Removed rpms
============
- dhcp
- dhcp-client
- libLLVM11
- libatm1
- libdmx1
- libnotify4
- libpcap1
- libsnmp30
- libteamdctl0
- p11-kit-nss-trust
- ppp
- rp-pppoe
Added rpms
==========
- NetworkManager-bluetooth
- NetworkManager-tui
- NetworkManager-wwan
- busybox
- busybox-ed
- libLLVM15
- libnvme-mi1
- libqrtr-glib0
- libsnmp40
- libxcvt0
- mozilla-nss-certs
- xorg-x11-server-Xvfb
Package Source Changes
======================
Mesa
-- changing default driver from 'iris' to 'i965' for Intel Gen8-11
- hardware again, but this time the correct way; "-Dprefer-iris=false"
- needs to be set for both builds - Mesa-drivers *and* Mesa
- (boo#1202850, comment#29)
-
-- revert previous change, since it resulted in Xorg and Mesa no
- longer being able to load "i965" driver at all! This affects many
- if not almost all Intel GPU users. I can't tell why this happens,
- but I'm afraid we need to act immediately (boo#1202850); reopened
- boo#1200965 for now ...
-
-- change default driver from 'iris' back to 'i965' for Intel
- Gen8-11 hardware; that way we also use the same driver used by X
- and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
+- update to 22.2.4:
+ * clover: windows: library filename has \`-1` suffix and a \`lib` prefix
+ when built with mingw
+ * radv, dxvk: Rendering errors in World of Tanks after "Switch to dynamic
+ rendering only"
+ * gen9 gt3e/gt4e skus fail dEQP-VK.pipeline.multisample.sample_locations_ext.*
+ * v3d: Wrong colors (pink) in videos in Firefox (likely YUV->RGB shader issue)
+ * panfrost t860 glmark-es2 regression
+ * radv: Flickering in Spider-Man Remastered (Regression) (Bisected)
+ * radv: Hitman 2 using Direct3D 12 has discolored squares on RDNA2 with DCC
+ enabled
+ * panfrost/midgard - on Duckstation PSX emulator: segfault on GLES 3.0 and
+ bad shader compilations on 3.3
+
+- try to fix build on ppc64le due to running OOM (boo#1205441)
+ * let's request 20G of physical memory via _constraints file
+
+- third bugfix release
+ * some regressions in CI worked out
+ * a bit of everything, and nothing too crazy
+- supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
+- supersedes u_nouveau-corrupted-colors-boo1203949.patch
+- get rid of Mesa-libVulkan-devel(-32bit) package, which is no
+ longer needed at all by providing/obsoleting it by
+ libvulkan_intel
+
+- Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850
+
+- build against llvm15/clang15 on sle15-sp5/Leap 15.5
+
+- u_nouveau-corrupted-colors-boo1203949.patch
+ * fixes corrupted colors in videos on nouveau with Kepler in
+ Firefox (boo#1203949, issue#7416)
+
+- moved drirc.d config snippets from Mesa to Mea-dri package;
+ radv driver specific conf was missing completely (boo#1204866)
+
+- Add patch to fix LLVM optimization to avoid failure on armv7
+ (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217,
+ boo#1204267):
+ * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch
+
+- update to 22.2.2
+ * This is the second bug fix release, back on the regular
+ schedule. There's a lot here: nir, panfrost, gallium video,
+ freedreno, nouveau, turnip, r300, gallium core, r600, virgl,
+ core vulkan, anv, clover, d3d12, utils, radv, and plenty of
+ zink.
+
+- update to 22.2.1
+ * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa,
+ turnip, virgl, r600, zink, radv, core gallium, and nir. All in
+ all, lots of good fixes all over the tree.
+
+- Add build_orig conditional switch for video codecs define.
+
+- re-disable video codecs
+ https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258
+
+- Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to
+ meson, keep support for hardware codecs inside vaapi, vdpau and
+ vulkan. These were previously enabled automatically.
+- enabled "swrast" and "amd" Vulkan drivers on riscv64, which is
+ upstream default anyway ...
+
+- update to 22.2.0
+ * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements;
+ more details on Phoronix:
+ https://www.phoronix.com/news/Mesa-22.2-Released
+- supersedes llvm15.patch
+- refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch
+
+- llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2
+ to support LLVM 15
+
+- update to 22.1.7:
+ * fixes and cleanups all over the tree
+ * most of the fixes are for zink
+ * nice batch of fixes for the gallium dx9 frontend
+ * some other fixes across the board
+
+- update to 22.1.6:
+ * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe:
+ keep context list and use to track resource usage.
+ * Revert "pan/bi: Require ATEST coverage mask input in R60"
+ * intel/dev: drop warning for unhandled hwconfig keys
+ * anv: Use sampleLocationsEnable for sample locations
+
+- Enable zink driver build on x86_64
+
+- update to 22.1.5:
+ * radv: dynamic vertex input failure
+ * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL
+ * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure
+ * anv: ICL hiz issue
+ * Error compiling gallium-nine on i686 using musl libc
+ * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom
+
+- update to 22.1.4:
+ * anv: disable non uniform indexing of UBOs
+ * anv: use the right helper to invalidate memory
+ * intel/fs: ray query fix for global address
+ * isl: add new helper for format component compatibility
+ * radeonsi: fix random PS wave size
+ * r300: Keep rc_rename_regs() from overflowing
+ * aco/ra: update register file when updating phi definition
+ * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard
+
+- let Mesa ignore Mesa-dri as dep to resolve a build cycle
+ (related to boo#1201474
+
+- Update to 22.1.3
+ * a lot of zink fixes
+ * There's a bit of everything else here, including some
+ performance fixes for wsi/x11.
+
+- Update to 22.1.2
+ " There's a lot of zink here, thanks to Mike for help with manually
+ backporting parts of it! We've als got a bunch of fixes for panfrost,
+ and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium,
+ the va state tracker, and freedren."
+
+- let Mesa-libGL-devel require libX11-devel via pkgconfig(x11)
+ (boo#1200559)
+
+- removed libkms BuildRequires, since it has been dropped from
+ libdrm
+
+- Update to 22.1.1
+ * first bugfix release
+- supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch
+
+- Add patch to fix glitches with KMS (boo#1199885):
+ * U_llvmpipe-flush-resources-for-kms-swrast-path.patch
+
+- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's
+ only relevant on these platforms
+
+- Calling patch with '-p1' (as the others are) so 'git show'
+ .patch output works.
+
+- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs.
+ a standard diff.
+
+- Fixing up 'stop-iris-flicker.patch' patch name to follow standards.
+
+- Update to 22.1.0
+ * lot of great featurres, including (since rc5) additional
+ kopper backports for zink, and support for Intel's Alchemist
+ DG2 platform.
+
+- autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages
+ via hardware supplements on AMD GPUs
+
+- Update to 22.0.3
+ * bugfix release with fixes for most of the major drivers
+- Switching out 'directx-headers' for 'DirectX-Headers'.
+
+- Update to 22.0.2
+ * bugfix release with almost all nominated patches
+
+- Adding changes I need for iris to not flicker and have d3d12
+ available for use in WSL.
+
+- use _multibuild
+
+- Update to 22.0.1
+ * fixes in lavapipe and zink, maintainer scripts and panfrost
+- supersedes U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
+
+- get rid of Mesa-libVulkan-devel(-32bit) package, which no longer
+ makes sense since Mesa 21.1.0
+ * https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e0a9d10189d1c53
+
+- U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch
+ * Due to a typo the private requires to libdrm were lost in dri.pc.
+ Fixed another typo (only comment).
+
+- enabled "i915" Gallium-based Intel Gen3 driver
+
+- fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4
+
+- no longer try to build classic non-Gallium OpenGL drivers
+ i915, i965, nouveau, r100 and r200, which have been dropped with
+ Mesa 22.0.0; see also some documentation on Phoronix
+ https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired
+
+- update to 22.0.0
+ * lavapipe,radv,anv KHR_dynamic_rendering
+ * radv EXT_image_view_min_lod
+ * VK_KHR_synchronization2 on RADV.
+ * OpenSWR has been moved to the Amber branch
+ * radeonsi, zink ARB_sparse_texture
+ * d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params,
+ ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400)
+ * radeonsi, zink ARB_sparse_texture2
+ * zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd
+ * anv VK_VALVE_mutable_descriptor_type
+ * Vulkan 1.3 on RADV,Anv.
+ * radeonsi, zink ARB_sparse_texture_clamp
+
+- raise memory limit to 1024 in the hope of avoiding OOM on ppc64
+ (boo#1196640)
+
+- update to 21.3.7
+ * sixth bugfix release
+
+- update to 21.3.6
+ * sixth bugfix release
+
+- update to 21.3.5
+ * bugfix release: mostly Zink fixes
+
+- using memory-constraints on ppc64 for trying to avoid OOM during
+ build (boo#1194739)
+
+- update to 21.3.4
+ * bugfix release
+
+- rename n_no-sse2-on-ix86.patch to
+ n_no-sse2-on-ix86-except-for-intel-drivers.patch
+ * no longer disable sse2 support for intel drivers, since this
+ breaks build, which is probably unresolvable (boo1190409)
+
+- Adding 'stop-iris-flicker.patch'.
+
+- n_no-sse2-on-ix86.patch
+ * disabled sse2 support on %ix86 (boo#1190409)
+
+- update to 21.3.3
+ * Bug fixes
+ * Assassin’s Creed Syndicate crashes with Mesa 21.3.0+ ACO
+ * [21.3 regression] swr: Build failure with MSVC
+ * anv: dEQP-VK.graphicsfuzz.spv-stable-pillars-volatile-nontemporal-store fails
+
+- update to 21.3.1
+ * mostly AMD, Intel & Zink fixes.
+
+- n_buildfix-21.3.0.patch
+ * fixes Mesa-drivers build
+
+- update to 21.3.0
+ * Panfrost is now officially GLES 3.1 conformant
+ * RADV has (experimental) ray tracing support
+ * Iris gained threaded shader compilation
+ * Zink has seen an enormous amount of work, and now supports GLES 3.2
+ * Lavapipe has a bunch of new extensions, and now supports Vulkan 1.2
+ * LLVMpipe got 2-3 times faster for 2D workloads, and gained support for
+ the compatibility profile on GL 4.5
+ * VA-API gained support for AV1 videos
+ * EGL now works on Windows
+ * Wayland got a workaround for games making bad assumption (alpha means
+ transparency? who could have known)
+ * VK_EXT_color_write_enable on lavapipe
+ * GL_ARB_texture_filter_anisotropic in llvmpipe
+ * Anisotropic texture filtering in lavapipe
+ * VK_EXT_shader_atomic_float2 on Intel and RADV.
+ * VK_EXT_vertex_input_dynamic_state on RADV.
+ * VK_KHR_timeline_semaphore on lavapipe
+ * VK_EXT_external_memory_host on lavapipe
+ * GL_AMD_pinned_memory on llvmpipe
+ * GL 4.5 compatibility on llvmpipe
+ * VK_EXT_primitive_topology_list_restart on RADV and lavapipe.
+ * ES 3.2 on zink
+ * VK_KHR_depth_stencil_resolve on lavapipe
+ * VK_KHR_shader_integer_dot_product on RADV.
+ * OpenGL FP16 support on llvmpipe
+ * VK_KHR_shader_float16_int8 on lavapipe
+ * VK_KHR_shader_subgroup_extended_types on lavapipe
+ * VK_KHR_spirv_1_4 on lavapipe
+ * Experimental raytracing support on RADV
+ * VK_KHR_synchronization2 on Intel
+ * NGG shader based culling is now enabled by default on GFX10.3 on RADV.
+ * VK_KHR_maintenance4 on RADV
+ * VK_KHR_format_feature_flags2 on RADV.
+ * EGL_EXT_present_opaque on wayland
+
+- update to 21.2.5
+ * bit of everything: general vulkan, panfrost, and zink are the
+ biggest changes.
+
ModemManager
+- Update to version 1.18.10:
+ + Build: Require libqmi 1.30.8.
+ + FCC unlock: Updated SDX55 unlock script to handle the new
+ method introduced in the latest firmware releases.
+ + Modem interface:
+ - Set signal quality to 0% on shutdown.
+ - Set signal quality as recent on init.
+ + MBIM:
+ - Fix task completion when peeking device fails.
+ - Fix several GError double-frees.
+ + mmcli: Don't print signal quality until modem is enabled.
+ + Plugins: foxconn: remove carrier mapping table for T99W175.
+ + Several other minor improvements and fixes.
+- Changes from version 1.18.8:
+ + A new connection status dispatcher setup is provided, where
+ users can provide custom scripts that will be called on bearer
+ connect/disconnect events. This dispatcher will make the netifd
+ integration in openwrt work much better, as we'll be able to
+ report network-initiated disconnections cleanly to netifd.
+ There are no default connection status dispatcher scripts
+ installed, but it's suggested distributions make sure the
+ following directories exist:
+ - ${sysconfdir}/ModemManager/connection.d/
+ - ${libdir}/ModemManager/connection.d/
+ + API: Add missing Simple interface definitions in
+ ModemManager-names.h.
+ + Build:
+ - meson:
+ . fix daemon enums dependencies.
+ . fix port enums includes.
+ . fix 'export_packages' in GIR setup.
+ . fix simtech plugin module name.
+ - systemd: don't run ModemManager in containers.
+ + Core:
+ - serial: ensure the port object is valid after BUFFER_FULL
+ handling.
+ - netlink:
+ . use unaligned netlink attribute length.
+ . only change IFF_UP flag.
+ - bearer: match unknown auth to chap in loose comparisons.
+ - charsets: return error if UTF-8 validation fails.
+ - fcc-unlock: make scripts POSIX shell compatible.
+ - modem-helpers:
+ . consider minimum ID when choosing best profile.
+ . fix reading <Act> given in COPS=? responses.
+ - sms: prevent crash if date is out of range.
+ - profile-manager: fix copy-paste error on tags for quarks.
+ + QMI:
+ - Ignore slot status indications until initial status is known.
+ - Return error when loading capabilities if none is found.
+ + MBIM:
+ - Default initial EPS bearer's auth to chap when unknown.
+ - Update default error when network error is out of range.
+ + mmcli: Fix key length when printing list of items.
+ + Plugins:
+ - linktop: new port type hints.
+ - cinterion: add support for PLSx3w modems.
+ - huawei: disable +CPOL based features in Huawei E226.
+ + Several other minor improvements and fixes.
+
+- Enable QRTR support
+ * Add BR pkgconfig(qrtr-glib)
+
+- Update to version 1.18.6:
+ + The ModemManager.service file for systemd integration provided
+ in the sources is updated as follows:
+ ++ 'CAP_NET_ADMIN' is now required in the
+ 'CapabilityBoundingSet' field.
+ ++ 'AF_NETLINK' and 'AF_QIPCRTR' are now required in the
+ 'RestrictAddressFamilies' field.
+ + The LEGACY and PARANOID filter types that were allowed
+ options in the '--filter-policy' option in the ModemManager
+ daemon were deprecated in version 1.16.0 and have now been
+ completely removed, along with the vid:pid blacklist of
+ devices and the vid:pid greylist of RS232<->USB adapters.
+ + The ModemManager daemon can run now in a 'quick suspend/resume'
+ mode, in which no explicit data disconnection is triggered on
+ suspend, and no explicit device re-probing from scratch is
+ launched on resume. Instead, the daemon will try to refresh
+ the state of all interfaces upon suspend, e.g. to see if the
+ module keeps registered to the same operator, to see if it is
+ still connected, and so on.
+ + core: added support for the new 'WWAN' subsystem in Linux kernel
+ 5.13, enabling PCIe-only modules.
+ + core: The charset conversion methods rework, including the
+ avoiding of the iconv()
+ + qmi: the logic managing allowed/preferred modes was fixed for
+ multimode devices like the MC7304, making sure the acquisition
+ order preference always had the same items.
+ + serial: when modem is connected with AT+PPP, ignore forced
+ disconnections, so that we don't take ownership of the PPP
+ port before pppd has released it.
+ + foxconn: added support for the T99W175 (SDX55) module,
+ including built-in FCC unlock procedure.
+ + foxconn: added new MBIM QDU firmware update method.
+- Move the dbus-1 system.d file to /usr (bsc#1196170)
+- Use source verification
+- Update Supplements to new format
+- Add BRs needed for new tests:
+ * python3-gobject-Gdk
+ * python3-dbus-python
+
MozillaFirefox
-- Firefox 102.4.0esr ESR
- Placeholder changelog-entry (bsc#1204421)
+- Firefox Extended Support Release 102.5.0 ESR
+ Placeholder changelog-entry (bsc#1205270)
+
+- Firefox Extended Support Release 102.4.0 ESR
+ * Fixed: Various stability, functionality, and security fixes.
+ MFSA 2022-45 (bsc#1204421)
+ * CVE-2022-42927 (bmo#1789128)
+ Same-origin policy violation could have leaked cross-origin
+ URLs
+ * CVE-2022-42928 (bmo#1791520)
+ Memory Corruption in JS Engine
+ * CVE-2022-42929 (bmo#1789439)
+ Denial of Service via window.print
+ * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
+ Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4
MozillaThunderbird
+- Mozilla Thunderbird 102.5
+ * changed: `Ctrl+N` shortcut to create new contacts from
+ address book restored (bmo#1751288)
+ * fixed: Account Settings UI did not update to reflect default
+ identity changes (bmo#1782646)
+ * fixed: New POP mail notifications were incorrectly shown for
+ messages marked by filters as read or junk (bmo#1787531)
+ * fixed: Connecting to an IMAP server configured to use
+ `PREAUTH` caused Thunderbird to hang (bmo#1798161)
+ * fixed: Error responses received in greeting header from NNTP
+ servers did not display error message (bmo#1792281)
+ * fixed: News messages sent using "Send Later" failed to send
+ after going back online (bmo#1794997)
+ * fixed: "Download/Sync Now..." did not completely sync all
+ newsgroups before going offline (bmo#1795547)
+ * fixed: Username was missing from error dialog on failed login
+ to news server (bmo#1796964)
+ * fixed: Thunderbird can now fetch RSS channel feeds with
+ incomplete channel URL (bmo#1794775)
+ * fixed: Add-on "Contribute" button in Add-ons Manager did not
+ work (bmo#1795751)
+ * fixed: Help text for `/part` Matrix command was incorrect
+ (bmo#1795578)
+ * fixed: Invite Attendees dialog did not fetch free/busy info
+ for attendees with encoded characters in their name
+ (bmo#1797927)
+ * fixed: Various security fixes
+ MFSA 2022-49 (bsc#1205270)
+ * CVE-2022-45403 (bmo#1762078)
+ Service Workers might have learned size of cross-origin media
+ files
+ * CVE-2022-45404 (bmo#1790815)
+ Fullscreen notification bypass
+ * CVE-2022-45405 (bmo#1791314)
+ Use-after-free in InputStream implementation
+ * CVE-2022-45406 (bmo#1791975)
+ Use-after-free of a JavaScript Realm
+ * CVE-2022-45408 (bmo#1793829)
+ Fullscreen notification bypass via windowName
+ * CVE-2022-45409 (bmo#1796901)
+ Use-after-free in Garbage Collection
+ * CVE-2022-45410 (bmo#1658869)
+ ServiceWorker-intercepted requests bypassed SameSite cookie
+ policy
+ * CVE-2022-45411 (bmo#1790311)
+ Cross-Site Tracing was possible via non-standard override
+ headers
+ * CVE-2022-45412 (bmo#1791029)
+ Symlinks may resolve to partially uninitialized buffers
+ * CVE-2022-45416 (bmo#1793676)
+ Keystroke Side-Channel Leakage
+ * CVE-2022-45418 (bmo#1795815)
+ Custom mouse cursor could have been drawn over browser UI
+ * CVE-2022-45420 (bmo#1792643)
+ Iframe contents could be rendered outside the iframe
+ * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061)
+ Memory safety bugs fixed in Thunderbird 102.5
+
+- Mozilla Thunderbird 102.4.2
+ * changed: "Address Book" button in Account Central will now
+ create a CardDAV address book instead of a local address book
+ (bmo#1793903)
+ * fixed: Messages fetched from POP server in `Fetch headers
+ only` mode disappeared when moved to different folder by
+ filter action (bmo#1793374)
+ * fixed: Thunderbird re-downloaded locally deleted messages
+ from a POP server when "Leave messages on server" and "Until
+ I delete them" were enabled (bmo#1796903)
+ * fixed: Multiple password prompts for the same POP account
+ could be displayed (bmo#1786920)
+ * fixed: IMAP authentication failed on next startup if ImapMail
+ folder was deleted by user (bmo#1793599)
+ * fixed: Retrieving passwords for authenticated NNTP accounts
+ could fail due to obsolete preferences in a users profile on
+ every startup (bmo#1770594)
+ * fixed: `Get Next n Messages` did not consistently fetch all
+ messages requested from NNTP server (bmo#1794185)
+ * fixed: `Get Messages` button unable to fetch messages from
+ NNTP server if root folder not selected (bmo#1792362)
+ * fixed: Thunderbird text branding did not always match locale
+ of localized build (bmo#1786199)
+ * fixed: Thunderbird installer and Thunderbird updater created
+ Windows shortcuts with different names (bmo#1787264)
+ * fixed: LDAP search filters unable to work with non-ASCII
+ characters (bmo#1794306)
+ * fixed: "Today" highlighting in Calendar Month view did not
+ update after date change at midnight (bmo#1795176)
+
+- Mozilla Thunderbird 102.4.1
+ * new: Thunderbird will now catch and report errors parsing
+ vCards that contain incorrectly formatted dates (bmo#1793415)
+ * fixed: Dynamic language switching did not update interface
+ when switched to right-to-left languages (bmo#1794289)
+ * fixed: Custom header data was discarded after messages were
+ saved as draft and reopened (bmo#195716)
+ * fixed: `-remote` command line argument did not work,
+ affecting integration with various applications such as
+ LibreOffice (bmo#1793323)
+ * fixed: Messages received via some SMS-to-email services could
+ not display images (bmo#1774805)
+ * fixed: VCards with nickname field set could not be edited
+ (bmo#1793877)
+ * fixed: Some recurring events were missing from Agenda on
+ first load (bmo#1771168)
+ * fixed: Download requests for remote ICS calendars incorrectly
+ set "Accept" header to text/xml (bmo#1793757)
+ * fixed: Monthly events created on the 31st of a month with <30
+ days placed first occurrence 1-2 days after the beginning of
+ the following month (bmo#1266797)
+ * fixed: Various visual and UX improvements
+ (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399)
+
- Placeholder changelog-entry (bsc#1204421)
+ * changed: Thunderbird will automatically detect and repair
+ OpenPGP key storage corruption caused by using the profile
+ import tool in Thunderbird 102 (bmo#1790610)
+ * fixed: POP message download into a large folder (~13000
+ messages) caused Thunderbird to temporarily freeze
+ (bmo#1792675)
+ * fixed: Forwarding messages with special characters in Subject
+ failed on Windows (bmo#1782173)
+ * fixed: Links for FileLink attachments were not added when
+ attachment filename contained Unicode characters
+ (bmo#1789589)
+ * fixed: Address Book display pane continued to show contacts
+ after deletion (bmo#1777808)
+ * fixed: Printing address book did not include all contact
+ details (bmo#1782076)
+ * fixed: CardDAV contacts without a Name property did not save
+ to Google Contacts (bmo#1792101)
+ * fixed: "Publish Calendar" did not work (bmo#1794471)
+ * fixed: Calendar database storage improvements (bmo#1792124)
+ * fixed: Incorrectly handled error responses from CalDAV
+ servers sometimes caused events to disappear from calendar
+ (bmo#1792923)
+ * fixed: Various visual and UX improvements (bmo#1776093,bmo#17
+ 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179
+ 3543)
+ * fixed: Various security fixes
+ MFSA 2022-46 (bsc#1204421)
+ * CVE-2022-42927 (bmo#1789128)
+ Same-origin policy violation could have leaked cross-origin
+ URLs
+ * CVE-2022-42928 (bmo#1791520)
+ Memory Corruption in JS Engine
+ * CVE-2022-42929 (bmo#1789439)
+ Denial of Service via window.print
+ * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041)
+ Memory safety bugs fixed in Thunderbird 102.4
NetworkManager
+- Bring back /sbin/netconfig as build option since the netconfig
+ in SLE is not ready for usrmerge.
+
+- Update to version 1.38.2:
+ + Fix race condition with pppd that caused failures when
+ activating PPPoE connections.
+ + Unbreak DHCPv6 over PPP.
+ + Don't ignore IPv6 DNS servers received from PPP.
+ + Fix crash while checking WEP capability of Wi-Fi interfaces.
+ + Ensure DHCP is restarted every time the link goes up.
+ + Fix struct alignment issues seen on some architectures.
+ + Various other bugfixes and improvements.
+
+- Fold NetworkManager-wifi back into the main package: The dep
+ chain is not really different and it causes too many problems for
+ users having that split. Not worth the pain (boo#1199710,
+ boo#1199706).
+- As a consequence, also drop the recommends fro the main package
+ to -wifi.
+
+- Update to version 1.38.0:
+ + Add support for route type "throw".
+ + Fix bug setting priority for IP addresses.
+ + Static IPv6 addresses from "ipv6.addresses" are now preferred
+ over addresses from DHCPv6, which are preferred over addresses
+ from autoconf. This affects IPv6 source address selection, if
+ the rules from RFC 6724, section 5 don't give a exhaustive
+ match.
+ + Static IPv6 addresses from "ipv6.addresses" are now interpreted
+ with first address being preferred. Their order got inverted.
+ This is now consistent with IPv4.
+ + Wi-Fi hotspots will use a (stable) random channel number unless
+ one is chosen manually.
+ + Don't use unsupported SAE/WPA3 mode for AP mode.
+ + NetworkManager will no longer advertise frequencies as
+ supported when they're disallowed in configured regulatory
+ domain.
+ + Attempt to connect to WEP-encrypted Wi-Fi network will now fail
+ gracefully with a recent version of wpa_supplicant when built
+ without WEP support. As long as wpa_supplicant supports WEP,
+ NetworkManager will continue to work.
+ + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the
+ NIC does not support PMF. This is known to cause problems in
+ some setups. It is still possible to explicitly configure
+ wifi.key-mgmt=sae for WPA3.
+ + Add new dummy crypto backend "null" that does nothing.
+ NetworkManager uses the crypto library when handling
+ certificates for 802.1x profiles.
+ + Veth devices with name "eth*" are now managed by default via
+ the udev rule. This is to support managing the network in LXD
+ containers.
+ + The hostname received from DHCP is now shortened to the first
+ dot (or to 64 characters, whatever comes first) if it's too
+ long.
+ + As the insecure WEP encryption for Wi-Fi network is phased out,
+ nmcli now discourages its use when activating or modifying a
+ profile.
+ + Fix connectivity checks in case the check endpoint address
+ resolves to multiple addresses.
+ + Workaround libcurl blocking NetworkManager while resolving DNS
+ names.
+ + nmcli: indicate missing Wi-Fi hardware when showing rfkill
+ setting.
+ + nmcli: add connection migrate command to move a profile to a
+ specified settings plugin. This allows to convert profiles in
+ the deprecated ifcfg-rh format to keyfile.
+ + Set "src" attribute for routes from DHCPv4 to the leased
+ address. This helps with source address selection.
+ + Various bugfixes and internal improvements.
+ + Updated translations.
+- Recommend NetworkNanager-wifi from the main package: after the
+ split, there is currently nothing pulling in NM-wifi. Preferably
+ this would happen based on wifi chips prsence, but that is not
+ yet done (boo#1199550).
+
+- Modify NetworkManager.spec: Split into a few small subpackages
+ (bsc#1198128).
+
+- Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc
+
+- Update to version 1.36.4:
+ + The internal DHCPv4 client now discards NAKs packets coming
+ from servers different from the one that sent the offer.
+ + Fix activation of PPPoE connections with "pppoe.parent" unset.
+ + Fix potential libnm crash when the client object initialization
+ gets canceled.
+ + Other various fixes and improvements.
+
+- Do not requires dhcp-client, NM is using its internal client
+ by default for a long time now.
+- Convert iproute2 and iputils requires to recommends, they
+ should not be hard requires.
+
+- Update to version 1.36.2:
+ + When the list of plugins is not specified via "main.plugins" in
+ NetworkManager.conf and no build-time default is set with
+ "--with-config-plugins-default" configure argument, now all
+ known plugins found in the plugin directory are loaded (and the
+ built-in "keyfile" plugin is preferred over others).
+ + Preserve external ports during checkpoint rollback.
+ + Fix removal of ovsdb entry when an OVS interface goes away.
+ + Fix DNS configuration for WWAN connections.
+
+- Update to version 1.36.0:
+ + The handling of Layer 3 configurations has been substantially
+ reworked. While this is mostly internal change, it results in
+ more robust behavior when addressing information from multiple
+ sources (DHCP, manually configured, VPN) need to be applied
+ simultaneously. Overall performance and memory use have also
+ slightly improved.
+ + Manually configured addresses can no longer expire even if the
+ same addresses are also obtained dynamically.
+ + Code for systemd-based DHCP and DHCPv6 clients has been updated
+ from upstream.
+ + NTP servers obtained via DHCPv6 are now exposed on the DBus
+ API, visible in nmcli and available for use by dispatcher
+ scripts.
+ + 5G NR (New Radio) modems are now supported.
+ + The "rd.znet_ifnames" kernel command line option is now honored
+ on network bootups on an IBM s390 platform.
+ + Wi-Fi P2P support does now work with the IWD backend, in
+ addition to wpa_supplicant backend.
+ + Support for special route types have been added: "prohibit",
+ "blackhole" and "unreachable".
+ + Routes managed by routing daemons are now ignored. This is done
+ to address a performance bottleneck on specialized routers.
+ + Handling of IP addressing and routing information is now
+ slightly more efficient and uses less memory. This is apparent
+ on systems with large amount of IP configuration information.
+ + It is now possible to start NetworkManager without root user
+ privileges. This is experimental doesn't necessarily result in
+ a working daemon. NetworkManager service already drops many of
+ capabilities available to the root user.
+ + WPA3 Wi-FI network security have been improved by enabling new
+ H2E (hash to element) method for generating SAE password
+ element.
+ + It is now possible to select the default Wi-Fi backend
+ (wpa_supplicant or IWD) at build-time.
+ + Replies from broken DHCP servers that send duplicate address or
+ mask options are now handled gracefully.
+ + Bridge support has gained the possibility of turning off MAC
+ ageing.
+ + "configure-and-quit" mode and nm-iface-helper have been
+ removed.
+ + A number of bugs that could cause NetworkManager to crash in
+ rare conditions have been fixed.
+- Drop pkgconfig(libteam) BuildRequires and stop passing
+ teamdctl=true to meson: No longer build teamdctl support.
+- Drop patches fixed upstream:
+ + 4685651e7671e064b911a3a05f096908e5ef0580.patch
+ + 471e987add98b36520ece72ee493176fc7bc863c.patch
+ + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch
+ + 634e023e72d4729788a022ea1fae665af28d1b0f.patch
+ + aadf0fb64f491f94b2771058621dc140c562b62b.patch
+- Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected
+ upstream.
+- Rebase patches with quilt.
+
+- Add upstream bug fix patches:
+ + 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix
+ nm_ref_string_equal_str() Fix comparison with a NULL string
+ + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests:
+ fix maybe-uninitialized warning in "test-setting"
+ + aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests:
+ fix maybe-uninitialized warning in "test-libnmc-setting"
+ + 471e987add98b36520ece72ee493176fc7bc863c.patch: device:
+ initialize nm_auto variable in _ethtool_features_reset()
+ + 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux:
+ workaround maybe-uninitialized warning with LTO in
+ nm_uuid_generate_from_string_str()
+
+- Use meson LTO setup as NM makes changes to CFLAGS
+
+- Packaging additions with Autotools replacement:
+ + Add Meson build requirement and replace Automake macros with
+ Meson equivalent ones as autotools will be deprecated in the
+ future.
+ + Options passed to Meson to mimmic our default preferences:
+ systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir},
+ dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables,
+ dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\
+ /dnssec-trigger-script, dist_version=%{version},
+ polkit_agent_helper_1=%{_libexecdir}/polkit-1\
+ /polkit-agent-helper-1, hostname_persist=suse, switchable
+ libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\
+ /pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true,
+ bluez5_dun=true, netconfig=%{_sbindir}/netconfig,
+ dhclient=%{_sbindir}/dhclient, docs=true, switchable
+ tests=%{tests_meson_opt}, more_asserts=0, more_logging=false,
+ qt=false, and switchable teamdctl=true (teamctl is about to be
+ deprecated).
+ + Add conditionalized audit pkgconfig module build requirement to
+ allow easier feature testing, and pass
+ 'yes-disabled-by-default' to 'libaudit' Meson option. As an
+ observation: Meson defaults passing 'yes' to this feature.
+ + Add explicit c++_compiler build requirement to avoid build
+ abortion.
+ + Add explicit libselinux pkgconfig module build requirement
+ checked by Meson and was already being pulled in by some other
+ package.
+ + Add polkit-gobject-1 pkgconfig module build requirement checked
+ by Meson and needed for user auth-polkit support.
+ + Add mobile-broadband-provider-info pkgconfig module build
+ requirement checked by Meson and needed for ModemManager1
+ interface support.
+ + Add sed command to fix server.conf config file location from
+ defaultdocdir/NetworkManager/examples to
+ defaultdocdir/NetworkManager.
+ + Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file,
+ while dropping no longed needed pppddir shell variable
+ definition and 'test -n "$pppddir" || exit 1' construct.
+ + Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and
+ libnm-util2 < 1.21 to main package's Obsoletes tags, following
+ packaging good practices to avoid future unwated behavior
+ regarding versioning schemes.
+ + Replace %version macro with hardcoded "0.9.1" version to the
+ devel subpackage's %name-doc Obsoletes tag following packaging
+ good practices to avoid future unwanted behaviors regarding
+ versioning schemes (the doc subpackage was merged with the
+ devel one in the 0.9.0 release).
+ + Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping
+ any English translations (the default language) from main
+ package.
+- Packaging deletions with Autotools replacement:
+ + Remove data/server.conf from %doc macro in files section as it
+ no longer works with Meson.
+ + Remove "rm" command on server.conf file following sed command
+ addition to fix the right location of the file.
+ + Remove no longer useful conditional build abortion depending
+ whether or not netconfig support was found
+ 'grep "with_netconfig='no'" config.log' since this file isn't
+ generated by Meson.
+ + Remove no longer needed "find" command for GNU Libtool LA files
+ deletion.
+ + Drop no longer needed libtool build requirement as Meson does
+ not use it.
+ + Drop redundant sysconfig-netconfig build requirement as it does
+ not add anything to the build anymore.
+ + Drop comment about suse-release build requirement not being
+ needed anymore, it's been deprecated for almost a decade now.
+ + Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc:
+ the new dbus file has been whitelisted already (bsc#1194799).
+
+- Split out NetworkManager-pppoe, needed to configure regular PPPoE
+ connections (Not very common, as most users have PPPoE routers
+ for the DSL connections).
+
+- Update to version 1.34.0:
+ + initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6"
+ + core: better handle sd-resolved errors when resolving hostnames
+ + nmcli: fix import WireGuard profile with DNS domain and address
+ family disabled
+ + ndisc: send router solicitations before expiry
+ + policy: send earlier the ip configs to the DNS manager
+ + core: support linking with LLD 13
+ + wireguard: importing wg-quick configuration files with nmcli
+ no longer sets a negative, exclusive "dns-priority". This plays
+ better with common split DNS setups that use systemd-resolved.
+ Adjust the "dns-priority" to your liking after import yourself.
+ + NetworkManager no longer listens for netlink events for traffic
+ control objects (qdiscs and filters).
+ + core: add internal nm-priv-helper service for separating
+ privileges and have a way to drop capabilities from
+ NetworkManager daemon.
+ + bond: add support for setting queue-id of bond port.
+ + dns: support configuring DNS over TLS (DoT) with
+ systemd-resolved.
+ + nmtui: add support for WireGuard profiles.
+ + nmcli: add aliases `nmcli device up|down` beside
+ connect|disconnect.
+ + conscious language: Deprecate 'Device.Slaves' D-Bus property in
+ favor of new 'Device.Ports' property. Depracate
+ 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()'
+ in libnm.
+ + nmcli: invoking nmcli command without arguments will now show
+ 'default' instead of null address in route4 or route6 section.
+- Refresh patches with quilt.
+- Replace addFilter("suse-branding-unversioned-requires*") from
+ rpmlintrc, with the current branding-requires-unversioned.
+- Update our Supplements to current standard.
+- Add the new internal nm-priv-helper.service to pre(un)/post(un)
+ handling.
+
apparmor
+- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
+ https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
+
autoyast2
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.10
+
+- Add needed packages for kdump even when kdump section is not
+ defined if product enable kdump by default (bsc#1204180)
+- 4.5.9
+
+- Add support for security policies validation (jsc#SLE-24764).
+
binutils
+- Add binutils-maxpagesize.diff for a problem on old code
+ streams, where we would generate too large binaries.
+
+- s390-pic-dso.diff: use %pB instead of %B
+
+- SLE toolchain update of binutils. Update to 2.39 from 2.37,
+ which means obsoleting and hence removing these patches:
+ binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff,
+ binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff,
+ binutils-add-z16-name.diff.
+ Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033,
+ jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031,
+ jsc#SLE-25047]
+- This fixes these CVEs relative to 2.37:
+ [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648
+ [bsc#1193929] aka PR28694 aka CVE-2021-45078
+ [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195
+ [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943
+ [bsc#1202966] aka PR29289 aka CVE-2022-38126
+ [bsc#1202967] aka PR29290 aka CVE-2022-38127
+ [bsc#1202969] aka CVE-2021-3826
+
+- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533
+ [bsc#1202816]
+
+- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451.
+
+- Add binutils-2.39-branch.diff.gz.
+- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes.
+- Add gprofng subpackage.
+
+- Update to binutils 2.39:
+ * The ELF linker will now generate a warning message if the stack is made
+ executable. Similarly it will warn if the output binary contains a
+ segment with all three of the read, write and execute permission
+ bits set. These warnings are intended to help developers identify
+ programs which might be vulnerable to attack via these executable
+ memory regions.
+ The warnings are enabled by default but can be disabled via a command
+ line option. It is also possible to build a linker with the warnings
+ disabled, should that be necessary.
+ * The ELF linker now supports a --package-metadata option that allows
+ embedding a JSON payload in accordance to the Package Metadata
+ specification.
+ * In linker scripts it is now possible to use TYPE=<type> in an output
+ section description to set the section type value.
+ * The objdump program now supports coloured/colored syntax
+ highlighting of its disassembler output for some architectures.
+ (Currently: AVR, RiscV, s390, x86, x86_64).
+ * The nm program now supports a --no-weak/-W option to make it ignore
+ weak symbols.
+ * The readelf and objdump programs now support a -wE option to prevent
+ them from attempting to access debuginfod servers when following
+ links.
+ * The objcopy program's --weaken, --weaken-symbol, and
+ - -weaken-symbols options now works with unique symbols as well.
+- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff,
+ binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz.
+- For now use --disable-gprofng.
+- Includes fixes for these CVEs:
+ bnc#1142579 aka CVE-2019-1010204 aka PR23765
+
+(Fake entry from SLE for tracking purposes:)
+- Use https for variosu links.
+
+- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e)
+ in order to include PR29087.
+
+- Enable multitarget build on riscv64
+- On SLE15 and later, use make -Oline to synchronize configure output by
+ lines
+
+(Fake entry from SLE for tracking purposes:)
+- Renumber Sources.
+
+- Fix ExcludeArch for ppc.
+
+- Make multibuild utilize only the main binutils.spec file.
+- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh.
+
+- Start using _multibuild for cross binutils.
+
+ (forward port from SLE)
+- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include
+ recognition of 'z16' name for 'arch14' on s390. [bsc#1198237]
+
+(Fake entry from SLE for tracking purposes:)
+- Add usage of a SUSE_ZNOW environment variable which allows switching
+ on "-z now" by default using "export SUSE_ZNOW=1", similar to
+ the SUSE_ASNEEDED variable. Adds binutils-znow.patch.
+
+- Update binutils-skip-rpaths.patch: add back fix for boo#1191473,
+ which got lost in the update to 2.38.
+
+- Update binutils-2.38-branch.diff.gz in order to include PR28879.
+
+- From Stefan Brüns <stefan.bruens@rwth-aachen.de>:
+ * Install symlinks for all target specific tools on
+ arm-eabi-none [bsc#1185712]
+
+- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify
+ that corresponding flex/bison files are not modified by a patch.
+
+- Use verbose mode for make for cross compilers.
+
+- Make it build on SLE-11 again.
+
+- Use verbose mode for make.
+
+- Update to binutils 2.38:
+ * elfedit: Add --output-abiversion option to update ABIVERSION.
+ * Add support for the LoongArch instruction set.
+ * Tools which display symbols or strings (readelf, strings, nm, objdump)
+ have a new command line option which controls how unicode characters are
+ handled. By default they are treated as normal for the tool. Using
+ - -unicode=locale will display them according to the current locale.
+ Using --unicode=hex will display them as hex byte values, whilst
+ - -unicode=escape will display them as escape sequences. In addition
+ using --unicode=highlight will display them as unicode escape sequences
+ highlighted in red (if supported by the output device).
+ * readelf -r dumps RELR relative relocations now.
+ * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been
+ added to objcopy in order to enable UEFI development using binutils.
+ * ar: Add --thin for creating thin archives. -T is a deprecated alias without
+ diagnostics. In many ar implementations -T has a different meaning, as
+ specified by X/Open System Interface.
+ * Add support for AArch64 system registers that were missing in previous
+ releases.
+ * Add support for the LoongArch instruction set.
+ * Add a command-line option, -muse-unaligned-vector-move, for x86 target
+ to encode aligned vector move as unaligned vector move.
+ * Add support for Cortex-R52+ for Arm.
+ * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64.
+ * Add support for Cortex-A710 for Arm.
+ * Add support for Scalable Matrix Extension (SME) for AArch64.
+ * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the
+ assembler what to when it encoutners multibyte characters in the input. The
+ default is to allow them. Setting the option to "warn" will generate a
+ warning message whenever any multibyte character is encountered. Using the
+ option to "warn-sym-only" will make the assembler generate a warning whenever a
+ symbol is defined containing multibyte characters. (References to undefined
+ symbols will not generate warnings).
+ * Outputs of .ds.x directive and .tfloat directive with hex input from
+ x86 assembler have been reduced from 12 bytes to 10 bytes to match the
+ output of .tfloat directive.
+ * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and
+ 'armv9.3-a' for -march in AArch64 GAS.
+ * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a',
+ 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS.
+ * Add support for Intel AVX512_FP16 instructions.
+ * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
+ linker to pack relative relocations in the DT_RELR section.
+ * Add support for the LoongArch architecture.
+ * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF
+ linker to control canonical function pointers and copy relocation.
+ * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE
+ bytes.
+- Add binutils-2.38-branch.diff.gz.
+- Removed deletion of man pages as they should be properly packages
+ in tarball.
+- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff,
+ binutils-bfd_h.patch, binutils-revert-nm-symversion.diff,
+ binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch
+ and binutils-compat-old-behaviour.diff.
+
+- Enable PRU architecture for AM335x CPU (Beagle Bone Black board)
+
+- use fdupes on datadir
+- remove RPM_BUILD_ROOT usage and other cleanups
+
+- Rebase binutils-2.37-branch.diff: fixes PR28494.
+
busybox
+- Fix build under SLE-12
+
+- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
+ * CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules
+
+- prepare spec file for rpmbuild --build-in-place --noprep
+- use bcond for static and ww3 subpackages
+- fix verbose flag
+
+- Enable switch_root
+ With this change virtme --force-initramfs works as expected.
+
+- Enable udhcpc
+
+- BuildRequire hostname: the test suite wants to compare the output
+ of 'hostname' against 'busybox hostname'. We should not rely
+ hostname to be present in the build environment.
+
+- Update to 1.35.0
+ - awk: fix printf %%, fix read beyond end of buffer
+ - chrt: silence analyzer warning
+ - libarchive: remove duplicate forward declaration
+ - mount: "mount -o rw ...." should not fall back to RO mount
+ - ps: fix -o pid=PID,args interpreting entire "PID,args" as header
+ - tar: prevent malicious archives with long name sizes causing OOM
+ - udhcpc6: fix udhcp_find_option to actually find DHCP6 options
+ - xxd: fix -p -r
+ - support for new optoins added to basename, cpio, date, find,
+ mktemp, wget and others
+- Adjust busybox.config for new features in find, date and cpio
+
+- Annotate CVEs already fixed in upstream, but not mentioned in .changes:
+ * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting
+ * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults
+ * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc
+ * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing
+ * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw
+ * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow
+ * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow
+ * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components
+ * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376,
+ CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380,
+ CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384,
+ CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes
+ - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data
+ - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp
+ - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data()
+ - CVE-2011-5325 (bsc#951562): tar directory traversal
+ - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation
+
cpupower
+- Update to latest intel-speed-select package version from 1.10 to 1.13
+ (jsc#PED-2137):
+ 1.13:
+ * Fix build failure when using gcc options -Wl,--as-needed
+ * Fix warning for perf_cap.cpu may be uninitialized
+ * Fix off by one check for MAX_DIE_PER_PACKAGE
+ * Fix issue with use of get_physical_die_id instead of
+ get_physical_die_id
+ * Warn if turbo is disabled and SST turbo-freq feature is requested
+ 1.12:
+ * Allows out of band SST support, where some remote agent
+ changes SST profiles via some Board Management Controller.
+ * HFI support to process config level changes in oob mode
+ 1.11:
+ * Update max performance when BIOS disabled turbo
+
- jsc#PED-394
+ jsc#PED-1028
- jsc#PED-393
+ jsc#PED-1027
- jsc#PED-391
+ jsc#PED-1029
+ Add RPL-S platform to Turbostat
+ jsc#PED-1026
- jsc#PED-2065
+ jsc#PED-2066
dconf
+- Bring back 0001-gvdb-Restore-permissions-on-changed-files.patch
+ since the useful fix was never merged to upstream (bsc#971074
+ bgo#758066 bsc#1203344).
+
duktape
+- duktape-link-m.patch: link against libm for sin() and related functions,
+ in case the compiler with -Os creates external references. bsc#1205805
+
emacs
+- Add upstream commit as patch d48bb487.patch (bsc#1205822, CVE-2022-45939)
+ * shell command injection via source code files when using ctags
+
hwdata
+- update to 0.363:
+ + Updated pci, usb and vendor ids.
+
+- update to 0.362:
+ + Updated pci, usb and vendor ids.
+
+- update to 0.361:
+ + Updated pci, usb and vendor ids.
+
issue-generator
+- Update to version 1.13
+ - SELinux: Do not call agetty --reload [bsc#1186178]
+
+- Update to version 1.12
+ - Update manual page
+ - Use python3 instead of python 2.x
+
+- Update to version 1.11
+ - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
+ - Ignore /run/issue.d in issue-generator.path, else issue-generator will
+ be called too fast too often [bsc#1177865]
+ - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]
+
+- Handle the .path unit in scriptlets as well
+
+- Update to version 1.10
+ - Display wlan interfaces [bsc#1169070]
+
+- Update to version 1.9
+ - Fix path for systemd files
+
+- Update to version 1.8
+ - Handle network interface renames
+
krb5
+- Fix integer overflows in PAC parsing; (CVE-2022-42898);
+ (bso#15203), (bsc#1205126).
+- Added patches:
+ * 0010-Fix-integer-overflows-in-PAC-parsing.patch
+
libX11
+- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch
+ * security update for CVE-2022-3554 (bsc#1204422)
+- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch
+ * security update for CVE-2022-3555 (bsc#1204425)
+
libapparmor
+- add profiles-permit-php-fpm-pid-files-directly-under-run.patch
+ https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344)
+
libarchive
+- Fix CVE-2022-36227, Handle a calloc returning NULL
+ (CVE-2022-36227, bsc#1205629)
+ * CVE-2022-36227.patch
+
libdb-4_8
+- Security fix: [bsc#1174414, CVE-2019-2708]
+ * libdb: Data store execution leads to partial DoS
+ * Backport the upsteam commits:
+ - Fixed several possible crashes when running db_verify
+ on a corrupted database. [#27864]
+ - Fixed several possible hangs when running db_verify
+ on a corrupted database. [#27864]
+ - Added a warning message when attempting to verify a queue
+ database which has many extent files. Verification will take
+ a long time if there are many extent files. [#27864]
+ * Add libdb-4_8-CVE-2019-2708.patch
+
-- Explicit add a conflict to other providers of /usr/lib/libdb.so
- and /usr/lib/libdb-4.so
-
libdrm
+- Apply n_libdrm-drop-valgrind-dep-generic.patch and
+ n_libdrm-drop-valgrind-dep-intel.patch only when the build uses
+ meson < 0.64. With meson 0.64, we don't get the dependency on
+ valgraind added.
+
+- split n_libdrm-drop-valgrind-dep.patch into
+ n_libdrm-drop-valgrind-dep-generic.patch and
+ n_libdrm-drop-valgrind-dep-intel.patch to fix build on s390 and
+ armv7l
+
+- Only apply libdrm-drop-valgrind-dep.patch if valgrnid_support is
+ enabled (fix build on e.g. aarch64).
+
+- renamed libdrm-drop-valgrind-dep.patch to
+ n_libdrm-drop-valgrind-dep.patch in order to mark it as 'never
+ to be upstreamed'
+
+- Add libdrm-drop-valgrind-dep.patch (as source): drop dependency
+ on valgrind on generated pkgconfig files. The .pc files are
+ auto-generated by meson and are 'technically' correct, but we do
+ not want to inject valgrind here (we can get away with this hack
+ as it's only relevant when using pkg-config --static, and we
+ do not provide static libs anyway).
+
+- Update to 2.4.114
+ * amdgpu.ids: use consistent formatting for RID
+ * amdgpu.ids: sort the file
+ * amdgpu.ids: update to the latest marketing name
+ * amdgpu_ids: add MI marketing names
+ * amdgpu: Add a default marketing name if none is found
+ * meson: fast-fail on unsupported OSes
+ * include/drm/drm_fourcc.h: Update from Linux v6.0-rc7
+ * include/drm/i915_drm.h: Update from Linux v6.0-rc7
+ * tests/util: add imx-lcdif driver
+ * intel: move declarations to top in drm_intel_gem_bo_unreference()
+ * build: automatically disable Intel if pciaccess is not found
+ * xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName()
+ * amdgpu: silence uninitialized variable warning
+ * xf86drmMode: add helpers for dumb buffers
+ * modetest: drop unused offset field in struct bo
+ * modetest: use sized integers in struct bo
+ * modetest: use dumb buffer helpers
+
+- disabled intel driver on s390x
+
+- update to 2.4.113:
+ * amdgpu: update marketing names
+ * sync i915_pciids with kernel
+ * atomic: fix atomic_add_unless() fallback's return value
+ * intel: Avoid aliasing violation
+ * intel: Hook up new platforms IDs
+ * meson: auto-enable etnaviv on arm, arc, mips and loongarch architectures
+ * modetest: use drmGetFormatName()
+ * lots of testsuite and CI improvements
+- enable intel support everywhere as there are now discrete intel GPUs
+- enable vc4 support on armv7/aarch64
+- simplify valgrind support ifdefery
+
+- update to 2.4.112:
+ * xf86drmMode: introduce drmModeConnectorGetPossibleCrtcs
+ * xf86drmMode: introduce drmModeGetConnectorTypeName
+ * xf86drmMode: constify drmModeAtomicReq functions
+ * gen_table_fourcc: strip _MODIFIER suffix for INVALID
+ * testsuite fixes
+
+- update to 2.4.111
+ * bugfixes
+ * drops libkms
+- added tegra-* tools on aarch64 to spefile
+
+- update to 2.4.110:
+ * build system updates
+ * amdgpu: implement new CTX OP to set/get stable pstates
+ * amdgpu: update_drm for new CTX OP to set/get stable pstates
+ * intel: Add support for ADL-N
+ * intel: Add support for RPLS platform
+ * intel: sync pciids with Linux kernel
+ * update to tests
+
+- update to 2.4.109:
+ * amdgpu: add new function to get fd
+ * radeon: remove duplicate struct declaration
+ * xf86drm: fix compiler warnings
+ * ci fixes
+
+- update to 2.4.108:
+ * amdgpu: add amdgpu_stress utility v2
+ * amdgpu: add marketing names from 21.30
+ * amdgpu: add new marketing name
+ * amdgpu: Make marketing names consistent
+ * amdgpu: use drmCloseBufferHandle
+ * build: bump version to 2.4.108
+ * drm_fourcc: sync drm_fourcc with latest drm-next kernel
+ * etnaviv: use drmCloseBufferHandle
+ * exynos: use drmCloseBufferHandle
+ * Fix -Werror=format build errors on FreeBSD
+ * freedreno: use drmCloseBufferHandle
+ * headers: drm: Sync with drm-next
+ * intel: Do not assert on unknown chips in drm_intel_decode_context_alloc
+ * intel: Drop legacy execbuffer support
+ * intel: sync ADL-S PCI IDs with kernel
+ * intel: Sync pci ids
+ * intel: use drmCloseBufferHandle
+ * man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE
+ * meson: Build libdrm.so as an unversioned lib on Android.
+ * meson: Don't build libkms for Android.
+ * nouveau: print bo address in the GPU/CPU vm and its size
+ * nouveau: use drmCloseBufferHandle
+ * omap: use drmCloseBufferHandle
+ * radeon: use drmCloseBufferHandle
+ * tegra: use drmCloseBufferHandle
+ * test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test
+ * tests/amdgpu: Fix TMZ secure bounce test
+ * xf86drm: add GEM_CLOSE ioctl wrapper
+ * xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs
+ * xf86drm: fix mem leak in drm_usb_dev_path()
+ * xf86drmMode: make drm_property_type_is arg const
+ * xf86drmMode: simplify drm_property_type_is
+ * xf86drmMode: switch to standard inline qualifier
+ * xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC
+
libeconf
+- Update to version 0.4.6+git20220427.3016f4e:
+ * econftool:
+ * * Parsing error: Reporting file and line nr.
+ * * --delimeters=spaces Taking all kind of spaces for delimiter
+ * libeconf:
+ Fixed bsc#1198165: Parsing files correctly which have space characters
+ AND none space characters as delimiters.
+
+- Update to version 0.4.5+git20220406.c9658f2:
+ * econftool:
+ * * New call "syntax" for checking the configuration files only.
+ Returns an error string with line number if an error occurs.
+ * * New options "--comment" and "--delimeters"
+ * * Parsing one file only if needed.
+
libepoxy
+- needed by jira#PED-1174 (Mesa needs sync with Xserver, which
+ then needs updated libepoxy)
+
+- Update to version 1.5.10:
+ + Fix for building with MSVC on non-English locale.
+ + Fix build on Android.
+ + Add the right include paths for EGL and X11 headers.
+- Upstream tarball url changed, probably by mistake, so leave old
+ url in place, but disabled.
+
libglvnd
+- update to 1.5.0:
+ * Add BTI landing pads for aarch64
+ * Set current thread state to NULL in teardown
+ * Moving setspecific to before DestroyThreadState
+ * Fix a memory leak in libGLdispatch
+ * Use assembly stubs on armv6
+- drop libglvnd-add-bti.patch (upstream)
+
+- let libglvnd require Mesa-dri so GL drivers are available on
+ Wayland-only desktop installations (boo#1201474)
+
+- Update libglvnd-add-bti.patch from latest upstream submission
+
+- Re-enable asm on aarch64
+- Add patch to fix run with BTI enabled on aarch64:
+ * libglvnd-add-bti.patch - boo#1188928
+
+- update to 1.4.0:
+ * tests cleanups
+ * Update bin/symbols-check.py from mesa/mesa@6f854145
+ * Remove extra paragraph from license text.
+ * Add one more missing dep_x11_headers
+ * Update uthash to v2.3.0
+ * EGL: Add support for eglQueryDisplayAttribKHR and NV.
+
libinput
-- Update to version 1.19.4 (boo#1198111):
- * This release includes a fix for CVE-2022-1215, a format string
- vulnerability in the evdev device handling.
+- Update to release 1.21
+ * This version includes a new configuration option that,
+ similarly to its touchpad counterpart, allows disabling the
+ trackpoint while typing.
+ * The flat acceleration profile has been improved in this
+ version.
+
+- Enable building libinput-replay [boo#1190065]
+
+- Update to release 1.20.1
+ * Format string issue resolved [CVE-2022-1215 bsc#1198111]
+
+- Update to release 1.20.0
+ * High-resolution scroll is more reliable thanks to the
+ inclusion of new heuristics.
+ * Better handling of BTN_TOOL_PEN on top of BTN_TOOL_RUBBER on
+ graphics tablets that trigger a kernel bug.
+ * libinput does not handle joysticks and gamepads. The
+ detection algorithm has been improved to avoid tagging some
+ of those devices as keyboards.
+ * Improved clickpad detection
+ * New quirks and bug fixing
libnvme
+- Update to version 1.2 (jsc#PED-553):
+ * 64-bit Reference Tags and TP-4068 changes
+ * Add more details for return code of MI admin cmds
+ * Fix poll.h includes
+ * Parse dhchap_host_key on controller level
+ * Regenerate all documentation
+ * Update json config schema for missing dhchap host key
+ * build: Add support to build against LibreSSL
+ * build: Drop -nostdinc for LibreSSL header checks
+ * fabrics: Add new TP8010 definitions
+ * fabrics: Add nvmf_get_discovery_wargs()
+ * fabrics: Duplicate strings when merging configs
+ * fabrics: Filter out empty strings in add_argument()
+ * fabrics: Fix build_options() return values
+ * fabrics: Use fallthrough statement
+ * fabrics: sanitize dump-config output
+ * ioctl: Honor rae in nvme_get_nsid_log
+ * ioctl: Set log page offset for nvme_get_log_telemetry_host
+ * json-schema: add dhchap_key details to host section
+ * json: Enforce correctly formatted JSON config files
+ * json: Verify JSON config file starts with an array
+ * json: fixup dhchap_ctrl_key definitions
+ * libnvme-mi: Introduce NVMe Managament Interface library
+ * mi-mctp: Add timeout support to MCTP transport
+ * mi: Add Get Log Page helpers
+ * mi: Add Identify function for secondary controller list
+ * mi: Add Identify helper for ns-descs and primary-ctrl-caps
+ * mi: Add endpoint get/set timeout API
+ * mi: Add firmware download and commit commands
+ * mi: Add identify helper for nsid-capable Controller List
+ * mi: Add identify helpers for namespace lists
+ * mi: Add identify helpers for namespaces
+ * mi: Add maximum More Processing Required limit API
+ * mi: Allow Admin-message sized More Processing Required responses
+ * mi: Distinguish MI status from NVMe (CDW3) status
+ * mi: Fix C++ compiler errors
+ * mi: Implement Format NVM command
+ * mi: Implement Get & Set Features Admin commands
+ * mi: Implement NS attach command and helpers
+ * mi: Implement Namespace Management command and create/delete helpers
+ * mi: Implement Sanitize command
+ * mi: Init ctrl_id within xfer
+ * mi: Introduce a helper for response status, unify values with ioctls
+ * mi: Set log page offset for nvme_get_log_telemetry_host
+ * mi: add nvme_mi_status_to_string()
+ * mi: fix a memory leak in nvme_mi_open_mctp()
+ * mi: fix get_log_page chunked offset check
+ * mi: unify MI Get Log Page function with ioctl API
+ * nvme-tree: avoid segfault if auth keys are unavailable
+ * python: Use nvmf_get_discovery_wargs()
+ * python: add missing ctrl attrs to Python bindings
+ * rpmbuild: Enable 'make rpm' to build rpm pkgs #408
+ * tree: rename controller 'dhchap_key' to 'dhchap_ctrl_key'
+ * types: Move enum nvme_data_tfr to types
+ * update/cleanup of documentation
+ * util: Add LINE_MAX define
+ * util: Add get feature length 2 API to support direction parameter
+ * util: Add simple UUID type
+ * util: Do not expose fallthrough defines
+ * various build fixes
+ * various fixes reported by coverity
+- Drop upstream patches
+ * remove 0001-fabrics-Lower-log-level-in-__nvmf_add_ctrl.patch
+ * remove 0002-fabrics-Remove-double-connection-error-logging.patch
+ * remove 0003-fabrics-Introduce-connection-connect-error-mapping.patch
+ * remove 0004-libnvme-Export-nvme_ctrl_get_config.patch
+ * remove 0005-tree-Factor-lookup-code-for-controller.patch
+ * remove 0006-fabrics-Consider-config-from-file-when-adding-new-co.patch
+ * remove 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch
+ * remove 0008-libnvme-accessors-for-dhchap_key-variables.patch
+ * remove 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch
+ * remove 0010-json-fixup-dhchap_ctrl_key-definitions.patch
+ * remove 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch
+ * remove 0012-Parse-dhchap_host_key-on-controller-level.patch
+ * remove 0013-json-schema-add-dhchap_key-details-to-host-section.patch
+ * remove 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch
+ * remove 0015-fabrics-restructrure-nvmf_get_discovery_log.patch
+ * remove 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch
+ * remove 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch
+ * remove 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch
+ * remove 0019-Fix-llx-lx-build-warnings-on-powerpc.patch
+ * remove 0020-fabrics-sanitize-dump-config-output.patch
+ * remove 0021-fabrics-Fix-build_options-return-values.patch
+- Make man page build conditiional. Install man page location has been
+ fixed upstream.
+- Mark the Python directory own by the libnvme3-python package
+- Use fixed manpage build date (boo#1047218)
+- Fix installation of manual pages to make them accessible
+
+- Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717)
+ * add 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch
+ * add 0008-libnvme-accessors-for-dhchap_key-variables.patch
+ * add 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch
+ * add 0010-json-fixup-dhchap_ctrl_key-definitions.patch
+ * add 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch
+ * add 0012-Parse-dhchap_host_key-on-controller-level.patch
+ * add 0013-json-schema-add-dhchap_key-details-to-host-section.patch
+ * add 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch
+ * add 0015-fabrics-restructrure-nvmf_get_discovery_log.patch
+- Subsystem scanning logic fixes
+ * add 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch
+ * add 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch
+ * add 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch
+- Fix PowerPC build warnings
+ * add 0019-Fix-llx-lx-build-warnings-on-powerpc.patch
+- Fabrics fixes
+ * add 0020-fabrics-sanitize-dump-config-output.patch
+ * add 0021-fabrics-Fix-build_options-return-values.patch
+
libqmi
+- update to 1.30.8:
+ * dms: new 'Foxconn FCC authentication v2' request/response.
+
+- Enable QRTR support
+
+- Update to 1.30.6
+ * meson: fix 'export_packages' in GIR setup.
+ * net-port-manager: use unaligned netlink attribute length.
+- Drop the unneeded rpmlintrc file
+
+- update to 1.30.4:
+ * * meson: switch to use the new python module in meson.
+ * * meson: added a new boolean 'man' option in the meson setup to explicitly
+ enable or disable building the man pages.
+ * * meson: removed the option to detect if rmnet is supported.
+ * * meson: multiple updates to use newer meson features like install_dir(),
+ install_mode() or summary().
+ * * meson: options 'mbim_qmux' and 'qrtr' are enabled by default and must be
+ explicitly disabled if they're not needed, there is no attempt to
+ autodetect whether they can be enabled or not.
+ * qmi-proxy:
+ * * Remove assert when attempting to close ghost device.
+ * qmi-firmware-update:
+ * * Use defaults if FLASH variables not reported, enabling support to flash
+ the new Sierra Wireless EM9190 and EM9191 modules.
+ * Several other minor improvements and fixes.
+
libstorage-ng
+- merge gh#openSUSE/libstorage-ng#905
+- read filters for udev links from config file
+- limit allowed by-id links for NVMEs (bsc#1205352)
+- make integration-tests subpackage noarch
+- cleanup
+- 4.5.53
+
+- Translated using Weblate (Macedonian) (bsc#1149754)
+- 4.5.52
+
+- merge gh#openSUSE/libstorage-ng#904
+- added examples
+- 4.5.51
+
+- merge gh#openSUSE/libstorage-ng#903
+- fixed typo
+- 4.5.50
+
+- merge gh#openSUSE/libstorage-ng#902
+- ignore chunk size for RAID1 (bsc#1205172)
+- 4.5.49
+
libusb-1_0
+- Added 0002-gracefully-handle-buggy-config0-devices.patch
+ * Fix regression where some buggy devices no longer work
+ if they have a configuration value of 0.
+ * [bsc#1201590]
+
libuv
+- Remove epoll syscall wrappers; (bsc#1199062); Add
+ * 0001-linux-remove-epoll-syscall-wrappers.patch
+ * 0002-linux-drop-code-path-for-epoll_pwait-less-kernels.patch
+
-- update to v0.11.29
-
-- update to v0.11.28
-
-- update to 0.11.24
-- install pkg-config file
-
-- Update to version 0.11.23
- * bug fixes
-
-- update to v0.11.21
-
-- initial packaging of v0.11.19
-
libxml2
+- Add W3C conformance tests to the testsuite (bsc#1204585):
+ * Added file xmlts20080827.tar.gz
+
lvm2
+- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
+ - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
+
lvm2:devicemapper
+- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216)
+ - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch
+
mdadm
+- mdadm.spec: add EXTRAVERSION string to make command line
+ (jsc#SLE-24761, bsc#1193566)
+
mozilla-nss
+- Require libjitter only for SLE15-SP4 and greater
+
+- update to NSS 3.79.2 (bsc#1204729)
+ * bmo#1785846 - Bump minimum NSPR version to 4.34.1.
+ * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
+
+- Add nss-allow-slow-tests.patch, which allows a timed test to run
+ longer than 1s. This avoids turning slow builds into broken
+ builds.
+
+- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
+ DSA keys (verification only) (bsc#1201298).
+- Update nss-fips-constructor-self-tests.patch to add
+ sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
+ (bsc#1198980).
+
+- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
+ longer symmetric keys via the service level indicator
+ (bsc#1191546).
+- Update nss-fips-constructor-self-tests.patch to hopefully export
+ sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
+
+- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
+ from getting flagged as non-FIPS (bsc#1191546).
+- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
+- Enable nss-fips-drbg-libjitter.patch now that we have a patched
+ libjitter to build with (bsc#1202870).
+
+- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
+ from getting flagged as non-FIPS and add remaining TLS mechanisms.
+- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
+ entropy. This is disabled until we can avoid the inline assembler
+ in the latter's header file that relies on GNU extensions.
+- Update nss-fips-constructor-self-tests.patch to fix an abort()
+ when both NSS_FIPS and /proc FIPS mode are enabled.
+
nano
+- update to 7.0:
+ * String binds may contain bindable function names between braces
+ * Unicode codes can be entered (via M-V) without leading zeroes,
+ by finishing short codes with <Space> or <Enter>
+ * Word completion (^]) looks for candidates in all open buffers
+ * No regular expression matches the final empty line any more
+
net-snmp
+- update to 5.9.3 (bsc#1201103, jsc#SLE-11203):
+ - security:
+ - These two CVEs can be exploited by a user with read-only credentials:
+ - CVE-2022-24805Â A buffer overflow in the handling of the INDEX of
+ NET-SNMP-VACM-MIB can cause an out-of-bounds memory access.
+ - CVE-2022-24809Â A malformed OID in a GET-NEXT to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - These CVEs can be exploited by a user with read-write credentials:
+ - CVE-2022-24806Â Improper Input Validation when SETing malformed
+ OIDs in master agent and subagent simultaneously
+ - CVE-2022-24807Â A malformed OID in a SET request to
+ SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an
+ out-of-bounds memory access.
+ - CVE-2022-24808Â A malformed OID in a SET request to
+ NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference
+ - CVE-2022-24810Â A malformed OID in a SET to the nsVacmAccessTable
+ can cause a NULL pointer dereference.
+ - Fixed library versioning bug found in 5.9.2.
+ - Library version change to libsnmp40.
+- Moved logrotate files from user specific directory /etc/logrotate.d
+ to vendor specific directory /usr/etc/logrotate.d.
+- Fixed python2 backward compability.
+ add:
+ * net-snmp-5.9.3-fixed-python2-bindings.patch
+- Migration to /usr/etc: Saving user changed configuration files
+ in /etc and restoring them while an RPM update.
+- Change to use systemd service files directly from net-snmp package.
+ add:
+ * net-snmp-5.9.1-suse-systemd-service-files.patch
+ * net-snmp-5.9.1-harden_snmpd.service.patch
+ * net-snmp-5.9.1-harden_snmptrapd.service.patch
+ remove:
+ * snmpd.service
+ * snmptrapd.service
+ * harden_snmpd.service.patch
+ * harden_snmptrapd.service.patch
+- Refactor and remove obsolete patches to work with version number 5.9.3:
+ add:
+ * net-snmp-5.9.3-pie.patch
+ * net-snmp-5.9.3-fix-create-v3-user-outfile.patch
+ * net-snmp-5.9.1-add-lustre-fs-support.patch
+ * net-snmp-5.9.1-fix-Makefile.PL.patch
+ * net-snmp-5.9.1-modern-rpm-api.patch
+ * net-snmp-5.9.1-net-snmp-config-headercheck.patch
+ * net-snmp-5.9.1-perl-tk-warning.patch
+ * net-snmp-5.9.1-snmpstatus-suppress-output.patch
+ * net-snmp-5.9.1-socket-path.patch
+ * net-snmp-5.9.1-subagent-set-response.patch
+ * net-snmp-5.9.1-testing-empty-arptable.patch
+ * net-snmp-5.9.1-velocity-mib.patch
+ remove:
+ * net-snmp-5.9.1-pie.patch
+ * net-snmp-5.9.1-fix-create-v3-user-outfile.patch
+ * net-snmp-5.7.3-add-lustre-fs-support.patch
+ * net-snmp-5.7.3-Fix-Makefile.PL.patch
+ * net-snmp-5.7.3-modern-rpm-api.patch
+ * net-snmp-5.7.3-net-snmp-config-headercheck.patch
+ * net-snmp-5.7.3-perl-tk-warning.patch
+ * net-snmp-5.7.3-snmpstatus-suppress-output.patch
+ * net-snmp-5.7.3-socket-path.patch
+ * net-snmp-5.7.3-subagent-set-response.patch
+ * net-snmp-5.7.3-testing-empty-arptable.patch
+ * net-snmp-5.7.3-velocity-mib.patch
+ * net-snmp-5.7.3-fix-create-v3-user-outfile.patch
+ * net-snmp-5.7.3-pie.patch
+ * net-snmp-4.7.2-systemd.patch
+ * net-snmp-5.7.3-build-with-openssl-1.1.patch
+ * net-snmp-5.7.3-fix-agentx-freezing-on-timeout.patch
+ * net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch
+ * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch
+ * net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch
+ * net-snmp-5.7.3-fix-subagent-data-corruption.patch
+ * net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch
+ * net-snmp-5.7.3-host-mib-skip-autofs-entries.patch
+ * net-snmp-5.7.3-make-extended-mib-read-only.patch
+ * net-snmp-5.7.3-netgroups.patch
+ * net-snmp-5.7.3-Remove-U64-typedef.patch
+ * net-snmp-5.7.3-snmptrapd-add-forwarder-info.patch
+ * net-snmp-5.7.3-swintst_rpm-Protect-against-unspecified-Group-name.patch
+ * net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch
+ * net-snmp-python3.patch
+
nfs-utils
+- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch
+ Fix nfsdcltrack bug that affected non-x86 archs.
+ (bsc#1202627)
+
+- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch
+ Ensure sysctl setting work (bsc#1199856)
+
nfsidmap
+- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch
+ 0002-Handle-NULL-names-better.patch
+ 0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
+ 0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
+ 0005-nss.c-wrong-check-of-return-value.patch
+ 0006-Fixed-a-memory-leak-nss_name_to_gid.patch
+ Various bugfixes and improvemes from upstream
+ In particular, 0001 fixes a crash that can happen when
+ a 'static' mapping is configured.
+ (bnc#1200901)
+
-- add libtool as buildrequire to avoid implicit dependency
-
-- libnfsidmap-0.24
- * Added autogen.sh which runs all the autoconfig scripts
- * Added nfs4_owner interfaces which are used by the
- new nfsidmap program
-
-- include manpage again bnc#689009
-
-- revert the last change that exported only public symbols
- breaks loadable modules.
-
-- libnfsidmap: export only public symbols nfs4_*, in particular
- this avoids exporting strlcpy to calling applications..
-- openldap2-devel is not required in -devel package
-
-- use %_smp_mflags
-
-- disable the idmapd.conf manpage inclusion, it is in nfs-utils.
-
-- also remove .la files from the libnfsidmap subdir
-- fixed missing ctype.h header include
-
-- updated to 0.23
- * Allows mappings to be correct "right out of the box" when DNS is
- set up correctly and stops idmapper from dying when there is
- no domain name set.
- * Move the default processing for the "Local-Realm" config option
- into the main config file processing function and adds missing
- documentation for the previously added configuration option.
- * Print a debug log message "when the krb5 realm can not be used since
- it does not match the DNS domain name or the 'Local-Realm' variable
- defined in /etc/idmad.conf"
- * Move the idmapd.conf manpage from nfs-utils and update it to match
- the current functionality.
- * Changes to install, and look for, the plugin libraries in a separate
- libnfsidmap directory.
-
-- move plugins .so files to main package, to make it work again
- bnc#495665, bnc#497209
-- disable versioning of those plugin libs
-
-- remove static libraries and "la" files
-
-- upgraded to 0.21
- - The main library has been changed to load "plugin" libraries to
- perform the mappings. This decouples the main library from any ldap
- (and sasl, etc.) dependencies.
- - Several translation methods (plugins) may now be specified in the
- idmapd.conf file. While a plugin returns -ENOENT, the next is called
- until a mapping is found, or there are no more plugins to try.
- - A "static" mapping plugin from David Härdeman <david@hardeman.nu> has
- been added.
- - A "gums" mapping plugin from Olga Kornievskaia <aglo@citi.umich.edu>
- has been added.
-
nvme-cli
+- Update to version 2.2.1 (jsc#PED-553):
+ * Added parsing for Solidigm telemetry observable data.
+ * Revert "udev: re-read the discovery log page when a discovery controller reconnected"
+ * add item ddr_ecc_err_cnt in smart-log-add
+ * build and install fixes/improvements
+ * build: Add minimum build requirement on libnvme
+ * build: Drop dependency on libuuid
+ * build: Extend release script to support micro version releases
+ * build: Fix endian check for cross build
+ * build: Remove unused uuid.wrap file
+ * build: Remove unusned uuid.h include
+ * build: Update release version rules
+ * build: Update version before regenerating docs
+ * completions: Add show-topology tab completion
+ * documentation fixes
+ * fabrics: Avoid nvme_scan_ctrl when disconnecting
+ * fabrics: Honor JSON config file in connect-all command
+ * fabrics: Remove dhchap-ctrl-secret from discover/connect-all
+ * fabrics: Trigger auto connect if config.json exists
+ * fabrics: fix 'persistent' handling during connect-all with JSON file
+ * fabrics: nvme config --modify depends on -n and -t argument
+ * fabrics: re-read the discovery log page when a discovery controller reconnected
+ * json: Support uint64 types serialization for older json-c versions
+ * meson: we don't need a c++ compiler
+ * new solidigm plugin
+ * nvme, plugins: fix __u64 -> unsigned long long assumptions
+ * nvme-print: Add missing values in id-ctrl for JSON output
+ * nvme-print: Handle NULL hostid in JSON output
+ * nvme-print: Output 128bit values as uint128 type instead of double
+ * nvme-print: Print fguid as a UUID
+ * nvme-print: Use uint128 JSON function for media_units_written
+ * nvme-print: decode MI status values
+ * nvme-print: decode status types
+ * nvme-print: fix wrong json key
+ * nvme-print: sanitize the get-feature async event config output
+ * nvme: Add helper function to parse 16-bit comma separated list
+ * nvme: Add nvme_cmd wrapper for get_features
+ * nvme: Add show-topology command
+ * nvme: Add wrapper for Format NVM
+ * nvme: Add wrapper for Sanitize NVM
+ * nvme: Add wrappers for Get Log page helpers
+ * nvme: Add wrappers for Identify controller lists
+ * nvme: Add wrappers for NS attach/detach
+ * nvme: Add wrappers for NS management functions
+ * nvme: Add wrappers for basic NS identify
+ * nvme: Add wrappers for firmware commands
+ * nvme: Do not print error message in collect_effects_log helper
+ * nvme: Fix set feature command to get feature identifier 0Dh length as zero
+ * nvme: Introduce a union in struct nvme_dev for different transport types
+ * nvme: Introduce nvme_cli_ wrappers, wrap identify and identify_ctrl
+ * nvme: Make static nvme_dev private to open_dev(), use locals elsewhere
+ * nvme: Masks SSTAT in sanize-log output
+ * nvme: Remove static nvme_dev, allocate on open instead
+ * nvme: Set default rae value for nvme_get_nsid_log users
+ * nvme: Simplify ns list identify
+ * nvme: Use correct print format specifier for sizeof arguments
+ * nvme: Use local struct nvme_dev for show_registers & map_registers
+ * nvme: check if cfg.metadata is NULL before passing it to strlen()
+ * nvme: use helpers for checking status types
+ * plugins/innogrit: Include timer.h
+ * plugins/innogrit: add smart items for smart-log-add
+ * plugins/micron-nvme: Use correct print format specifier for sizeof arguments
+ * plugins/ocp: Include timer.h
+ * plugins/ocp: Output 128bit values as uint128 type instead of double
+ * plugins/ocp: drop unused fd argument
+ * plugins/ocp: pass struct nvme_dev to internal functions
+ * plugins/seagate: Add support for OCP
+ * plugins/solidigm: fix return value on format parse failure
+ * plugins/toshiba: pass struct nvme_dev rather than fd + name
+ * plugins/virtium: Output 128bit values as uint128 type instead of double
+ * plugins/wdc: Add support for SN660 drive
+ * plugins/wdc: Add type case for feature id
+ * plugins/wdc: Output 128bit values as uint128 type instead of double
+ * plugins/wdc: fix memset() on the address of a pointer
+ * plugins/wdc: pass a struct nvme_dev around rather than a fd
+ * plugins/wdc: pass struct nvme_dev rather than using global nvme_dev
+ * plugins/wdc: prevent duplicate close on NVMe device
+ * plugins/wdc: remove fd argument from print functions
+ * plugins/ytmc: pass struct nvme_dev rather than fd + name
+ * plugins: Use PRIu64 format specifier for 64bit types
+ * print: Add Controller Ready Timeout Exceeded HW error code
+ * print: Fix nvme_id_uuid_list
+ * solidgm: fix initialization warning
+ * solidigm: Added parsing for telemetry customer screenable data
+ * solidigm: Fix printf format for size_t variable
+ * solidigm: Updated Telemetry parsing code to MIT license.
+ * subprojects/libnvme: update for MI admin command coverage
+ * tests: Update license to GPL-2.0-or-later
+ * tree: Add NVMe-MI support
+ * tree: Add dev_fd() helper
+ * tree: Change nvme_dev from global to static
+ * tree: Combine NVMe file descriptor into struct nvme_dev
+ * tree: Move global device info to a single struct
+ * tree: fail on non-negative return values from parse_and_open
+ * udev: Add HOST_IFACE to udev rule
+ * util/json.h: Add json_object_get_uint64 fallback implementation
+ * util/json: Add 128 bit JSON helpers
+ * util/types: Add 128 bit conversion helpers
+ * util: Fix le128_to_cpu on big-endian
+ * util: Fix le128_to_cpu on little-endian
+ * util: Move common type conversion helpers into util section
+ * utils/json: Add json_object_new_uint64 for json-c < 0.14
+ * utils: Fix uint128_t usage
+ * various fixes reported by coverity
+ * version reporting includes library version
+ * wdc: OCP Log page updates and fixes
+ * wrapper: Add weak nvme_init_copy_range_f1 symbol
+ * wrapper: Call library version of nvme_init_copy_range_f1
+ * wrapper: Update SPDIX license
+ * zns.c: report zones should be started after retrieved zone
+- Drop upsreamp patches
+ * remove 0001-fabrics-Already-connected-uses-a-different-error-cod.patch
+ * remove 0002-fabrics-skip-connect-if-the-transport-types-don-t-ma.patch
+ * remove 0003-nvme-print-Show-paths-from-the-first-namespace-only.patch
+ * remove 0004-nvme-print-Show-ANA-state-only-for-one-namespace.patch
+ * remove 0005-fabrics-Honor-config-file-for-connect-all.patch
+ * remove 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch
+ * remove 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch
+ * remove 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch
+ * remove 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch
+ * remove 0010-nvme-Return-status-error-code-for-effects-log-comman.patch
+ * remove 0011-nvme-fix-nvme-get-feature-with-H-option.patch
+ * remove 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch
+ * remove 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch
+ * remove 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch
+ * remove 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch
+- Handle suse-missing-rclink lint warnings by providing the symlinks
+- Support auto discovery, add %systemd_ordering to spec file (bsc#1186399)
+- Mark no binaries rpms as noarch
+
+- Support auto discovery, add %systemd_ordering to spec file (bsc#1186399)
+- fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701)
+ * add 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch
+- Fabrics related bug fixes
+ * add 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch
+ * add 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch
+ * add 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch
+ * add 0010-nvme-Return-status-error-code-for-effects-log-comman.patch
+ * add 0011-nvme-fix-nvme-get-feature-with-H-option.patch
+ * add 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch
+ * add 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch
+ * add 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch
+ * add 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch
+
openssl-1_1
+- FIPS: Service-level indicator [bsc#1190651]
+ * Mark PBKDF2 with key shorter than 112 bits as non-approved
+ * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch
+
+- FIPS: Service-level indicator [bsc#1190651]
+ * Consider RSA siggen/sigver with PKCS1 padding also approved
+ * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch
+
+- FIPS: Service-level indicator [bsc#1190651]
+ * Return the correct indicator for a given EC group order bits
+ * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch
+
perl-Cpanel-JSON-XS
+- updated to 4.32
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.32 2022-08-13 (rurban)
+ - fix new JSON::PP::Boolean overload redefinition warnings. GH #200
+ 4.31 2022-08-10 (rurban)
+ - adjust t/20_unknown.t pp bool tests for native bool when supported.
+ GH #198 PR by Graham Knop.
+
+- updated to 4.30
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.30 2022-06-14 (rurban)
+ - Fix perl 5.37 utf8n_to_uvuni deprecation. GH #196
+
+- updated to 4.29
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.29 2022-05-27 (rurban)
+ - Hack: Revert native bool (unblessed) overloads via JSON::PP 4.08.
+ JSON::PP ignores unblessed bools for now. GH #194
+
+- updated to 4.28
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.28 2022-05-05 (rurban)
+ - Validate the JSON struct which might get corrupted by wrong FREEZE/THAW
+ methods, or other serializers, or corrupting our magic object. (GH #192)
+ - Improve our DESTROY and END methods to avoid NULL dereferences.
+ Fixes perl-compiler/#438
+ - Fix 3 tests in t/20_unknown.t with the latest 5.35.10 bool enhancements
+ and JSON::PP (GH #194)
+ - Fix t/118_type.t with Windows ivtype long long. (GH #178)
+ - Added github actions
+
+- updated to 4.27
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.27 2021-10-13 (rurban)
+ - Only add -Werror=declaration-after-statement for 5.035004 and earlier (PR #186 nwc)
+ - Fix 125_shared_boolean.t for threads (PR #184 Sinan Unur)
+
php7
+- version update to 7.4.33 [bsc#1204577][bsc#1204979]
+ 03 Nov 2022
+ GD:
+ Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
+ Hash:
+ Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
+
+- version update to 7.4.32 [jsc#SLE-23639]
+ Version 7.4.32
+ 29 Sep 2022
+ Core:
+ Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
+ Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
+ Version 7.4.30
+ 09 Jun 2022
+ mysqlnd:
+ Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
+ pgsql:
+ Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
+ Version 7.4.29
+ 14 Apr 2022
+ Core:
+ No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates.
+ Date:
+ Updated to latest IANA timezone database (2022a).
+ Version 7.4.28
+ 17 Feb 2022
+ Filter:
+ Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)
+ Version 7.4.27
+ 16 Dec 2021
+ Core:
+ Fixed bug #81626 (Error on use static:: in __ÑallStatic() wrapped to Closure::fromCallable()).
+ FPM:
+ Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
+ GD:
+ Fixed bug #71316 (libpng warning from imagecreatefromstring).
+ OpenSSL:
+ Fixed bug #75725 (./configure: detecting RAND_egd).
+ PCRE:
+ Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
+ Standard:
+ Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
+ Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
+ Version 7.4.26
+ 18 Nov 2021
+ Core:
+ Fixed bug #81518 (Header injection via default_mimetype / default_charset).
+ Date:
+ Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
+ MBString:
+ Fixed bug #76167 (mbstring may use pointer from some previous request).
+ MySQLi:
+ Fixed bug #81494 (Stopped unbuffered query does not throw error).
+ PCRE:
+ Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
+ Streams:
+ Fixed bug #54340 (Memory corruption with user_filter).
+ XML:
+ Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
+- fixes [bsc#1203867] and [bsc#1203870]
+- deleted patches
+ - php7-CVE-2021-21707.patch (upstreamed)
+ - php7-CVE-2021-21708.patch (upstreamed)
+ - php7-CVE-2022-31625.patch (upstreamed)
+ - php7-CVE-2022-31626.patch (upstreamed)
+
pixman
+- Add pixman-CVE-2022-44638.patch: avoid an integer overflow
+ (boo#1205033 CVE-2022-44638).
+
plymouth
+- Update plymouth-install-label-library-and-font-file-to-initrd.patch:
+ avoid invalid script commands failure(bsc#1203147).
+
-- Do not own /usr/share/locale (owned by filesystem):
+- Update plymouth.spec: Do not own /usr/share/locale (owned by filesystem):
postfix
+- use correct source signature file (gpg2)
+
+- update to 3.7.2
+ https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES
+- rebase patches
+ * pointer_to_literals.patch
+ * postfix-linux45.patch
+ * postfix-main.cf.patch
+ * postfix-master.cf.patch
+ * postfix-no-md5.patch
+ * postfix-ssl-release-buffers.patch
+ * postfix-vda-v14-3.0.3.patch
+ * set-default-db-type.patch
+- build against libpcre2
+
+- remove *.swp from postfix-SUSE.tar.gz
+
+- fix config.postfix 'hash' leftover with relay_recipients
+- update postfix-main.cf.patch about
+ * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls)
+ * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls)
+- rebase/refresh patches
+ * harden_postfix.service.patch
+ * postfix-avoid-infinit-loop-if-no-permission.patch
+ * postfix-master.cf.patch
+ * postfix-vda-v14-3.0.3.patch
+ * set-default-db-type.patch
+
+- Change ed requires to /usr/bin/ed: allow busybox-ed to be used
+ inside containers.
+
+- add missing requires for config.postfix and the postfix
+ postinstall script: perl and ed
+
+- update to 3.6.6
+ * (problem introduced: Postfix 2.7) The milter_header_checks maps
+ are now opened before the cleanup(8) server enters the chroot
+ jail.
+ * In an internal client module, "host or service not found" was
+ a fatal error, causing the milter_default_action setting to be
+ ignored. It is now a non-fatal error, just like a failure to
+ connect.
+ * The proxy_read_maps default value was missing up to 27 parameter
+ names. The corresponding lookup tables were not automatically
+ authorized for use with the proxymap(8) service. The parameter
+ names were ending in _checks, _reply_footer, _reply_filter,
+ _command_filter, and _delivery_status_filter.
+ * (problem introduced: Postfix 3.0) With dynamic map loading
+ enabled, an attempt to create a map with "postmap regexp:path"
+ would result in a bogus error message "Is the postfix-regexp
+ package installed?" instead of "unsupported map type for this
+ operation". This happened with all non-dynamic map types (static,
+ cidr, etc.) that have no 'bulk create' support.
+
+- config.postfix fails to set smtp_tls_security_level
+ (bsc#1192314)
+
+- Refreshed spec-file via spec-cleaner and manual optimizated.
+ * Added -p flag to all install commands.
+ * Removed -f flag from all ln commands.
+- Changed file harden_postfix.service.patch (boo#1191988).
+
+- update to 3.6.5
+ * Glibc 2.34 implements closefrom(). This was causing a conflict
+ with Postfix's implementation for systems that have no closefrom()
+ implementation.
+ * Support for Berkeley DB version 18.
+- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch
+
+- Postfix on start don't run postalias /etc/postfix/aliases
+ (error open database /etc/postfix/aliases.lmdb). (bsc#1197041)
+ Apply proposed patch
+
+- config.postfix can't handle symlink'd /etc/resolv.cof
+ (bsc#1195019)
+ Adapt proposed change: using "cp -afL" by copying.
+
+- Update to 3.6.4
+ * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient
+ entries in postconf output. This was caused by an incomplete
+ fix to send SMTP session transcripts to $bounce_notice_recipient.
+ * Bug introduced in Postfix 3.0: the proxymap daemon did not
+ automatically authorize proxied maps inside pipemap (example:
+ pipemap:{proxy:maptype:mapname, ...}) or inside unionmap.
+ * Bug introduced in Postfix 2.5: off-by-one error while writing
+ a string terminator. This code passed all memory corruption
+ tests, presumably because it wrote over an alignment padding
+ byte, or over an adjacent character byte that was never read.
+ * The proxymap daemon did not automatically authorize map features
+ added after Postfix 3.3, caused by missing *_maps parameter
+ names in the proxy_read_maps default value. Found during code
+ maintenance.
+
+- Update to 3.6.3
+ * (problem introduced in Postfix 2.4, released in 2007): queue
+ file corruption after a Milter (for example, MIMEDefang) made
+ a request to replace the message body with a copy of that message
+ body plus additional text (for example, a SpamAssassin report).
+ * (problem introduced in Postfix 2.10, released in 2012): The
+ postconf "-x" option could produce incorrect output, because
+ multiple functions were implicitly sharing a buffer for
+ intermediate results. Problem report by raf, root cause analysis
+ by Viktor Dukhovni.
+ * (problem introduced in Postfix 2.11, released in 2013): The
+ check_ccert_access feature worked as expected, but produced a
+ spurious warning when Postfix was built without SASL support.
+ Fix by Brad Barden.
+ * Fix for a compiler warning due to a missing 'const' qualifier
+ when compiling Postfix with OpenSSL 3. Depending on compiler
+ settings this could cause the build to fail.
+ * The known_tcp_ports settings had no effect. It also wasn't fully
+ implemented. Problem report by Peter.
+ * Fix for missing space between a hostname and warning text.
+
+- Ensure postfix can write to home directory or server side
+ filtering wont work (sieve)
+
+- Ensure service can write to /etc/postfix
+
+- Added hardening to systemd service (bsc#1181400). Added
+ harden_postfix.service.patch
+
+- postfix fails with glibc 2.34
+ Define HAS_CLOSEFROM
+ (bsc#1189101)
+ add patch
+ - postfix-3.6.2-glibc-234-build-fix.patch
+
+- fix config.postfix (follow up of bsc#1188477)
+
+- Syntax error in config.postfix
+ (bsc#1188477)
+
+- Update to 3.6.2
+ * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal
+ error in the compatibility_level parser, because there was no
+ 'errno = 0' statement before an strtol() call.
+ * (problem introduced in Postfix 3.3) "Null pointer read" error
+ in the cleanup daemon when "header_from_format = standard" (the
+ default as of Postfix 3.3), and email was submitted with
+ /usr/sbin/sendmail without From: header, and an all-space full
+ name was specified in 1) the password file, 2) with "sendmail
+ - F", or 3) with the NAME environment variable. Found by Renaud
+ Metrich.
+ * (problem introduced in Postfix 2.4) False "too many reverse
+ jump" warnings in the showq daemon, because loop detection code
+ was comparing memory addresses instead of queue file names.
+ Reported by Mehmet Avcioglu.
+ * (problem introduced in 1999) The Postfix SMTP server was sending
+ all session transcripts to the error_notice_recipient (default:
+ postmaster), instead of sending transcripts of bounced mail to
+ the bounce_notice_recipient (default: postmaster). Reported by
+ Hans van Zijst.
+ * The texthash: map implementation broke tls_server_sni_maps,
+ because it did not support multi-file inputs. Reported by
+ Christopher Gurnee, who also found an instance of the missing
+ code in the "postmap -F" source code. File: util/dict_thash.c.
+
+- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist
+ (bsc#1066854)
+
+- postfix-SUSE
+ * rework sysconfig.postfix, add
+ - POSTFIX_WITH_DKIM
+ - POSTFIX_DKIM_CONN
+ * rework config.postfix for main.cf
+ - with_dkim
+- update postfix-main.cf.patch
+ * add OpenDKIM settings
+
+- postfix-mysql
+ * add mysql_relay_recipient_maps.cf
+- postfix-SUSE
+ * rework sysconfig.postfix, add
+ - POSTFIX_RELAY_RECIPIENTS
+ - POSTFIX_BACKUPMX
+ * add relay_recipients
+ * rework config.postfix for main.cf
+ - is_backupmx
+ - relay_recipient_maps
+
+- Add now working CONFIG parameter to sysusers generator
+- Remove unnecessary group line from postfix-vmail-user.conf
+
+- Update to 3.6.1
+ * Bugfix (introduced: Postfix 2.11): the command "postmap
+ lmdb:/file/name" (create LMDB database from textfile) handled
+ duplicate input keys ungracefully, discarding entries stored
+ up to and including the duplicate key, and causing a double
+ free() call with lmdb versions 0.9.17 and later. Reported by
+ Adi Prasaja; double free() root cause analysis by Howard Chu.
+ * Typo (introduced: Postfix 3.4): silent_discard should be
+ silent-discard in BDAT_README.
+
+- fix postfix-master.cf.patch
+ * set correct indentation (again) for options of
+ - submission (needs 3 spaces)
+ - smtps (needs 4 spaces)
+ to make config.postfix work nicely again
+
+- Update to 3.6.0
+ - Major changes - internal protocol identification
+ Internal protocols have changed. You need to "postfix stop"
+ before updating, or before backing out to an earlier release,
+ otherwise long-running daemons (pickup, qmgr, verify, tlsproxy,
+ postscreen) may fail to communicate with the rest of Postfix,
+ causing mail delivery delays until Postfix is restarted.
+ For more see /usr/share/doc/packages/postfix/RELEASE_NOTES
+- refreshed patches to apply cleanly again:
+ fix-postfix-script.patch
+ ipv6_disabled.patch
+ pointer_to_literals.patch
+ postfix-linux45.patch
+ postfix-main.cf.patch
+ postfix-master.cf.patch
+ postfix-no-md5.patch
+ postfix-ssl-release-buffers.patch
+ postfix-vda-v14-3.0.3.patch
+ set-default-db-type.patch
+
+- Update to 3.5.10 with security fixes:
+ * Missing null pointer checks (introduced in Postfix 3.4) after
+ an internal I/O error during the smtp(8) to tlsproxy(8) handshake.
+ Found by Coverity, reported by Jaroslav Skarvada. Based on a
+ fix by Viktor Dukhovni.
+ * Null pointer bug (introduced in Postfix 3.0) and memory leak
+ (introduced in Postfix 3.4) after an inline: table syntax error
+ in main.cf or master.cf. Found by Coverity, reported by Jaroslav
+ Skarvada. Based on a fix by Viktor Dukhovni.
+ * Incomplete null pointer check (introduced: Postfix 2.10) after
+ truncated HaProxy version 1 handshake message. Found by Coverity,
+ reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.
+ * Missing null pointer check (introduced: Postfix alpha) after
+ null argv[0] value.
+
publicsuffix
+- Update to version 20220903:
+ * util: gTLD data autopull updates for 2022-09-03T15:15:24 UTC (#1606)
+ * Update public_suffix_list.dat (#1594)
+ * Add streamlitapp.com (#1591)
+ * Update public_suffix_list.dat (#1573)
+ * Add Framer Sites domains to PSL (#1570)
+ * new TLD .ישר×ל and SLDs for Israel by ISOC-IL (#1595)
+
+- Update to version 20220805:
+ * Updates to NIXI `.in` subspace in ICANN section of PSL (#1588)
+ * util: gTLD data autopull updates for 2022-07-28T15:14:54 UTC (#1592)
+ * util: gTLD data autopull updates for 2022-07-03T15:13:52 UTC (#1587)
+ * Add messerli.app (#1535)
+ * Add iservschule.de, schulplattform.de, update IServ GmbH contact information (#1580)
+ * Add `lolipopmc.jp` (#1555)
+ * Add ibxos.it and iliadboxos.it domains (#1549)
+ * Simplify the instance and endpoint domains using wildcard syntax (#1584)
+ * util: gTLD data autopull updates for 2022-06-14T15:15:19 UTC (#1581)
+ * doc (.in): update ref uri to registry policies (#1577)
+ * util: gTLD data autopull updates for 2022-06-02T15:16:31 UTC (#1579)
+
+- Update to version 20220518:
+ * util: gTLD data autopull updates for 2022-05-18T15:16:02 UTC (#1567)
+ * fixed wordwrap; added # of users q
+ * Add builder.code.com, stg-builder.code.com, and dev-builder.code.com (#1566)
+ * UPDATE HOSTBIP RECORDS (`name.pm` `sch.tf` `biz.wf` `sch.wf` `org.yt`) (#1473)
+ * Fix comments delete space and deprecation of io/ioutil (#1557)
+
+- Update to version 20220510:
+ * Cleaned up the wording and formatting
+ * Clarified 3rd party workaround stuff; fixed #1559
+ * Add gov.nl (#1558)
+ * util: gTLD data autopull updates for 2022-04-30T15:14:45 UTC (#1564)
+
+- Update to version 20220415:
+ * util: gTLD data autopull updates for 2022-04-14T15:15:34 UTC (#1554)
+ * Add `1.azurestaticapps.net` DNS suffix (#1514)
+ * add support for scaleway subdomains (#1507)
+
python3
+- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
+ the garbage collection (bsc#1188607).
+
+- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix
+ bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer
+ overflow in hashlib.sha3_* implementations (originally from the
+ XKCP library).
+
+- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix
+ CVE-2020-10735 (bsc#1203125) to limit amount of digits
+ converting text to int and vice vera (potential for DoS).
+ Originally by Victor Stinner of Red Hat.
+
-- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and
- CRLF_injection_via_host_part.patch.
+- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch,
+ CRLF_injection_via_host_part.patch, and
+ CVE-2019-18348-CRLF_injection_via_host_part.patch.
rpm
+- Strip critical bit in signature subpackage parsing
+ * modified patch: pgpharden.diff
+- Add workaround to make newer dnf versions no longer deadlock
+ after it imported a pubkey [bnc#1202750]
+ * new patch: keyimportdeadlock.diff
+
rubygem-nokogiri
+- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408)
+ fixes possibility to DoS because of inefficient RE in HTML encoding
+- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782)
+ fixes Improper Handling of Unexpected Data Types
+
systemd
+- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
+ ae2067b062 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821)
+ 0469b9f2bc pstore: do not try to load all known pstore modules
+ ad05f54439 pstore: Run after modules are loaded
+ ccad817445 core: Add trigger limit for path units
+ 281d818fe3 core/mount: also add default before dependency for automount mount units
+ ffe5b4afa8 logind: fix crash in logind on user-specified message string
+
+- Add 1012-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179)
+- Make "sle15-sp3" net naming scheme still available for backward compatibility
+ reason
+
tar
+- Fix unexpected inconsistency when making directory, bsc#1203600
+ * tar-avoid-overflow-in-symlinks-tests.patch
+ * tar-fix-extract-unlink.patch
+- Update race condition fix, bsc#1200657
+ * tar-fix-race-condition.patch
+- Refresh bsc1200657.patch
+
tiff
+ * CVE-2022-3597 [bsc#1204641]
+ * CVE-2022-3626 [bsc#1204644]
+ * CVE-2022-3627 [bsc#1204645]
+ + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch
+ * CVE-2022-3599 [bsc#1204643]
+ + tiff-CVE-2022-3599.patch
+ * CVE-2022-3970 [bsc#1205392]
+ + tiff-CVE-2022-3970.patch
+
+- security update:
tigervnc
-- U_Handle-pending-data-in-TLS-buffers.patch
- * Vncclient wasn't refreshing screen correctly due to an issue on
- TLS stream buffers.
- * bsc#1199477
-
-- U_0003-Update-Surface_X11.cxx.patch
- * Fix to render properly considering endianness.
- * bsc#1197119
+- Release 1.12.0 covers bugfixes for bsc#1197119,bsc#1199477
+
+- Release 1.12.0 supersedes the following patches still used with
+ tigervnc 1.10.1 on sle15-sp4/Leap 15.4:
+ * U_0003-Update-Surface_X11.cxx.patch
+ * U_Handle-pending-data-in-TLS-buffers.patch
+
+- Use %_pam_vendordir
+
+- fix homepage url
+- move license to licensedir
+- a few of the trivial spec-cleaner cleanups
+
+- nasm is not needed for build, remove from buildrequires
+- Remove patch: tigervnc-clean-pressed-key-on-exit.patch
+ * fixed bsc#670448 wich can no longer be reproduced
+ * removing the patch fixes bsc#1196214
+ * related: https://github.com/TigerVNC/tigervnc/pull/14
+
+- n_vncserver.patch
+ * fix location of Xsession script
+- vncserver usage has radically changed; please check this:
+ https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md
+
+- Update to tigervnc 1.12.0
+ * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed
+ * Recent server history in the native viewer
+ * The native viewer now has an option to reconnect if the connection is dropped
+ * Translations are now enabled on Windows and macOS for the native viewer
+ * The native viewer now respects the system security policy
+ * Better handling of accented keys in the Java viewer
+ * The Unix servers can now listen to both a Unix socket and a TCP port at the same time
+ * The network code in both the servers and the native viewer has been restructured to give a more responsive experience
+ * The vncserver service now correctly handles settings set to "0"
+ * Fixed the clipboard Unicode handling in both the native viewer and the servers
+ * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games
+- Update to tigervnc 1.11.0
+ * A security issue has been fixed in how the viewers handle TLS certificate exceptions
+ * vncserver has gotten a major redesign to be compatible with modern distributions
+ * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel)
+ * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons
+ * The Java viewer now supports Java 9+, but also now requires Java 8+
+ * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer)
+ * The password and username can now be specified via the environment for the native viewer
+ * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16
+ * The official builds have been fixed to work on the upcoming macOS 11
+ * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy
+- Removed patches (included in 1.12.0):
+ * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch
+ * tigervnc-fix-saving-of-bad-server-certs.patch
+ * u_xorg-server-1.20.7-ddxInputThreadInit.patch
+ * U_0001-Properly-store-certificate-exceptions.patch
+ * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
+ * tigervnc-FIPS-use-RFC7919.patch
+ * u_Fix-non-functional-MaxDisconnectionTime.patch
+- Removed patches (no longer needed):
+ * u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258)
+ * u_tigervnc_update_default_vncxstartup.patch
+- Refreshed patches:
+ * n_correct_path_in_desktop_file.patch
+ * n_tigervnc-date-time.patch
+ * n_utilize-system-crypto-policies.patch
+ * tigervnc-clean-pressed-key-on-exit.patch
+ * tigervnc-newfbsize.patch
+ * u_build_libXvnc_as_separate_library.patch
+ * u_change-button-layout-in-ServerDialog.patch
+ * u_tigervnc-add-autoaccept-parameter.patch
+ * u_tigervnc-211.patch
+
+- buildrequire xorg-x11-server-sdk/xorg-x11-server-source >= 21.1.0
+
+- Change to systemd-sysusers
+
+- u_tigervnc-211.patch, xserver211.patch
+ * fixes build against xorg-server 21.1 sources
+
timezone
+- timezone update 2022f (bsc#1177460):
+ * Mexico will no longer observe DST except near the US border
+ * Chihuahua moves to year-round -06 on 2022-10-30
+ * Fiji no longer observes DST
+ * Move links to 'backward'
+ * In vanguard form, GMT is now a Zone and Etc/GMT a link
+ * zic now supports links to links, and vanguard form uses this
+ * Simplify four Ontario zones
+ * Fix a Y2438 bug when reading TZif data
+ * Enable 64-bit time_t on 32-bit glibc platforms
+ * Omit large-file support when no longer needed
+ * In C code, use some C23 features if available
+ * Remove no-longer-needed workaround for Qt bug 53071
+- Refreshed patches:
+ * fat.patch
+ * tzdata-china.diff
+
+- timezone update 2022e (bsc#1177460):
+ * Jordan and Syria switch from +02/+03 with DST to year-round +03
+- timezone update 2022d:
+ * Palestine transitions are now Saturdays at 02:00
+ * Simplify three Ukraine zones into one
+- timezone update 2022c:
+ * Work around awk bug
+ * Improve tzselect on intercontinental Zones
+- timezone update 2022b:
+ * Chile's DST is delayed by a week in September 2022 boo#1202324
+ * Iran no longer observes DST after 2022
+ * Rename Europe/Kiev to Europe/Kyiv
+ * New zic -R option
+ * Vanguard form now uses %z
+ * Finish moving duplicate-since-1970 zones to 'backzone'
+- Refresh tzdata-china.diff
+- Remove upstreamed bsc1202310.patch
+
vim
+- Updated to version 9.0 with patch level 0814, fixes the following problems
+ * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow
+ * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483.
+ * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490.
+ * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598.
+ * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
+ * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer()
+ * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c
+ * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c
+ * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c
+ * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag()
+ * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
+ * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c
+ * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free
+ * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse()
+ * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321
+- ignore-flaky-test-failure.patch: Ignore failure of flaky tests
+- disable-unreliable-tests-arch.patch: Removed
+- for the complete list of changes see
+ https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814
+
webkit2gtk3
+- Update to version 2.38.2 (boo#1205120 boo#1205123 boo#1205124):
+ + Fix scrolling issues in some sites having fixed background.
+ + Fix prolonged buffering during progressive live playback.
+ + Fix the build with accessibility disabled.
+ + Fix several crashes and rendering issues.
+ + Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824.
+- Update no-forced-sse.patch with quilt.
+- Pass -DENABLE_DOCUMENTATION=OFF to configure, we did not build
+ the API docs in the past, and I see no reason to start now.
+- Drop pkgconfig(libnotify) BuildRequires: No longer needed, nor
+ used if available.
+- Pass -DUSE_SYSTEM_MALLOC=ON on all architectures, to work
+ around webkit#243535.
+
+- Update to version 2.38.1:
+ + Make xdg-dbus-proxy work if host session bus address is an
+ abstract socket.
+ + Use a single xdg-dbus-proxy process when sandbox is enabled.
+ + Fix high resolution video playback due to unimplemented
+ changeType operation.
+ + Ensure GSubprocess uses posix_spawn() again and inherit file
+ descriptors.
+ + Fix player stucking in buffering (paused) state for progressive
+ streaming.
+ + Do not try to preconnect on link click when link preconnect
+ setting is disabled.
+ + Fix close status code returned when the client closes a
+ WebSocket in some cases.
+ + Fix media player duration calculation.
+ + Fix several crashes and rendering issues.
+
+- Update to version 2.38.0 boo#1205121 boo#1205122):
+ + New media controls UI style.
+ + Add new API to set WebView’s Content-Security-Policy for web
+ extensions support.
+ + Make it possible to use the remote inspector from other
+ browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var.
+ + MediaSession is enabled by default, allowing remote media
+ control using MPRIS.
+ + Add support for PDF documents using PDF.js.
+ + Security fixes: CVE-2022-32888, CVE-2022-32923.
+
wget
+- Update 0001-possibly-truncate-pathname-components.patch
+ * Truncate file name even if no directory structure
+ * [bsc#1204720]
+
wicked
+- version 0.6.70
+- build: Link as Position Independent Executable (bsc#1184124)
+- dhcp4: Fix issues in reuse of last lease (bsc#1187655)
+- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307)
+- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b)
+- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03)
+- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924)
+- team: Fix to configure port priority in teamd (bsc#1200505)
+- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950)
+- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931)
+- wireless: Add support for WPA3 and PMF (bsc#1198894)
+- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910)
+- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919)
+- client: Add release options to ifdown/ifreload (jsc#SLE-10249)
+- dbus: Clear string array before append (gh#openSUSE/wicked#913)
+- socket: Fix SEGV on heavy socket restart errors (bsc#1192508)
+- systemd: Remove systemd-udev-settle dependency (bsc#1186787)
+
-- dbus: cleanup the dbus-service.h file and unused property makros
+- dbus: cleanup the dbus-service.h file and unused property macros
- e.g. tso has been splitted into several features and the
+ e.g. tso has been split into several features and the
-- cleanup: add mising/explicit designated field initializers
+- cleanup: add missing/explicit designated field initializers
-- dhcp: suport to define and request custom options (bsc#988954),
+- dhcp: support to define and request custom options (bsc#988954),
-- utils: fixed last byte formating in ni_format_hex
+- utils: fixed last byte formatting in ni_format_hex
-- ifconfig: readd broadcast calculation (bcs#971629).
+- ifconfig: re-add broadcast calculation (bcs#971629).
-- vesion 0.6.27
+- version 0.6.27
xf86-input-libinput
+- Enable tarball sig url too, verify tarball via keyring.
+
+- Update to version 1.2.1
+ * few typos and misc minor fixes
+ * property added to turn off new high-resolution wheel scrolling
+ API
+
+- reverted previous change; the issue was broken ckb-next, not
+ the usage of libinput v120 API (boo#1190646)
+
+- switch to libinput v120 API broke the driver, so disable it for
+ now via patching config.h in specfile after running configure
+ (boo#1190646)
+
+- Update to version 1.2.0
+ * This release introduces support for touchpad gestures that will
+ be available as part of X server 21.1. Additionally high-resolution
+ scrolling data is now acquired from libinput if available and sent
+ downstream to X server. The default scroll distance has been bumped
+ to 120 in the process, but this should not affect correctly written
+ clients.
+
+- Update to version 1.1.0
+ * This release adds a new driver-specific option:
+ ScrollPixelDistance. This option converts movement "pixels"
+ from libinput into the server's "scroll unit" definition and
+ can thus help speeding up or slowing down two-finger/edge scrolling.
+
+- Update to version 1.0.1
+ * Only one fix, the code to set the tap button mapping property
+ didn't correctly check for a valid device, causing memory
+ corruption and a crash if called after a device was disabled.
+ Or, in more user-friendly terms: if your X session crashed
+ after calling `xinput disable $touchpad-device`, this release
+ has the fix for it.
+
+- Update to version 1.0.0
+ * The biggest change here is the license change to MIT. Due to an unfortunate
+ copy/paste error, the actual license text used was the Historical Permission
+ Notice and Disclaimer license. With the ack of the various contributors, the
+ driver is now using the MIT license text as intended. The actual impact is
+ low, the HPND is virtually identical to the MIT license anyway (ianal,
+ consult your legal dept if you have one).
+ * The only other notable change: cancelled touch points are now lifted
+ correctly. Where libinput cancels a touch, e.g. in response to a palm being
+ detected, the touch point previously got stuck in the down state. This is
+ fixed now.
+
+- refresh spec file (move licenses to licensedir)
+
+- Update to version 0.30.0
+ * Only one noticeable change: the scroll button lock
+ configuration option available in recent libinput versions
+ is now exposed as the usual set of properties by this driver.
+
+- Update to version 0.29.0
+ * Only one real fix: we now check for the tool type as well as
+ the serial when we create subdevices for tablet tools.
+ Previously there were some cases where the eraser device
+ wasn't created correctly.
+
+- move xorg.conf.d snippet from /etc/X11/xorg.conf.d to
+ /usr/share/X11/xorg.conf.d (boo#1139692)
+
+- Update to version 0.28.2
+ * This release contains a bugfix that will likely trigger in future releases
+ of libinput. The driver assumed wrongly that any wheel event has a nonzero
+ discrete event and used the discrete as a divisor. Which is obviously a bad
+ idea, mathematically speaking, because you never know what the future will
+ bring. Hint: it will bring wheel events with a discrete of zero.
+
xorg-x11-server
+- Release 21.1 covers bugfixes and JIRA tickets for bsc#1176015,bsc#1182510,bsc#1182884,bsc#1184072,bsc#1184543,bsc#1184906,bsc#1186092,bsc#1188970,bsc#1194159,bsc#1196577,bsc#1197046,bsc#1197269,bsc#1200076,fdo#574,jsc#SLE-18653,jsc#SLE-8470
+
+- Release 21.1 supersedes the following patches still used with
+ xorg-x11-server 1.20.3 on sle15-sp4/Leap 15.4:
+ * U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch
+ * U_0002-Fix-crash-on-XkbSetMap.patch
+ * U_0003-Fix-crash-on-XkbSetMap.patch
+ * U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch
+ * U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch
+ * U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch
+ * U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch
+ * U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch
+ * U_hw_do-not-include-sys-io-with-glibc.patch
+ * U_meson-Fix-another-reference-to-gl-9.2.0.patch
+ * U_modesetting-Fix-broken-manpage-in-autoconf-build.patch
+ * U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch
+ * U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch
+ * U_xfree86-Change-displays-array-to-pointers-array-to-f.patch
+ * U_xfree86-Fix-NULL-pointer-dereference-crash.patch
+ * U_xkbsetdeviceinfo.patch
+ * u_sync-pci-ids-with-Mesa-21.2.4.patch
+ * u_xf86-Accept-devices-with-the-simpledrm-driver.patch
+ * u_xichangehierarchy-CVE-2020-14346.patch
+ * u_xkb-CVE-2020-14345.patch
+ * u_xkb-CVE-2020-14360.patch
+
+- removed N_Disable-HW-Cursor-for-cirrus-and-mgag200-kernel-modules.patch
+ * meanwhile cirrus and mgag200 Kernel drivers have been rewritten
+ multiple times and no longer have (broken) hardware cursor
+
+- u_xf86-Accept-devices-with-the-kernels-ofdrm-driver.patch
+ * Add workaround to support ofdrm
+
+- rename u_sync-pci-ids-with-Mesa-22.0.0.patch to
+ u_sync-pci-ids-with-Mesa.patch (currently synced with Mesa 22.1.3)
+
+- u_sync-pci-ids-with-Mesa-22.0.0.patch
+ * synced with Mesa 22.1.3; just adding a PCI ID for vmware was
+ needed
+
+- Update to version 21.1
+ * This release fixes 2 recently reported security vulnerabilities
+ in xkb, several regressions since 1.20.x and a number of
+ miscellaneous bugs.
+- supersedes the following security patches
+ * U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch
+ * U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch
+ * U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch
+- supersedes U_Fix-build-with-gcc-12.patch
+
-- U_0002-Fix-crash-on-XkbSetMap.patch
- U_0003-Fix-crash-on-XkbSetMap.patch
- * fixes Xserver crash on keyboard remapping (boo#1200076, fdo#574)
-
-- U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch
- * avoid consequently failing page flip (boo#1197269)
-
-- u_sync-pci-ids-with-Mesa-21.2.4.patch
- * sync pci ids with Mesa 21.2.4 (related to boo#1197046)
-
-- U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch
- U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch
- U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch
- U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch
- * sync GL driver PCI IDs with Mesa (boo#1197046)
-
-- U_xfree86-Fix-NULL-pointer-dereference-crash.patch
- * Fix a regression in
- u_xfree86-Change-displays-array-to-pointers-array-to-f.patch
- (boo#1196577)
- * Credits go to Simon Lees <sflees@suse.de> for finding the fix!
-- renamed u_xfree86-Change-displays-array-to-pointers-array-to-f.patch
- to U_xfree86-Change-displays-array-to-pointers-array-to-f.patch
- since it's a backport from an upstream patch
-
-- u_xfree86-Change-displays-array-to-pointers-array-to-f.patch
- Fix segmentation fault during terminal switches with multiple attached
- displays (bsc#1188970)
+- add n_raise_default_clients.patch
-- Fix typo in %post: xbb.conf -> xkb.conf (boo#1194159)
+- disable -z now linking for now, as there are some missing symbol
+ issues. (boo#1197994)
-- u_xf86-Accept-devices-with-the-simpledrm-driver.patch
- * Add workaround to support simpledrm kernel driver
-- u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch
- * Add workaround to support hyperv_drm kernel driver
+- u_sync-pci-ids-with-Mesa-22.0.0.patch
+ * sync pci ids with Mesa 22.0.0
+
+- U_Fix-build-with-gcc-12.patch
+ * render: Fix build with gcc 12 (glfdo#xorg/xserver!853).
+
+- U_xephyr-Don-t-check-for-SeatId-anymore.patch
+ * fix mouse/keyboard focus in Xephyr (boo#1194658,
+ github issue#1289)
+
+- fix bashisms in pre_checkins.sh (bsc#1195391)
+
+- u_xfree86-activate-GPU-screens-on-autobind.patch
+ * Part of the original patch by Dave Airlie has landed
+ 078277e4d92f05a90c4715d61b89b9d9d38d68ea, this contains the
+ remainder of what was in SUSE before Xorg 21.1.
+ (github issue#1254, boo#1192751)
+
+- Update to version 21.1.3
+ * This release fixes several regressions since 1.20.x and 21.1.1
+ + glx/dri: Filter out fbconfigs that don't have a supported pixmap format
+ + xf86/logind: Fix compilation error when built without logind/platform bus
+ + xf86/logind: fix missing call to vtenter if the platform device is not paused
+ + Convert more funcs to use InternalEvent.
+ + os: Try to discover the current seat with the XDG_SEAT var first
+
+- Update to version 21.1.2
+ * This release fixes 4 recently reported security vulnerabilities and
+ several regressions.
+ * In particular, the real physical dimensions are no longer reported
+ by the X server anymore as it was deemed to be a too disruptive
+ change. X server will continue to report DPI as 96.
+- supersedes U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch
+- supersedes U_rendercompositeglyphs.patch
+- supersedes U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch
+- supersedes U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch
+- supersedes U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch
-- u_Support-configuration-files-under-run-X11-xorg.conf..patch
-- u_Add-udev-scripts-for-configuration-of-platform-devic.patch
-- u_Add-udev-rule-for-HyperV-devices.patch
- * Remove udev-based configuration again (not working)
-- u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch
- * Fix possible SEGFAULT when parsing busid
+- u_Support-configuration-files-under-run-X11-xorg.conf..patch
+- u_Add-udev-scripts-for-configuration-of-platform-devic.patch
+- u_Add-udev-rule-for-HyperV-devices.patch
+ * Remove udev-based configuration
+- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch
+ * Restore simpledrm workaround
+- u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch
+ * Add workaround to support hyperv_drm
+- u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch
+ * Fix SEGFAULT when parsing bus IDs of NULL (boo#1193250)
- * Support configuration files under /run
+ * Support configuration files under /run. Required for generating
+ configuration files via udev. (boo#1193250)
- * Add udev rules for configuration of platform (e.g.,
- simple-framebuffer) devices
+ * Generate configuration files for platform devices (boo#1193250)
+- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch
+ * Code has been obsoleted by udev patchset (boo#1193250)
- * Add udev rules for configuration of HyperV graphics devices
+ * Same as for platform devices, but on HyperV (boo#1193250)
-- disable build of Xwayland, which is now being built in separate
- xwayland package with more recent sources (jira#SLE/SLE-18653,
- boo#1182677)
-- no longer needed patches:
- * U_xwayland-Avoid-a-crash-on-pointer-enter-with-a-grab.patch
- * U_xwayland-Check-status-in-GBM-pixmap-creation.patch
- * U_xwayland-Do-not-free-a-NULL-GBM-bo.patch
- * U_xwayland-Update-screen-pixmap-on-output-resize.patch
- * U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch
- * U_xwayland-glamor-gbm-Handle-DRM_FORMAT_MOD_INVALID-gracefully.patch
+- U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch
+ * reverse apply this one to go back to fixed 96 dpi (gitlab
+ fdo/xserver issue#1241)
+- N_fix-dpi-values.diff
+ * back to version for xserver < 21.1.0
+
+- Update to version 21.1.1
+ * s/__/@/ in inputtestdrv manpage
+ * Make xf86CompatOutput() return NULL when there are no privates
+ * Makefile.am: Add missing meson build files to release tarball
+
+- Update to version 21.1.0
+ * The meson support is now fully mature. While autotools support
+ will still be kept for this release series, it will be dropped
+ afterwards.
+ * Glamor support for Xvfb.
+ * Variable refresh rate support in the modesetting driver.
+ * XInput 2.4 support which adds touchpad gestures.
+ * DMX DDX has been removed.
+ * X server now correctly reports display DPI in more cases. This
+ may affect rendering of client applications that have their own
+ workarounds for hi-DPI screens.
+ * A large number of small features and various bug fixes.
+- updated xorg-server-provides
+- supersedes patches
+ * U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch
+ * U_dix-window-Use-ConfigureWindow-instead-of-MoveWindow.patch
+ * U_glamor_egl-Reject-OpenGL-2.1-early-on.patch
+ * u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch
+- refreshed patches
+ * N_fix-dpi-values.diff
+ * N_zap_warning_xserver.diff
+ * u_modesetting-Fix-dirty-updates-for-sw-rotation.patch
+ * u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch
+ * u_vesa-Add-VBEDPMSGetCapabilities-VBEDPMSGet.patch
+- disabled n_xserver-optimus-autoconfig-hack.patch, which I believe is
+ superseded by:
+ commit 078277e4d92f05a90c4715d61b89b9d9d38d68ea
+ Author: Dave Airlie <airlied@redhat.com>
+ Date: Fri Aug 17 09:49:24 2012 +1000
+ xf86: autobind GPUs to the screen
+- added pkgconfig(libxcvt)
+- cvt binary moved to libxcvt0 package
+
+- Update to version 1.20.13
+ * bugfix release
+- supersedes U_present-get_crtc-should-not-return-crtc-when-its-scr.patch,
+ U_modesetting-unflip-not-possible-when-glamor-is-not-s.patch
+
+- U_modesetting-unflip-not-possible-when-glamor-is-not-s.patch
+ * this should fixes crashes of xfce when running under qemu
+ (boo#1188559)
+
+- add U_present-get_crtc-should-not-return-crtc-when-its-scr.patch (bsc#1188559)
+ https://gitlab.freedesktop.org/xorg/xserver/-/issues/1195
+
+- Update to version 1.20.12
+ * bugfix release
+
+- Drop U_xwayland-Allow-passing-a-fd.patch: We build xwayland in a
+ separate package now, so no need to keep this patch here.
+
+- Fix typo in %post: xbb.conf -> xkb.conf
-- U_xwayland-glamor-gbm-Handle-DRM_FORMAT_MOD_INVALID-gracefully.patch
- * xwayland: Fix invisible window produced by Xwayland
- (boo#1186092, boo#1184906)
-
-- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch,
- U_meson-Fix-another-reference-to-gl-9.2.0.patch
- * fix build on sle15-sp3 with updated libglvnd/Mesa and their
- new pkgconfig files
- (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893)
+- disable build of Xwayland, which is now being built in separate
+ xwayland package with more recent sources (boo#1182677)
-- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch
- * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543)
+- Update to version 1.20.11
+ * bugfix release
+- supersedes U_Fix-XChangeFeedbackControl-request-underflow.patch,
+ U_xkb-Fix-heap-overflow-caused-by-optimized-away-min.patch
-- U_modesetting-Fix-broken-manpage-in-autoconf-build.patch
- * modesetting: Fix broken manpage in autoconf build (boo#1182510)
-
-- add U_hw_do-not-include-sys-io-with-glibc.patch (bsc#1182884)
+- reenabled LTO (boo#1133294)
+ * u_no-lto-for-tests.patch
+ disables LTO in test/ subtree, since "-Wl,-wrap" is not supported by LTO
+ * added "%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects"
+
+- Update to version 1.20.10:
+ * Check SetMap request length carefully.
+ * Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows
+ * present/wnmd: Translate update region to screen space
+ * modesetting: keep going if a modeset fails on EnterVT
+ * modesetting: check the kms state on EnterVT
+ * configure: Build hashtable for Xres and glvnd
+ * xwayland: Create an xwl_window for toplevel only
+ * xwayland: non-rootless requires the wl_shell protocol
+ * glamor: Update pixmap's devKind when making it exportable
+ * os: Fix instruction pointer written in xorg_backtrace
+ * present/wnmd: Execute copies at target_msc-1 already
+ * present/wnmd: Move up present_wnmd_queue_vblank
+ * present: Add present_vblank::exec_msc field
+ * present: Move flip target_msc adjustment out of present_vblank_create
+ * xwayland: Remove pending stream reference when freeing
+ * xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one
+ * xwayland: Do not discard frame callbacks on allow commits
+ * present/wnmd: Remove dead check from present_wnmd_check_flip
+ * xwayland: Check window pixmap in xwl_present_check_flip2
+ * present/wnmd: Can't use page flipping for windows clipped by children
+ * xfree86: Take second reference for SavedCursor in xf86CursorSetCursor
+ * glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling
+ * include: Increase the number of max. input devices to 256.
+ * Revert "linux: Make platform device probe less fragile"
+ * Revert "linux: Fix platform device PCI detection for complex bus topologies"
+ * Revert "linux: Fix platform device probe for DT-based PCI"
+- Remove included pachtes
+ * U_xfree86_take_second_ref_for_xcursor.patch
+ * U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch
+ * U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch
+ * U_Revert-linux-Make-platform-device-probe-less-fragile.patch
+ * U_Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch
+ * U_Check-SetMap-request-length-carefully.patch
+
+- remove unneeded python2 script 'fdi2iclass.py' from
+ xorg-x11-server-sources subpackage (boo#1179591)
+
+- U_Check-SetMap-request-length-carefully.patch
+ * XkbSetMap Out-Of-Bounds Access: Insufficient checks on the
+ lengths of the XkbSetMap request can lead to out of bounds
+ memory accesses in the X server. (ZDI-CAN 11572,
+ CVE-2020-14360, bsc#1174908)
+- U_Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch
+ * XkbSetDeviceInfo Heap-based Buffer Overflow: Insufficient
+ checks on input of the XkbSetDeviceInfo request can lead to a
+ buffer overflow on the head in the X server. (ZDI-CAN 11389,
+ CVE-2020-25712, bsc#1177596)
+
+- n_xorg-wrapper-anybody.patch
+ * replace default config /etc/X11/Xwrapper, which allows
+ anybody to use the wrapper, by a patch for the code, i.e.
+ [#] rootonly, console, anybody
+ allowed_users=anybody
+ [#] yes, no, auto
+ needs_root_rights=auto
+ is now the default without any Xwrapper config
+ (needs_root_rights=auto was already the default before)
+
+- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch
+ * replaced by improved version written by Matthias Gerstner of
+ our security team
+ + simplified the option parsing code a bit
+ + changed the "ignore forbidden argument" logic into an "abort
+ on forbidden argument" logic. This is safer and avoids
+ surprises on the user's end that could occur if the desired
+ command line arguments aren't effective but the Xorg server is
+ still started.
+ + tried to adjust to the coding style present in the file
+ (mostly the function name)
+ + added some logic to apply the option filtering only to
+ non-root users when Xorg is actually started as root. This
+ should allow for full flexibility if root calls the wrapper or
+ if the Xorg server only runs with user privileges.
+
+- U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch,
+ U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch,
+ U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch,
+ U_Revert-linux-Make-platform-device-probe-less-fragile.patch
+ * fix Xserver startup on Raspberry Pi 3 (boo#1176203)
+
+- n_xorg-wrapper-rename-Xorg.patch
+ * moved Xorg to Xorg.bin and Xorg.sh to Xorg (boo#1175867)
+- change default for needs_root_rights to auto in Xwrapper.config
+ (boo#1175867)
+
+- reenabled SUID wrapper for TW (boo#1175867)
+- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch
+ * Xserver option whitelist filter (boo#1175867)
-- u_xkb-CVE-2020-14360.patch
- * Avoid out of bounds memory accesses on too short request
- (ZDI-CAN-11572/CVE-2020-14360, bsc#1174908)
-
-- update U_xkbsetdeviceinfo.patch
- * fixed broken patch (bsc#1177596, comment#18, ZDI-CAN-11839/CVE-2020-25712)
-
-- U_xkbsetdeviceinfo.patch (bsc#1177596, ZDI-CAN-11839/CVE-2020-25712)
- * fix for Heap-based Buffer Overflow Privilege Escalation
- Vulnerability
-
-- U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch
- * fix crash in XWayland when undocking laptop (bsc#1176015)
-- U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch
- * fix for Xwayland abort in Present code (bsc#1176015)
-- U_xwayland-Avoid-a-crash-on-pointer-enter-with-a-grab.patch,
- U_xwayland-Check-status-in-GBM-pixmap-creation.patch,
- U_xwayland-Do-not-free-a-NULL-GBM-bo.patch,
- U_xwayland-Update-screen-pixmap-on-output-resize.patch
- * various xwayland crashes fixes from 1.20 branch (bsc#1176015)
+-Add U_xfree86_take_second_ref_for_xcursor.patch: fix
+ use-after-free when switching VTs.
+- Update to version 1.20.9:
+ * Fix XRecordRegisterClients() Integer underflow
+ * Fix XkbSelectEvents() integer underflow
+ * Fix XIChangeHierarchy() integer underflow
+ * Correct bounds checking in XkbSetNames()
+ * linux: Fix platform device probe for DT-based PCI
+ * linux: Fix platform device PCI detection for complex bus topologies
+ * linux: Make platform device probe less fragile
+ * fix for ZDI-11426
+ * xfree86: add drm modes on non-GTF panels
+ * present: Check valid region in window mode flips
+ * xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp
+ * xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip
+ * doc: Update URLs in Xserver-DTrace.xml
+ * xwayland: Use a fixed DPI value for core protocol
+ * xwayland: only use linux-dmabuf if format/modifier was advertised
+ * hw/xfree86: Avoid cursor use after free
+ * Update URL's in man pages
+ * xwayland: Disable the MIT-SCREEN-SAVER extension when rootless
+ * xwayland: Hold a pixmap reference in struct xwl_present_event
+ * randr: Check rrPrivKey in RRHasScanoutPixmap()
+ * modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation
+ * xwayland: Store xwl_tablet_pad in its own private key
+ * xwayland: Initialise values in xwlVidModeGetGamma()
+ * xwayland: Fix crashes when there is no pointer
+ * xwayland: Clear private on device removal
+ * xwayland: Free all remaining events in xwl_present_cleanup
+ * xwayland: Always use xwl_present_free_event for freeing Present events
+ * present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip
+ * present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip
+ * xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only
+ * xwayland: Fix infinite loop at startup
+ * modesetting: Disable pageflipping when using a swcursor
+ * dix: do not send focus event when grab actually does not change
+- Drop patches fixed upstream:
+ * U_0001-Correct-bounds-checking-in-XkbSetNames.patch
+ * U_0002-Fix-XIChangeHierarchy-integer-underflow.patch
+ * U_0003-Fix-XkbSelectEvents-integer-underflow.patch
+ * U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch
+ * U_FixForZDI-11426.patch
+
+- U_0001-Correct-bounds-checking-in-XkbSetNames.patch
+ * Correct bounds checking in XkbSetNames()
+ [CVE-2020-14345 / ZDI 11428, boo#1174635]
+- U_0002-Fix-XIChangeHierarchy-integer-underflow.patch
+ * Fix XIChangeHierarchy() integer underflow
+ [CVE-2020-14346 / ZDI-CAN-11429, boo#1174638]
-- u_xkb-CVE-2020-14345.patch:
- * Fix XKB out-of-bounds access privilege escalation vulnerability
- (CVE-2020-14345, bsc#1174635, ZDI-CAN-11428)
-- u_xichangehierarchy-CVE-2020-14346.patch:
- * Fix XIChangeHierarchy integer underflow privilege escalation
- vulnerability (CVE-2020-14346, bsc#1174638, ZDI-CAN-11429)
-
+- move xorg_pci_ids dir from /etc/X11 to /usr/share/X11 and
+ xorg-x11-server.macros from /etc/rpm to /usr/lib/rpm/macros.d;
+ no longer package /etc/X11/xorg.conf.d (boo#1173056)
+
+- U_glamor_egl-Reject-OpenGL-2.1-early-on.patch
+ * GLAMOR: no longer bail out for OpenGL drivers < 2.1 (boo#1172321)
+
+- Update to version 1.20.8+0:
+ * Revert "dri2: Don't make reference to noClientException"
+ * dix: Check for NULL spriteInfo in GetPairedDevice
+ * os: Ignore dying client in ResetCurrentRequest
+ * modesetting: remove unnecessary error message, fix zaphod leases
+ * Fix building with `-fno-common`
+ * xwayland: clear pixmaps after creation in rootless mode
+ * glamor: Fix a compiler warning since the recent OOM fixes.
+ * Restrict 1x1 pixmap filling optimization to GXcopy
+ * Add xf86OSInputThreadInit to stub os-support as well
+ * Fix old-style definition warning for xf86OSInputThreadInit()
+ * xwayland/glamor-gbm: Handle DRM_FORMAT_MOD_INVALID gracefully
+ * configure: Define GLAMOR_HAS_EGL_QUERY_DRIVER when available
+ * modesetting: Disable atomic support by default
+ * modesetting: Explicitly #include "mi.h"
+ * xfree86/modes: Bail from xf86RotateRedisplay if pScreen->root is NULL
+ * xwayland: Split up xwl_screen_post_damage into two phases
+ * xwayland: Call glamor_block_handler from xwl_screen_post_damage
+ * xwayland: Add xwl_window_create_frame_callback helper
+ * xwayland: Use single frame callback for Present flips and normal updates
+ * xwayland: Use frame callbacks for Present vblank events
+ * xwayland: Delete all frame_callback_list nodes in xwl_unrealize_window
+ * glamor: Propagate FBO allocation failure for picture to texture upload
+ * glamor: Error out on out-of-memory when allocating PBO for FBO access
+ * glamor: Propagate glamor_prepare_access failures in copy helpers
+ * glamor: Fallback to system memory for RW PBO buffer allocation
+- supersedes u_fno-common.patch
+
+- u_fno-common.patch
+ * fix build with gcc's -fno-common option (boo#1160423)
+
+- Update to version 1.20.7+0:
+ * xserver 1.20.7
+ * ospoll: Fix Solaris ports implementation to build on Solaris 11.4
+ * os-support/solaris: Set IOPL for input thread too
+ * Add xf86OSInputThreadInit call from common layer into os-support layer
+ * Add ddxInputThread call from os layer into ddx layer
+ * os-support/solaris: Drop ExtendedEnabled global variable
+ * glamor: Only use dual blending with GLSL >= 1.30
+ * modesetting: Check whether RandR was initialized before calling rrGetScrPriv
+ * Xi: return AlreadyGrabbed for key grabs > 255
+ * xwayland: Do flush GPU work in xwl_present_flush
+ * modesetting: Clear new screen pixmap storage on RandR resize
+ * xfree86/modes: Call xf86RotateRedisplay from xf86CrtcRotate
+ * modesetting: Call glamor_finish from drmmode_crtc_set_mode
+ * modesetting: Use EGL_MESA_query_driver to select DRI driver if possible
+ * glamor: Add a function to get the driver name via EGL_MESA_query_driver
+
+- Update to version 1.20.6+0:
+ * xfree86: Test presence of isastream()
+ * present/wnmd: Relax assertion on CRTC on abort_vblank()
+ * os: Don't crash in AttendClient if the client is gone
+ * dix: Call SourceValidate before GetImage
+ * mi: Add a default no-op miSourceValidate
+ * compiler.h: Do not include sys/io.h on ARM with glibc
+ * xfree86: Call ScreenInit for protocol screens before GPU
+ screens
+ * modesetting:
+ - Implement ms_covering_randr_crtc() for ms_present_get_crtc()
+ - Fix ms_covering_crtc() segfault with non-xf86Crtc slave
+
+- Update to version 1.20.5+24:
+ * Fix crash on XkbSetMap
+- Drop unneeded obsinfo file and tweak _service.
+
+- Update to version 1.20.5+22:
+ * miext/sync:
+ - Make struct _SyncObject::initialized fully ABI compatible
+ - Fix needless ABI change
+ * xf86: Disable unused crtc functions when a lease is revoked
+ * xwayland:
+ - Handle the case of windows being realized before redirection
+ - Refactor surface creation into a separate function
+ - Separate DamagePtr into separate window data
+ - Do not free a NULL GBM bo
+ - Expand the RANDR screen size limits
+ - Update screen pixmap on output resize
+ - Reset scheduled frames after hiding tablet cursor
+ - Check status in GBM pixmap creation
+ - Avoid a crash on pointer enter with a grab
+ * GLX:
+ - Fix previous context validation in xorgGlxMakeCurrent
+ - Set GlxServerExports::{major,minor}Version
+ - Add a function to change a clients vendor list
+ - Use the sending client for looking up XID's
+ - Add a per-client vendor mapping
+ * xsync: Add resource inside of SyncCreate, export SyncCreate
+ * dri2: Sync i965_pci_ids.h from mesa
+ * Xi: Use current device active grab to deliver touch events if
+ any
+ * Revert "present/scmd: Check that the flip and screen pixmap
+ pitches match"
+ * glamor: Make pixmap exportable from `gbm_bo_from_pixmap()`
+- Drop patches fixed upstream:
+ * U_xwayland-Separate-DamagePtr-into-separate-window-data.patch
+ * 0001-xsync-Add-resource-inside-of-SyncCreate-export-SyncC.patch
+ * 0002-GLX-Add-a-per-client-vendor-mapping.patch
+ * 0003-GLX-Use-the-sending-client-for-looking-up-XID-s.patch
+ * 0004-GLX-Add-a-function-to-change-a-clients-vendor-list.patch
+ * 0005-GLX-Set-GlxServerExports-major-minor-Version.patch
+- Switch to gitcheckout via source service, use the stable released
+ branch but set explicit commit used in _service.
+
+- reintroduce Xvfb subpackage (boo#1151457)
+
+- Add U_xwayland-Separate-DamagePtr-into-separate-window-data.patch
+ and U_xwayland-Allow-passing-a-fd.patch: Needed for gnome 3.34
+ new and experimental xwayland on demand feature.
+- Rebase patches with quilt.
+
- which is available since release 435.xx (jira#SLE-8470)
+ which is available since release 435.xx:
+- move xorg.conf.d snippets from /etc/X11/xorg.conf.d to
+ /usr/share/X11/xorg.conf.d (boo#1139692)
+
+- Update to version 1.20.5:
+ Minor bugfix release to fix some input, Xwayland, glamor, and Present issues.
+ Thanks to all who contributed fixes and testing.
+
+- Disable LTO (boo#1133294).
+
+- Add systemd-rpm-macros BuildRequire for %tmpfiles_*.
+
+- xorg-server 1.20.4
+ * A variety of bugfixes across the board, but primarily in
+ Xwayland. Thanks to all who contributed with testing and
+ fixes!
+
+- get rid of meta packages still requiring/recommending obsolete
+ drivers packages (boo#1121525)
+
xterm
+- xterm-CVE-2022-24130.patch: Fixed buffer overflow in set_sixel
+ when Sixel support is enabled (bsc#1195387)
+
yast2-country
+- Update language cache when selecting new language to ensure that
+ always the correct language translations are used in the license
+ translations selection combo box on the next wizard page
+ (bsc#1204845, bsc#1193009)
+- 4.5.3
+
yast2-installation
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.10
+
+- Fixed the help in the installation summary to include the texts
+ from the corresponding proposals (related to jsc#SLE-24764).
+- 4.5.9
+
+- Write config for ssg-apply script according to the enabled
+ security policy (part of jsc#SLE-24764).
+ Tue Nov 15 13:41:41 UTC 2022 - Knut Anderssen <kanderssen@suse.com>
+- Fix copy of entropy pool during installation (bsc#1204559).
+
+- Do not use "xrdb" for setting the "Xft.dpi" value, use a specific
+ YaST tool from the yast2-x11 package (bsc#1201532)
+ (xrdb depends on the C pre-processor increasing the dependencies
+ about of 22MB)
+- Install yast2-x11 only when GUI (libyui-qt) is installed,
+ avoid installing the dependent X libraries in minimal (text mode)
+ installation (bsc#1201966)
+
--4.5.3
+- 4.5.3
yast2-network
+- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871)
+- 4.5.10
+
yast2-ntp-client
+- Fix the netconfig executable path using /sbin/netconfig instead
+ of /usr/sbin/netconfig which is not available in SLE-15-SP5
+ (bsc#1205401)
+- 4.5.2
+
yast2-online-update
+- bsc#1204907
+ - Dropped old workaround from 2.13.15 with unconditional refresh
+ of all repositories.
+- 4.5.2
+
yast2-pkg-bindings
+- Allow querying orphaned packages (related to bsc#1202007)
+- 4.5.1
+
yast2-schema-default
+- Add support for security policies validation (jsc#SLE-24764).
+- Synchronize SP4 and master branches (related to bsc#1199165).
+- 4.5.6
+
+- Add KDUMP_AUTO_RESIZE element in kdump section
+ (related to jsc#SLE-18441 and gh#yast/yast-kdump#123).
+- 4.5.5
+
-- 4.4.14
+- 4.5.4
-- 4.4.13
+- 4.5.3
+
+- Fix up for the previous change (related to bsc#1183893)
+- 4.5.2
+
+- Remove dependency of YaST NIS packages from TW (bsc#1183893).
+- 4.5.1
-- Fix rules validation when using a dialog (bsc#1199165).
-- 4.4.12
+- Bump version to 4.5.0 (bsc#1198109)
yast2-security
+- Add support for DISA STIG security policy validation
+ (jsc#SLE-24764).
+- Disable the ssg-apply service if the selected SCAP action is
+ "do nothing" (related to jsc#SLE-24764).
+- 4.5.3
+
yast2-storage-ng
+- GuidedProposal: support for LUKS2 encryption with a configurable
+ PBKDF to be used by D-Installer (related to jsc#PED-2182).
+- 4.5.14
+
+- Validate security policies in both guided proposal and
+ partitioner (part of jsc#SLE-24764).
+- 4.5.13
+
+- New functionality for D-Installer: MinGuidedProposal and ability
+ to disable size adjustments (related to gh#yast/d-installer#264).
+- 4.5.12
+
yast2-update
+- Display a warning in the upgrade summary when removing orphaned
+ 3rd party packages (bsc#1202007)
+- 4.5.2
+