Packages changed: chromium (80.0.3987.149 -> 81.0.4044.92) gdm gstreamer-plugins-bad libzypp (17.23.2 -> 17.23.4) python-pycups (1.9.73 -> 1.9.74) ruby2.5 (2.5.7 -> 2.5.8) xfce4-settings (4.14.2 -> 4.14.3) xfdesktop xfwm4 (4.14.0 -> 4.14.1) yast2 (4.2.81 -> 4.2.82) zbar (0.10_2013_02_28 -> 0.23) zypper (1.14.35 -> 1.14.36) === Details === ==== chromium ==== Version update (80.0.3987.149 -> 81.0.4044.92) - Update to 81.0.4044.92 bsc#1168911: * CVE-2020-6454: Use after free in extensions * CVE-2020-6423: Use after free in audio * CVE-2020-6455: Out of bounds read in WebSQL * CVE-2020-6430: Type Confusion in V8 * CVE-2020-6456: Insufficient validation of untrusted input in clipboard * CVE-2020-6431: Insufficient policy enforcement in full screen * CVE-2020-6432: Insufficient policy enforcement in navigations * CVE-2020-6433: Insufficient policy enforcement in extensions * CVE-2020-6434: Use after free in devtools * CVE-2020-6435: Insufficient policy enforcement in extensions * CVE-2020-6436: Use after free in window management * CVE-2020-6437: Inappropriate implementation in WebView * CVE-2020-6438: Insufficient policy enforcement in extensions * CVE-2020-6439: Insufficient policy enforcement in navigations * CVE-2020-6440: Inappropriate implementation in extensions * CVE-2020-6441: Insufficient policy enforcement in omnibox * CVE-2020-6442: Inappropriate implementation in cache * CVE-2020-6443: Insufficient data validation in developer tools * CVE-2020-6444: Uninitialized Use in WebRTC * CVE-2020-6445: Insufficient policy enforcement in trusted types * CVE-2020-6446: Insufficient policy enforcement in trusted types * CVE-2020-6447: Inappropriate implementation in developer tools * CVE-2020-6448: Use after free in V8 - Add new patches: * chromium-81-gcc-constexpr.patch * chromium-81-gcc-noexcept.patch * fix-vaapi-with-glx.patch - Remove no longer needed patches: * chromium-80-gcc-abstract.patch * chromium-80-gcc-incomplete-type.patch * chromium-80-gcc-permissive.patch * chromium-80-include.patch * chromium-80-unbundle-libxml.patch * chromium-missing-cstddef-header.patch * chromium-missing-cstdint-header.patch * chromium-missing-cstring-header.patch * chromium-missing-cstring-header2.patch * chromium-system-icu.patch * chromium-unbundle-zlib.patch * webrtc-pulse.patch - Rebase patches: * build-with-pipewire-0.3.patch * chromium-vaapi-fix.patch * chromium-vaapi.patch * gpu-timeout.patch * old-libva.patch - Update to 80.0.3987.162 bsc#1168421: * CVE-2020-6450: Use after free in WebAudio. * CVE-2020-6451: Use after free in WebAudio. * CVE-2020-6452: Heap buffer overflow in media. - Rebase build-with-pipewire-0.3.patch in order to fix patch collision. - Add chromium-missing-cstdint-header.patch, chromium-missing-cstring-header.patch, chromium-missing-cstring-header2.patch and chromium-missing-cstddef-header.patch in order to fix boo#1167465. - Use a symbolic icon for GNOME - Add patch to allow building with pipewire 0.3: * build-with-pipewire-0.3.patch - Use pipewire in Leap 15.2 ==== gdm ==== Subpackages: gdm-lang gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 - Add gdm-look-for-session-based-on-pid-first.patch: Look for session based on pid first, then fall back to the uid based approach (bsc#1159950, glgo#GNOME/gdm#526). ==== gstreamer-plugins-bad ==== Subpackages: gstreamer-plugins-bad-lang libgstadaptivedemux-1_0-0 libgstbadaudio-1_0-0 libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstisoff-1_0-0 libgstmpegts-1_0-0 libgstphotography-1_0-0 libgstsctp-1_0-0 libgsturidownloader-1_0-0 libgstwayland-1_0-0 libgstwebrtc-1_0-0 - Enable chromaprint plugin on SLE (jsc#SLE-11723). ==== libzypp ==== Version update (17.23.2 -> 17.23.4) - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - version 17.23.4 (22) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - version 17.23.3 (22) ==== python-pycups ==== Version update (1.9.73 -> 1.9.74) - Package /usr/lib/rpm/postscriptdriver.prov again, in the new "cups-rpm-helper" subpackage (bsc#735865). The file hasn't been packaged any more after the switch from python-cups to python-pycups (sr#502741). * removed revert-postscriptdriver.prov-py3.patch (we use python3 now) - Update to version 1.9.74 * no changelog provided ==== ruby2.5 ==== Version update (2.5.7 -> 2.5.8) Subpackages: libruby2_5-2_5 ruby2.5-stdlib - Update to 2.5.8 (boo#1167244 boo#1168938) - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix) - CVE-2020-10933: Heap exposure vulnerability in the socket library https://github.com/ruby/ruby/compare/v2_5_7...v2_5_8 - drop CVE-2020-8130.patch and rake-12.3.0.gem: included upstream ==== xfce4-settings ==== Version update (4.14.2 -> 4.14.3) Subpackages: xfce4-settings-lang - Update to version 4.14.3 * display: Allow resizing of minimal dialog (bxo#15450) * display: Use proper fallback configuration on "apply" and "toggle off" (bxo#16476) * keyboard: Fix crash when editing shortcut (bxo#15958) * keyboard: Fix log flood (bxo#16521) * settings-manager: Make sure content determines size * xfsettingsd: Handle failure to get Xkl engine for display (bxo#16017) * Translation Updates ==== xfdesktop ==== Subpackages: xfdesktop-lang - Add xfce-backdrop.patch for bxo#16314 - Possible memory leak in xfdesktop when connecting and disconnecting DP monitor. ==== xfwm4 ==== Version update (4.14.0 -> 4.14.1) Subpackages: xfwm4-lang - Update to version 4.14.1 * Restore ?Always below? menu options (bxo#15884) * Fix a crash with GL or high CPU usage without any monitor (bxo#15852) * Fix raise delay (bxo#15974) * Fix translucent wireframe repaint (bxo#15966) * Fix hostname not showing initially when running apps remotely (bxo#15984) * Avoid drawing server-side shadows on maximized windows (bxo#16381) * Add keywords to settings dialogs desktop definitions (bxo#16621) * Fix Dnd of decoration buttons with embedded settings dialog (bxo#13861) * Blacklist SVGA3D GL renderer (bxo#16274) * Fix window title alignment (bxo#16067) * Restore window state when moving a maximized window (bxo#16348) * Fix pointer interactions with clients grabbing the pointer (bxo#16347) * Fix GTimeVal deprecation (bxo#16644) * Fix window selection vs. hovering in tabwin (bxo#16382) * Improve vblank mode auto-selection (GL/XPresent) * Fix transients pulling their parents from lower layers (bxo#15891) * Translation Updates ==== yast2 ==== Version update (4.2.81 -> 4.2.82) Subpackages: yast2-logs - Remove ip aliases that were marked to be deleted from the interface configuration files (bsc#1146020) - 4.2.82 ==== zbar ==== Version update (0.10_2013_02_28 -> 0.23) - Remove references to Qt4 from zbar-qt pkgconfig file (#62), add 0001-Create-correct-pkconfig-file-for-zbar-qt5.patch - Update to version 0.23: * Support for Gtk3 (backward support with Gtk2 will be maintained. * Support for Python 3 (backward support with Python2 will be maintained); * Support for ZBar Gtk GObject Introspection (GIR). That allows using ZBar Gtk3 widgets on any language that it is compatible with GIR, including python 2 and python 3. - Switch from ImageMagick to GraphicsMagick, the latter has significantly less build dependencies. As it is only used by the zbarimg tool to load images, this does not affect users of the zbar library. - Update URL tag to point to the current upstream location - Update to version 0.22: * zbarcam-qt: allow changing resolutions in real time * zbarcam-qt: better support ZBar options * zbarcam-qt: do several visual improvements * zbarcam-qt: make it remember the geometry * zbarcam-qt: allow show/hide control and options bars * zbarcam-qt: remember lastly used settings and camera controls * zbarcam-qt: allow changing ZBar decode options via GUI * Add API to allow get/set resolutions * img_scanner: add handler for color-inverted codes * img_scanner: fix get_config parameter validation * scan_video: improve logic to remove duplicated/invalid devnodes * symbol.c: fix symbol hash logic (prevents crash with QR options) * configure.ac: fix an error at libv4l2 package check * fix some typos * exit gracefully when decoding split QR codes - Use gcc7 in SLE_12 - Update to version 0.21: * zbarcam-qt: allow selecting codes via GUI interface * When both enabled, ISBN-13 has precedence over ISBN-10 * ZBar is now using Travis CI for continuous integration tests * Convert INSTALL and README to markdown and update them * Improve ZBar testing code and make easier to run the tests * Fix build with Clang * Add simple dbus IPC API to zbarcam. * zbarimg: display only the compiled symbologies * v4l2: make ZBar build and run on Kernels < 3.16 * configure.ac: The pdf417 code is incomplete. Warn about that * Add Debian packaging and Travis CI configuration * Add barcode examples for different supported symbologies * Several improvements at the building system * Add support for SQ code symbology * v4l2: add fallback for systems without v4l2_ext_controls which field * v4l2: use device_caps instead of capabilities * v4l2: make v4l2_request_buffers() more generic * release video buffers after probing and request them again when needed * Ignore ENOTTY errors when calling VIDIOC_S_CROP * doc/Makefile.am.inc: clean html generated files * Add --disable-doc configure option to disable building docs * Fix function protoype to be compatible with recent libjpeg * Wrap logical not operations into parentheses * INSTALL: warn that autoconf should be called before configure * code128: fix error logic * convert: ensure that it will not use a freed value * zbar: use g_thread_new() instead of g_tread_create() * zbargtk: add a missing break * gtk/zbargtk: add a missing check if zbar->window is not null - Remove accidentaly introduced build dependency on python2 - We no longer need to generate configure - Make building more verbose - Update Zbar to v0.20.1 * switch from the old abandoned codebase to the new codebase maintained by linuxtv.org * improved v4l2 support * compatible with Qt5 * various fixes - Removed fix_build.patch - Removed fix-gcc5.patch - Removed zbar-Qt5.patch - Removed fix-gcc8.patch ==== zypper ==== Version update (1.14.35 -> 1.14.36) Subpackages: zypper-log zypper-needs-restarting - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - version 1.14.36