openSUSE-2022-146 moderate openSUSE Backports SLE-15-SP4 Update This update for keepassxc fixes the following issues: keepassxc was updated to 2.7.1: * Show when tags are changed in entry history * Improve tags editing and allow spaces in tags * Improve layout of entry preview panel * Incorporate patches to support Flatpak distribution * Add expiration presets for 12 and 24 hours * Fix crash when building history change list * Fix hiding password on database unlock * Fix AES KDF slow transform speed * Auto-Type: Correct timing issue on macOS and Linux that prevented typing * Auto-Type: Fix use of Ctrl/Alt/Shift/Win modifiers on Windows * Auto-Type: Reduce/eliminate delay when searching for entries * Auto-Type: Map ASCII dead keys on Linux for international keyboards * CLI: Fix detection of hardware keys (YubiKey) * CLI: Add missing parameter -c to add/edit entries command * Secret Service: Fix crash when multiple prompts are shown * SSH Agent: Fix default agent selection on Windows * Fix database unlock dialog not being the top window on Linux * Fix drag/drop entries between tabs on Wayland * Fix compiling with minizip-ng Update to 2.7.0 - Major Additions - Implement KDBX 4.1 [#7114] - Add direct write save option for cloud storage and GVFS [#6594] - Prevent screen capture on Windows and macOS [#6030] - Support quick unlock using Windows Hello [#7384] - Support quick unlock using Apple Watch [#5526] - Allow specifying database backup paths [#7035] - Add tag functionality [#6487][#7436][#7446] - Add password rating column to entry view [#4797] - Add group clone action [#6124] - Show modifications between entry history items [#6789] - Ability to bulk-delete and purge unused custom icons [#5970] - Support adding custom passphrase wordlists [#6799] - Support passphrase wordlists in numbered and PGP-signed formats [#6791] - Implement support for hardware keys via wireless NFC [#6895] - SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys [#6371] - CLI: Implement attachment handling [#5538] - CLI: Add support for okon in offline HIBP checks [#5478] - CLI: Implement search command and remove locate [#6805] - CLI: Add db statistic output to db-info command [#7032] - CLI: Add -i/--include option to generate command. [#7112] - CLI: Add a -n (--notes) option to add and edit commands [#4646] - CLI: Add keyfile option to import command [#5402] - CLI: Adding a best option to clip to copy a password of the best match [#4489] - Browser: Add Microsoft Edge support on Linux [#7100] - Browser: Support native password generator from the extension [#6529] - Browser: Add group settings [#4180] - Browser: Add feature to ignore entries for HTTP-Auth Logins [#5394] - Browser: Support triggering Auto-Type from browser extension [#6272] - Browser: Add delete-entry command to API [#6899] - Browser: Add search 'by-path' url to API [#5535] - Browser: search for entries by UUID to API [#4763] - Browser: Support auto-download of favicon on entry addition [#7179] - Auto-Type: Major improvements to Auto-Type [#5864][#7463][#7435][#7391][#7129][#6400][#6364][#6361][#5283][#7507] - Auto-Type: Fix typing to virtual machines on Windows [#7366] - Auto-Type: Re-implement X11 keysym emulation [#7098] - Auto-Type: Support multiple Xkb layouts [#6247] - Auto-Type: Abort keystroke if modifiers held on X11 [#6351][#6357] - Auto-Type: Add TOTP option to entry level Auto-Type menu [#6675] - FdoSecrets: Major Refactor and Code Consolidation [#5747][#5660][#7043][#6915] - FdoSecrets: Implement unlock before search [#6943] - Reports: Add browser statistics report [#7197] - Major Changes - Port crypto backend to Botan [#6209] - Improve attachment handling and security [#6606][#5034][#7083] - Allow selecting any open database in unlock dialog [#5427] - KeeShare: Remove checking signed container and QuaZip dependency [#7223] - Introduce security option to enable copy on double click (default off) [#6433] - Add 'delete entry without confirm' functionality [#5812] - Improve macOS and Windows platform integration [#5851] - Lock only the current database by default [#6652] - Show expired entries on DB unlock [#7290] - Update D-Bus adaptor interface class name to match definition file [#7523] - Other Changes and Fixes - Add countdown progress bar to TOTP preview [#6930] - Enter favicon url directly on icons page [#6614] - Set C++17 as standard in the build system [#7180] - Internalize ykcore into code base [#6654] - Transition to Visual Studio builds on Windows [#5874] - Ability to delete entries from health check reports [#6537] - Enhance remembering last-used directories [#6711] - Implement org.freedesktop.appearance.color-scheme support on Linux [#7422] - Support sorting HTML export [#7011] - Add display number of characters in passphrases [#5449] - Use Alt+Tab on macOS to switch between databases [#5407] - Add feature to sort groups using shortcut keys [#6999] - Add CTRL+Enter to apply password generator changes [#6414] - Display Database created timestamp on statistics report [#6876] - Browser: Improve best matching credentials setting [#6893] - SSH Agent: Use both Pageant and OpenSSH agent simultaneously on Windows [#6288] - SSH Agent: Allow using database path to resolve keys [#6365] - SSH Agent: Show correct error messages in main window [#7166] - Multiple fixes for MSI installer [#6630] - Fix tab order for CSV import dialog to match screen order [#7315] - Don't mark kdbx:// urls as invalid [#7221] - Make selected text copyable instead of copying password [#7209] - Detect timestamp resolution for CSV files [#7196] - Fix crash while downloading favicon [#7104] - Correct naming of newly generated keyx files [#7010] - Place the 'Recycle Bin' at the bottom of the list when groups are sorted [#7004] - Handle tilde with custom browser paths [#6659] - Don't scroll up when deleting an entry [#6833] - Set the MIME-Type to text/plain when using wl-copy on wayland [#6832] - Fix adaptive icon painting [#5989][#6033] - Fix favicon download from URL with non-standard port [#5509] - Ignore recycle bin on KeePassHTTP migration [#5481] - Fix keepassxc-cr-recovery utility [#7521] - Fix Auto-Type not working when audio recording indicator is active on macOS 12.2+ [#7526] keepassxc-2.7.1-bp154.3.3.1.src.rpm keepassxc-2.7.1-bp154.3.3.1.x86_64.rpm keepassxc-lang-2.7.1-bp154.3.3.1.noarch.rpm keepassxc-2.7.1-bp154.3.3.1.aarch64.rpm keepassxc-2.6.6-bp154.3.2.1.ppc64le.rpm keepassxc-2.6.6-bp154.3.2.1.src.rpm keepassxc-lang-2.6.6-bp154.3.2.1.noarch.rpm keepassxc-2.7.1-bp154.3.3.1.s390x.rpm openSUSE-2022-144 important openSUSE Backports SLE-15-SP4 Update This update for varnish fixes the following issues: varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959] * VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. * VMOD: New STRING strftime(TIME time, STRING format) function for UTC formatting. libvarnishapi3-7.1.0-bp154.2.3.1.x86_64.rpm varnish-7.1.0-bp154.2.3.1.src.rpm varnish-7.1.0-bp154.2.3.1.x86_64.rpm varnish-devel-7.1.0-bp154.2.3.1.x86_64.rpm libvarnishapi3-7.1.0-bp154.2.3.1.i586.rpm varnish-7.1.0-bp154.2.3.1.i586.rpm varnish-devel-7.1.0-bp154.2.3.1.i586.rpm libvarnishapi3-7.1.0-bp154.2.3.1.aarch64.rpm varnish-7.1.0-bp154.2.3.1.aarch64.rpm varnish-devel-7.1.0-bp154.2.3.1.aarch64.rpm libvarnishapi3-7.1.0-bp154.2.3.1.ppc64le.rpm varnish-7.1.0-bp154.2.3.1.ppc64le.rpm varnish-devel-7.1.0-bp154.2.3.1.ppc64le.rpm libvarnishapi3-7.1.0-bp154.2.3.1.s390x.rpm varnish-7.1.0-bp154.2.3.1.s390x.rpm varnish-devel-7.1.0-bp154.2.3.1.s390x.rpm openSUSE-2022-155 moderate openSUSE Backports SLE-15-SP4 Update This update for libredwg fixes the following issues: Update to release 0.12.5 [boo#1193372] [CVE-2021-28237] * Restricted accepted DXF objects to all stable and unstable classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors. libredwg-0.12.5-bp154.2.3.1.src.rpm libredwg-devel-0.12.5-bp154.2.3.1.x86_64.rpm libredwg-tools-0.12.5-bp154.2.3.1.x86_64.rpm libredwg0-0.12.5-bp154.2.3.1.x86_64.rpm libredwg-devel-0.12.5-bp154.2.3.1.i586.rpm libredwg-tools-0.12.5-bp154.2.3.1.i586.rpm libredwg0-0.12.5-bp154.2.3.1.i586.rpm libredwg-devel-0.12.5-bp154.2.3.1.aarch64.rpm libredwg-tools-0.12.5-bp154.2.3.1.aarch64.rpm libredwg0-0.12.5-bp154.2.3.1.aarch64.rpm libredwg-devel-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg-tools-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg0-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg-devel-0.12.5-bp154.2.3.1.s390x.rpm libredwg-tools-0.12.5-bp154.2.3.1.s390x.rpm libredwg0-0.12.5-bp154.2.3.1.s390x.rpm openSUSE-2022-157 moderate openSUSE Backports SLE-15-SP4 Update This update for libxls fixes the following issues: - CVE-2021-27836: Fixed possible NULL pointer dereference via crafted XLS file (boo#1192323) libxls-1.6.2-bp154.2.3.1.src.rpm libxls-devel-1.6.2-bp154.2.3.1.x86_64.rpm libxls-tools-1.6.2-bp154.2.3.1.x86_64.rpm libxlsreader8-1.6.2-bp154.2.3.1.x86_64.rpm libxls-devel-1.6.2-bp154.2.3.1.i586.rpm libxls-tools-1.6.2-bp154.2.3.1.i586.rpm libxlsreader8-1.6.2-bp154.2.3.1.i586.rpm libxls-devel-1.6.2-bp154.2.3.1.aarch64.rpm libxls-tools-1.6.2-bp154.2.3.1.aarch64.rpm libxlsreader8-1.6.2-bp154.2.3.1.aarch64.rpm libxls-devel-1.6.2-bp154.2.3.1.ppc64le.rpm libxls-tools-1.6.2-bp154.2.3.1.ppc64le.rpm libxlsreader8-1.6.2-bp154.2.3.1.ppc64le.rpm libxls-devel-1.6.2-bp154.2.3.1.s390x.rpm libxls-tools-1.6.2-bp154.2.3.1.s390x.rpm libxlsreader8-1.6.2-bp154.2.3.1.s390x.rpm openSUSE-2022-10002 important openSUSE Backports SLE-15-SP4 Update This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements libdxfrw-1.0.1+git.20220109-bp154.2.3.1.src.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm librecad-2.2.0~rc3-bp154.3.3.1.src.rpm librecad-2.2.0~rc3-bp154.3.3.1.x86_64.rpm librecad-parts-2.2.0~rc3-bp154.3.3.1.noarch.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm librecad-2.2.0~rc3-bp154.3.3.1.aarch64.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm librecad-2.2.0~rc3-bp154.3.3.1.ppc64le.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm librecad-2.2.0~rc3-bp154.3.3.1.s390x.rpm openSUSE-2022-10005 important openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools - Chromium 101.0.4951.67 * fixes for other platforms chromedriver-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromium-102.0.5005.61-bp154.2.5.3.src.rpm chromium-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromium-debuginfo-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromedriver-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromium-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromium-debuginfo-102.0.5005.61-bp154.2.5.3.aarch64.rpm openSUSE-2022-10006 moderate openSUSE Backports SLE-15-SP4 Update This update for knewstuff fixes the following issues: - Fixed content downloading (boo#1200014) knewstuff-5.90.0-bp154.3.3.1.src.rpm knewstuff-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-devel-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-imports-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuff5-lang-5.90.0-bp154.3.3.1.noarch.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-devel-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-imports-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-devel-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-imports-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-devel-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-imports-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.s390x.rpm openSUSE-2022-10007 moderate openSUSE Backports SLE-15-SP4 Update This update for caddy fixes the following issues: Update to version 2.5.1: * Fixed regression in Unix socket admin endpoints. * Fixed regression in caddy trust commands. * Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency. * Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time. * Caddy will automatically try to get relevant certificates from the local Tailscale instance. * New OpenTelemetry integration. * Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for getting information about Caddy's managed CAs. * Rename _caddy to zsh-completion * Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718] caddy-2.5.1-bp154.2.5.1.src.rpm caddy-2.5.1-bp154.2.5.1.x86_64.rpm caddy-2.5.1-bp154.2.5.1.i586.rpm caddy-2.5.1-bp154.2.5.1.aarch64.rpm caddy-2.5.1-bp154.2.5.1.ppc64le.rpm caddy-2.5.1-bp154.2.5.1.s390x.rpm