Removed rpms ============ Added rpms ========== - libwoff2common1_0_2 - libwoff2dec1_0_2 Package Source Changes ====================== ImageMagick + fix CVE-2021-20309 [bsc#1184624], Division by zero in WaveImage() of MagickCore/visual-effects.c + + ImageMagick-CVE-2021-20309.patch + fix CVE-2021-20311 [bsc#1184626], Division by zero in sRGBTransformImage() in MagickCore/colorspace.c + + ImageMagick-CVE-2021-20311.patch + fix CVE-2021-20312 [bsc#1184627], Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c + + ImageMagick-CVE-2021-20312.patch + fix CVE-2021-20313 [bsc#1184628], Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c + + ImageMagick-CVE-2021-20313.patch + +- security update +- added patches MozillaFirefox +- Firefox Extended Support Release 78.10.0 ESR + * Fixed: Various stability, functionality, and security fixes +- Mozilla Firefox ESR 78.10 + MFSA 2021-15 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + MozillaThunderbird +- Mozilla Thunderbird 78.10 + * fixed: Usability & theme improvements on Windows + * fixed: Various security fixes + MFSA 2021-14 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + * CVE-2021-29948 (bmo#1692899) + Race condition when reading from disk while verifying + signatures + NetworkManager +- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's + timeout so that a recorded lease can be used when dhcp server + is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202). +- Modified NetworkManager.conf: Use dhclient as the default dhcp + client(glfo#NetworkManager/NetworkManager!811, bsc#1183202). + +- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond: + restore MAC on release only when there is a cloned MAC address + (glfo#NetworkManager/NetworkManager!775, bsc#1183967). + avahi +- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling + HUP event in client_work (boo#1184521 CVE-2021-3468). + https://github.com/lathiat/avahi/pull/330 + cifs-utils +- cifs.upcall: fix regression in kerberos mount; (bsc#1184815). + * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch + +- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in + container; (bsc#1183239); CVE-2021-20208. + cups +- When cupsd creates directories with specific owner group + and permissions (usually owner is 'root' and group matches + "configure --with-cups-group=lp") specify same owner group and + permissions in the RPM spec file to ensure those directories + are installed by RPM with the right settings because if those + directories were installed by RPM with different settings then + cupsd would use them as is and not adjust its specific owner + group and permissions which could lead to privilege escalation + from 'lp' user to 'root' via symlink attacks e.g. if owner is + falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161) + cups-filters +- fix_upstream_issue348.patch fixes + https://github.com/OpenPrinting/cups-filters/issues/348 + foomatic-rip segfaults with 'job-sheets=none,none' + but works with 'job-sheets=none' + (bsc#1182893) + dhcp +- bsc#1185157: + Use /run instead of /var/run for PIDFile in dhcrelay.service. + dracut +- Update to version 049.1+suse.187.g63c1504f: + * fix(shutdown): add timeout to umount calls (bsc#1178219) + e2fsprogs +- Remove autoreconf call from e2fsprogs.spec (bsc#1183791) + giflib +- Enable Position Independent Code and inherit CFLAGS from the build system. + * Added giflib-PIE.patch (bsc#1184123). + -- Update to new upstream release 5.0.4 - * Fix for a rare misrendering bug when a GIF overruns the - decompression-code table. -- Make patches have -p1, as requested by - http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -- add giflib-automake-1_13.patch, fix build with automake-1.13.1 - -- Remove "Obsoletes: giflib", because libgif6 must not obsolete - libgif4 (it would do that by way of libgif4's "Provides: giflib"). - -- Adjust baselibs.conf for libgif6, remove libungif rpm symbols - since they are now no longer provided. - -- Version 5.0.3 - * The library is now purely reentrant and thread-safe - * Adds an EGifSetGifVersion() entry point - * All names of exported functions now have a Gif, DGif, or EGif prefix. -- packaging changes: - * soname is now libgif6 - * Compatibility with ancient "libungif" via rpm spec file hacks - is no longer included, if there is any application around - that still requires this it has to be fixed. - -- Remove redundant tags/sections - -- annotate functions from gif_lib_private.h with visibility - hidden so they are not exported. - -- add libtool as buildrequire to make the spec file more reliable - -- Correct project URL -- Implement shlib naming (libgif4) -- Apply packaging guidelines (remove redundant/obsolete - tags/sections from specfile, etc.) - -- Do not use __Date__ and __TIME__ , make build-compare - happier - -- add baselibs.conf as a source - gpgme +- Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801] + * tests/json: Bravo key does not have secret key material + * tests/json: Do not check for keygrip of pubkeys + * core: Make sure the keygrip is available in WITH_SECRET mode +- Add gpgme-test-json.patch + gzip +- fix DFLTCC segfault [bsc#1177047] +- added patches + fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc + + gzip-1.10-fix-DFLTCC-segfault.patch + kyotocabinet +- Add yet an other patch kyotocabinet-pie.patch + * link all executables as pie (bsc#1185033) + +- Update to version 1.2.77: + * kcthread.cc (CondVar::wait): a bug on Win32 was fixed. + * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating + existing records was fixed. + * kcdb.h (DB::check): new function. +- Drop no longer needed gcc6-fix-errors.patch +- Modernise spec file + -- update version 1.2.76 - * kcthread.cc (CondVar::wait): a bug on Win32 was fixed. - * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating existing records was fixed. - * kcdb.h (DB::check): new function. - -- Make kyotocabinet installation work on SLE_11 - -- Remove redundant tags/sections per specfile guideline suggestions -- Add autotools BuildRequires for factory/12.2 - -- updated to 1.2.52 - -- updated to 1.2.50 - -- created package (version 1.2.47) - libcap +- Add explicit dependency on libcap2 with version to libcap-progs + and pam_cap (bsc#1184690) + -- Update to libcap 2.22 -- libcap 2.22 includes: - * Clarified License file (with version 2 of the GPL) - * Support getting/setting capabilities on large files - * After --chroot command, change working directory to "/". -- libcap 2.21 includes: - * Introduce cap_get_bound() and cap_drop_bound() functions. - also include a macro CAP_IS_SUPPORTED(cap) for capabilities -- libcap 2.20 includes: - * Latest kernel capabilites supported: now includes CAP_SYSLOG - * $(CFLAGS) Makefile fixes - * Default to installing setcap with an inheritable capability. - libhugetlbfs +- Hardening: Link as PIE (bsc#1184123). + -- There are no tests installed in s390(x) case, therefore there are no - files in %{_libdir}/libhugetlbfs - Remove the directory from the file list to fix package build for s390(x) - -- Add support of ppc64le with 4 patches - libhugetlbfs-ppc64le.patch - libhugetlbfs.ppc64le.step2.patch - libhugetlbfs.ppc64le.step3.patch - libhugetlbfs.ppc64le.step4.patch - -- Update to version 2.16: - Features: - * ARM Support - * s390x Dynamic TASK_SIZE support - Bug Fixes: - * find_mounts() now properly NULL terminates mount point names - -- Update to version 2.15 - Features: - * Some System z functionality went into 2.15 - * Updated man pages - * Added basic events for core_i7 to oprofile_map_events - Fixes: - * Disable Unable to verify address range warning when offset < page_size - * Remove sscanf in library setup to avoid heap allocation before _morecore - override - * Revert heap exhaustion patch - * hugectl no longer clips LD_LIBRARY_PATH variable - * Fix clean on failure code to avoid closing stdout - -- Add excludearch for arm due to lacking support - -- Update to version 2.13 - * hugeadm can now be used to control Transparent Huge Page tunables - * New morecore mode to better support THP - * Check permissions on hugetlbfs mount point before marking it as - available - * Fix shm tests to use random address instead of fixed, old address - failed on ARM - -- Update to version 2.12 - * libhugetlbfs usages can now be restricted to certain binary names - * libhugetlbfs now supports static linking - * hugeadm uses more human readable directory names for mount points - * Fix segfault if specified user was not in passwd, failuer in - getpwuid() is now checked - * Added tests for static linking to testcase - * Added missing tests to driver script - -- Do not include the 268MB testcase /usr/lib/libhugetlbfs/tests/obj32/linkhuge_rw. - -- Update to version 2.11 - Bugfixes and new features are listed in the NEWS file in - /usr/share/doc/packages/libhugetlbfs/NEWS - -- Update to version 2.9: - * Add --no-reseve to hugectl to request mmap'd pages are not reserved - for kernels newer than 2.6.34 - * Add --obey-numa-mempol to hugeadm to request static pool pages are - allocated following the process NUMA memory policy - * Add switch to let administrator limit new mount points by size or inodes - * cpupcstat now caches the value returned by tlmiss_cost.sh to avoid - rerunning the script - * When specifying huge page pool sizes with hugeadm, memory sizes can - be used as well as the number of huge pages - * DEFAULT is now a valid huge page pool for resizing, it will adjust - the pool for the default huge page size - * tlbmiss_cost.sh in the contrib/ sub directory will estimate the cost - in CPU cycles of a TLB miss on the arch where it is run - * Add python script which automates huge page pool setup with minimal - input required from user - * cpupcstat now supports data collection using the perf tool as well as - oprofile - * --explain reports if min_free_kbytes is too small - * add --set-min_free_kbytes to hugeadm - -- strip test binaries to fix build - -- Removed unused files - -- add workarounds for broken Makefile logic to detect arch - -- Package baselibs.conf - -- Fix typo in requires. - -- Update from version 2.0 to 2.5 - libnettle +- Security fix: [bsc#1184401, CVE-2021-20305] + * multiply function being called with out-of-range scalars + * Affects ecc-ecdsa-sign(), ecc_ecdsa_verify() and _eddsa_hash(). +- Add libnettle-CVE-2021-20305.patch + librsvg +- Update to version 2.46.5: + + Update dependent crates that had security vulnerabilities: + generic-array to 0.12.4 - RUSTSEC-2020-0146 + smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900 + + There are no changes to the library code. + + Fix bash-isms in Makefile.am (Tin-Wei Lan). + + Fix Visual Studio build (Chun-wei Fan). +- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate. + libsolv +- fix rare segfault in resolve_jobrules() that could happen + if new rules are learnt +- fix a couple of memory leaks in error cases +- fix error handling in solv_xfopen_fd() +- bump version to 0.7.19 + +- fixed regex code on win32 +- fixed memory leak in choice rule generation +- repo_add_conda: add flag to skip v2 packages +- bump version to 0.7.18 + libvoikko +- Fix wrong size parameter in memset call + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) +- Use %_smp_mflags for parallel building + +- add libtool as buildrequire to avoid implicit dependency + +- Add missing baselibs.conf. + +- Updated to version 2.1: + * Add option for accepting unfinished paragraphs. + * Add option VOIKKO_OPT_HYPHENATE_UNKNOWN_WORDS. + * Add option VOIKKO_OPT_ACCEPT_BULLETED_LISTS_IN_GC. + * Add support for environment variable VOIKKO_DICTIONARY. + * Disable character case checks completely within quotations. + * Disable character case checks if sentence contains a tab character. + * Disable checks for paragraphs that contain only an URL or some other + non-standard text. + * Read replacement suggestions from data/autocorrect/fi_FI.xml. + * Do not try to check character case for sentences that have been written + fully in upper case. + * Allow sentences to start with a digit. + * Refactoring and porting to C++. +- Added gcc-c++ python python-xml into BuildRequires +- Added libvoikko-2.1-ac-macro-dir.diff, fixed autoreconf to run (sf#2810258) + libxml2 +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + libzypp +- Properly handle permission denied when providing optional files + (bsc#1185239) +- Fix sevice detection with cgroupv2 (bsc#1184997) +- version 17.25.10 (22) + +- Add missing includes for GCC 11 (bsc#1181874) +- Fix unsafe usage of static in media verifier. +- Solver: Avoid segfault if no system is loaded (bsc#1183628) +- MediaVerifier: Relax media set verification in case of a single + not-volatile medium (bsc#1180851) +- Do no cleanup in custom cache dirs (bsc#1182936) +- ZConfig: let pubkeyCachePath follow repoCachePath. +- version 17.25.9 (22) + -- Patch: Identify well-known category names (bsc#117984) +- Patch: Identify well-known category names (bsc#1179847) -- Add missing includes for GCC 11 compatibility. +- Add missing includes for GCC 11 compatibility. (bsc#1181874) lvm2 +- Add metadata-based autoactivation property for VG and LV (bsc#1178680) + + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch + mpfr +- Add cummulative patch mpfr-4.0.2-p6.patch fixing various bugs. + +- Add floating-point-format-no-lto.patch in order to fix assembler scanning + (boo#1141190). + +- Update to mpfr 4.0.2 + * Cummulative bugfix release, includes mpfr-4.0.1-cummulative-patch.patch. + +- Fix %install_info_delete usage: + * It has to be performed in %preun not in %postun. + * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete. + +- Add mpfr-4.0.1-cummulative-patch.patch. Fixes + * A subtraction of two numbers of the same sign or addition of two + numbers of different signs can be rounded incorrectly (and the + ternary value can be incorrect) when one of the two inputs is + reused as the output (destination) and all these MPFR numbers + have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits + on 32-bit machines, 64 bits on 64-bit machines). + * The mpfr_fma and mpfr_fms functions can behave incorrectly in case + of internal overflow or underflow. + * The result of the mpfr_sqr function can be rounded incorrectly + in a rare case near underflow when the destination has exactly + GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit + machines, 64 bits on 64-bit machines) and the input has at most + GMP_NUMB_BITS bits of precision. + * The behavior and documentation of the mpfr_get_str function are + inconsistent concerning the minimum precision (this is related to + the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The + get_str patch fixes this issue in the following way: the value 1 + can now be provided for n (4th argument of mpfr_get_str); if n = 0, + then the number of significant digits in the output string can now + be 1, as already implied by the documentation (but the code was + increasing it to 2). + * The mpfr_cmp_q function can behave incorrectly when the rational + (mpq_t) number has a null denominator. + * The mpfr_inp_str and mpfr_out_str functions might behave + incorrectly when the stream is a null pointer: the stream is + replaced by stdin and stdout, respectively. This behavior is + useless, not documented (thus incorrect in case a null pointer + would have a special meaning), and not consistent with other + input/output functions. + -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Update to version 3.1.2. - * Bug fixes - * Updated examples to the MPFR 3.x API - -- Update to version 3.1.1. - * Bug fixes - -- patch license to follow spdx.org standard - -- Remove redundant tags/sections per specfile guideline suggestions - -- Update to version 3.1.0. - * The mpfr_urandom and mpfr_urandomb functions now return identical - values on processors with different word size. - * Speed improvement for the mpfr_sqr and mpfr_div functions using - Mulders' algorithm. - * Much faster formatted output (mpfr_printf, etc.) with %Rg and similar. - * New divide-by-zero exception (flag) and associated functions. -- Remove bogus provides/obsoletes for old shared library version. -- Fix license, it is LGPL v3 or later. - -- Update to version 3.0.1. - * Minor bugfixes. - -- Update to version 3.0.0. - * Bump SO version to 4. - -- use %_smp_mflags - -- PA-Risc is not threadsafe just as sparc - -- add baselibs.conf to specfile as source - -- Do not use --enable-thread-safe on SPARC (Fedora does the same) - - the tests segfault if TS is enabled - -- Update to version 2.4.2. - * Bug and documentation fixes. - -- Add x86 baselibs entry. - -- Update to version 2.4.1 (no changes). -- Apply current cummulative bugfixing patch. - * mpfr_fmod, mpfr_remainder and mpfr_remquo rounding issues. - * incorrect type in vasprintf.c. - * wrong type in mpfr_zeta_ui. - openexr + fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + + openexr-CVE-2021-23215,26260.patch + +- security update +- modified patches + % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch) +- added patches + fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference + + openexr-CVE-2021-20296.patch + fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts + + openexr-CVE-2021-3477.patch + fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer + + openexr-CVE-2021-3479.patch + +- security update +- added patches + fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder + + openexr-CVE-2021-3474.patch + fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles + + openexr-CVE-2021-3475.patch + fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14 + + openexr-CVE-2021-3476.patch + +- security update +- added patches openldap2 +- bsc#1182791 - improve proxy connection timout options to correctly + prune connections. + * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch + * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch + * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch + * 0228-ITS-9197-fix-typo-in-prev-commit.patch + * 0229-ITS-9197-Fix-test-script.patch + * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch + openslp +- Implement automatic active discovery retries so that DAs do + not get dropped if they are not reachable for some time + [bnc#1166637] [bnc#1184008] + new patch: openslp.unicastactivediscovery.diff + openssl-1_1 +- Don't list disapproved cipher algorithms while in FIPS mode + * openssl-1.1.1-fips_list_ciphers.patch + * bsc#1161276 + patterns-base +- Recommending openSUSE-signkey-cert in the base pattern bsc#1182641 + permissions +- Update to version 20181225: + * etc/permissions: remove unnecessary entries (bsc#1182899) + plymouth +- Pickup plymouth-only_use_fb_for_cirrus_bochs.patch: Currently our + kernel hardware support need this fix, and boo#1172028 will be + fix seperately (bnc#888590 boo#1172028 bsc#1181913). + procps +- Add upstream patch procps-3.3.17-bsc1181976.patch based on + commit 3dd1661a to fix bsc#1181976 that is change descripton + of psr, which is for 39th field of /proc/[pid]/stat + rsyslog +- fix groupname retrieval for large groups (bsc#1178490) + * add 0001-rainerscript-call-getgrnam_r-repeatedly-to-get-all-g.patch + ruby2 +- Update to 2.5.9 (boo#1184644) + https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/ + - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability + in WEBrick + - CVE-2021-28965: XML round-trip vulnerability in REXML + Complete list of changes at + https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9 +- Update suse.patch: + Remove fix for CVE-2020-25613 as it is included in the update + systemd +- add conversion script for moving legacy collect based udev rules + to chzdev based ones (bsc#1183984) + systemd-presets-common-SUSE +- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). + tcsh +- Add patch tcsh-6.20.00-toolong.patch which is an upstream commit + ported back to 6.20.00 to fix bsc#1179316 about history file growing + webkit2gtk3 +- Per discussion with maintenance, let's not remove features that + customers could possibly be using: +- Add webkit2gtk3-restore-npapi.patch: restore NPAPI plugin + support. Reverts webkit#215503. + +- Update to version 2.32.0 (boo#1184155): + + Fix the authentication request port when URL omits the port. + + Fix iframe scrolling when main frame is scrolled in async + scrolling mode. + + Stop using g_memdup. + + Show a warning message when overriding signal handler for + threading suspension. + - Fix the build on RISC-V with GCC 11. + - Fix several crashes and rendering issues. + + Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 + + Changes in version 2.30.6 (boo#1184262): + + Update user agent quirks again for Google Docs and Google Drive. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 + CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. +- Remove webkit-font-scaling.patch: contained in upstream +- Drop original SLE 15 support from the spec. Drop + webkit-process.patch and old-wayland-scanner.patch; they are not + needed for SP2. +- Pass ENABLE_GAMEPAD=OFF to cmake, since we don't have manette. +- Add glproto-devel to BuildRequires: now needed for the build on + SLE 15. + +- Update _constraints for armv6/armv7 (bsc#1182719) + wpa_supplicant +- Add CVE-2021-30004.patch -- forging attacks may occur because + AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c + (bsc#1184348) + +- Fix systemd device ready dependencies in wpa_supplicant@.service file. + (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) + xorg-x11-server +- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch, + U_meson-Fix-another-reference-to-gl-9.2.0.patch + * fix build on sle15-sp3 with updated libglvnd/Mesa and their + new pkgconfig files + (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893) + +- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch + * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543) + +- U_Fix-XChangeFeedbackControl-request-underflow.patch + * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472, + ZDI-CAN-1259, bsc#1180128) + yast2-trans +- Update to version 84.87.20210502.7b34dbceae: + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Turkish) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) +