Packages changed: accountsservice bluez canna kdevelop5 kio libktorrent libnl3 libopenmpt (0.5.10 -> 0.5.11) libzypp (17.28.0 -> 17.28.1) open-iscsi ruby-common ruby3.0 umbrello usbredir (0.9.0 -> 0.11.0) virtualbox virtualbox-kmp xfsprogs (5.12.0 -> 5.13.0) yast2-add-on (4.4.0 -> 4.4.1) === Details === ==== accountsservice ==== Subpackages: accountsservice-lang libaccountsservice0 typelib-1_0-AccountsService-1_0 - Update harden_accounts-daemon.service.patch: Do not proect home directories: the accounts daemon is used to create home directories upon user creation (boo#1189853). ==== bluez ==== Subpackages: libbluetooth3 - add fedora's patches 0002-Use-g_memdup2-everywhere.patch and 0005-media-rename-local-function-conflicting-with-pause-2.patch to fix compatibility problems with newer glib and glibc ==== canna ==== - Added hardening to systemd service(s). Modified: * canna.service ==== kdevelop5 ==== Subpackages: kdevelop5-lang kdevplatform kdevplatform-lang libkdevplatform56 - Disable build for archs missing qtwebengine. ==== kio ==== Subpackages: kio-core kio-lang - Move the designer plugin to the main package, it's used in applications like KMail through QFormBuilder ==== libktorrent ==== Subpackages: libKF5Torrent6 libktorrent-lang - Disable lto for ppc64 builds. ==== libnl3 ==== Subpackages: libnl-config libnl3-200 - Add 0001-route-link-add-RTNL_LINK_REASM_OVERLAPS-stat.patch [boo#1189451] ==== libopenmpt ==== Version update (0.5.10 -> 0.5.11) - Update to 0.5.11: * [Sec] Possible crash with malformed modules when trying to access non-existent plugin slots FX251-FX255. * [Sec] Possible read beyond sample start after swapping to a sample with loop points set but not loop enabled. * [Sec] Fixed various possible crashes with malformed MMCMP files. * [Sec] MED: Possible read past end of sequence name (stack-allocated, so relatively unlikely to result in a crash). * Fixed excessive memory usage with files claiming to have an extremely high rows per beat count while also using tempo swing. Maximum rows per beat are now limited to 65536. * STP: Avoid creating thousands of patterns when loading malformed files even though no more pattern data can be read. ==== libzypp ==== Version update (17.28.0 -> 17.28.1) - Fix crashes in logging code when shutting down (bsc#1189031) - version 17.28.1 (22) ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Merged latest upstream, which includes: * iscsid: set PR_SET_IO_FLUSHER (bsc#1188869) ==== ruby-common ==== - Do not create links in /etc/alternatives at all - they are ghosts and rpm database will only be confused if we have some wrong information about them (the link target is defined at runtime) This aligns with ruby2.7 package to avoid file conflicts about bundler and other built in gems ==== ruby3.0 ==== Subpackages: libruby3_0-3_0 - Do not create links for /etc/alternatives at all but rely on rpm's %ghosts being creating at runtime in %post This aligns ruby3.0 with ruby2.7 and ruby-common ==== umbrello ==== Subpackages: umbrello-lang - Remove the kdevelop build dependencies for archs missing qtwebengine. ==== usbredir ==== Version update (0.9.0 -> 0.11.0) Subpackages: libusbredirhost1 libusbredirparser1 - Update to version 0.11.0 - Avoid use-after-free in serialization (CVE-2021-3700, bsc#1189491) - Add local directory to include search path for meson - Fix generated by meson libusbredirhost.pc - Remove upstreamed patches - meson-Fix-include-directories-needed-to-build.patch - meson-Fix-pkgconfig-required-library-name-reference.patch - usbredir-CVE-2021-3700.patch - add patch usbredir-CVE-2021-3700.patch fix use-after-free in usbredirparser_serialize (CVE-2021-3700,bsc#1189491) ==== virtualbox ==== Subpackages: virtualbox-guest-tools virtualbox-guest-x11 - Patch build to work with the Leap 15.4 kernel. File "fixes_for_leap15.4.patch" as added. ==== virtualbox-kmp ==== - Patch build to work with the Leap 15.4 kernel. File "fixes_for_leap15.4.patch" as added. ==== xfsprogs ==== Version update (5.12.0 -> 5.13.0) Subpackages: libhandle1 xfsprogs-scrub - update to v5.13.0: - mkfs: validate rtextsz hint when rtinherit is set - xfs_repair: invalidate dirhash when junking dirent - xfs_repair: validate inherited rtextsz hint alignmt - xfs_quota: allow truncate of grp & prj quota files - xfs_io: allow callers to dump fs stats individually - xfs_io: don't count fsmaps before querying fsmaps - xfs_io: print header once when dumping fsmap in csv - xfs_io: clean up the funshare command a bit - xfs_io: fix broken funshare_cmd usage - libxfs changes merged from kernel 5.13 ==== yast2-add-on ==== Version update (4.4.0 -> 4.4.1) - Improve UX by using a less misleading message when repo URL is unknown (bsc#1188635). - 4.4.1