SUSE-CU-2022:3312-1: Security update of suse/sle-micro/5.4/toolbox

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed Dec 7 08:25:08 UTC 2022


SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3312-1
Container Tags        : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.14 , suse/sle-micro/5.4/toolbox:latest
Container Release     : 3.2.14
Severity              : moderate
Type                  : security
References            : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410
                        1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025
                        1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913
-----------------------------------------------------------------

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:927-1
Released:    Tue Mar 23 14:07:06 2021
Summary:     Recommended update for libreoffice
Type:        recommended
Severity:    moderate
References:  1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790
This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790)


libreoffice:

- Image shown with different aspect ratio (bsc#1176547)
- Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644)
- Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375)
- Wrong bullet points in Impress (bsc#1174465)
- SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955)
- Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471)
  - SUSE Mint
  - SUSE Midnight Blue
  - SUSE Waterhole Blue
  - SUSE Persimmon
- Fix a crash opening a PPTX. (bsc#1179025)
- Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807)
- Shadow effects for table completely missing (bsc#1178944, bsc#1178943)
- Disable firebird integration for the time being (bsc#1179203)
- Fixes hang on Writer on scrolling/saving of a document (bsc#1136234)
- Wrong rendering of bulleted lists in PPTX document (bsc#1155141)
- Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) 
- Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658)

libixion:

Update to 0.16.1:

- fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values.
- worked around floating point rounding errors which prevented two theoretically-equal numeric values from being 
  evaluated as equal in test code.
- added new function to allow printing of single formula tokens.
- added method for setting cached results on formula cells in model_context.
- changed the model_context design to ensure that all sheets are of the same size.
- added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns
  a string value from cell.
- added cell_access class for querying of cell states without knowing its type ahead of time.
- added document class which provides a layer on top of model_context, to abstract away the handling of formula 
  calculations.
- deprecated model_context::erase_cell() in favor of empty_cell().
- added support for 3D references - references that contain multiple sheets.
- added support for the exponent (^) and concatenation (&) operators.
- fixed incorrect handling of range references containing whole columns such as A:A.
- added support for unordered range references - range references whose start row or column is greater than 
  their end position counterparts, such as A3:A1.
- fixed a bug that prevented nested formula functions from working properly.
- implemented Calc A1 style reference resolver.
- formula results now directly store the string values when the results are of string type.  
  They previously stored string ID values after interning the original strings.
- Removed build-time dependency on spdlog.

libmwaw:

Update to 0.3.17:

- add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file 
  still contains its resource fork
- add a parser for Canvas 3 and 3.5 files
- AppleWorks parser: try to retrieve more Windows presentation
- add a parser for Drawing Table files
- add a parser for Canvas 2 files
- API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` 
  and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined
- remove the QuarkXPress parser (must be in libqxp)
- retrieve the annotation in MsWord 5 document
- try to better understand RagTime 5-6 document

libnumbertext:

Update to 1.0.6

liborcus:

Update to 0.16.1

- Add upstream changes to fix build with GCC 11 (bsc#1181872)

libstaroffice:

Update to 0.0.7:

- fix `text:sender-lastname` when creating meta-data

libwps:

Update to 0.4.11:

- XYWrite: add a parser to .fil v2 and v4 files
- wks,wk1: correct some problems when retrieving cell's reference.

glfw:

New package provided on version 3.3.2:

- See also: https://www.glfw.org/changelog.html
- Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090)
  * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h
  * glfwFocusWindow could terminate on older WMs or without a WM
  * Creating an undecorated window could fail with BadMatch 
  * Querying a disconnected monitor could segfault 
  * Video modes with a duplicate screen area were discarded
  * The CMake files did not check for the XInput headers
  * Key names were not updated when the keyboard layout changed 
  * Decorations could not be enabled after window creation
  * Content scale fallback value could be inconsistent 
  * Disabled cursor mode was interrupted by indicator windows
  * Monitor physical dimensions could be reported as zero mm
  * Window position events were not emitted during resizing
  * Added on-demand loading of Vulkan and context creation API libraries
  * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was 
    set to `GLFW_DONT_CARE`
  * [X11] Bugfix: Input focus was set before window was visible,
    causing BadMatch on some non-reparenting WMs 
  * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on
    the window frame instead of the client area
  * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension
  * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries
  * [EGL] Bugfix: Dynamically loaded entry points were not verified
- Made build of geany-tags optional.

Box2D:

New package provided on version 2.4.1:

    * Extended distance joint to have a minimum and maximum limit.
    * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user 
      data, length units, and maximum polygon vertices.
    * Default user data is now uintptr_t instead of void*
    * b2FixtureDef::restitutionThreshold lets you set the 
      restitution velocity threshold per fixture.
  * Collision
    * Chain and edge shape must now be one-sided to eliminate ghost 
      collisions
    * Broad-phase optimizations
    * Added b2ShapeCast for linear shape casting
  * Dynamics
    * Joint limits are now predictive and not stateful
    * Experimental 2D cloth (rope)
    * b2Body::SetActive -> b2Body::SetEnabled
    * Better support for running multiple worlds
    * Handle zero density better
      * The body behaves like a static body
      * The body is drawn with a red color
    * Added translation limit to wheel joint
    * World dump now writes to box2d_dump.inl
    * Static bodies are never awake
    * All joints with spring-dampers now use stiffness and damping
    * Added utility functions to convert frequency and damping 
      ratio to stiffness and damping
 * Polygon creation now computes the convex hull.
 * The convex hull code will merge vertices closer than dm_linearSlop.


 
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released:    Wed Sep  7 09:54:18 2022
Summary:     Security update for icu
Type:        security
Severity:    moderate
References:  1193951,CVE-2020-21913
This update for icu fixes the following issues:

- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
  after free (bsc#1193951).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4336-1
Released:    Tue Dec  6 16:27:50 2022
Summary:     Recommended update for gdb
Type:        recommended
Severity:    moderate
References:  

gdb was updated to version 12.1:

* DBX mode is deprecated, and will be removed in GDB 13.

* GDB 12 is the last release of GDB that will support building against
  Python 2.  From GDB 13, it will only be possible to build GDB itself
  with Python 3 support.

* Improved C++ template support:
  GDB now treats functions/types involving C++ templates like it does function
  overloads.  Users may omit parameter lists to set breakpoints on families of
  template functions, including types/functions composed of multiple template types:

    (gdb) break template_func(template_1, int)

  The above will set breakpoints at every function `template_func' where
  the first function parameter is any template type named `template_1' and
  the second function parameter is `int'.
  TAB completion also gains similar improvements.

* New commands:

  - maint set backtrace-on-fatal-signal on|off
  - maint show backtrace-on-fatal-signal

  This setting is 'on' by default.  When 'on' GDB will print a limited
  backtrace to stderr in the situation where GDB terminates with a
  fatal signal.  This only supported on some platforms where the
  backtrace and backtrace_symbols_fd functions are available.

  - set source open on|off
  - show source open

  This setting, which is on by default, controls whether GDB will try
  to open source code files.  Switching this off will stop GDB trying
  to open and read source code files, which can be useful if the files
  are located over a slow network connection.

  - set varsize-limit
  - show varsize-limit

  These are now deprecated aliases for 'set max-value-size' and
  'show max-value-size'.

  - task apply [all | TASK-IDS...] [FLAG]... COMMAND

  Like 'thread apply', but applies COMMAND to Ada tasks.

  - watch [...] task ID

  Watchpoints can now be restricted to a specific Ada task.

  - maint set internal-error backtrace on|off
  - maint show internal-error backtrace
  - maint set internal-warning backtrace on|off
  - maint show internal-warning backtrace

  GDB can now print a backtrace of itself when it encounters either an
  internal-error, or an internal-warning.  This is on by default for
  internal-error and off by default for internal-warning.

  - set logging on|off

  Deprecated and replaced by 'set logging enabled on|off'.

  - set logging enabled on|off
  - show logging enabled

  These commands set or show whether logging is enabled or disabled.

  - exit

  You can now exit GDB by using the new command 'exit', in addition to
  the existing 'quit' command.

  - set debug threads on|off
  - show debug threads

  Print additional debug messages about thread creation and deletion.

  - set debug linux-nat on|off
  - show debug linux-nat

  These new commands replaced the old 'set debug lin-lwp' and 'show
  debug lin-lwp' respectively.  Turning this setting on prints debug
  messages relating to GDB's handling of native Linux inferiors.

  - maint flush source-cache

  Flush the contents of the source code cache.

  - maint set gnu-source-highlight enabled on|off
  - maint show gnu-source-highlight enabled

  Whether GDB should use the GNU Source Highlight library for adding
  styling to source code.  When off, the library will not be used, even
  when available.  When GNU Source Highlight isn't used, or can't add
  styling to a particular source file, then the Python Pygments
  library will be used instead.

  - set suppress-cli-notifications (on|off)
  - show suppress-cli-notifications

  This controls whether printing the notifications is suppressed for CLI.
  CLI notifications occur when you change the selected context
  (i.e., the current inferior, thread and/or the frame), or when
  the program being debugged stops (e.g., because of hitting a
  breakpoint, completing source-stepping, an interrupt, etc.).

  - set style disassembler enabled on|off
  - show style disassembler enabled

  If GDB is compiled with Python support, and the Python Pygments
  package is available, then, when this setting is on, disassembler
  output will have styling applied.

  - set ada source-charset
  - show ada source-charset

  Set the character set encoding that is assumed for Ada symbols.  Valid
  values for this follow the values that can be passed to the GNAT
  compiler via the '-gnati' option.  The default is ISO-8859-1.

* Changed commands:

  - print

  Printing of floating-point values with base-modifying formats like
  /x has been changed to display the underlying bytes of the value in
  the desired base.  This was GDB's documented behavior, but was never
  implemented correctly.

  - maint packet

  This command can now print a reply, if the reply includes
  non-printable characters.  Any non-printable characters are printed
  as escaped hex, e.g. \x?? where '??' is replaces with the value of
  the non-printable character.

  - clone-inferior

  The clone-inferior command now ensures that the TTY, CMD and ARGS
  settings are copied from the original inferior to the new one.
  All modifications to the environment variables done using the 'set
  environment' or 'unset environment' commands are also copied to the new
  inferior.

  - set debug lin-lwp on|off
  - show debug lin-lwp

  These commands have been removed from GDB.  The new command 'set
  debug linux-nat' and 'show debug linux-nat' should be used
  instead.

  - info win

  This command now includes information about the width of the tui
  windows in its output.

* GDB's Ada parser now supports an extension for specifying the exact
  byte contents of a floating-point literal.  This can be useful for
  setting floating-point registers to a precise value without loss of
  precision.  The syntax is an extension of the based literal syntax.
  Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width
  of the floating-point type, and the 'f' is the marker for floating
  point.

* MI changes:

 ** The '-add-inferior' with no option flags now inherits the
    connection of the current inferior, this restores the behaviour of
    GDB as it was prior to GDB 10.

 ** The '-add-inferior' command now accepts a '--no-connection'
    option, which causes the new inferior to start without a
    connection.

* Python API:

  ** New function gdb.add_history(), which takes a gdb.Value object
     and adds the value it represents to GDB's history list.  An
     integer, the index of the new item in the history list, is
     returned.

  ** New function gdb.history_count(), which returns the number of
     values in GDB's value history.

  ** New gdb.events.gdb_exiting event.  This event is called with a
     gdb.GdbExitingEvent object which has the read-only attribute
     'exit_code', which contains the value of the GDB exit code.  This
     event is triggered once GDB decides it is going to exit, but
     before GDB starts to clean up its internal state.

  ** New function gdb.architecture_names(), which returns a list
     containing all of the possible Architecture.name() values.  Each
     entry is a string.

  ** New function gdb.Architecture.integer_type(), which returns an
     integer type given a size and a signed-ness.

  ** New gdb.TargetConnection object type that represents a connection
     (as displayed by the 'info connections' command).  A sub-class,
     gdb.RemoteTargetConnection, is used to represent 'remote' and
     'extended-remote' connections.

  ** The gdb.Inferior type now has a 'connection' property which is an
     instance of gdb.TargetConnection, the connection used by this
     inferior.  This can be None if the inferior has no connection.

  ** New 'gdb.events.connection_removed' event registry, which emits a
     'gdb.ConnectionEvent' when a connection is removed from GDB.
     This event has a 'connection' property, a gdb.TargetConnection
     object for the connection being removed.

  ** New gdb.connections() function that returns a list of all
     currently active connections.

  ** New gdb.RemoteTargetConnection.send_packet(PACKET) method.  This
     is equivalent to the existing 'maint packet' CLI command; it
     allows a user specified packet to be sent to the remote target.

  ** New function gdb.host_charset(), returns a string, which is the
     name of the current host charset.

  ** New gdb.set_parameter(NAME, VALUE).  This sets the gdb parameter
     NAME to VALUE.

  ** New gdb.with_parameter(NAME, VALUE).  This returns a context
     manager that temporarily sets the gdb parameter NAME to VALUE,
     then resets it when the context is exited.

  ** The gdb.Value.format_string method now takes a 'styling'
     argument, which is a boolean.  When true, the returned string can
     include escape sequences to apply styling.  The styling will only
     be present if styling is otherwise turned on in GDB (see 'help
     set styling').  When false, which is the default if the argument
     is not given, then no styling is applied to the returned string.

  ** New read-only attribute gdb.InferiorThread.details, which is
     either a string, containing additional, target specific thread
     state information, or None, if there is no such additional
     information.

  ** New read-only attribute gdb.Type.is_scalar, which is True for
     scalar types, and False for all other types.

  ** New read-only attribute gdb.Type.is_signed.  This attribute
     should only be read when Type.is_scalar is True, and will be True
     for signed types, and False for all other types.  Attempting to
     read this attribute for non-scalar types will raise a ValueError.

  ** It is now possible to add GDB/MI commands implemented in Python.

Update libipt to v2.0.5.


The following package changes have been done:

- ctags-5.8-1.27 added
- gdb-12.1-150400.15.6.1 updated
- libboost_regex1_66_0-1.66.0-12.3.1 added
- libicu-suse65_1-65.1-150200.4.5.1 added
- libicu65_1-ledata-65.1-150200.4.5.1 added
- libsource-highlight4-3.1.8-150000.3.2.1 added
- libstdc++6-12.2.1+git416-150000.1.5.1 updated


More information about the sle-security-updates mailing list