openSUSE-2022-146 moderate openSUSE Backports SLE-15-SP4 Update This update for keepassxc fixes the following issues: keepassxc was updated to 2.7.1: * Show when tags are changed in entry history * Improve tags editing and allow spaces in tags * Improve layout of entry preview panel * Incorporate patches to support Flatpak distribution * Add expiration presets for 12 and 24 hours * Fix crash when building history change list * Fix hiding password on database unlock * Fix AES KDF slow transform speed * Auto-Type: Correct timing issue on macOS and Linux that prevented typing * Auto-Type: Fix use of Ctrl/Alt/Shift/Win modifiers on Windows * Auto-Type: Reduce/eliminate delay when searching for entries * Auto-Type: Map ASCII dead keys on Linux for international keyboards * CLI: Fix detection of hardware keys (YubiKey) * CLI: Add missing parameter -c to add/edit entries command * Secret Service: Fix crash when multiple prompts are shown * SSH Agent: Fix default agent selection on Windows * Fix database unlock dialog not being the top window on Linux * Fix drag/drop entries between tabs on Wayland * Fix compiling with minizip-ng Update to 2.7.0 - Major Additions - Implement KDBX 4.1 [#7114] - Add direct write save option for cloud storage and GVFS [#6594] - Prevent screen capture on Windows and macOS [#6030] - Support quick unlock using Windows Hello [#7384] - Support quick unlock using Apple Watch [#5526] - Allow specifying database backup paths [#7035] - Add tag functionality [#6487][#7436][#7446] - Add password rating column to entry view [#4797] - Add group clone action [#6124] - Show modifications between entry history items [#6789] - Ability to bulk-delete and purge unused custom icons [#5970] - Support adding custom passphrase wordlists [#6799] - Support passphrase wordlists in numbered and PGP-signed formats [#6791] - Implement support for hardware keys via wireless NFC [#6895] - SSH Agent: Add support for OpenSSH 8.2 FIDO/U2F keys [#6371] - CLI: Implement attachment handling [#5538] - CLI: Add support for okon in offline HIBP checks [#5478] - CLI: Implement search command and remove locate [#6805] - CLI: Add db statistic output to db-info command [#7032] - CLI: Add -i/--include option to generate command. [#7112] - CLI: Add a -n (--notes) option to add and edit commands [#4646] - CLI: Add keyfile option to import command [#5402] - CLI: Adding a best option to clip to copy a password of the best match [#4489] - Browser: Add Microsoft Edge support on Linux [#7100] - Browser: Support native password generator from the extension [#6529] - Browser: Add group settings [#4180] - Browser: Add feature to ignore entries for HTTP-Auth Logins [#5394] - Browser: Support triggering Auto-Type from browser extension [#6272] - Browser: Add delete-entry command to API [#6899] - Browser: Add search 'by-path' url to API [#5535] - Browser: search for entries by UUID to API [#4763] - Browser: Support auto-download of favicon on entry addition [#7179] - Auto-Type: Major improvements to Auto-Type [#5864][#7463][#7435][#7391][#7129][#6400][#6364][#6361][#5283][#7507] - Auto-Type: Fix typing to virtual machines on Windows [#7366] - Auto-Type: Re-implement X11 keysym emulation [#7098] - Auto-Type: Support multiple Xkb layouts [#6247] - Auto-Type: Abort keystroke if modifiers held on X11 [#6351][#6357] - Auto-Type: Add TOTP option to entry level Auto-Type menu [#6675] - FdoSecrets: Major Refactor and Code Consolidation [#5747][#5660][#7043][#6915] - FdoSecrets: Implement unlock before search [#6943] - Reports: Add browser statistics report [#7197] - Major Changes - Port crypto backend to Botan [#6209] - Improve attachment handling and security [#6606][#5034][#7083] - Allow selecting any open database in unlock dialog [#5427] - KeeShare: Remove checking signed container and QuaZip dependency [#7223] - Introduce security option to enable copy on double click (default off) [#6433] - Add 'delete entry without confirm' functionality [#5812] - Improve macOS and Windows platform integration [#5851] - Lock only the current database by default [#6652] - Show expired entries on DB unlock [#7290] - Update D-Bus adaptor interface class name to match definition file [#7523] - Other Changes and Fixes - Add countdown progress bar to TOTP preview [#6930] - Enter favicon url directly on icons page [#6614] - Set C++17 as standard in the build system [#7180] - Internalize ykcore into code base [#6654] - Transition to Visual Studio builds on Windows [#5874] - Ability to delete entries from health check reports [#6537] - Enhance remembering last-used directories [#6711] - Implement org.freedesktop.appearance.color-scheme support on Linux [#7422] - Support sorting HTML export [#7011] - Add display number of characters in passphrases [#5449] - Use Alt+Tab on macOS to switch between databases [#5407] - Add feature to sort groups using shortcut keys [#6999] - Add CTRL+Enter to apply password generator changes [#6414] - Display Database created timestamp on statistics report [#6876] - Browser: Improve best matching credentials setting [#6893] - SSH Agent: Use both Pageant and OpenSSH agent simultaneously on Windows [#6288] - SSH Agent: Allow using database path to resolve keys [#6365] - SSH Agent: Show correct error messages in main window [#7166] - Multiple fixes for MSI installer [#6630] - Fix tab order for CSV import dialog to match screen order [#7315] - Don't mark kdbx:// urls as invalid [#7221] - Make selected text copyable instead of copying password [#7209] - Detect timestamp resolution for CSV files [#7196] - Fix crash while downloading favicon [#7104] - Correct naming of newly generated keyx files [#7010] - Place the 'Recycle Bin' at the bottom of the list when groups are sorted [#7004] - Handle tilde with custom browser paths [#6659] - Don't scroll up when deleting an entry [#6833] - Set the MIME-Type to text/plain when using wl-copy on wayland [#6832] - Fix adaptive icon painting [#5989][#6033] - Fix favicon download from URL with non-standard port [#5509] - Ignore recycle bin on KeePassHTTP migration [#5481] - Fix keepassxc-cr-recovery utility [#7521] - Fix Auto-Type not working when audio recording indicator is active on macOS 12.2+ [#7526] keepassxc-2.7.1-bp154.3.3.1.src.rpm keepassxc-2.7.1-bp154.3.3.1.x86_64.rpm keepassxc-lang-2.7.1-bp154.3.3.1.noarch.rpm keepassxc-2.7.1-bp154.3.3.1.aarch64.rpm keepassxc-2.6.6-bp154.3.2.1.ppc64le.rpm keepassxc-2.6.6-bp154.3.2.1.src.rpm keepassxc-lang-2.6.6-bp154.3.2.1.noarch.rpm keepassxc-2.7.1-bp154.3.3.1.s390x.rpm openSUSE-2022-144 important openSUSE Backports SLE-15-SP4 Update This update for varnish fixes the following issues: varnish was updated to release 7.1.0 [boo#1195188] [CVE-2022-23959] * VCL: It is now possible to assign a BLOB value to a BODY variable, in addition to STRING as before. * VMOD: New STRING strftime(TIME time, STRING format) function for UTC formatting. libvarnishapi3-7.1.0-bp154.2.3.1.x86_64.rpm varnish-7.1.0-bp154.2.3.1.src.rpm varnish-7.1.0-bp154.2.3.1.x86_64.rpm varnish-devel-7.1.0-bp154.2.3.1.x86_64.rpm libvarnishapi3-7.1.0-bp154.2.3.1.i586.rpm varnish-7.1.0-bp154.2.3.1.i586.rpm varnish-devel-7.1.0-bp154.2.3.1.i586.rpm libvarnishapi3-7.1.0-bp154.2.3.1.aarch64.rpm varnish-7.1.0-bp154.2.3.1.aarch64.rpm varnish-devel-7.1.0-bp154.2.3.1.aarch64.rpm libvarnishapi3-7.1.0-bp154.2.3.1.ppc64le.rpm varnish-7.1.0-bp154.2.3.1.ppc64le.rpm varnish-devel-7.1.0-bp154.2.3.1.ppc64le.rpm libvarnishapi3-7.1.0-bp154.2.3.1.s390x.rpm varnish-7.1.0-bp154.2.3.1.s390x.rpm varnish-devel-7.1.0-bp154.2.3.1.s390x.rpm openSUSE-2022-155 moderate openSUSE Backports SLE-15-SP4 Update This update for libredwg fixes the following issues: Update to release 0.12.5 [boo#1193372] [CVE-2021-28237] * Restricted accepted DXF objects to all stable and unstable classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e. most unstable objects do not allow unknown DXF codes anymore. This fixed most oss-fuzz errors. libredwg-0.12.5-bp154.2.3.1.src.rpm libredwg-devel-0.12.5-bp154.2.3.1.x86_64.rpm libredwg-tools-0.12.5-bp154.2.3.1.x86_64.rpm libredwg0-0.12.5-bp154.2.3.1.x86_64.rpm libredwg-devel-0.12.5-bp154.2.3.1.i586.rpm libredwg-tools-0.12.5-bp154.2.3.1.i586.rpm libredwg0-0.12.5-bp154.2.3.1.i586.rpm libredwg-devel-0.12.5-bp154.2.3.1.aarch64.rpm libredwg-tools-0.12.5-bp154.2.3.1.aarch64.rpm libredwg0-0.12.5-bp154.2.3.1.aarch64.rpm libredwg-devel-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg-tools-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg0-0.12.5-bp154.2.3.1.ppc64le.rpm libredwg-devel-0.12.5-bp154.2.3.1.s390x.rpm libredwg-tools-0.12.5-bp154.2.3.1.s390x.rpm libredwg0-0.12.5-bp154.2.3.1.s390x.rpm openSUSE-2022-157 moderate openSUSE Backports SLE-15-SP4 Update This update for libxls fixes the following issues: - CVE-2021-27836: Fixed possible NULL pointer dereference via crafted XLS file (boo#1192323) libxls-1.6.2-bp154.2.3.1.src.rpm libxls-devel-1.6.2-bp154.2.3.1.x86_64.rpm libxls-tools-1.6.2-bp154.2.3.1.x86_64.rpm libxlsreader8-1.6.2-bp154.2.3.1.x86_64.rpm libxls-devel-1.6.2-bp154.2.3.1.i586.rpm libxls-tools-1.6.2-bp154.2.3.1.i586.rpm libxlsreader8-1.6.2-bp154.2.3.1.i586.rpm libxls-devel-1.6.2-bp154.2.3.1.aarch64.rpm libxls-tools-1.6.2-bp154.2.3.1.aarch64.rpm libxlsreader8-1.6.2-bp154.2.3.1.aarch64.rpm libxls-devel-1.6.2-bp154.2.3.1.ppc64le.rpm libxls-tools-1.6.2-bp154.2.3.1.ppc64le.rpm libxlsreader8-1.6.2-bp154.2.3.1.ppc64le.rpm libxls-devel-1.6.2-bp154.2.3.1.s390x.rpm libxls-tools-1.6.2-bp154.2.3.1.s390x.rpm libxlsreader8-1.6.2-bp154.2.3.1.s390x.rpm openSUSE-2022-10002 important openSUSE Backports SLE-15-SP4 Update This update for librecad fixes the following issues: - CVE-2021-45341: Fixed a buffer overflow vulnerability in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195105] - CVE-2021-45342: Fixed a buffer overflow vulnerability in jwwlib in LibreCAD allows an attacker to achieve remote code execution via a crafted JWW document [boo#1195122] - Strip excess blank fields from librecad.desktop:MimeType [boo#1197664] Update to 2.2.0-rc3 * major release * DWG imports are more reliable now * and a lot more of bugfixes and improvements libdxfrw-1.0.1+git.20220109-bp154.2.3.1.src.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.x86_64.rpm librecad-2.2.0~rc3-bp154.3.3.1.src.rpm librecad-2.2.0~rc3-bp154.3.3.1.x86_64.rpm librecad-parts-2.2.0~rc3-bp154.3.3.1.noarch.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.i586.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.aarch64.rpm librecad-2.2.0~rc3-bp154.3.3.1.aarch64.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.ppc64le.rpm librecad-2.2.0~rc3-bp154.3.3.1.ppc64le.rpm libdxfrw-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-debugsource-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-devel-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-tools-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw-tools-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw1-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm libdxfrw1-debuginfo-1.0.1+git.20220109-bp154.2.3.1.s390x.rpm librecad-2.2.0~rc3-bp154.3.3.1.s390x.rpm openSUSE-2022-10026 moderate openSUSE Backports SLE-15-SP4 Update This update for xournalpp fixes the following issues: - Add Recommends tex(scontents.tex) : - Required for LaTeX rendering using Xournalpp's default_template.tex Update to version 1.1.1: * Change the edge panning behavior when an element is selected, fixing the absurdly fast edge pan speed bug. * Fixed several crashing/freezing issues. * Fixed several bugs involving stroke input and rendering. * Fixed several bugs involving PDF rendering (in application) and export. * lots of bug fixes; for the full list, see https://github.com/xournalpp/xournalpp/blob/v1.1.1/CHANGELOG.md xournalpp-1.1.1-bp154.2.3.1.src.rpm xournalpp-1.1.1-bp154.2.3.1.x86_64.rpm xournalpp-lang-1.1.1-bp154.2.3.1.noarch.rpm xournalpp-1.1.1-bp154.2.3.1.i586.rpm xournalpp-1.1.1-bp154.2.3.1.aarch64.rpm xournalpp-1.1.1-bp154.2.3.1.ppc64le.rpm xournalpp-1.1.1-bp154.2.3.1.s390x.rpm openSUSE-2022-10005 important openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools - Chromium 101.0.4951.67 * fixes for other platforms chromedriver-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromium-102.0.5005.61-bp154.2.5.3.src.rpm chromium-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromium-debuginfo-102.0.5005.61-bp154.2.5.3.x86_64.rpm chromedriver-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromedriver-debuginfo-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromium-102.0.5005.61-bp154.2.5.3.aarch64.rpm chromium-debuginfo-102.0.5005.61-bp154.2.5.3.aarch64.rpm openSUSE-2022-10006 moderate openSUSE Backports SLE-15-SP4 Update This update for knewstuff fixes the following issues: - Fixed content downloading (boo#1200014) knewstuff-5.90.0-bp154.3.3.1.src.rpm knewstuff-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-devel-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-imports-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuff5-lang-5.90.0-bp154.3.3.1.noarch.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.x86_64.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.x86_64.rpm knewstuff-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-devel-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-imports-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.aarch64.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.aarch64.rpm knewstuff-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-devel-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-imports-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.ppc64le.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.ppc64le.rpm knewstuff-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-core-devel-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-devel-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-imports-5.90.0-bp154.3.3.1.s390x.rpm knewstuff-quick-devel-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuff5-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuffCore5-5.90.0-bp154.3.3.1.s390x.rpm libKF5NewStuffWidgets5-5.90.0-bp154.3.3.1.s390x.rpm openSUSE-2022-10048 moderate openSUSE Backports SLE-15-SP4 Update This update for fwts fixes the following issues: fwts was updated to version 22.05.00: * lib: fwts_version.h - update to V22.05.00 * debian: update changelog * fwts-test: sync up IORT test with specification version E.d * acpi: mcfg: checking kernel lockdown when doing mmap PCI config space * auto-packager:mkpackage.sh: add kinetic * acpi: iort: update IORT test to specification version E.d * Update copyright year to 2022 * acpi: iort: update the IORT node dump * acpi: iort: update IORT node revision check * ACPICA: Update to version 20220331 Update to version 22.03.00: * lib: fwts_version.h - update to V22.03.00 * debian: update changelog * fwts-test: sync up the sdev checking secure access components * acpi: sdev: add checking secure access components * acpi: macf: report failures instead of just logging the errors * acpi/time: skip a number of TAD methods when _GCP[0] is clear * acpi:dmar: update the link of DMAR table * fwts-tests: update acpi dump data to be in sync with latest ACPICA * ACPICA: Update to version 20211217 Update to version 22.01.00: * fwts-test: sync up the adding option for get next high monotonic count * uefirtmisc: add option to specify iterations get next high monitonic count * uefirtmisc: add checking the resources for testing * lib: fwts_version.h - update to V22.01.00 * debian: update changelog * fwts_acpica: skip unneccessary null check * s3: use system suspend default if --s3-sleep-type is not used * tpmevlogdump: add supporting several new types for event log dumping * auto-packager: mkpackage.sh: remove hirsute * tpmevlog: add supporting several new types for event log checking * lib: fwts_tpm.h: add new type definition Update build dependencies (add zlib) Update to version 21.12.00: * lib: fwts_version.h - update to V21.12.00 * debian: update changelog * dmicheck: skip scanning smbios in /dev/mem on aarch64 * s3: increase s2idle_residency to u64 to avoid overflows * s3: fix incorrect error messages for s2idle_residency * acpi: uniqueid: clean up pedantic static analysis warnings * s4: clean up pedantic static analysis warnings fwts-22.05.00-bp154.2.3.5.src.rpm fwts-22.05.00-bp154.2.3.5.x86_64.rpm fwts-debuginfo-22.05.00-bp154.2.3.5.x86_64.rpm fwts-debugsource-22.05.00-bp154.2.3.5.x86_64.rpm fwts-22.05.00-bp154.2.3.5.i586.rpm fwts-debuginfo-22.05.00-bp154.2.3.5.i586.rpm fwts-debugsource-22.05.00-bp154.2.3.5.i586.rpm fwts-22.05.00-bp154.2.3.5.aarch64.rpm fwts-debuginfo-22.05.00-bp154.2.3.5.aarch64.rpm fwts-debugsource-22.05.00-bp154.2.3.5.aarch64.rpm openSUSE-2022-10007 moderate openSUSE Backports SLE-15-SP4 Update This update for caddy fixes the following issues: Update to version 2.5.1: * Fixed regression in Unix socket admin endpoints. * Fixed regression in caddy trust commands. * Hash-based load balancing policies (ip_hash, uri_hash, header, and cookie) use an improved highest-random-weight (HRW) algorithm for increased consistency. * Dynamic upstreams, which is the ability to get the list of upstreams at every request (more specifically, every iteration in the proxy loop of every request) rather than just once at config-load time. * Caddy will automatically try to get relevant certificates from the local Tailscale instance. * New OpenTelemetry integration. * Added new endpoints /pki/ca/<id> and /pki/ca/<id>/certificates for getting information about Caddy's managed CAs. * Rename _caddy to zsh-completion * Fix MatchPath sanitizing [bsc#1200279, CVE-2022-29718] caddy-2.5.1-bp154.2.5.1.src.rpm caddy-2.5.1-bp154.2.5.1.x86_64.rpm caddy-2.5.1-bp154.2.5.1.i586.rpm caddy-2.5.1-bp154.2.5.1.aarch64.rpm caddy-2.5.1-bp154.2.5.1.ppc64le.rpm caddy-2.5.1-bp154.2.5.1.s390x.rpm openSUSE-2022-10008 moderate openSUSE Backports SLE-15-SP4 Update This update for opi fixes the following issues: Version 2.5.0 - Use $releasever in repo creation on Leap Version 2.4.7 - Fix release script - Fix numbering in --help - Update README.md - Add release helper script Version 2.4.6 - Update .NET SDK to 6.0 Version 2.4.5 - Packman codec changes Version 2.5.0 - Run ci for both tumbleweed and leap - Use $releasever in repo creation on Leap Version 2.4.7 - Fix numbering in --help - Add release helper script Version 2.4.6 - Update .NET SDK to 6.0 Version 2.4.5 - Update packman codecs plugin to reflect recent changes that apply to Tumbleweed and releases after 15.4 see https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/VMXOWQWC4WW3W6PM7WPZDRMNCV26KKGY/ opi-2.5.0-bp154.2.3.1.noarch.rpm opi-2.5.0-bp154.2.3.1.src.rpm openSUSE-2022-10012 moderate openSUSE Backports SLE-15-SP4 Update This update for libksysguard5 fixes the following issues: - Recommend the plugins package (boo#1199851) Update to 5.24.5 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.5 - No code changes since 5.24.4 ksysguardsystemstats-data-5.24.5-bp154.2.3.2.x86_64.rpm libKSysGuardSystemStats1-5.24.5-bp154.2.3.2.x86_64.rpm libksysguard5-5.24.5-bp154.2.3.2.src.rpm libksysguard5-5.24.5-bp154.2.3.2.x86_64.rpm libksysguard5-devel-5.24.5-bp154.2.3.2.x86_64.rpm libksysguard5-imports-5.24.5-bp154.2.3.2.x86_64.rpm libksysguard5-lang-5.24.5-bp154.2.3.2.noarch.rpm libksysguard5-plugins-5.24.5-bp154.2.3.2.x86_64.rpm ksysguardsystemstats-data-5.24.5-bp154.2.3.2.aarch64.rpm libKSysGuardSystemStats1-5.24.5-bp154.2.3.2.aarch64.rpm libksysguard5-5.24.5-bp154.2.3.2.aarch64.rpm libksysguard5-devel-5.24.5-bp154.2.3.2.aarch64.rpm libksysguard5-imports-5.24.5-bp154.2.3.2.aarch64.rpm libksysguard5-plugins-5.24.5-bp154.2.3.2.aarch64.rpm ksysguardsystemstats-data-5.24.5-bp154.2.3.2.ppc64le.rpm libKSysGuardSystemStats1-5.24.5-bp154.2.3.2.ppc64le.rpm libksysguard5-5.24.5-bp154.2.3.2.ppc64le.rpm libksysguard5-devel-5.24.5-bp154.2.3.2.ppc64le.rpm libksysguard5-imports-5.24.5-bp154.2.3.2.ppc64le.rpm libksysguard5-plugins-5.24.5-bp154.2.3.2.ppc64le.rpm openSUSE-2022-10010 critical openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: - Chromium 102.0.5005.115 (boo#1200423) * CVE-2022-2007: Use after free in WebGPU * CVE-2022-2008: Out of bounds memory access in WebGL * CVE-2022-2010: Out of bounds read in compositing * CVE-2022-2011: Use after free in ANGLE chromedriver-102.0.5005.115-bp154.2.8.1.x86_64.rpm chromium-102.0.5005.115-bp154.2.8.1.src.rpm chromium-102.0.5005.115-bp154.2.8.1.x86_64.rpm chromedriver-102.0.5005.115-bp154.2.8.1.aarch64.rpm chromium-102.0.5005.115-bp154.2.8.1.aarch64.rpm openSUSE-2022-10011 moderate openSUSE Backports SLE-15-SP4 Update This update for opi fixes the following issues: Version 2.7.0 - Make repo parsing more stable and improve error handling - Do not compress man page during build/install phase, but rather rely on the brp-scripts to pick the right compression format. Version 2.6.0 - Move to global config in /etc/opi.cfg - Check if desired repo is already added instead of relying on prefix - Add config option use_releasever_var opi-2.7.0-bp154.2.6.1.noarch.rpm opi-2.7.0-bp154.2.6.1.src.rpm openSUSE-2022-10020 moderate openSUSE Backports SLE-15-SP4 Update This update for neomutt fixes the following issues: neomutt was updated to 20220429: * Bug Fixes * Do not crash on an invalid use_threads/sort combination * Fix: stuck browser cursor * Resolve (move) the cursor after <edit-label> * Index: fix menu size on new mail * Don't overlimit LMDB mmap size * OpenBSD y/n translation fix * Generic: split out OP_EXIT binding * Fix parsing of sendmail cmd * Fix: crash with menu_move_off=no * Newsrc: bugfix; nntp_user and nntp_pass ignored * Menu: ensure config changes cause a repaint * Mbox: fix sync duplicates * Make sure the index redraws all that's needed * Translations * 100% Chinese (Simplified) * 100% Czech * 100% German * 100% Hungarian * 100% Lithuanian * 100% Serbian * 100% Turkish * Docs * add missing pattern modifier ~I for external_search_command * Code * menu: eliminate custom_redraw() * modernise mixmaster * Kill global and Propagate display attach status through State- neomutt was updated to 20220415: * Security * Fix uudecode buffer overflow (CVE-2022-1328) * Features * Colours, colours, colours * Bug Fixes * Pager: fix pager_stop * Merge colours with normal * Color: disable mono command * Fix forwarding text attachments when honor_disposition is set * Pager: drop the nntp change-group bindings * Use mailbox_check flags coherently, add IMMEDIATE flag * Fix: tagging in attachment list * Fix: misalignment of mini-index * Make sure to update the menu size after a resort * Translations * 100% Hungarian * Build * Update acutest * Code * Unify pipe functions * Index: notify if navigation fails * Gui: set colour to be merged with normal * Fix: leak in tls_check_one_certificate() * Upstream * Flush iconv() in mutt_convert_string() * Fix integer overflow in mutt_convert_string() * Fix uudecode cleanup on unexpected eof update to 20220408: * Compose multipart emails * Fix screen mode after attempting decryption * imap: increase max size of oauth2 token * Fix autocrypt * Unify Alias/Query workflow * Fix colours * Say which file exists when saving attachments * Force SMTP authentication if `smtp_user` is set * Fix selecting the right email after limiting * Make sure we have enough memory for a new email * Don't overwrite with zeroes after unlinking the file * Fix crash when forwarding attachments * Fix help reformatting on window resize * Fix poll to use PollFdsCount and not PollFdsLen * regex: range check arrays strictly * Fix Coverity defects * Fix out of bounds write with long log lines * Apply `fast_reply` to 'to', 'cc', or 'bcc' * Prevent warning on empty emails * New default: `set rfc2047_parameters = yes` * 100% German * 100% Lithuanian * 100% Serbian * 100% Czech * 100% Turkish * 72% Hungarian * Improve header cache explanation * Improve description of some notmuch variables * Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()` * Document config synonyms and deprecations * Create lots of GitHub Actions * Drop TravisCI * Add automated Fuzzing tests * Add automated ASAN tests * Create Dockers for building Centos/Fedora * Build fixes for Solaris 10 * New libraries: browser, enter, envelope * New configure options: `--fuzzing` `--debug-color` `--debug-queue` * Split Index/Pager GUIs/functions * Add lots of function dispatchers * Eliminate `menu_loop()` * Refactor function opcodes * Refactor cursor setting * Unify Alias/Query functions * Refactor Compose/Envelope functions * Modernise the Colour handling * Refactor the Attachment View * Eliminate the global `Context` * Upgrade `mutt_get_field()` * Refactor the `color quoted` code * Fix lots of memory leaks * Refactor Index resolve code * Refactor PatternList parsing * Refactor Mailbox freeing * Improve key mapping * Factor out charset hooks * Expose mutt_file_seek API * Improve API of `strto*` wrappers * imap QRESYNC fixes * Allow an empty To: address prompt * Fix argc==0 handling * Don't queue IMAP close commands * Fix IMAP UTF-7 for code points >= U+10000 * Don't include inactive messages in msgset generation update to 20211029 (boo#1185705, CVE-2021-32055): * Notmuch: support separate database and mail roots without .notmuch * fix notmuch crash on open failure * fix crypto crash handling pgp keys * fix ncrypt/pgp file_get_size return check * fix restore case-insensitive header sort * fix pager redrawing of long lines * fix notmuch: check database dir for xapian dir * fix notmuch: update index count after <entire-thread> * fix protect hash table against empty keys * fix prevent real_subj being set but empty * fix leak when saving fcc * fix leak after <edit-or-view-raw-message> * fix leak after trash to hidden mailbox * fix leak restoring postponed emails * fix new mail notifications * fix pattern compilation error for ( !>(~P) ) * fix menu display on window resize * Stop batch mode emails with no argument or recipients * Add sanitize call in print mailcap function * fix hdr_order to use the longest match * fix (un)setenv to not return an error with unset env vars * fix Imap sync when closing a mailbox * fix segfault on OpenBSD current * sidebar: restore sidebar_spoolfile colour * fix assert when displaying a file from the browser * fix exec command in compose * fix check_stats for Notmuch mailboxes * Fallback: Open Notmuch database without config * fix gui hook commands on startup * threads: implement the $use_threads feature * https://neomutt.org/feature/use-threads * hooks: allow a -noregex param to folder and mbox hooks * mailing lists: implement list-(un)subscribe using RFC2369 headers * mailcap: implement x-neomutt-nowrap flag * pager: add $local_date_header option * imap, smtp: add support for authenticating using XOAUTH2 * Allow <sync-mailbox> to fail quietly * imap: speed up server-side searches * pager: improve skip-quoted and skip-headers * notmuch: open database with user's configuration * notmuch: implement <vfolder-window-reset> * config: allow += modification of my_ variables * notmuch: tolerate file renames behind neomutt's back * pager: implement $pager_read_delay * notmuch: validate nm_query_window_timebase * notmuch: make $nm_record work in non-notmuch mailboxes * compose: add $greeting - a welcome message on top of emails * notmuch: show additional mail in query windows * imap: fix crash on external IMAP events * notmuch: handle missing libnotmuch version bumps * imap: add sanity check for qresync * notmuch: allow windows with 0 duration * index: fix index selection on <collapse-all> * imap: fix crash when sync'ing labels * search: fix searching by Message-Id in <mark-message> * threads: fix double sorting of threads * stats: don't check mailbox stats unless told * alias: fix crash on empty query * pager: honor mid-message config changes * mailbox: don't propagate read-only state across reopens * hcache: fix caching new labels in the header cache * crypto: set invalidity flags for gpgme/smime keys * notmuch: fix parsing of multiple type= * notmuch: validate $nm_default_url * messages: avoid unnecessary opening of messages * imap: fix seqset iterator when it ends in a comma * build: refuse to build without pcre2 when pcre2 is linked in ncurses neomutt-20220429-bp154.2.3.1.src.rpm neomutt-20220429-bp154.2.3.1.x86_64.rpm neomutt-doc-20220429-bp154.2.3.1.noarch.rpm neomutt-lang-20220429-bp154.2.3.1.noarch.rpm neomutt-20220429-bp154.2.3.1.aarch64.rpm neomutt-20220429-bp154.2.3.1.ppc64le.rpm neomutt-20220429-bp154.2.3.1.s390x.rpm openSUSE-2022-10016 important openSUSE Backports SLE-15-SP4 Update This update for firejail fixes the following issues: firejail was updated to version 0.9.70: - CVE-2022-31214 - root escalation in --join logic (boo#1199148) Reported by Matthias Gerstner, working exploit code was provided to our development team. In the same time frame, the problem was independently reported by Birk Blechschmidt. Full working exploit code was also provided. - feature: enable shell tab completion with --tab (#4936) - feature: disable user profiles at compile time (#4990) - feature: Allow resolution of .local names with avahi-daemon in the apparmor - profile (#5088) - feature: always log seccomp errors (#5110) - feature: firecfg --guide, guided user configuration (#5111) - feature: --oom, kernel OutOfMemory-killer (#5122) - modif: --ids feature needs to be enabled at compile time (#5155) - modif: --nettrace only available to root user - rework: whitelist restructuring (#4985) - rework: firemon, speed up and lots of fixes - bugfix: --private-cwd not expanding macros, broken hyperrogue (#4910) - bugfix: nogroups + wrc prints confusing messages (#4930 #4933) - bugfix: openSUSE Leap - whitelist-run-common.inc (#4954) - bugfix: fix printing in evince (#5011) - bugfix: gcov: fix gcov functions always declared as dummy (#5028) - bugfix: Stop warning on safe supplementary group clean (#5114) - build: remove ultimately unused INSTALL and RANLIB check macros (#5133) - build: mkdeb.sh.in: pass remaining arguments to ./configure (#5154) - ci: replace centos (EOL) with almalinux (#4912) - ci: fix --version not printing compile-time features (#5147) - ci: print version after install & fix apparmor support on build_apparmor (#5148) - docs: Refer to firejail.config in configuration files (#4916) - docs: firejail.config: add warning about allow-tray (#4946) - docs: mention that the protocol command accumulates (#5043) - docs: mention inconsistent homedir bug involving --private=dir (#5052) - docs: mention capabilities(7) on --caps (#5078) - new profiles: onionshare, onionshare-cli, opera-developer, songrec - new profiles: node-gyp, npx, semver, ping-hardened - removed profiles: nvm update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package (see README.md) (#4748) - security: bugfix: private-cwd leaks access to the entire filesystem (#4780); reported by Hugo Osvaldo Barrera - feature: remove (some) environment variables with auth-tokens (#4157) - feature: ALLOW_TRAY condition (#4510 #4599) - feature: add basic Firejail support to AppArmor base abstraction (#3226 #4628) - feature: intrusion detection system (--ids-init, --ids-check) - feature: deterministic shutdown command (--deterministic-exit-code, --deterministic-shutdown) (#928 #3042 #4635) - feature: noprinters command (#4607 #4827) - feature: network monitor (--nettrace) - feature: network locker (--netlock) (#4848) - feature: whitelist-ro profile command (#4740) - feature: disable pipewire with --nosound (#4855) - feature: Unset TMP if it doesn't exist inside of sandbox (#4151) - feature: Allow apostrophe in whitelist and blacklist (#4614) - feature: AppImage support in --build command (#4878) - modifs: exit code: distinguish fatal signals by adding 128 (#4533) - modifs: firecfg.config is now installed to /etc/firejail/ (#408 #4669) - modifs: close file descriptors greater than 2 (--keep-fd) (#4845) - modifs: nogroups now stopped causing certain system groups to be dropped, - which are now controlled by the relevant "no" options instead (such as - nosound -> drop audio group), which fixes device access issues on systems - not using (e)logind (such as with seatd) (#4632 #4725 #4732 #4851) - removal: --disable-whitelist at compile time - removal: whitelist=yes/no in /etc/firejail/firejail.config - bugfix: Fix sndio support (#4362 #4365) - bugfix: Error mounting tmpfs (MS_REMOUNT flag not being cleared) (#4387) - bugfix: --build clears the environment (#4460 #4467) - bugfix: firejail hangs with net parameter (#3958 #4476) - bugfix: Firejail does not work with a custom hosts file (#2758 #4560) - bugfix: --tracelog and --trace override /etc/ld.so.preload (#4558 #4586) - bugfix: PATH_MAX is undeclared on musl libc (#4578 #4579 #4583 #4606) - bugfix: firejail symlinks are not skipped with private-bin + globs (#4626) - bugfix: Firejail rejects empty arguments (#4395) - bugfix: firecfg does not work with symlinks (discord.desktop) (#4235) - bugfix: Seccomp list output goes to stdout instead of stderr (#4328) - bugfix: private-etc does not work with symlinks (#4887) - bugfix: Hardware key not detected on keepassxc (#4883) - build: allow building with address sanitizer (#4594) - build: Stop linking pthread (#4695) - build: Configure cleanup and improvements (#4712) - ci: add profile checks for sorting disable-programs.inc and - firecfg.config and for the required arguments in private-etc (#2739 #4643) - ci: pin GitHub actions to SHAs and use Dependabot to update them (#4774) - docs: Add new command checklist to CONTRIBUTING.md (#4413) - docs: Rework bug report issue template and add both a question and a - feature request template (#4479 #4515 #4561) - docs: fix contradictory descriptions of machine-id ("preserves" vs "spoofs") (#4689) - docs: Document that private-bin and private-etc always accumulate (#4078) - new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) - new includes: disable-proc.inc (#4521) - removed includes: disable-passwordmgr.inc (#4454 #4461) - new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim - new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl - new profiles: yt-dlp, goldendict, goldendict, bundle, cmake - new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - new profiles: imv, retroarch, torbrowser, CachyBrowser, - new profiles: notable, RPCS3, wget2, raincat, conitop, 1passwd, - new profiles: Seafile, neovim, com.github.tchx84.Flatseal firejail-0.9.70-bp154.2.3.1.src.rpm firejail-0.9.70-bp154.2.3.1.x86_64.rpm firejail-bash-completion-0.9.70-bp154.2.3.1.x86_64.rpm firejail-zsh-completion-0.9.70-bp154.2.3.1.x86_64.rpm firejail-0.9.70-bp154.2.3.1.i586.rpm firejail-bash-completion-0.9.70-bp154.2.3.1.i586.rpm firejail-zsh-completion-0.9.70-bp154.2.3.1.i586.rpm firejail-0.9.70-bp154.2.3.1.aarch64.rpm firejail-bash-completion-0.9.70-bp154.2.3.1.aarch64.rpm firejail-zsh-completion-0.9.70-bp154.2.3.1.aarch64.rpm firejail-0.9.70-bp154.2.3.1.ppc64le.rpm firejail-bash-completion-0.9.70-bp154.2.3.1.ppc64le.rpm firejail-zsh-completion-0.9.70-bp154.2.3.1.ppc64le.rpm firejail-0.9.70-bp154.2.3.1.s390x.rpm firejail-bash-completion-0.9.70-bp154.2.3.1.s390x.rpm firejail-zsh-completion-0.9.70-bp154.2.3.1.s390x.rpm openSUSE-2022-10017 important openSUSE Backports SLE-15-SP4 Update This update for chafa fixes the following issues: - CVE-2022-2061: Fix heap based buffer overflow in lzw_decode (boo#1200510) chafa-1.8.0-bp154.3.3.1.src.rpm chafa-1.8.0-bp154.3.3.1.x86_64.rpm chafa-devel-1.8.0-bp154.3.3.1.x86_64.rpm chafa-doc-1.8.0-bp154.3.3.1.noarch.rpm libchafa0-1.8.0-bp154.3.3.1.x86_64.rpm chafa-1.8.0-bp154.3.3.1.i586.rpm chafa-devel-1.8.0-bp154.3.3.1.i586.rpm libchafa0-1.8.0-bp154.3.3.1.i586.rpm chafa-1.8.0-bp154.3.3.1.aarch64.rpm chafa-devel-1.8.0-bp154.3.3.1.aarch64.rpm libchafa0-1.8.0-bp154.3.3.1.aarch64.rpm chafa-1.8.0-bp154.3.3.1.ppc64le.rpm chafa-devel-1.8.0-bp154.3.3.1.ppc64le.rpm libchafa0-1.8.0-bp154.3.3.1.ppc64le.rpm chafa-1.8.0-bp154.3.3.1.s390x.rpm chafa-devel-1.8.0-bp154.3.3.1.s390x.rpm libchafa0-1.8.0-bp154.3.3.1.s390x.rpm openSUSE-2022-10023 important openSUSE Backports SLE-15-SP4 Update This update for tor fixes the following issues: tor was updated to 0.4.7.8: * Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672) * Regenerate fallback directories generated on June 17, 2022. * Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. * Allow the rseq system call in the sandbox * logging bug fixes tor-0.4.7.8-bp154.2.3.1.src.rpm tor-0.4.7.8-bp154.2.3.1.x86_64.rpm tor-debuginfo-0.4.7.8-bp154.2.3.1.x86_64.rpm tor-debugsource-0.4.7.8-bp154.2.3.1.x86_64.rpm tor-0.4.7.8-bp154.2.3.1.i586.rpm tor-debuginfo-0.4.7.8-bp154.2.3.1.i586.rpm tor-debugsource-0.4.7.8-bp154.2.3.1.i586.rpm tor-0.4.7.8-bp154.2.3.1.aarch64.rpm tor-debuginfo-0.4.7.8-bp154.2.3.1.aarch64.rpm tor-debugsource-0.4.7.8-bp154.2.3.1.aarch64.rpm tor-0.4.7.8-bp154.2.3.1.ppc64le.rpm tor-debuginfo-0.4.7.8-bp154.2.3.1.ppc64le.rpm tor-debugsource-0.4.7.8-bp154.2.3.1.ppc64le.rpm tor-0.4.7.8-bp154.2.3.1.s390x.rpm tor-debuginfo-0.4.7.8-bp154.2.3.1.s390x.rpm tor-debugsource-0.4.7.8-bp154.2.3.1.s390x.rpm openSUSE-2022-10022 moderate openSUSE Backports SLE-15-SP4 Update This update for trivy fixes the following issues: trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946): * fix: remove Highlighted from json output (#2131) * fix: remove trivy-kubernetes replace (#2132) * docs: Add Operator docs under Kubernetes section (#2111) * fix(k8s): security-checks panic (#2127) * ci: added k8s scope (#2130) * docs: Update misconfig output in examples (#2128) * fix(misconf): Fix coloured output in Goland terminal (#2126) * docs(secret): Fix default value of --security-checks in docs (#2107) * refactor(report): move colorize function from trivy-db (#2122) * feat: k8s resource scanning (#2118) * chore: add CODEOWNERS (#2121) * feat(image): add `--server` option for remote scans (#1871) * refactor: k8s (#2116) * refactor: export useful APIs (#2108) * docs: fix k8s doc (#2114) * feat(kubernetes): Add report flag for summary (#2112) * fix: Remove problematic advanced rego policies (#2113) * feat(misconf): Add special output format for misconfigurations (#2100) * feat: add k8s subcommand (#2065) * chore: fix make lint version (#2102) * fix(java): handle relative pom modules (#2101) * fix(misconf): Add missing links for non-rego misconfig results (#2094) * feat(misconf): Added fs.FS based scanning via latest defsec (#2084) * chore(deps): bump trivy-issue-action to v0.0.4 (#2091) * chore(deps): bump github.com/twitchtv/twirp (#2077) * chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074) * chore(os): updated fanal version and alpine distroless test (#2086) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075) * chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076) * feat(report): add support for SPDX (#2059) * chore(deps): bump actions/setup-go from 2 to 3 (#2073) * chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071) * chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069) * chore(deps): bump actions/stale from 4 to 5 (#2070) * chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072) * chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079) * chore: app version 0.27.0 (#2046) * fix(misconf): added to skip conf files if their scanning is not enabled (#2066) * docs(secret) fix rule path in docs (#2061) * docs: change from go.sum to go.mod (#2056) Update to version 0.27.1: * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926) * refactor(fs): scanner options (#2050) * feat(secret): truncate long line (#2052) * docs: fix a broken bullets (#2042) * feat(ubuntu): add 22.04 approx eol date (#2044) * docs: update installation.md (#2027) * docs: add Containerfile (#2032) Update to version 0.27.0: * fix(go): fixed panic to scan gomod without version (#2038) * docs(mariner): confirm it works with Mariner 2.0 VM (#2036) * feat(secret): support enable rules (#2035) * chore: app version 26.0 (#2030) * docs(secret): add a demo movie (#2031) * feat: support cache TTL in Redis (#2021) * fix(go): skip system installed binaries (#2028) * fix(go): check if go.sum is nil (#2029) * feat: add secret scanning (#1901) * chore: gh publish only with push the tag release (#2025) * fix(fs): ignore permission errors (#2022) * test(mod): using correct module inside test go.mod (#2020) * feat(server): re-add proxy support for client/server communications (#1995) * fix(report): truncate a description before escaping in ASFF template (#2004) * fix(cloudformation): correct margin removal for empty lines (#2002) * fix(template): correct check of old sarif template files (#2003) Update to version 0.26.0: * feat(alpine): warn mixing versions (#2000) * Update ASFF template (#1914) * chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994) * chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993) * test(go): add integration tests for gomod (#1989) * fix(python): fixed panic when scan .egg archive (#1992) * fix(go): set correct go modules type (#1990) * feat(alpine): support apk repositories (#1987) * docs: add CBL-Mariner (#1982) * docs(go): fix version (#1986) * feat(go): support go.mod in Go 1.17+ (#1985) * ci: fix URLs in the PR template (#1972) * ci: add semantic pull requests check (#1968) * docs(issue): added docs for wrong detection issues (#1961) Update to version 0.25.4: * docs: move CONTRIBUTING.md to docs (#1971) * refactor(table): use file name instead package path (#1966) * fix(sbom): add --db-repository (#1964) * feat(table): add PkgPath in table result (#1960) * fix(pom): merge multiple pom imports in a good manner (#1959) Update to version 0.25.3: * fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956) * fix(misconf): update BurntSushi/toml for fix runtime error (#1948) * fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947) * feat(jar): allow setting Maven Central URL using environment variable (#1939) * chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931) * chore(chart): remove version comments (#1933) Update to version 0.25.2: * fix(downloadDB): add flag to server command (#1942) Update to version 0.25.1: * fix(misconf): update defsec to resolve panics (#1935) * chore(deps): bump github.com/docker/docker (#1924) * docs: restructure the documentation (#1887) * chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923) * chore(deps): bump actions/cache from 2 to 3.0.1 (#1920) * chore(deps): bump actions/checkout from 2 to 3 (#1916) * chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921) * chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919) * chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918) * chore(deps): bump golang from 1.17 to 1.18.0 (#1915) * Add trivy horizontal logo (#1932) * chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917) * chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925) * chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927) * feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873) Update to version 0.25.0: * docs(filter vulnerabilities): fix link (#1880) * feat(template) Add misconfigurations to gitlab codequality report (#1756) * fix(rpc): add PkgPath field to client / server mode (#1643) * fix(vulnerabilities): fixed trivy-db vulns (#1883) * feat(cache): remove temporary cache after filesystem scanning (#1868) * feat(sbom): add a dedicated sbom command (#1799) * feat(cyclonedx): add vulnerabilities (#1832) * fix(option): hide false warning about remote options (#1865) * chore: bump up Go to 1.18 (#1862) * feat(filesystem): scan in client/server mode (#1829) * refactor(template): remove unused test (#1861) * fix(cli): json format for trivy version (#1854) * docs: change URL for tfsec-checks (#1857) trivy-0.28.0-bp154.2.3.1.src.rpm trivy-0.28.0-bp154.2.3.1.x86_64.rpm trivy-0.28.0-bp154.2.3.1.i586.rpm trivy-0.28.0-bp154.2.3.1.aarch64.rpm trivy-0.28.0-bp154.2.3.1.s390x.rpm openSUSE-2022-10019 important openSUSE Backports SLE-15-SP4 Update This update for atheme fixes the following issues: atheme was updated to release 7.2.12: * CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989] * Track SASL login EID atheme-7.2.12-bp154.2.3.1.src.rpm atheme-7.2.12-bp154.2.3.1.x86_64.rpm atheme-devel-7.2.12-bp154.2.3.1.x86_64.rpm libathemecore1-7.2.12-bp154.2.3.1.x86_64.rpm atheme-7.2.12-bp154.2.3.1.i586.rpm atheme-devel-7.2.12-bp154.2.3.1.i586.rpm libathemecore1-7.2.12-bp154.2.3.1.i586.rpm atheme-7.2.12-bp154.2.3.1.aarch64.rpm atheme-devel-7.2.12-bp154.2.3.1.aarch64.rpm libathemecore1-7.2.12-bp154.2.3.1.aarch64.rpm atheme-7.2.12-bp154.2.3.1.ppc64le.rpm atheme-devel-7.2.12-bp154.2.3.1.ppc64le.rpm libathemecore1-7.2.12-bp154.2.3.1.ppc64le.rpm atheme-7.2.12-bp154.2.3.1.s390x.rpm atheme-devel-7.2.12-bp154.2.3.1.s390x.rpm libathemecore1-7.2.12-bp154.2.3.1.s390x.rpm openSUSE-2022-10024 moderate openSUSE Backports SLE-15-SP4 Update This update for atop fixes the following issues: atop was updated to 2.7.1: * Correct disk stats in atopsar (#182) * Explicit type definition in atop.service (#180) Update to 2.7.0: * Describe (un)restricted view in first screen * Cosmetic change * Determine (un)restricted view by verifying suid instead of euid. * Do not ignore unknown network interface * Parseable output: optionally exchange spaces in command * No setuid by default * Correct conversion to 2.7 raw files * Corrected type * Only show per-node NUMA stats when more than 1 node * Prepare man pages for version 2.7 * Prepare atopconvert for version 2.7 * Detect logrotation for process accounting with psacct/acct * Speed and duplex mode not correctly filled for interface * Bug solution related to discards * Support discard counter for disks and skip unused disks * ifprop.c: fix ioctl parameter after handshaking with kernel * Show gigabits/sec instead of megabits/sec for Infiniband #131 * CVE: use execvp with a specified path to avoid PATH hijacking * Correct memory busy logic in atopsar * Add parseable output for per-node NUMA counters * Additions to NUMA counters Table overflow checks * Gather and show per numa cpu related statistics * Gather and show per numa memory related statistics * Correction in handling of zswap and ksm counters * Support containers created by podman * Cleanup old messages * Do not change owner to root in Makefile (#76) * Support process accounting log /var/log/account/pacct (#138) * Polish do_perfevents when atop built with NOPERFEVENT * Do not use doconvert funtion to validate counter (#160) * New counter for number of NUMA pages migrated * Modify field order and priority of paging counters * Small text modification for migrated counter * Avoid non-initialized prestat by introducing extra pointer * Function 'calcdiff' (deviate.c) used uninitialized prestat struct * Reserver space for future counters. * Clean up ignored files * Variable number of positions for sortitem * Adapt man page of atop for state selection (add state 'I'). * Allow thread state 'I' with state selection (key 'Q') * Count idle threads as non-interruptible threads * Uninitialized index might cause segmentation fault. * Support NVMe multipath disk statistics * Support page migration counter * photosyst.c: fix build on musl * Use of struct ethtool_link_settings should be conditional * Cosmetic change (source code layout) * Various bug fixes and in general add 'thread' to all messages * Properly define if interface is virtual or physical * Add license info to various include files (solves issue #144) * HTTP statistics modified from -h flag to -o flag (#152) * Possible buffer overflow with huge number of seconds Number of seconds will be limited to 5 positions. * Possible buffer overflow with average disk I/O * Allow process selection based on specific process states. * Correct definition of environment variable LOGOPTS * Switch to using curses vw_printw as vwprintw is deprecated * Support multiple counters 'allocstall_' in /proc/vmstat. * Avoid integer overflow when calculating PSI percentages. * Suppress irrelevant counters (solves issue #148) * Add the number of OOM kills to the -s report * Record the number of process stalls to run memory compaction * Make clean removes atopsar now (issue 145) * Add counter for the number of OOM kills to the PAG line * Add counters for zswap and KSM. * ifprop.c: fix build with kernel < 4.6 * Fix initifprop() when obtaining properties of all interfaces * Fixed rounding problems in the average-per-second mode. Update to version 2.6.0 * Sort threads within process. * Individual threads within a process (key 'y') are shown in the order of their TID. With the additional key 'Y' threads within a process are sorted based on the current sort criterium. * Show the WCHAN per thread. * With the key 'W' is active, the wait channel is determined per thread and shown with the scheduling information (key 's'). * Show runqueue delay per thread/process. * For every process (cumulated) and every thread the time spent waiting on the runqueue is shown as value 'RDELAY'. * Show other modified/new metrics: + PSI pressure during interval time is shown + Counter 'avio' (average I/O time) for fast disks in microseconds or nanoseconds + Counter 'zfarc' showing the current size of the ARC (cache) for ZFSonlinux + Counter 'swcac' showing the current size of the swap cache + Counter LOCKSZ showing the virtual locked memory size * Avoid crash with very high load average values. * Fix errors in reading InfiniBand states. * Support of rawlog files spanning multiple days. * The time specification to define the begin time (-b flag) and end time (-e flag) of both atop and atopsar is [YYYYMMDD]hhmm now * This also applies to the branch key ('b') when using atop interactively. * Support reading rawlog from a pipe. * Rawlog data can be read from a pipe by atop and atopsar with the option '-r -'. In this way, concatenated rawlog data from the command atopcat can be directly processed. * New program atopcat, the program atopcat concatenates rawlog files and writes this data to stdout. The output can be redirected to a new rawlog file or to atop/atopsar directly via a pipe (see option '-r -' of these commands). In this way e.g. weekly or monthly reports or extractions can be created. Update to version 2.5.0 Modifications for atop: * Avoid using perf counters in VM New option 'perfevents' in the atoprc file to define if the Instructions Per Cycle (IPC) should be retrieved via the 'perf' counters. Specify value 'auto' (default), 'enable' or 'disable'. In case of 'auto', the Instructions Per Cycle counter will not be retrieved on VMs due to the overhead of reading this counter in a guest. * Improve daily rotation of logfile for systemd-based systems. Exchange the files /etc/cron.d/atop, /etc/logrotate.d/psaccs_atop, /etc/logrotate.d/psaccu_atop, /usr/share/atop/atop.daily, /var/log/atop/dummy_after and /var/log/atop/dummy_before by atop-rotate.service and atop-rotate.timer. * Bug fixes: Correction of PSI value 'io full'. Use smaps_rollup (if present) instead of smaps for better performance. Use writev instead of 3 single writes to avoid logfile corruption. Modified handling of error messages (remain visible after window is closed). Correct CID for containers created by Kubernetes. Allow reading a logfile via a named pipe (non-seekable). Modifications for atopconvert: * Show version of input file (even if only one parameter specified). General: * The format of the raw file is compatible with version 2.4. atop-2.7.1-bp154.2.3.1.src.rpm atop-2.7.1-bp154.2.3.1.x86_64.rpm atop-daemon-2.7.1-bp154.2.3.1.x86_64.rpm atop-2.7.1-bp154.2.3.1.i586.rpm atop-daemon-2.7.1-bp154.2.3.1.i586.rpm atop-2.7.1-bp154.2.3.1.aarch64.rpm atop-daemon-2.7.1-bp154.2.3.1.aarch64.rpm atop-2.7.1-bp154.2.3.1.ppc64le.rpm atop-daemon-2.7.1-bp154.2.3.1.ppc64le.rpm atop-2.7.1-bp154.2.3.1.s390x.rpm atop-daemon-2.7.1-bp154.2.3.1.s390x.rpm openSUSE-2022-10030 moderate openSUSE Backports SLE-15-SP4 Update This update for dbus-broker fixes the following issues: - CVE-2022-31212: Fix a stack buffer over-read in bundled c-shquote (boo#1200332) - CVE-2022-31213: Fix a NULL pointer dereferences in bundled c-shquote (boo#1200333) dbus-broker-28-bp154.2.3.1.src.rpm dbus-broker-28-bp154.2.3.1.x86_64.rpm dbus-broker-28-bp154.2.3.1.i586.rpm dbus-broker-28-bp154.2.3.1.aarch64.rpm dbus-broker-28-bp154.2.3.1.ppc64le.rpm dbus-broker-28-bp154.2.3.1.s390x.rpm openSUSE-2022-10031 moderate openSUSE Backports SLE-15-SP4 Update This update for wdiff fixes the following issues: This update ships wdiff. Updated to 1.2.2: * Updated Vietnamese, Swedish, Estonian, Chinese (traditional), Brazilian Portuguese and Russian translations. * Updated gnulib. * Used more recent autotools: autoconf 2.69 and automake 1.14.1. updated to 1.2.1: * Added Esperanto translation. * Updated Czech, German, Spanish, Finnish, Galician, Italian, Dutch, Polish, Slovenian, Serbian, Swedish, Ukrainian and Vietnamese translations. * Updated gnulib. * Recreated build system using recent versions of autotools. This will avoid security issues in "make distcheck" target. (CVE-2012-3386) updated to 1.1.2: * Backport gnulib change to deal with removal of gets function. This is a build-time-only fix. (Mentioned in Fedora bug #821791) * Added Serbian translation. * Updated Danish and Vietnamese translations. * Work around a bug in the formatting of the man page. (Debian bug #669340) * Updated Czech, German, Spanish, Finnish, Dutch, Polish, Slovenian, Swedish and Ukrainian translations. * Fix several issue with the use of screen in the test suite. * Allow WDIFF_PAGER to override PAGER environment variable. * Do not autodetect less, so we don't auto-enable less-mode. This should improve things for UTF8 text. (Savannah bug #34224) Less-mode is considered deprecated, as it isn't fit for multi-byte encodings. Nevertheless it can still be enabled on the command line. * Introduces use of ngettext to allow correct handling of plural forms updated to 1.0.1: * Updated Polish, Ukrainian, Slovenian, Dutch, Finnish, Swedish and Czech translations * Changed major version to 1 to reflect maturity of the package * Updated Dutch, French, Danish and Slovenian translations * Added Ukrainian translation * Improved error reporting in case a child process has problems * Added tests to the test suite * Updated gnulib updated to 0.6.5: * Never initialize or deinitialize terminals, as we do no cursor movement * Deprecated --no-init-term (-K) command line option * Avoid relative path in man pages * Updated gnulib, might be particularly important for uClibc users updated to 0.6.4: * Updated Catalan translations * Updated gnulib update to 0.6.3: * `wdiff -d' to read input from single unified diff, perhaps stdin. * Updated texinfo documentation taking experimental switch into account. * Experimental programs (mdiff & friends) and a configure switch --enable-experimental to control them. * Recent imports from gnulib, use of recent autotools. * Improved autodetection of termcap library like ncurses. * Reformatted translations, still a number of fuzzy translations. * Changed from CVS to bzr for source code version control. * Various bug fixes. See ChangeLog for a more exhaustive list. * Introduce --with-default-pager=PAGER configure switch. * Fix missing newline in info dir entry list. * Fix shell syntax in configure script * Updated gnulib and gettext, the latter to 0.18 * Updated Dutch translation * Fixed a number of portability issues reported by maint.mk syntax checks * Updated Italian and Swedish translations * Updated gnulib wdiff-1.2.2-bp154.2.1.src.rpm wdiff-1.2.2-bp154.2.1.x86_64.rpm wdiff-lang-1.2.2-bp154.2.1.noarch.rpm wdiff-1.2.2-bp154.2.1.i586.rpm wdiff-1.2.2-bp154.2.1.aarch64.rpm wdiff-1.2.2-bp154.2.1.ppc64le.rpm wdiff-1.2.2-bp154.2.1.s390x.rpm openSUSE-2022-10049 moderate openSUSE Backports SLE-15-SP4 Update This update for libqt5-qtwebengine fixes the following issues: Update to version 5.15.10: * Fix top level build with no widget * Fix read-after-free on EGL extensions * Update Chromium * Add workaround for unstable gn on macOS in ci * Pass archiver to gn build * Fix navigation to non-local URLs * Add support for universal builds for qtwebengine and qtpdf * Enable Apple Silicon support * Fix cross compilation x86_64->arm64 on mac * Bump version to 5.15.10 * CustomDialogs: Make custom input fields readable in dark mode * CookieBrowser: Make alternating rows readable in dark mode * Update Chromium: * Bump V8_PATCH_LEVEL * Fix clang set-but-unused-variable warning * Fix mac toolchain python linker script call * Fix missing dependency for gpu sources * Fix python calls * Fix undefined symbol for universal link * Quick fix for regression in service workers by reverting backports * [Backport] CVE-2022-0797: Out of bounds memory access in Mojo * [Backport] CVE-2022-1125 * [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor. * [Backport] CVE-2022-1305: Use after free in storage * [Backport] CVE-2022-1310: Use after free in regular expressions * [Backport] CVE-2022-1314: Type Confusion in V8 * [Backport] CVE-2022-1493: Use after free in Dev Tools * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm' * [Backport] Security Bug 1296876 * [Backport] Security bug 1269999 * [Backport] Security bug 1280852 * [Backport] Security bug 1292905 * [Backport] Security bug 1304659 * [Backport] Security bug 1306507 libQt5Pdf5-5.15.10-bp154.2.3.2.x86_64.rpm libQt5PdfWidgets5-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtpdf-devel-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtpdf-examples-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtpdf-imports-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtpdf-private-headers-devel-5.15.10-bp154.2.3.2.noarch.rpm libqt5-qtwebengine-5.15.10-bp154.2.3.2.src.rpm libqt5-qtwebengine-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtwebengine-devel-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtwebengine-examples-5.15.10-bp154.2.3.2.x86_64.rpm libqt5-qtwebengine-private-headers-devel-5.15.10-bp154.2.3.2.noarch.rpm libQt5Pdf5-5.15.10-bp154.2.3.2.aarch64.rpm libQt5PdfWidgets5-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtpdf-devel-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtpdf-examples-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtpdf-imports-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtwebengine-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtwebengine-devel-5.15.10-bp154.2.3.2.aarch64.rpm libqt5-qtwebengine-examples-5.15.10-bp154.2.3.2.aarch64.rpm openSUSE-2022-10050 moderate openSUSE Backports SLE-15-SP4 Update This update for amarok fixes the following issues: - Update to version 2.9.75git.20220614T014846~dc55a00143: * Mark Amarok as a single main window program - Update to version 2.9.75git.20220224T114455~9300034c57: * Add DBus service file to actually make it activatable (boo#1200767) * No need to link to KF5::KIONTLM amarok-2.9.75git.20220614T014846~dc55a00143-bp154.2.3.1.src.rpm amarok-2.9.75git.20220614T014846~dc55a00143-bp154.2.3.1.x86_64.rpm amarok-lang-2.9.75git.20220614T014846~dc55a00143-bp154.2.3.1.noarch.rpm amarok-2.9.75git.20220614T014846~dc55a00143-bp154.2.3.1.aarch64.rpm openSUSE-2022-10051 moderate openSUSE Backports SLE-15-SP4 Update This update for translate-toolkit fixes the following issues: - We need full python interpreter boo#1172650, boo#1195269 python3-translate-toolkit-2.5.0-bp154.2.3.1.noarch.rpm translate-toolkit-2.5.0-bp154.2.3.1.src.rpm translate-toolkit-devel-doc-2.5.0-bp154.2.3.1.noarch.rpm translate-toolkit-test-2.5.0-bp154.2.3.1.src.rpm openSUSE-2022-10035 important openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: Chromium 103.0.5060.53 (boo#1200783) * CVE-2022-2156: Use after free in Base * CVE-2022-2157: Use after free in Interest groups * CVE-2022-2158: Type Confusion in V8 * CVE-2022-2160: Insufficient policy enforcement in DevTools * CVE-2022-2161: Use after free in WebApp Provider * CVE-2022-2162: Insufficient policy enforcement in File System API * CVE-2022-2163: Use after free in Cast UI and Toolbar * CVE-2022-2164: Inappropriate implementation in Extensions API * CVE-2022-2165: Insufficient data validation in URL formatting chromedriver-103.0.5060.53-bp154.2.11.1.x86_64.rpm chromium-103.0.5060.53-bp154.2.11.1.src.rpm chromium-103.0.5060.53-bp154.2.11.1.x86_64.rpm chromedriver-103.0.5060.53-bp154.2.11.1.aarch64.rpm chromium-103.0.5060.53-bp154.2.11.1.aarch64.rpm openSUSE-2022-10039 moderate openSUSE Backports SLE-15-SP4 Update darktable was updated to fix: - cmake macro now uses DCMAKE_SKIP_INSTALL_RPATH rather then DCMAKE_SKIP_RPATH (boo#1200482 boo#1200483) darktable-3.6.1-bp154.2.3.1.src.rpm darktable-3.6.1-bp154.2.3.1.x86_64.rpm darktable-doc-3.6.1-bp154.2.3.1.noarch.rpm darktable-tools-basecurve-3.6.1-bp154.2.3.1.x86_64.rpm darktable-tools-noise-3.6.1-bp154.2.3.1.x86_64.rpm darktable-3.6.1-bp154.2.3.1.aarch64.rpm darktable-tools-basecurve-3.6.1-bp154.2.3.1.aarch64.rpm darktable-tools-noise-3.6.1-bp154.2.3.1.aarch64.rpm openSUSE-2022-10041 moderate openSUSE Backports SLE-15-SP4 Update gnuhealth-client was updated to version 4.0.1 * various bug fixes, see changelog * plugins adapted and renamed for 4.0 gnuhealth was updated to version 4.0.4 * various bugfixes - see changelog for details trytond_account_invoice_stock was updated to version 6.0.1 * Bugfix Release trytond_account was updated to version 6.0.11 * Bugfix Release trytond was updated to 6.0.19 * Bugfix Release * Version 6.0.18 - Bugfix Release trytond_party was updated to 6.0.3 * Bugfix Release trytond_purchase was updated to 6.0.7 * Bugfix Release trytond_stock was updated to 6.0.14: * Bugfix Release trytond_stock_supply was updated to 6.0.3: * Bugfix Release gnuhealth-client-4.0.1-bp154.2.3.1.noarch.rpm gnuhealth-client-4.0.1-bp154.2.3.1.src.rpm gnuhealth-4.0.4-bp154.2.3.2.noarch.rpm gnuhealth-4.0.4-bp154.2.3.2.src.rpm gnuhealth-orthanc-4.0.4-bp154.2.3.2.noarch.rpm trytond-6.0.19-bp154.2.3.1.noarch.rpm trytond-6.0.19-bp154.2.3.1.src.rpm trytond_account-6.0.11-bp154.2.3.1.noarch.rpm trytond_account-6.0.11-bp154.2.3.1.src.rpm trytond_account_invoice_stock-6.0.1-bp154.2.3.1.noarch.rpm trytond_account_invoice_stock-6.0.1-bp154.2.3.1.src.rpm trytond_party-6.0.3-bp154.2.3.1.noarch.rpm trytond_party-6.0.3-bp154.2.3.1.src.rpm trytond_purchase-6.0.7-bp154.2.3.1.noarch.rpm trytond_purchase-6.0.7-bp154.2.3.1.src.rpm trytond_stock-6.0.14-bp154.2.3.1.noarch.rpm trytond_stock-6.0.14-bp154.2.3.1.src.rpm trytond_stock_supply-6.0.3-bp154.2.3.1.noarch.rpm trytond_stock_supply-6.0.3-bp154.2.3.1.src.rpm openSUSE-2022-10052 moderate openSUSE Backports SLE-15-SP4 Update This update for trytond, trytond_stock fixes the following issues: Changes in trytond_stock: - Version 6.0.15 - Bugfix Release Changes in trytond: - Version 6.0.20 - Bugfix Release Changes in trytond: - Version 5.0.49 - Bugfix Release - Version 5.0.48 - Bugfix Release - Version 5.0.47 - Bugfix Release - Version 5.0.46 - Bugfix Release - Version 5.0.45 - Bugfix Release - Version 5.0.44 - Bugfix Release - Version 5.0.43 - Bugfix Release trytond-6.0.20-bp154.2.6.1.noarch.rpm trytond-6.0.20-bp154.2.6.1.src.rpm trytond_stock-6.0.15-bp154.2.6.1.noarch.rpm trytond_stock-6.0.15-bp154.2.6.1.src.rpm openSUSE-2022-10045 moderate openSUSE Backports SLE-15-SP4 Update This update for chafa fixes the following issues: - CVE-2022-2301: Fixed buffer over-read (boo#1201211) chafa-1.8.0-bp154.3.8.1.src.rpm chafa-1.8.0-bp154.3.8.1.x86_64.rpm chafa-debuginfo-1.8.0-bp154.3.8.1.x86_64.rpm chafa-debugsource-1.8.0-bp154.3.8.1.x86_64.rpm chafa-devel-1.8.0-bp154.3.8.1.x86_64.rpm chafa-doc-1.8.0-bp154.3.8.1.noarch.rpm libchafa0-1.8.0-bp154.3.8.1.x86_64.rpm libchafa0-debuginfo-1.8.0-bp154.3.8.1.x86_64.rpm chafa-1.8.0-bp154.3.8.1.i586.rpm chafa-debuginfo-1.8.0-bp154.3.8.1.i586.rpm chafa-debugsource-1.8.0-bp154.3.8.1.i586.rpm chafa-devel-1.8.0-bp154.3.8.1.i586.rpm libchafa0-1.8.0-bp154.3.8.1.i586.rpm libchafa0-debuginfo-1.8.0-bp154.3.8.1.i586.rpm chafa-1.8.0-bp154.3.8.1.aarch64.rpm chafa-debuginfo-1.8.0-bp154.3.8.1.aarch64.rpm chafa-debugsource-1.8.0-bp154.3.8.1.aarch64.rpm chafa-devel-1.8.0-bp154.3.8.1.aarch64.rpm libchafa0-1.8.0-bp154.3.8.1.aarch64.rpm libchafa0-debuginfo-1.8.0-bp154.3.8.1.aarch64.rpm chafa-1.8.0-bp154.3.8.1.ppc64le.rpm chafa-debuginfo-1.8.0-bp154.3.8.1.ppc64le.rpm chafa-debugsource-1.8.0-bp154.3.8.1.ppc64le.rpm chafa-devel-1.8.0-bp154.3.8.1.ppc64le.rpm libchafa0-1.8.0-bp154.3.8.1.ppc64le.rpm libchafa0-debuginfo-1.8.0-bp154.3.8.1.ppc64le.rpm chafa-1.8.0-bp154.3.8.1.s390x.rpm chafa-debuginfo-1.8.0-bp154.3.8.1.s390x.rpm chafa-debugsource-1.8.0-bp154.3.8.1.s390x.rpm chafa-devel-1.8.0-bp154.3.8.1.s390x.rpm libchafa0-1.8.0-bp154.3.8.1.s390x.rpm libchafa0-debuginfo-1.8.0-bp154.3.8.1.s390x.rpm openSUSE-2022-10042 important openSUSE Backports SLE-15-SP4 Update This update for librttopo fixes the following issues: - CVE-2017-18359: Fixed a denial of service in rtgeom_to_x3d3() (boo#1201215) librttopo-1.1.0-bp154.2.3.1.src.rpm librttopo-devel-1.1.0-bp154.2.3.1.x86_64.rpm librttopo1-1.1.0-bp154.2.3.1.x86_64.rpm librttopo-devel-1.1.0-bp154.2.3.1.aarch64.rpm librttopo1-1.1.0-bp154.2.3.1.aarch64.rpm librttopo-devel-1.1.0-bp154.2.3.1.ppc64le.rpm librttopo1-1.1.0-bp154.2.3.1.ppc64le.rpm librttopo-devel-1.1.0-bp154.2.3.1.s390x.rpm librttopo1-1.1.0-bp154.2.3.1.s390x.rpm openSUSE-2022-10053 moderate openSUSE Backports SLE-15-SP4 Update This update for plasma5-desktop, plasma5-workspace fixes the following issues: - Disable reuseItems to avoid a crash in plasmashell (kde#452660) - Fix a potential crash when deleting a panel with a system tray applet (kde#453726) - Fix a potential crash on logout (kde#454159) plasma5-desktop-5.24.4-bp154.2.3.2.src.rpm plasma5-desktop-5.24.4-bp154.2.3.2.x86_64.rpm plasma5-desktop-emojier-5.24.4-bp154.2.3.2.x86_64.rpm plasma5-desktop-lang-5.24.4-bp154.2.3.2.noarch.rpm gmenudbusmenuproxy-5.24.4-bp154.2.3.1.x86_64.rpm gmenudbusmenuproxy-debuginfo-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-session-5.24.4-bp154.2.3.1.noarch.rpm plasma5-session-wayland-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-5.24.4-bp154.2.3.1.src.rpm plasma5-workspace-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-debuginfo-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-debugsource-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-devel-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-lang-5.24.4-bp154.2.3.1.noarch.rpm plasma5-workspace-libs-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-workspace-libs-debuginfo-5.24.4-bp154.2.3.1.x86_64.rpm xembedsniproxy-5.24.4-bp154.2.3.1.x86_64.rpm xembedsniproxy-debuginfo-5.24.4-bp154.2.3.1.x86_64.rpm plasma5-desktop-5.24.4-bp154.2.3.2.aarch64.rpm plasma5-desktop-emojier-5.24.4-bp154.2.3.2.aarch64.rpm gmenudbusmenuproxy-5.24.4-bp154.2.3.1.aarch64.rpm gmenudbusmenuproxy-debuginfo-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-session-wayland-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-debuginfo-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-debugsource-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-devel-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-libs-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-workspace-libs-debuginfo-5.24.4-bp154.2.3.1.aarch64.rpm xembedsniproxy-5.24.4-bp154.2.3.1.aarch64.rpm xembedsniproxy-debuginfo-5.24.4-bp154.2.3.1.aarch64.rpm plasma5-desktop-5.24.4-bp154.2.3.2.ppc64le.rpm plasma5-desktop-emojier-5.24.4-bp154.2.3.2.ppc64le.rpm gmenudbusmenuproxy-5.24.4-bp154.2.3.1.ppc64le.rpm gmenudbusmenuproxy-debuginfo-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-session-wayland-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-debuginfo-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-debugsource-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-devel-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-libs-5.24.4-bp154.2.3.1.ppc64le.rpm plasma5-workspace-libs-debuginfo-5.24.4-bp154.2.3.1.ppc64le.rpm xembedsniproxy-5.24.4-bp154.2.3.1.ppc64le.rpm xembedsniproxy-debuginfo-5.24.4-bp154.2.3.1.ppc64le.rpm openSUSE-2022-10055 important openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: Chromium 103.0.5060.114 (boo#1201216) * CVE-2022-2294: Heap buffer overflow in WebRTC * CVE-2022-2295: Type Confusion in V8 * CVE-2022-2296: Use after free in Chrome OS Shell chromedriver-103.0.5060.114-bp154.2.14.1.x86_64.rpm chromedriver-debuginfo-103.0.5060.114-bp154.2.14.1.x86_64.rpm chromium-103.0.5060.114-bp154.2.14.1.src.rpm chromium-103.0.5060.114-bp154.2.14.1.x86_64.rpm chromium-debuginfo-103.0.5060.114-bp154.2.14.1.x86_64.rpm chromedriver-103.0.5060.114-bp154.2.14.1.aarch64.rpm chromedriver-debuginfo-103.0.5060.114-bp154.2.14.1.aarch64.rpm chromium-103.0.5060.114-bp154.2.14.1.aarch64.rpm chromium-debuginfo-103.0.5060.114-bp154.2.14.1.aarch64.rpm openSUSE-2022-10058 moderate openSUSE Backports SLE-15-SP4 Update This update for withlock fixes the following issues: update to version 0.5 - modernize for Python 2 and 3 compatibility withlock-0.5-bp154.2.3.1.noarch.rpm withlock-0.5-bp154.2.3.1.src.rpm openSUSE-2022-10054 low openSUSE Backports SLE-15-SP4 Update This update provides certbot to openSUSE Leap 15.4 and SUSE Package Hub 15 SP4. python-acme-1.22.0-bp154.2.3.3.src.rpm python3-acme-1.22.0-bp154.2.3.3.noarch.rpm python-certbot-apache-1.22.0-bp154.2.2.src.rpm python3-certbot-apache-1.22.0-bp154.2.2.noarch.rpm python-certbot-dns-cloudflare-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-cloudflare-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-cloudxns-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-cloudxns-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-digitalocean-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-digitalocean-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-dnsimple-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-dnsimple-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-dnsmadeeasy-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-dnsmadeeasy-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-google-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-google-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-linode-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-linode-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-luadns-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-luadns-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-nsone-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-nsone-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-rfc2136-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-rfc2136-1.22.0-bp154.2.1.noarch.rpm python-certbot-dns-route53-1.22.0-bp154.2.1.src.rpm python3-certbot-dns-route53-1.22.0-bp154.2.1.noarch.rpm python-certbot-nginx-1.22.0-bp154.2.2.src.rpm python3-certbot-nginx-1.22.0-bp154.2.2.noarch.rpm python-certbot-1.22.0-bp154.2.1.src.rpm python3-certbot-1.22.0-bp154.2.1.noarch.rpm python-josepy-1.10.0-bp154.2.3.4.src.rpm python3-josepy-1.10.0-bp154.2.3.4.noarch.rpm openSUSE-2022-10068 moderate openSUSE Backports SLE-15-SP4 Update This update for strawberry fixes the following issues: Update to version 1.0.5 + Bugfixes: + Fixed smart playlist filetype search. + Fixed Radio Paradise URLs to use HTTPS instead of HTTP. + Fixed horizontal scrolling not affecting currently playing track (#952). + Fixed keep running in the background when window is closed with Wayland (#964). + Fixed percent-encoding of URLs when loading and saving XSPF playlists (#821). + Fixed fancy tabbar context menu showing on right clicks outside of tabbar when a song is playing. + Fixed possible duplicating songs in the database when moving songs to the collection using the organize feature. + Enhancements: + Show more details in error dialog on GStreamer errors (#958). + Allow setting blur amount of playlist background image up to 100px (#939). + Include 128x128 icon sizes (#954). + Show right click copy context menu in context view on top text and lyrics (#965). + Improve fading between album covers in context view. + Added option for overwriting database playcounts in collection settings (#962). + Added option for disabling bar on currently playing track (#972). Update to version 1.0.4 + Bugfixes: + Fixed use-after-free memory in ALSA PCM device finder. + Translate global shortcuts. + Enhancement: + Added save all playlists action. + Other: + Removed use of custom font in context. Update to version 1.0.3 + Bugfixes: + Remove slash and backslash from filenames when saving album covers using album directory cover filenames (#903). + Remove playlist file-extensions from accepted audio file extensions (#909). + Fixed Qobuz requests only receiving the first 50 albums (#922). + New features + Added support for bs2b (Improved headphone listening of stereo audio records using Bauer stereophonic-to-binaural DSP) (#249). - Remove the unneeded qt6-network-tls requirement. libQt6Network6 already requires the plugin. strawberry-1.0.5-bp154.2.3.6.src.rpm strawberry-1.0.5-bp154.2.3.6.x86_64.rpm strawberry-1.0.5-bp154.2.3.6.aarch64.rpm strawberry-1.0.5-bp154.2.3.6.ppc64le.rpm openSUSE-2022-10069 moderate openSUSE Backports SLE-15-SP4 Update This update for python-ipython fixes the following issues: - Avoid crashes on tab completion to more completely support jedi 0.18 (boo#1200228) python-ipython-7.16.1-bp154.2.3.3.src.rpm python3-ipython-7.16.1-bp154.2.3.3.noarch.rpm python3-ipython-iptest-7.16.1-bp154.2.3.3.noarch.rpm python-ipython-test-7.16.1-bp154.2.3.3.src.rpm openSUSE-2022-10061 moderate openSUSE Backports SLE-15-SP4 Update This update for glusterfs fixes the following issues: - add explicit Requires for the dependencies, so we make sure the dependencies are installed in the same version glusterfs-9.3-bp154.2.3.1.src.rpm glusterfs-9.3-bp154.2.3.1.x86_64.rpm glusterfs-devel-9.3-bp154.2.3.1.x86_64.rpm libgfapi0-9.3-bp154.2.3.1.x86_64.rpm libgfchangelog0-9.3-bp154.2.3.1.x86_64.rpm libgfrpc0-9.3-bp154.2.3.1.x86_64.rpm libgfxdr0-9.3-bp154.2.3.1.x86_64.rpm libglusterd0-9.3-bp154.2.3.1.x86_64.rpm libglusterfs0-9.3-bp154.2.3.1.x86_64.rpm python3-gluster-9.3-bp154.2.3.1.noarch.rpm glusterfs-9.3-bp154.2.3.1.i586.rpm glusterfs-devel-9.3-bp154.2.3.1.i586.rpm libgfapi0-9.3-bp154.2.3.1.i586.rpm libgfchangelog0-9.3-bp154.2.3.1.i586.rpm libgfrpc0-9.3-bp154.2.3.1.i586.rpm libgfxdr0-9.3-bp154.2.3.1.i586.rpm libglusterd0-9.3-bp154.2.3.1.i586.rpm libglusterfs0-9.3-bp154.2.3.1.i586.rpm glusterfs-9.3-bp154.2.3.1.aarch64.rpm glusterfs-devel-9.3-bp154.2.3.1.aarch64.rpm libgfapi0-9.3-bp154.2.3.1.aarch64.rpm libgfchangelog0-9.3-bp154.2.3.1.aarch64.rpm libgfrpc0-9.3-bp154.2.3.1.aarch64.rpm libgfxdr0-9.3-bp154.2.3.1.aarch64.rpm libglusterd0-9.3-bp154.2.3.1.aarch64.rpm libglusterfs0-9.3-bp154.2.3.1.aarch64.rpm glusterfs-9.3-bp154.2.3.1.ppc64le.rpm glusterfs-devel-9.3-bp154.2.3.1.ppc64le.rpm libgfapi0-9.3-bp154.2.3.1.ppc64le.rpm libgfchangelog0-9.3-bp154.2.3.1.ppc64le.rpm libgfrpc0-9.3-bp154.2.3.1.ppc64le.rpm libgfxdr0-9.3-bp154.2.3.1.ppc64le.rpm libglusterd0-9.3-bp154.2.3.1.ppc64le.rpm libglusterfs0-9.3-bp154.2.3.1.ppc64le.rpm glusterfs-9.3-bp154.2.3.1.s390x.rpm glusterfs-devel-9.3-bp154.2.3.1.s390x.rpm libgfapi0-9.3-bp154.2.3.1.s390x.rpm libgfchangelog0-9.3-bp154.2.3.1.s390x.rpm libgfrpc0-9.3-bp154.2.3.1.s390x.rpm libgfxdr0-9.3-bp154.2.3.1.s390x.rpm libglusterd0-9.3-bp154.2.3.1.s390x.rpm libglusterfs0-9.3-bp154.2.3.1.s390x.rpm openSUSE-2022-10065 critical openSUSE Backports SLE-15-SP4 Update This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF (boo#1162794) phpPgAdmin-7.13.0-bp154.2.3.1.noarch.rpm phpPgAdmin-7.13.0-bp154.2.3.1.src.rpm phpPgAdmin-apache-7.13.0-bp154.2.3.1.noarch.rpm openSUSE-2022-10066 moderate openSUSE Backports SLE-15-SP4 Update This update for systemd-zram-service fixes the following issues: - Drop systemd hardenings again. The current set causes issues (boo#1193402) systemd-zram-service-0.2.1-bp154.3.3.1.noarch.rpm systemd-zram-service-0.2.1-bp154.3.3.1.src.rpm openSUSE-2022-10074 moderate openSUSE Backports SLE-15-SP4 Update This update for os-autoinst fixes the following issues: - Fix os-autoinst-devel opencv dependency for upgrade (boo#1201552) os-autoinst-test-4.6.1639403953.ae94c4bd-bp154.2.3.1.src.rpm os-autoinst-4.6.1639403953.ae94c4bd-bp154.2.3.1.src.rpm os-autoinst-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-devel-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-openvswitch-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-qemu-kvm-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-qemu-x86-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-s390-deps-4.6.1639403953.ae94c4bd-bp154.2.3.1.x86_64.rpm os-autoinst-4.6.1639403953.ae94c4bd-bp154.2.3.1.aarch64.rpm os-autoinst-devel-4.6.1639403953.ae94c4bd-bp154.2.3.1.aarch64.rpm os-autoinst-openvswitch-4.6.1639403953.ae94c4bd-bp154.2.3.1.aarch64.rpm os-autoinst-s390-deps-4.6.1639403953.ae94c4bd-bp154.2.3.1.aarch64.rpm os-autoinst-4.6.1639403953.ae94c4bd-bp154.2.3.1.ppc64le.rpm os-autoinst-devel-4.6.1639403953.ae94c4bd-bp154.2.3.1.ppc64le.rpm os-autoinst-openvswitch-4.6.1639403953.ae94c4bd-bp154.2.3.1.ppc64le.rpm os-autoinst-s390-deps-4.6.1639403953.ae94c4bd-bp154.2.3.1.ppc64le.rpm os-autoinst-4.6.1639403953.ae94c4bd-bp154.2.3.1.s390x.rpm os-autoinst-devel-4.6.1639403953.ae94c4bd-bp154.2.3.1.s390x.rpm os-autoinst-openvswitch-4.6.1639403953.ae94c4bd-bp154.2.3.1.s390x.rpm os-autoinst-s390-deps-4.6.1639403953.ae94c4bd-bp154.2.3.1.s390x.rpm openSUSE-2022-10073 important openSUSE Backports SLE-15-SP4 Update This update for chromium fixes the following issues: Chromium was updated to 103.0.5060.134 (boo#1201679): * CVE-2022-2477 : Use after free in Guest View * CVE-2022-2478 : Use after free in PDF * CVE-2022-2479 : Insufficient validation of untrusted input in File * CVE-2022-2480 : Use after free in Service Worker API * CVE-2022-2481: Use after free in Views * CVE-2022-2163: Use after free in Cast UI and Toolbar * Various fixes from internal audits, fuzzing and other initiatives chromedriver-103.0.5060.134-bp154.2.17.2.x86_64.rpm chromedriver-debuginfo-103.0.5060.134-bp154.2.17.2.x86_64.rpm chromium-103.0.5060.134-bp154.2.17.2.src.rpm chromium-103.0.5060.134-bp154.2.17.2.x86_64.rpm chromium-debuginfo-103.0.5060.134-bp154.2.17.2.x86_64.rpm chromedriver-103.0.5060.134-bp154.2.17.2.aarch64.rpm chromedriver-debuginfo-103.0.5060.134-bp154.2.17.2.aarch64.rpm chromium-103.0.5060.134-bp154.2.17.2.aarch64.rpm chromium-debuginfo-103.0.5060.134-bp154.2.17.2.aarch64.rpm openSUSE-2022-10072 moderate openSUSE Backports SLE-15-SP4 Update This update for jupyter-jupyterlab-server fixes the following issues: Update to 1.2.0: * Expose settings API to other handlers. * Always wait for process to finish * ensure the 'WHICH' command returns absolute path instead of relative path * Clean up terminate logic * Kill the subprocess if it does not stop * Do not try to close the watch process file handle * Update nodejs error message to not give an outdated version. * Black and White Listings Handler * Fix URL prefixing for absolute URLs jupyter-jupyterlab-server-1.2.0-bp154.2.3.3.noarch.rpm jupyter-jupyterlab-server-1.2.0-bp154.2.3.3.src.rpm openSUSE-2022-10075 important openSUSE Backports SLE-15-SP4 Update This update for python-jupyterlab fixes the following issues: Update to 2.2.10: * Remove `form` tags' `action` attribute during sanitizing, to prevent an XSS (CVE-2021-32797) (boo#1196663) * Header ‘Content-Type’ should not be overwritten * Do not use token parameters in websocket urls * Properly handle errors in async browser_check * Cells can no longer be executed while kernels are terminating or restarting. There is a new status for these events on the Kernel Indicator * Add styling for high memory usage warning in status bar with nbresuse * Adds support for Python version 3.10 * Support live editing of SVG with updating rendering * Lazy load codemirror theme stylesheets * Add feature request template + slight reorg in readme * Add link to react example in extension-examples repo * Close correct tab with close tab * Remove unused css rules * Simplified multicursor backspace code * Fix recent breaking changes to normalizepath in filebrowser * Handle quit_button when launched as an extension * Add worker-loader * Fix icon sidebar height for third party extensions * Scrolls cells into view after deletion * Support Node.js 10+ * Select search text when focusing the search overlay * Throttle fetch requests in the setting registry’s data connector * Avoid redundant checkpoint calls on loading a notebook jupyter-jupyterlab-2.2.10-bp154.2.3.1.noarch.rpm python-jupyterlab-2.2.10-bp154.2.3.1.src.rpm python3-jupyterlab-2.2.10-bp154.2.3.1.noarch.rpm openSUSE-2022-10076 critical openSUSE Backports SLE-15-SP4 Update This update for connman fixes the following issues: - CVE-2022-32292: Add refcounting to wispr portal detection to avoid heap overflow (boo#1200190) - CVE-2022-32292: Fix OOB write in received_data (boo#1200189) connman-1.41-bp154.2.3.1.src.rpm connman-1.41-bp154.2.3.1.x86_64.rpm connman-client-1.41-bp154.2.3.1.x86_64.rpm connman-devel-1.41-bp154.2.3.1.x86_64.rpm connman-doc-1.41-bp154.2.3.1.x86_64.rpm connman-nmcompat-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-hh2serial-gps-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-iospm-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-l2tp-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-openvpn-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-polkit-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-pptp-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-tist-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-vpnc-1.41-bp154.2.3.1.x86_64.rpm connman-plugin-wireguard-1.41-bp154.2.3.1.x86_64.rpm connman-test-1.41-bp154.2.3.1.x86_64.rpm connman-1.41-bp154.2.3.1.i586.rpm connman-client-1.41-bp154.2.3.1.i586.rpm connman-devel-1.41-bp154.2.3.1.i586.rpm connman-doc-1.41-bp154.2.3.1.i586.rpm connman-nmcompat-1.41-bp154.2.3.1.i586.rpm connman-plugin-hh2serial-gps-1.41-bp154.2.3.1.i586.rpm connman-plugin-iospm-1.41-bp154.2.3.1.i586.rpm connman-plugin-l2tp-1.41-bp154.2.3.1.i586.rpm connman-plugin-openvpn-1.41-bp154.2.3.1.i586.rpm connman-plugin-polkit-1.41-bp154.2.3.1.i586.rpm connman-plugin-pptp-1.41-bp154.2.3.1.i586.rpm connman-plugin-tist-1.41-bp154.2.3.1.i586.rpm connman-plugin-wireguard-1.41-bp154.2.3.1.i586.rpm connman-test-1.41-bp154.2.3.1.i586.rpm connman-1.41-bp154.2.3.1.aarch64.rpm connman-client-1.41-bp154.2.3.1.aarch64.rpm connman-devel-1.41-bp154.2.3.1.aarch64.rpm connman-doc-1.41-bp154.2.3.1.aarch64.rpm connman-nmcompat-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-hh2serial-gps-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-iospm-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-l2tp-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-openvpn-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-polkit-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-pptp-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-tist-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-vpnc-1.41-bp154.2.3.1.aarch64.rpm connman-plugin-wireguard-1.41-bp154.2.3.1.aarch64.rpm connman-test-1.41-bp154.2.3.1.aarch64.rpm connman-1.41-bp154.2.3.1.ppc64le.rpm connman-client-1.41-bp154.2.3.1.ppc64le.rpm connman-devel-1.41-bp154.2.3.1.ppc64le.rpm connman-doc-1.41-bp154.2.3.1.ppc64le.rpm connman-nmcompat-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-iospm-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-l2tp-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-openvpn-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-polkit-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-pptp-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-vpnc-1.41-bp154.2.3.1.ppc64le.rpm connman-plugin-wireguard-1.41-bp154.2.3.1.ppc64le.rpm connman-test-1.41-bp154.2.3.1.ppc64le.rpm connman-1.41-bp154.2.3.1.s390x.rpm connman-client-1.41-bp154.2.3.1.s390x.rpm connman-devel-1.41-bp154.2.3.1.s390x.rpm connman-doc-1.41-bp154.2.3.1.s390x.rpm connman-nmcompat-1.41-bp154.2.3.1.s390x.rpm connman-plugin-hh2serial-gps-1.41-bp154.2.3.1.s390x.rpm connman-plugin-iospm-1.41-bp154.2.3.1.s390x.rpm connman-plugin-l2tp-1.41-bp154.2.3.1.s390x.rpm connman-plugin-openvpn-1.41-bp154.2.3.1.s390x.rpm connman-plugin-polkit-1.41-bp154.2.3.1.s390x.rpm connman-plugin-pptp-1.41-bp154.2.3.1.s390x.rpm connman-plugin-tist-1.41-bp154.2.3.1.s390x.rpm connman-plugin-vpnc-1.41-bp154.2.3.1.s390x.rpm connman-plugin-wireguard-1.41-bp154.2.3.1.s390x.rpm connman-test-1.41-bp154.2.3.1.s390x.rpm openSUSE-2022-10079 moderate openSUSE Backports SLE-15-SP4 Update This update for nano fixes the following issues: - Support syntax highlighting for _channel and _patchinfo files used by OBS nano was updated to version 6.3: * For multiline regexes, text is now colored as soon a start match is found, also when there is no end match at all. * The colorizing of any line is stopped after two thousand bytes to avoid frustrating delays. * When environment variable NO_COLOR is set, the two default colors (yellow for the spotlight, red for error messages) are suppressed when no interface colors are specified in a nanorc file. * Full justification and piping the whole buffer through a command now keep the cursor at the same line number. * Utility 'xsel' can be used to copy a marked region to the system's clipboard. See doc/sample.nanorc for an example. GNU nano 6.2 * The file browser clears the prompt bar also when using --minibar * Linting now works also with a newer 'pyflakes' GNU nano 6.1: * The behavior of ^K at a prompt has been enhanced: when there is text after the cursor, just this text is erased * At a prompt, M-6 copies the current answer into the cutbuffer * Large external pastes into nano are handled more quickly GNU nano 6.0: * Option --zero hides the interface and uses the whole terminal for editing * Colors can be given also in #rgb hexadecimal, to select the nearest color from the 6x6x6 color-cube palette available on 256-color terminals * Fourteen new color names are available, from rosy to crimson nano-6.3-bp154.2.3.1.src.rpm nano-6.3-bp154.2.3.1.x86_64.rpm nano-lang-6.3-bp154.2.3.1.noarch.rpm nano-6.3-bp154.2.3.1.i586.rpm nano-6.3-bp154.2.3.1.aarch64.rpm nano-6.3-bp154.2.3.1.ppc64le.rpm nano-6.3-bp154.2.3.1.s390x.rpm openSUSE-2022-10080 moderate openSUSE Backports SLE-15-SP4 Update This update for caddy fixes the following issues: Update to version 2.5.2: * admin: expect quoted ETags (#4879) * headers: Only replace known placeholders (#4880) * reverseproxy: Err 503 if all upstreams unavailable * reverseproxy: Adjust new TLS Caddyfile directive names (#4872) * fileserver: Use safe redirects in file browser * admin: support ETag on config endpoints (#4579) * caddytls: Reuse issuer between PreCheck and Issue (#4866) * admin: Implement /adapt endpoint (close #4465) (#4846) * forwardauth: Fix case when `copy_headers` is omitted (#4856) * Expose several Caddy HTTP Matchers to the CEL Matcher (#4715) * reverseproxy: Fix double headers in response handlers (#4847) * reverseproxy: Fix panic when TLS is not configured (#4848) * reverseproxy: Skip TLS for certain configured ports (#4843) * forwardauth: Support renaming copied headers, block support (#4783) * Add comment about xcaddy to main * headers: Support wildcards for delete ops (close #4830) (#4831) * reverseproxy: Dynamic ServerName for TLS upstreams (#4836) * reverseproxy: Make TLS renegotiation optional * reverseproxy: Add renegotiation param in TLS client (#4784) * caddyhttp: Log error from CEL evaluation (fix #4832) * reverseproxy: Correct the `tls_server_name` docs (#4827) * reverseproxy: HTTP 504 for upstream timeouts (#4824) * caddytls: Make peer certificate verification pluggable (#4389) * reverseproxy: api: Remove misleading 'healthy' value * Fix #4822 and fix #4779 * reverseproxy: Add --internal-certs CLI flag #3589 (#4817) * ci: Fix build caching on Windows (#4811) * templates: Add `humanize` function (#4767) * core: Micro-optim in run() (#4810) * httpcaddyfile: Add `{err.*}` placeholder shortcut (#4798) * templates: Documentation consistency (#4796) * chore: Bump quic-go to v0.27.0 (#4782) * reverseproxy: Support http1.1>h2c (close #4777) (#4778) * rewrite: Handle fragment before query (fix #4775) [boo#1201822, CVE-2022-34037] * httpcaddyfile: Support multiple values for `default_bind` (#4774) caddy-2.5.2-bp154.2.8.1.src.rpm caddy-2.5.2-bp154.2.8.1.x86_64.rpm caddy-2.5.2-bp154.2.8.1.i586.rpm caddy-2.5.2-bp154.2.8.1.aarch64.rpm caddy-2.5.2-bp154.2.8.1.ppc64le.rpm caddy-2.5.2-bp154.2.8.1.s390x.rpm openSUSE-2022-10081 moderate openSUSE Backports SLE-15-SP4 Update This update for trivy fixes the following issues: trivy was updated to version 0.30.4: * fix: remove the first arg when running as a plugin (#2595) * fix: k8s controlplaner scanning (#2593) * fix(vuln): GitLab report template (#2578) Update to version 0.30.3: * fix(server): use a new db worker for hot updates (#2581) * docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583) * docs: split commands to download db for different versions of oras (#2582) * feat(report): export exitcode for license checks (#2564) * fix: cli can use lowercase for severities (#2565) * fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577) * fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569) * fix: enable some features of the wasm runtime (#2575) * fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521) * docs(sbom): improve sbom attestation documentation (#2566) Update to version 0.30.2: * fix(report): show the summary without results (#2548) * fix(cli): replace '-' to '_' for env vars (#2561) Update to version 0.30.1: * chore: remove a test repository (#2551) * fix(license): lazy loading of classifiers (#2547) * fix: CVE-2022-1996 in Trivy (#2499) * docs(sbom): add sbom attestation (#2527) * feat(rocky): set Rocky Linux 9 EOL (#2543) * docs: add attributes to the video tag to autoplay demo videos (#2538) * fix: yaml files with non-string chart name (#2534) * fix: skip dirs (#2530) * feat(repo): add support for branch, commit, & tag (#2494) * fix: remove auto configure environment variables via viper (#2526) Update to version 0.30.0: * fix: separating multiple licenses from one line in dpkg copyright files (#2508) * fix: change a capital letter for `plugin uninstall` subcommand (#2519) * fix: k8s hide empty report when scanning resource (#2517) * refactor: fix comments (#2516) * fix: scan vendor dir (#2515) * feat: Add support for license scanning (#2418) * chore: add owners for secret scanning (#2485) * fix: remove dependency-tree flag for image subcommand (#2492) * fix(k8s): add shorthand for k8s namespace flag (#2495) * docs: add information about using multiple servers to troubleshooting (#2498) * ci: add pushing canary build images to registries (#2428) * feat(dotnet): add support for .Net core .deps.json files (#2487) * feat(amazon): add support for 2022 version (#2429) * Type correction bitnami chart (#2415) * docs: add config file and update CLI references (#2489) * feat: add support for flag groups (#2488) * refactor: move from urfave/cli to spf13/cobra (#2458) * fix: Fix secrets output not containing file/lines (#2467) * fix: clear output with modules (#2478) * docs(cbl): distroless 1.0 supported (#2473) * fix: Fix example dockerfile rego policy (#2460) * fix(config): add helm to list of config analyzers (#2457) * feat: k8s resouces scan (#2395) * feat(sbom): add cyclonedx sbom scan (#2203) * docs: remove links to removed content (#2431) * ci: added rpm build for rhel 9 (#2437) * fix(secret): remove space from asymmetric private key (#2434) * test(integration): fix golden files for debian 9 (#2435) * fix(cli): fix version string in docs link when secret scanning is enabled (#2422) * refactor: move CycloneDX marshaling (#2420) * docs(nodejs): add docs about pnpm support (#2423) * docs: improve k8s usage documentation (#2425) * feat: Make secrets scanning output consistant (#2410) * ci: create canary build after main branch changes (#1638) * fix(misconf): skip broken scans (#2396) * feat(nodejs): add pnpm support (#2414) * fix: Fix false positive for use of COS images (#2413) * eliminate nerdctl dependency (#2412) * Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403) * fix(go): no cast to lowercase go package names (#2401) * BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408) * fix(server): hot update the db from custom repository (#2406) * feat: added license parser for dpkg (#2381) * fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400) * feat: extract stripe publishable and secret keys (#2392) * feat: rbac support k8s sub-command (#2339) * feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390) * docs: Updating README with new CLI command (#2359) * fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383) * chore: add integration label and merge security label (#2316) Update to version 0.29.2: * chore: skip Visual Studio Code project folder (#2379) * fix(helm): handle charts with templated names (#2374) * docs: redirect operator docs to trivy-operator repo (#2372) * fix(secret): use secret result when determining Failed status (#2370) * try removing libdb-dev * run integration tests in fanal * use same testing images in fanal * feat(helm): add support for trivy dbRepository (#2345) * fix: Fix failing test due to deref lint issue * test: Fix broken test * fix: Fix makefile when no previous named ref is visible in a shallow clone * chore: Fix linting issues in fanal * refactor: Fix fanal import paths and remove dotfiles Update to version 0.29.1: * fix(report): add required fields to the SARIF template (#2341) * chore: fix spelling errors (#2352) * Omit Remediation if PrimaryURL is empty (#2006) * docs(repo): Link to installation documentation in readme shows 404 (#2348) * feat(alma): support for scanning of modular packages for AlmaLinux (#2347) Update to version 0.29.0: * fix(lang): fix dependency graph in client server mode (#2336) * feat: allow expiration date for .trivyignore entries (#2332) * feat(lang): add dependency origin graph (#1970) * docs: update nix installation info (#2331) * feat: add rbac scanning support (#2328) * refactor: move WordPress module to another repository (#2329) * ci: add support for ppc64le (#2281) * feat: add support for WASM modules (#2195) * feat(secret): show recommendation for slow scanning (#2051) * fix(flag): remove --clear-cache flag client mode (#2301) * fix(java): added check for looping for variable evaluation in pom file (#2322) * BREAKING(k8s): change CLI API (#2186) * feat(alpine): add Alpine Linux 3.16 (#2319) * ci: add `go mod tidy` check (#2314) * chore: run `go mod tidy` (#2313) * fix: do not exit if one resource is not found (#2311) * feat(cli): use stderr for all log messages (resolve #381) (#2289) * test: replace deprecated subcommand client in integration tests (#2308) * feat: add support for containerd (#2305) * fix(kubernetes): Support floats in manifest yaml (#2297) * docs(kubernetes): dead links (#2307) * chore: add license label (#2304) * feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293) * feat(helm): add pod annotations (#2272) * refactor: do not import defsec in fanal types package (#2292) * feat(report): Add misconfiguration support to ASFF report template (#2285) * test: use images in GHCR (#2275) * feat(helm): support pod annotations (#2265) * feat(misconf): Helm chart scanning (#2269) * docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267) * fix: mask redis credentials when logging (#2264) * refactor: extract commands Runner interface (#2147) * docs: update operator release (#2263) * feat(redhat): added architecture check (#2172) * docs: updating links in the docs to work again (#2256) * docs: fix readme (#2251) * fix: fixed incorrect CycloneDX output format (#2255) * refactor(deps): move dependencies to package (#2189) * fix(report): change github format version to required (#2229) * docs: update readme (#2110) * docs: added information about choosing advisory database (#2212) * chore: update trivy-kubernetes (#2224) * docs: clarifying parts of the k8s docs and updating links (#2222) * fix(k8s): timeout error logging (#2179) * chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214) * feat(k8s): add --context flag (#2171) * fix(k8s): properly instantiate TableWriter (#2175) * test: fixed integration tests after updating testcontainers to v0.13.0 (#2208) * chore: update labels (#2197) * fix(report): fixed panic if all misconf reports were removed in filter (#2188) * feat(k8s): scan secrets (#2178) * feat(report): GitHub Dependency Snapshots support (#1522) * feat(db): added insecure skip tls verify to download trivy db (#2140) * fix(redhat): always use vulns with fixed version if there is one (#2165) * chore(redhat): Add support for Red Hat UBI 9. (#2183) * fix(k8s): update trivy-kubernetes (#2163) * fix misconfig start line for code quality tpl (#2181) * fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176) * docs(vuln): Include GitLab 15.0 integration (#2153) * docs: fix the operator version (#2167) * fix(k8s): summary report when when only vulns exit (#2146) * chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156) * perf(misconf): Improve performance when scanning very large files (#2152) * docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150) * chore(deps): Update fanal (for less verbose code in misconf results) (#2151) * docs: fixed installation instruction for rhel/centos (#2143) trivy-0.30.4-bp154.2.6.1.src.rpm trivy-0.30.4-bp154.2.6.1.x86_64.rpm trivy-0.30.4-bp154.2.6.1.i586.rpm trivy-0.30.4-bp154.2.6.1.aarch64.rpm trivy-0.30.4-bp154.2.6.1.s390x.rpm