ==== zvbi ==== Version update (0.2.38 -> 0.2.39) - update to 0.2.39: * Updates to remove compiler warnings during tests. * Allow autogen.sh and configure to run separately by default. * Add Georgian language translation po files.