Removed rpms ============ Added rpms ========== - bash-sh - busybox - busybox-coreutils - busybox-findutils - busybox-grep - busybox-gzip - busybox-psmisc - busybox-sed - busybox-util-linux - busybox-xz Package Source Changes ====================== Mesa +- baselibs.conf: readded mistakenly removed packages + * Mesa-libVulkan-devel + * Mesa-vulkan-device-select + * Mesa-vulkan-overlay + +- autoselect libvulkan_intel package via hardware supplements on + Intel GPUs +- autoselect libvulkan_radeon package via hardware supplements on + AMD GPUs +- no longer install libvulkan_lvp package (lavapipe=Software + Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages + by default, i.e. no longer have libvulkan_intel/libvulkan_radeon + and libvulkan_lvp packages installed at the same time (boo#1180522) +- libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require + Mesa-vulkan-device-select package, not the other way round! + (baselibs.conf also adjusted) + Mesa-drivers +- baselibs.conf: readded mistakenly removed packages + * Mesa-libVulkan-devel + * Mesa-vulkan-device-select + * Mesa-vulkan-overlay + +- autoselect libvulkan_intel package via hardware supplements on + Intel GPUs +- autoselect libvulkan_radeon package via hardware supplements on + AMD GPUs +- no longer install libvulkan_lvp package (lavapipe=Software + Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages + by default, i.e. no longer have libvulkan_intel/libvulkan_radeon + and libvulkan_lvp packages installed at the same time (boo#1180522) +- libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require + Mesa-vulkan-device-select package, not the other way round! + (baselibs.conf also adjusted) + MozillaFirefox +- Firefox Extended Support Release 91.7.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2022-10 (bsc#1196900) + * CVE-2022-26383 (bmo#1742421) + Browser window spoof using fullscreen mode + * CVE-2022-26384 (bmo#1744352) + iframe allow-scripts sandbox bypass + * CVE-2022-26387 (bmo#1752979) + Time-of-check time-of-use bug when verifying add-on + signatures + * CVE-2022-26381 (bmo#1736243) + Use-after-free in text reflows + * CVE-2022-26386 (bmo#1752396) + Temporary files downloaded to /tmp and accessible by other + local users + MozillaThunderbird +- Mozilla Thunderbird 91.7 + * changed: Thunderbird will use the first occurrence of headers + that should only appear once + * fixed: Auto-complete incorrectly changed a pasted email + address to the primary address of a contact + * fixed: Attachments with filename extensions that were not + registered in MIME types could not be opened + * fixed: Copy/Cut/Paste actions not working in Thunderbird + Preferences + * fixed: Improved screen reader support of displayed message + headers + * fixed: Various security fixes + MFSA 2022-12 (bsc#1196900) + * CVE-2022-26383 (bmo#1742421) + Browser window spoof using fullscreen mode + * CVE-2022-26384 (bmo#1744352) + iframe allow-scripts sandbox bypass + * CVE-2022-26387 (bmo#1752979) + Time-of-check time-of-use bug when verifying add-on + signatures + * CVE-2022-26381 (bmo#1736243) + Use-after-free in text reflows + * CVE-2022-26386 (bmo#1752396) + Temporary files downloaded to /tmp and accessible by other + local users + apache2 +- modified patches + % apache2-CVE-2022-23943.patch (extended by r1898772 [bsc#1197095c#10]) + +- security update +- added patches + fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed + + apache2-CVE-2022-23943.patch + fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling + + apache2-CVE-2022-22720.patch + fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua + + apache2-CVE-2022-22719.patch + fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody + + apache2-CVE-2022-22721.patch +- apply correctly patches for CVE-2021-44790 [bsc#1193942] and + CVE-2021-44224 [bsc#1193943] + +- security update at +- Drop systemd hardening as it breaks some jobs, fixes bsc#1196219 + * Remove harden_atd.service.patch + bash +- Do use old legacy PreReq to get bash installed before bash-sh + but do not require bash-sh by bash (bsc#1197448) + +- Port bash-sh package approach back to SLE-15-SP4 (jsc#SLE-18234) + +- Using package bash-sh instead of the update-alternative + mechanism. + bind +- Obsolete bind-chrootenv as it is no longer needed. + [bsc#1196990, bind.spec] + +- * When using forwarders, bogus NS records supplied by, or via, those + forwarders may be cached and used by named if it needs to recurse + for any reason, causing it to obtain and pass on potentially + incorrect answers. [CVE-2021-25220] + * TCP connection slots may be consumed for an indefinite time frame + via a specifically crafted TCP stream sent from a client. + This issue can only be triggered on BIND servers which have + keep-response-order enabled, which is not the default configuration. + The keep-response-order option is an ACL block, and as such, any + hosts specified within it will be able to trigger this issue on + affected versions. [CVE-2022-0396] + [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch + CVE-2022-0396, bsc#1197136, bind-9.16.27-0002-CVE-2022-0396.patch] + branding-openSUSE +- Bump to 15.4 + chrony +- bsc#1194229: Fix pool package dependencies, so that SLE actually + prefers chrony-pool-suse over chrony-pool-empty. + +- Add chrony-htonl.patch to work around undocumented behaviour of + htonl() in older glibc versions (SLE-12) on 64 bit big endian + architectures (s390x). + +- SLE bugs that have been fixed in openSUSE up to this point + without explicit references: bsc#1183783, bsc#1184400, + bsc#1171806, bsc#1161119, bsc#1159840. +- Obsoleted SLE patches: + * chrony-fix-open.patch + * chrony-gettimeofday.patch + * chrony-ntp-era-split.patch + * chrony-pidfile.patch + * chrony-select-timeout.patch + * chrony-urandom.patch + * chrony.sysconfig + * clknetsim-glibc-2.31.patch + +- boo#1190926: PrivateDevices is too strict, we might need to + access the rtc and ptp devices. +- Add back support to build chrony on SLE12. +- Drop dependency on asciidoctor. It is only needed for building + the HTML documentation which we don't package anyway. + +- Added hardening to systemd service(s). Added patch(es): + * harden_chrony-wait.service.patch + * harden_chronyd.service.patch + +- boo#1187906: Consolidate all references to the helper script. -- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch: - Fix build with glibc-2.31 -- bsc#1184400, chrony-pidfile.patch: - Use /run instead of /var/run for PIDFile in chronyd.service. +- Add now working CONFIG parameter to sysusers generator -- Integrate three upstream patches to fix an infinite loop in - chronyc (bsc#1171806). - * chrony-select-timeout.patch - * chrony-gettimeofday.patch - * chrony-urandom.patch +- Change to using systemd-sysusers +- Remove otherproviders, not needed anymore -- Use iburst in the default pool statements to speed up initial - synchronisation (bsc#1172113). +- Update to 4.1 + * Add support for NTS servers specified by IP address (matching + Subject Alternative Name in server certificate) + * Add source-specific configuration of trusted certificates + * Allow multiple files and directories with trusted certificates + * Allow multiple pairs of server keys and certificates + * Add copy option to server/pool directive + * Increase PPS lock limit to 40% of pulse interval + * Perform source selection immediately after loading dump files + * Reload dump files for addresses negotiated by NTS-KE server + * Update seccomp filter and add less restrictive level + * Restart ongoing name resolution on online command + * Fix dump files to not include uncorrected offset + * Fix initstepslew to accept time from own NTP clients + * Reset NTP address and port when no longer negotiated by NTS-KE + server +- Update clknetsim to snapshot f89702d. +- Refresh chrony.keyring from + https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +- Ensure the correct pool packages are installed for openSUSE + and SLE (bsc#1180689). + +- Enable syscallfilter unconditionally [boo#1181826]. + +- drop buildrequires on NSS. We need gnutls for NTS anyway and we + can do all the other required crypto via nettle+gnutls. no need + for another crypto library. + +- Update to 4.0 + - Enhancements + - Add support for Network Time Security (NTS) authentication + - Add support for AES-CMAC keys (AES128, AES256) with Nettle + - Add authselectmode directive to control selection of + unauthenticated sources + - Add binddevice, bindacqdevice, bindcmddevice directives + - Add confdir directive to better support fragmented + configuration + - Add sourcedir directive and "reload sources" command to + support dynamic NTP sources specified in files + - Add clockprecision directive + - Add dscp directive to set Differentiated Services Code Point + (DSCP) + - Add -L option to limit log messages by severity + - Add -p option to print whole configuration with included + files + - Add -U option to allow start under non-root user + - Allow maxsamples to be set to 1 for faster update with -q/-Q + option + - Avoid replacing NTP sources with sources that have + unreachable address + - Improve pools to repeat name resolution to get "maxsources" + sources + - Improve source selection with trusted sources + - Improve NTP loop test to prevent synchronisation to itself + - Repeat iburst when NTP source is switched from offline state + to online + - Update clock synchronisation status and leap status more + frequently + - Update seccomp filter + - Add "add pool" command + - Add "reset sources" command to drop all measurements + - Add authdata command to print details about NTP + authentication + - Add selectdata command to print details about source + selection + - Add -N option and sourcename command to print original names + of sources + - Add -a option to some commands to print also unresolved + sources + - Add -k, -p, -r options to clients command to select, limit, + reset data + - Bug fixes + - Don’t set interface for NTP responses to allow asymmetric + routing + - Handle RTCs that don’t support interrupts + - Respond to command requests with correct address on + multihomed hosts + - Removed features + - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) + - Drop support for long (non-standard) MACs in NTPv4 packets + (chrony 2.x clients using non-MD5/SHA1 keys need to use + option "version 3") + - Drop support for line editing with GNU Readline +- add BuildRequires for gnutls-devel (which also pulls nettle to + enable the new features) +- drop patches which are included in the update: + chrony-test-update-processing-of-packet-log.patch + chrony-test-fix-util-unit-test-for-NTP-era-split.patch +- refreshed chrony-config.patch +- track series file for easier quilt setup +- added option to turn off testsuite with + osc build --without=testsuite + testsuite still runs by default + +- By default we don't write log files but log to journald, so + only recommend logrotate. + +- Adjust and rename the sysconfig file, so that it matches the + expectations of chronyd.service (bsc#1173277). + +- Update to 3.5.1: + * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) -- Read runtime servers from /var/run/netconfig/chrony.servers to - fix bsc#1099272 and bsc#1161119. -- Move chrony-helper to /usr/lib/chrony/helper, because there - should be no executables in /usr/share. +- Use iburst in the default pool statements to speed up initial + synchronisation (bsc#1172113). + +- Use _systemdutildir instead of _libexecdir/systemd: systemd does + not actually live below libexecdir. + +- Add chrony-test-update-processing-of-packet-log.patch in order + to fix test-suite failure. + +- Update clknetsim to version 79ffe44 (fixes boo#1162964). +- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. + +- Change to BuildRequires: rubygem(asciidoctor) and remove conditional + (is available in SLE12-SP4 and SLE15* as well) +- Fix typo in %install -- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix - "make check" builds made after 2019-12-20. Existing installations - do not need to be updated as the bug only affects the test, but - not chrony itself. +- Fix asciidoc in Tumbleweed +- Revert clknetsim to version 58c5e8b + +- Fix incorrect download link for package signature + +- Temporarily disable signature usage as its expired +- Update clknetsim to version ac3c832 + +- fix chrony-service-helper.patch + +- Update to 3.5: + + Add support for more accurate reading of PHC on Linux 5.0 + + Add support for hardware timestamping on interfaces with read-only timestamping configuration + + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + + Update seccomp filter to work on more architectures + + Validate refclock driver options + + Fix bindaddress directive on FreeBSD + + Fix transposition of hardware RX timestamp on Linux 4.13 and later + + Fix building on non-glibc systems +- Fix location of helper script in chrony-dnssrv@.service + (bsc#1128846). + +- Update testsuite to version 58c5e8b + +- Read runtime servers from /var/run/netconfig/chrony.servers to + fix bsc#1099272. +- Move chrony-helper to /usr/lib/chrony/helper, because there + should be no executables in /usr/share. +- Update clknetsim to revision 8b48422 + +- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529) + +- Update the keyring and uncomment it in the spec file + +- Comment out bad signature + +- Added %{_tmpfilesdir}/%{name}.conf +- Updated clknetsim +- Update to version 3.4 + * Enhancements + + Add filter option to server/pool/peer directive + + Add minsamples and maxsamples options to hwtimestamp directive + + Add support for faster frequency adjustments in Linux 4.19 + + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd + without root privileges to remove it on exit + + Disable sub-second polling intervals for distant NTP sources + + Extend range of supported sub-second polling intervals + + Get/set IPv4 destination/source address of NTP packets on FreeBSD + + Make burst options and command useful with short polling intervals + + Modify auto_offline option to activate when sending request failed + + Respond from interface that received NTP request if possible + + Add onoffline command to switch between online and offline state + according to current system network configuration + + Improve example NetworkManager dispatcher script + * Bug fixes + + Avoid waiting in Linux getrandom system call + + Fix PPS support on FreeBSD and NetBSD + +- Update clknetsim to revision 42b693b + * Drop not needed chrony-fix-open.patch +- Build tests with optflags as well +- Do not run tests on i586 +- Enable signd + +- Mention all sources as such in spec file +- Fix formatting of changelog +- Drop reference to change is not present + +- Update to version 3.3 + * Enhancements: + + Add burst option to server/pool directive + + Add stratum and tai options to refclock directive + + Add support for Nettle crypto library + + Add workaround for missing kernel receive timestamps on Linux + + Wait for late hardware transmit timestamps + + Improve source selection with unreachable sources + + Improve protection against replay attacks on symmetric mode + + Allow PHC refclock to use socket in /var/run/chrony + + Add shutdown command to stop chronyd + + Simplify format of response to manual list command + + Improve handling of unknown responses in chronyc + * Bug fixes: + + Respond to NTPv1 client requests with zero mode + + Fix -x option to not require CAP_SYS_TIME under non-root user + + Fix acquisitionport directive to work with privilege separation + + Fix handling of socket errors on Linux to avoid high CPU usage + + Fix chronyc to not get stuck in infinite loop after clock step cronie +- Fix run-crons path in shipped crontab, bsc#1196986 + * cronie-anacron-1.4.7-run-crons.patch + * sample.root + cryptsetup +- cryptsetup 2.4.3: + * Fix possible attacks against data confidentiality through + LUKS2 online reencryption extension crash recovery + CVE-2021-4122, boo#1194469 + * Add configure option --disable-luks2-reencryption to completely + disable LUKS2 reencryption code. + * Improve internal metadata validation code for reencryption + metadata + * Add updated documentation for LUKS2 On-Disk Format + Specification version 1.1.0 + * Fix support for bitlk (BitLocker compatible) startup key with + new metadata entry introduced in Windows 11 + * Fix space restriction for LUKS2 reencryption with data shift + +- cryptsetup 2.4.2: + * Fix possible large memory allocation if LUKS2 header size is + invalid. + * Fix memory corruption in debug message printing LUKS2 + checksum. + * veritysetup: remove link to the UUID library for the static + build. + * Remove link to pwquality library for integritysetup and + veritysetup. These tools do not read passphrases. + * OpenSSL3 backend: avoid remaining deprecated calls in API. + Crypto backend no longer use API deprecated in OpenSSL 3.0 + * Check if kernel device-mapper create device failed in an early + phase. This happens when a concurrent creation of device-mapper + devices meets in the very early state. + * Do not set compiler optimization flag for Argon2 KDF if the + memory wipe is implemented in libc. + * Do not attempt to unload LUKS2 tokens if external tokens are + disabled. This allows building a static binary with + - -disable-external-tokens. + * LUKS convert: also check sysfs for device activity. + If udev symlink is missing, code fallbacks to sysfs scan to + prevent data corruption for the active device. + dracut +- Update to version 055+suse.244.g2f624182: + * fix(resume): only exclude this module when swap is netdev (bsc#1194915) + +- Update to version 055+suse.242.g76ae5ce4: + * fix(multipath): align multipathd.service type with upstream (bsc#1196958) + * fix(systemd-sysusers): use split systemd sysuser configs (bsc#1196223) + f2fs-tools +- Update to snapshot 1.14.0+g67 (972d7107) + [boo#1191235] + filesystem +- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) + flac +- Fix out of bound write in append_to_verify_fifo_interleaved_ + (CVE-2021-0561 bsc#1196660): + libFlac-Exit-at-EOS-in-verify-mode.patch + -- Update to flac 1.3.0pre4 (packaged as 1.2.99_git* to avoid - messing with RPM versioning) - * Mostly non-linux related bugfixes plus autotools fixes - - flac-openssl.patch --> 0001-Allow-use-of-openSSL.patch - - remove flac-1.2.1-automake1_13.patch, fixed in upstream. - - add 0001-getopt_long-not-broken-here.patch, FLAC bundles - GNU-compatible getopt_long for broken OS, but we do have - a functional version in libc already. - gdm +- Add gdm-restart-session-when-X-server-restart.patch: + Avoiding the blank screen when X server restarts with + GDM_DISABLE_USER_DISPLAY_SERVER=1 (bsc#1196974). + gnutls +- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] + * The IG 10.3.A and SP800-132 require some minimum parameters for + the salt length, password length and iteration count. These + parameters should be also used in the KAT. + * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch +- Enable to run the regression tests also in FIPS mode. + kernel-default +- supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) + Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic + arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce +- commit e6b9e81 + +- fuse: handle kABI change in struct fuse_args (bsc#1197343 + CVE-2022-1011). +- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 + CVE-2022-1011). +- commit 879fc92 + +- Refresh + patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch + Add info about context deviation from upstream. +- commit f8cba97 + +- Refresh + patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch + Add info about context deviation from upstream. +- commit 1d085d3 + +- Refresh + patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit e44090b + +- Refresh + patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit da99102 + +- Refresh + patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch + Add info on context deviation from upstream. +- commit aa0e1a6 + +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch + Add info about context deviation from upstream. +- commit 2d1de22 + +- bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes + bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 8bc21d0 + +- watch_queue: Make comment about setting ->defunct more accurate + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix lack of barrier/sync/lock between post and read + (CVE-2022-0995 bsc#1197246). +- watch_queue: Free the alloc bitmap when the watch_queue is + torn down (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix the alloc bitmap size to reflect notes + allocated (CVE-2022-0995 bsc#1197246). +- watch_queue: Use the bitmap API when applicable (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix to always request a pow-of-2 pipe ring size + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix to release page in ->release() (CVE-2022-0995 + bsc#1197246). +- watch_queue, pipe: Free watchqueue state after clearing pipe + ring (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). +- commit 223dbc3 + +- arm64: PCI: Support root bridge preparation for Hyper-V + (bsc#1197291). +- arm64: PCI: Restructure pcibios_root_bridge_prepare() + (bsc#1197291). +- commit 060e164 + +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup + (bsc#1196018). +- commit 6dcb47f + +- sr9700: sanity check for packet length (bsc#1196836 + CVE-2022-26966). +- commit 56eea34 + +- Update kabi files. + Update to reflect the changes from bpf CVE fixes. +- commit 993b084 + +- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. +- commit f0d0e90 + +- nvme-rdma: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme-tcp: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: fix a possible use-after-free in controller reset during + load (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-fabrics: ignore invalid fast_io_fail_tmo values + (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 + bsc#1197146 bsc#1193554). +- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 + bsc#1197146 bsc#1193554). +- blk-mq: don't free tags if the tag_set is used by other device + in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 4ccb78c + +- series: Resort entries + The series is not sorted which makes qdoit unhappy. Sort it. +- commit ce701de + +- esp: Fix possible buffer overflow in ESP transformation + (CVE-2022-0886 bsc#1197131). +- sock: remove one redundant SKB_FRAG_PAGE_ORDER macro + (CVE-2022-0886 bsc#1197131). +- commit fa4075e + +- ipv6: fix skb drops in igmp6_event_query() and + igmp6_event_report() (CVE-2022-0742 bsc#1197128). +- commit b531b26 + +- aio: fix use-after-free due to missing POLLFREE handling + (CVE-2021-39698 bsc#1196956). +- aio: keep poll requests on waitqueue until completed + (CVE-2021-39698 bsc#1196956). +- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- commit ee17f5c + +- net/smc: Fix hung_task when removing SMC-R devices + (bsc#1197082). +- commit 5256139 + +- rpm/kernel-source.spec.in: call fdupes per subpackage + It is a waste of time to do a global fdupes when we have + subpackages. +- commit 1da8439 + +- bpf, selftests: Add test case trying to taint map value pointer + (bsc#1196130,CVE-2021-45402). +- bpf: Make 32->64 bounds propagation slightly more robust + (bsc#1196130,CVE-2021-45402). +- bpf: Fix signed bounds propagation after mov32 + (bsc#1196130,CVE-2021-45402). +- commit 04987fb + +- xen/netfront: react properly to failing + gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, + CVE-2022-23042). +- commit 095b89a + +- xen/gnttab: fix gnttab_end_foreign_access() without page + specified (bsc#1196488, XSA-396, CVE-2022-23041). +- commit 20b7983 + +- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, + XSA-396, CVE-2022-23041). +- commit d56d4c6 + +- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, + CVE-2022-23041). +- commit b08fc02 + +- xen/usb: don't use gnttab_end_foreign_access() in + xenhcd_gnttab_done() (bsc#1196488, XSA-396). +- commit 4198f6f + +- xen/gntalloc: don't use gnttab_query_foreign_access() + (bsc#1196488, XSA-396, CVE-2022-23039). +- commit 2239263 + +- xen/scsifront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23038). +- commit 95b1b12 + +- xen/netfront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23037). +- commit aabdf93 + +- xen/blkfront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23036). +- commit d12d408 + +- xen/grant-table: add gnttab_try_end_foreign_access() + (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). +- commit 4da4210 + +- xen/xenbus: don't let xenbus_grant_ring() remove grants in + error case (bsc#1196488, XSA-396, CVE-2022-23040). +- commit 93f9570 + +- iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). +- commit 8aad886 + +- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. +- commit 174a64f + +- s390/cio: verify the driver availability for path_event call + (bsc#1195927 LTC#196420). +- scsi: zfcp: Fix failed recovery on gone remote port with + non-NPIV FCP devices (bsc#1195376 LTC#196087). +- s390/hypfs: include z/VM guests with access control group set + (bsc#1195639 LTC#196353). +- s390/cpumf: Support for CPU Measurement Sampling Facility LS + bit (bsc#1195082 LTC#196087). +- s390/cpumf: Support for CPU Measurement Facility CSVN 7 + (bsc#1195082 LTC#196087). +- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 + LTC#196029). +- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 + LTC#195546). +- s390/uv: de-duplicate checks for Protected Host Virtualization + (bsc#1191740 LTC#194817). +- s390/boot: disable Secure Execution in dump mode (bsc#1191740 + LTC#194817). +- s390/boot: move uv function declarations to boot/uv.h + (bsc#1191740 LTC#194817). +- commit 4d8f983 + +- usb: host: xen-hcd: add missing unlock in error path + (git-fixes). +- commit 3e3ceb8 + +- Refresh + patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. +- commit 11235e2 + +- Refresh + patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. +- commit 1ed63ba + +- rpm/kernel-docs.spec.in: use %%license for license declarations + Limited to SLE15+ to avoid compatibility nightmares. +- commit 73d560e + +- rpm/*.spec.in: Use https:// urls +- commit 77b5f8e + +- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes + bsc#1196746). +- scsi: bnx2fc: Flush destroy_work queue before calling + bnx2fc_interface_put() (git-fixes bsc#1196746). +- commit 8ac4c67 + +- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 + CVE-2022-23960). +- ARM: include unprivileged BPF status in Spectre V2 reporting + (bsc#1085308 CVE-2022-23960). +- commit 2b85b07 + +- ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). +- Update config files. +- commit 214f301 + +- ARM: use LOADADDR() to get load address of sections (bsc#1085308 + CVE-2022-23960). +- ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). +- ARM: report Spectre v2 status through sysfs (bsc#1085308 + CVE-2022-23960). +- commit 20f8a99 + +- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 68439a4 + +- arm64: proton-pack: Include unprivileged eBPF status in + Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: Use the clearbhb instruction in mitigations (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered + and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- commit 52f56e7 + +- arm64: Mitigate spectre style branch history side channels + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Update config files. +- Refresh + patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. +- commit 1403b73 + +- arm64: proton-pack: Report Spectre-BHB vulnerabilities as + part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add macro for reading symbol addresses from + the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Add vectors that have the bhb mitigation sequences + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add non-kpti __bp_harden_el1_vectors for + mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow the trampoline text to occupy multiple pages + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the kpti trampoline's kpti sequence optional + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Move trampoline macros out of ifdef'd section + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Don't assume tramp_vectors is the start + of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow tramp_alias to access symbols after + the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Move the trampoline data page before the text page + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Free up another register on kpti's tramp_exit path + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the trampoline cleanup optional (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow indirect vectors to be used without + SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 39b0cd1 + +- arm64: Add Cortex-X2 CPU part definition (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Refresh + patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. +- commit 1489419 + +- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 76b95f9 + +- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). +- commit 0161c6c + +- x86/speculation: Warn about Spectre v2 LFENCE mitigation + (bsc#1191580 CVE-2022-0001 CVE-2022-0002). +- commit 8114d57 + +- x86/speculation: Use generic retpoline by default on AMD + (bsc#1191580 CVE-2022-0001 CVE-2022-0002). +- commit e9a2f46 + +- x86/speculation: Include unprivileged eBPF status in Spectre v2 + mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). +- commit 8400263 + +- Documentation/hw-vuln: Update spectre doc (bsc#1191580 + CVE-2022-0001 CVE-2022-0002). +- commit bc2948e + +- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 + CVE-2022-0001 CVE-2022-0002). +- commit 6e19c5a + +- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE + (bsc#1191580 CVE-2022-0001 CVE-2022-0002). +- commit 2a3d074 + +- drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). +- drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). +- drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL + (bsc#1193640). +- drm/i915: Populate pipe dbuf slices more accurately during + readout (bsc#1193640). +- drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration + (bsc#1193640). +- commit e87e53d + +- iwlwifi: pcie: add killer devices to the driver (bsc#1196802). +- iwlwifi: add new killer devices to the driver (bsc#1196802). +- commit 5e7d8b6 + +- cpufreq: intel_pstate: Update EPP for AlderLake mobile + (bsc#1196848). +- cpufreq: intel_pstate: ITMT support for overclocked system + (bsc#1196849). +- commit 68d5eea + +- drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). +- commit 0ef2c9a + +- lib/iov_iter: initialize "flags" in new pipe_buffer + (CVE-2022-0847 bsc#1196584 git-fixes). +- commit 9682d38 + +- SUNRPC: avoid race between mod_timer() and del_timer_sync() + (bnc#1195403). +- commit 378df3f + +- Move upstreamed patches into sorted section +- commit 1900045 + +- scsi: smartpqi: Add PCI IDs (bsc#1196627). +- commit 7890c4e + +- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) + Deleted: + patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch +- commit 4606b8c + +- Update kabi files for intel_pmt_dev_create (bsc#1196591) +- commit 40a0e22 + +- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch + (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). +- commit de17db9 + +- kernel-binary.spec: Also exclude the kernel signing key from devel package. + There is a check in OBS that fails when it is included. Also the key is + not reproducible. + Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") +- commit 68fa069 + +- Refresh sorted patches. +- commit 0c5d65a + +- Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. +- commit 783700c + +- rpm/check-for-config-changes: Ignore PAHOLE_VERSION. +- commit 88ba5ec + +- Update config and supported.conf for intel_vsec (bsc#1196591) + intel_pmt driver is renamed to intel_vsec +- Update config files +- supported.conf +- commit 99cb50f + +- platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus + (bsc#1196591). +- driver core: auxiliary bus: Add driver data helpers + (bsc#1196591). +- PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). +- platform/x86: intel_pmt_telemetry: Ignore zero sized entries + (bsc#1196591). +- platform/x86/intel: pmt: Use y instead of objs in Makefile + (bsc#1196591). +- commit 731c1ca + +- platform/x86/intel: Move Intel PMT drivers to new subfolder + (bsc#1196591). +- Refresh + patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. +- commit e7adc65 + +- bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). +- bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem + (bsc#1196261 CVE-2022-0500). +- bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM + (bsc#1196261CVE-2022-0500). +- bpf: Convert PTR_TO_MEM_OR_NULL to composable types + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 + bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). +- Refresh + patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce composable reg, ret and arg types (bsc#1194111 + bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 4db4b9b + +- Delete ACPI patch that broke s2idle (bsc#1196213) + Deleted: + patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch + A new kABI compat patch was added instead +- commit 99c6bc9 + +- NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). +- commit a149497 + +- arm64: Add Cortex-A510 CPU part definition (git-fixes). +- commit 1fd20fb + +- kernel-binary: Do not include sourcedir in certificate path. + The certs macro runs before build directory is set up so it creates the + aggregate of supplied certificates in the source directory. + Using this file directly as the certificate in kernel config works but + embeds the source directory path in the kernel config. + To avoid this symlink the certificate to the build directory and use + relative path to refer to it. + Also fabricate a certificate in the same location in build directory + when none is provided. +- commit bb988d4 + kernel-firmware +- Yet more updates for Intel BT firmware for 7265, 826x + (CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786) + kernel-firmware:compressed +- Yet more updates for Intel BT firmware for 7265, 826x + (CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786) + libbluray +- Update to 1.3.0: + + Add bd_event_name(). + + Add return value to bd_refcnt_inc(). + + Add cache for parsed clpi file data. + + Add player setting for JRE location (JAVA_HOME). + + Improve FreeBSD BD-J support. + + Improve portability. + + Improve JVM and .jar file probing. + + Fix leak. +- Update to 1.2.1: + + Add initial support for .fmts files. + + Improve missing/broken playlist handling. + + Improve UHD metadata support. + + Improve BD-J compability. + + Improve error resilience and stability. + + Fix long delay in "Evangelion, You are (not) alone" menu. + + Fix JVM bootstrap issues with some Java 9 versions. + + Fix sign extended bytes when reading single bytes in BDJ. + + Fix creating organization and disc specific BD-J BUDA + directories. + + Use external libudfread when available. + + Rename list_titles to bd_list_titles and add it to installed + programs. +- Update to version 1.2.0: + + Add functions to list and read BD-ROM files. + + Add support for separate key pressed / typed / released user + input events. + + Add support for AWT mouse events (BD-J). + + Fix build with OpenJDK 12 / 13. +- Update to version 1.1.2: + + Add libxml version to pkg-config Requires.private. + + Improve support for NetBSD operating system. + + Improve BD-J compability. + + Improve Java 8+ compability. + + Fix main playlist caching in Windows. + + Fix mark triggering when multiple marks are passed during + single read(). + + Fix seek bar pop-up at chapter boundary with some discs. + + Fix reading resources indirectly from mounted .jar file. +- Update to version 1.1.1: + + Enable playback without menus when index.bdmv is missing. + + Improve error resilience and stability. + + Improve BD-J compability. + + Fix loading libraries on MacOS / hardened runtime. + + Fix resetting user-selected streams when playing without menus. + + Fix stack overflow when using Java9+ with debugger connection. + + Fix polygon-based BD-J graphics primitives. + + Fix loading libmmbd in Windows 64-bit. + + Fix loading classes with Windows Java 8. + + Fix build with Java 1.6. + + Fix pkg-config Libs.private. +- Update to version 1.1.0: + + Add initial support for OpenJDK 11. + + Add initial support for UHD disc BD-J menus. + + Add support for compiling .jar file with Java 9+ compiler. + + Move AWT classes to separate .jar file. + + Update libudfread submodule repository URL. + + Improve main title selection. + + Improve error resilience and stability. + + Improve BD-J compability. + + Fix playback of some broken BD-J discs. + + Fix playback of discs without normal titles (only TopMenu / + FirstPlay title). +- Remove unused dependencies from pkgconfig(libbluray) + Our pkg is dynamically linked, so Libs.private is not needed + Nothing in the exported header files needs paths from + Requires.private + * libbluray-pkgconfig.patch +- Refresh libbluray-java9.patch +- Drop libbluray-jvm_dir.patch +- Enable build against java-devel >= 10. + -- Select the C standard to be used with autoconf macros - instead of passing std=c99. -- Correct CPPFLAGS and CFLAGS -- Ensure config.h is always included, in 32 bit OS the library - was using both fopen() and fopen64() this will cause - problems with largefiles due to _FILE_OFFSET_BITS=64 beign - used inconsistenly. -- Patch name : libbluray-autotools.patch - -- Added use-recommended-freetype-include.patch -- Freetype upstream - recommends using their macros together with ft2build include. - Positive sideeffect is that this patch makes it build with both - freetype2 2.5.1, and older version - -- Update to version 0.4.0: - + Fixed slide shows: always cut reads at clip end boundary. - + Fixed logging with non-default mask. - + Fixed buffer overflow in bd_psr_unregister_cb(). - + Fixed IG background when button image position changes. - + Fixed BD-J tearing issues. - + Changed default PhoneME library name in Windows (cvm -> cvmi). - + Initialize default player region code to B. - + Improved BD-J support (still alpha). - + Improved language-based stream autoselection. - + Added missing Java files to distribution package. - + Added support for multi-clip sub paths. - + Added bd_select_stream(). - + Added menu page effects. - + Added button animations. - + Added initial support for BluRay Text Subtitles. - + Added bd_read_clpi(): use only public API in clpi_dump. - + Added reference-counted RLE images. -- Add pkgconfig(freetype2) BuildRequires, new dependency. - -- Update to version 0.3.0: - + Build fixes. - + Fixed stopping playback from pop-up menu. - + Fixed multithreading issues in API. - + Fixed initial setting for player profile. - + Fixed stack corruption with long log strings. - + Improved configure script. - + Improved Visual Studio support. - + Improved BD-J support (still alpha). - + Allow changing player version. - + Added PG (subtitle) decoding and rendering support. - + Added ARGB overlay interface for BD-J graphics. - + Added events for discontinuity, idle state and 3D mode. - + Added playmarks to BLURAY_TITLE_INFO. - + added start time, in time and out time to BLURAY_CLIP_INFO. - + added sub-path id to BLURAY_STREAM_INFO. - + Added bd_seek_playitem(). - + Added bd_set_scr(). - + Added 3D extension data to raw clip info. - + added 3D player settings. - + Added cropping and palette update flag to BD_OVERLAY. -- Add pkgconfig(libxml-2.0) BuildRequires: new dependency. - -- Update to version 0.2.3: - + Default to stream 0 when language not found - + Bug fixes -- Add tools subpackage, with the new command line utilities. - -- Update to version 0.2.2: - + Fixed displaying of single-loop animated buttons when not using - animations - + Added events for pop-up menu availability and IG menu status - + Fixed resuming to interactive title - + Use user filesystem handler with libaacs - + Fixes to HDMV menu rendering - + Optimized HDMV menu rendering - + Support for sound effects in HDMV menus - + Fixes to HDMV menu decoding - + Distribute BD-J code - -- Add baselibs.conf, to build 32bit packages, as needed by gvfs. - -- Fix soname version to 1 - -- Update to version 0.2.1: - + Make library version information visible to applications. - + First released tarball. -- Remove automake BuildRequires: this is now a real release that - was already bootstrapped. - -- add automake as buildrequire to avoid implicit dependency - -- Initial package, version 0.1.99 (a git-snapshot) - libcap +- Use "or" in the license tag to avoid confusion (bsc#1180073) + +- update to 2.63: + * restore errno to zero by the time main() is executed + * Consistent psx handling (a panic) for syscalls that return thread dependent + status Inconsistend behavior noticed by Lorenz Bauer + * Add a test case for a deadlock under investigation in golang + * Trim some of the #include file use to make the tree compile more + efficiently + +- update to 2.62: + * Bug fix for Go package "cap" and launching + * Build cleanups + * Documentation updates: cap_max_bits has a man page entry + * Recognize default securebits as a libcap mode: HYBRID + +- libcap 2.61: + * Better error handling of the numerical arguments for capsh and + setcap + * Fix executable mode for all of the .so files. There were two + situations where this was failing (with a hard to debug SIGSEGV + inside libc) + * Added an example of a shared library object with its own file + capability + * Fix the top-level include for Make.Rules in the contrib/sucap + example application + * Add support for running constructors at libcap.so start up time + when running as stand alone binary. +- includes changes from 2.60: + * Some build, code linting fixes, the addition of the + cap_fill_flag() API and a memory latency optimization + * General improvement in thread safety for libcap and cap package + * Minor API change replacing libcap:cap_launch_*() void returning + functions with int + errno status returns. + * Added a cap_iab_dup(), and (*cap.IAB).Dup() to API + * New features for capsh: --quiet, -+ and =+ arguments +- add upstream signing key and verify source signature + +- update to 2.59: + * Fixed a potential libcap memory leak by adding a destructor + * Major improvement is that there is a path for Linux-PAM compliant + applications to support setting Ambient vector Capabilities via pam_cap.so now + * Added libcap cap_proc_root() API function + * Added color support to captree + * Fixed contrib/sucap/su to correctly handle the Inheritable flag + * capsh enhancements + * getcap -r / now generates readable output + * The shared library objects: pam_cap.so, libcap.so and libpsx.so, are all now + runnable as standalone binaries + * The module pam_cap.so now contains support for a default= module argument + * Enhanced capsh --suggest to also compare against the capability value names + and not just their descriptions + * Added capsh --current support + * Added a contrib/sucap/su.c pure-capabilities PAM implementation of su + * Fix for a corner case infinite loop handling long strings + * Added libcap cap_iab_compare() and cap_iab_get_pid() APIs + * Added a Go utility, captree, to display the process (and thread) graph along with + the POSIX.1e and IAB capabilities of each PID{TID} tree. + +- update to 2.51: + * Fix capsh installation + * Add an autoauth module flag to pam_cap.so + * Unified libcap/cap (Go) and libcap (C) default generation of external format binary data + * API enhancement cap_fill() and (*cap.Set).Fill() - to permit copying one + capability flag to another. + * --explain=cap_foo: describe what cap_foo does + * --suggest=phrase: search all the cap descriptions and describe those that match the phrase + * Add "keepcaps" module argument support to pam_cap.so (reported by Zoltan Fridrich. Bug 212945) + * extend libcap to include cap_prctl() and cap_prctlw() functions to regain + feature parity with Go "cap" package. These are only needed when linking + against -lpsx for keepcaps POSIX semantics. + * this likely requires substantial application changes to make Ambient + capability support usable in general, but doing our part for the admin. + * Add a test case for recent kernel fix + * Go pragma fix for convenience functions in "cap" module + +- Fix a broken symlink. libcap-devel installs libpsx.so but + didn't install the library it's pointing to. + - and pam_cap (bsc#1184690) + (bsc#1184690) -- Update to libcap 2.26 for supporting the ambient capabilities - (jsc#SLE-17092, jsc#ECO-3460) -- Use "or" in the license tag to avoid confusion (bsc#1180073) +- update to 2.49: + * Implement cap_func_launcher() and cap.FuncLauncher(). + * More robust "psx" redirection for nocgo compilation - the documentation for + the cgo implementation is now included in the nocgo one because the go.dev + automated documentation builds the docs from the nocgo version. + * Lots of documentation cleanups and added a few man pages: for IAB and + Launching. + * Some general no-op License changes that might cause folk to notice but only + for formatting reasons. These were initially inspired by some lawyerly + interactions, but I ended up rolling back half of them because they + confused automated software infrastructure. + +- update to 2.48: + * More uniform use of $(MAKE) in Makefiles + * No longer include symlinks in the git tree + * Provide support for make GOLANG=no ... + * Provide support for pointing at a specific build of the go binary + * camelCase the contrib/seccomp/explore.go program + * A number of documentation fixes to man pages and source code comments + * Last use of GO major version 0 + +- update to 2.47: + * Restructured gowns to default to uid base of getuid(). + * Augment NOPRIV libcap mode with the sticky NO_NEW_PRIVS prctl bit. + * Improve the usage and diagnostic message for setcap + * Documentation fixes, license declarations, example updates + +- update to 2.46: + * The bulk of this release concerns fixes and improvements to libpsx + * Fix the capsh == argument handling and add a test case + * Added build support for systems that do not support libpthread + * Added build support for not building shared libraries + +- update to 2.44: + Generally, this is a release to help package builders: no functional change + to any of the generated code just documentation and make related fixes. + +- update to 2.43 + * Linus' kernel tree defines CAP_CHECKPOINT_RESTORE (40) so support it. + * Fix the creation of the $(FAKEROOT)$(LIBDIR) for split install targets + * Clean up a binary from the distribution + * Added some more release time checks for non-git tracked files. + * Fix a deadlock in libpsx that surfaced with a set of compiler optimizations by removing the psx wrapping harder. + +- Update to version 2.42: + * Closed a potential issue with "libcap/psx" Go package and errno + * Documentation updates + * Minor optimization for cap_to_text() and (*cap.Set).String() + * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap + * Multiple fixes + * Support Go module abstraction + * A new kernel capability: CAP_BPF + * Better support for cross-compilation + * pam_cap now honors PAM_REINITIALIZE_CRED + * implements cap_launch functionality + +- Update to version 2.32: + * Bug fix for fakeroot incompatibility (boo#1162014) + * Slight perf improvement for cap_get_bound(). + * C++ support for psx header inclusion. + * Some new testing features for capsh + +- Update to version 2.31: + * primarily a documentation update + * fix libpam.pc to not require libpsx.pc + * changed the text format of the default output of getpcap + +- Build using -ffat-lto-objects for static library + +- Update to version 2.30 (jsc#SLE-17092, jsc#ECO-3460): + * BUGFIX: arm and i386 fixes C and Go setgroups choice - used + wrong syscall in 2.29. + * cleaned up make clean and make install to actually work as + intended + * updated Gentoo libpsx.pc file from Lars Wendler + * refactored the way libpsx linkage with libcap performed mutual + discovery. + * Previously (2.28) libpsx had an API call overridden by libcap + using weak linkage function in libpsx. In 2.30 this is reversed, + namely libpsx provides the stronger function and libcap has a + weak "no-op" version. + * a bit more consistency in handling the 'all' sets in libcap + (C) and libcap/cap (Go). Namely, they both dynamically discover + the number of capabilities named by the kernel and use this as + the definition of 'all' for the current runtime. + + libcap (C) exports cap_max_bit() to export the number of + supported capabilities + + libcap/cap (Go) exports cap.MaxBits() for this same value. +- For changes for older releases see: + * https://sites.google.com/site/fullycapable/release-notes-for-libcap +- Add glibc-static-devel as build requirement as tests need it +- Install libpsx.a as it seems to be needed in some cases: + * https://bugs.gentoo.org/703912 + +- Remove pam_cap (bsc#1150522) since this PAM module is a bad idea, security + wise. -- libcap-nolibattr.patch Do not link to libattr, it is - a bogus dependency. application uses sys/xattr from libc. - -- update license to new format - -- Cleanup specfile a bit: Remove old tags. - libgnomesu +- Update to version 2.0.7: + * Updated translations. + * Better wording in the documentation. + libnvme +- Update to version 1.0-rc7: + * linux: fixup log page offset in nvme_get_log_page() + * tree: Add support for default trsvcid for all controllers (bsc#1195858) + * tree: fixup coredump during nvme discover + +- Update to version 1.0-rc6: + * tree: add nvme_ctrl_get_ana_state() (bsc#1195938) + * tree: link paths to namespaces in nvme_subsystem_scan_namespace() (bsc#1195938) + * ioctl.h: ns list bug fix (wrong cns value) + * types.h: Key Value Command Set Identifier added (NVME_CSI_KV) + * types: fix status code type bug (wrong masking) + libsolv +- fix segfault on conflict resolution when using bindings +- fix split provides not working if the update includes a forbidden + vendor change +- support strict repository priorities + new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY +- support zstd compressed control files in debian packages +- add an ifdef allowing to rename Solvable dependency members + ("requires" is a keyword in C++20) +- support setting/reading userdata in solv files + new functions: repowriter_set_userdata, solv_read_userdata +- support queying of the custom vendor check function + new function: pool_get_custom_vendorcheck +- support solv files with an idarray block +- allow accessing the toolversion at runtime +- bump version to 0.7.21 + libstorage-ng +- merge gh#openSUSE/libstorage-ng#863 +- do not run blkdiscard on extended partitions (bsc#1197257) +- 4.4.94 + libyui +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libyui:libyui-ncurses +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libyui:libyui-ncurses-pkg +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libyui:libyui-qt +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libyui:libyui-qt-graph +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libyui:libyui-qt-pkg +- Fixed release notes dialog in YQWizard clearing content on click + (bsc#1195158) +- Documented the different ways of displaying release notes in the UI +- 4.3.3 + libzypp +- Fix package signature check (bsc#184501) + Pay attention that header and payload are secured by a valid + signature and report more detailed which signature is missing. +- Retry umount if device is busy (bsc#1196061, closes #381) + A previously released ISO image may need a bit more time to + release it's loop device. So we wait a bit and retry. +- Fix serializing/deserializing type mismatch in zypp-rpm + protocol (bsc#1196925) +- Fix handling of ISO media in releaseAll (bsc#1196061) +- Hint on common ptf resolver conflicts (bsc#1194848) +- version 17.29.6 (22) + lvm2 +- lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + + change lvm.conf item external_device_info_source from none to udev + + bug-1179691_config-set-external_device_info_source-none.patch + lvm2:devicemapper +- lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + + change lvm.conf item external_device_info_source from none to udev + + bug-1179691_config-set-external_device_info_source-none.patch + mc +- Midnight Commander 4.8.27: + * Core + - Minimal version of Autoconf is 2.64 (#3603) + - Minimal version of Automake is 1.12 (#3986) + - Minimal version of Gettext is 0.18.2 (#3603) + - Minimal version of libssh2 is 1.2.8 (#4259) + - Reimplement version detection (#3603, #4249) + - Significantly reduce rebuilt time after version change (#2252, #4266) + - Drop automatic migration of configuration from ~/.mc to XDG-based directories (#3682) + - zsh: support custom configuration file: ~/.local/share/mc/.zshrc (#4203) + - Widgets: implement WST_VISIBLE state to show/hide widgets (#2919) + - Find File: add Follow symlinks option (#2020) + * VFS + - extfs: support unrar-6 (#4154) + - extfs: support official 7z binary (7zz) (#4239) + - ftpfs: apply file list parser from lftp project (#2841, #3174) + * Editor + - Word completion: get candidates from all open files (#4160) + - etags: get rid of hardcoded list length and window width (#4132) + - Update syntax files: + - python (#4140) + - Add syntax highlighting: + - Verilog and SystemVerilog? header files (#4215) + - JSON (#4250) + - openrc-run scripts (#4246) + * Viewer + * Diff viewer + * Misc + - Code clean up (#4179, #4173, #4269) + - Filehighlight of c++ and h++ files as sources (#4194) + - Filehighlight of JSON files as documents (#4250) + - Support of alacritty terminal emulator (​https://github.com/alacritty/alacritty) (#4248) + - Support of foot terminal emulator (​https://codeberg.org/dnkl/foot) (#4251) + - Support of (alt+)shift+arrow keys in st terminal emulator (st.suckless.org) (#4267) + - Mouse support in screen: don't check variable (#4233) + - mc.ext: support fb2 e-books (#4167) + - ext.d: use mediainfo to view info about various media files (#4167) + - Remove OS/distro-specific package-related stuff from source tree (#4217) + * Fixes + - FTBFS against NCurses on OS X 10.9.5 (#4181) + - Segfault on dialog before panels get visible (#4244) + - Crash if shadow is out of screen (build against NCurses) (#4192) + - Crash in search (#4222) + - Crash on startup with enabled subshell in FreeBSD (workaround) (#4213) + - Hang on start randomly with zsh as subshell (#4198) + - If command line is invisible it's partially displayed (#4182) + - Broken handling of zip archives (#4180, #4183) + - Broken handling of jar files as zip archives (#4223) + - Timestamps of symlinks, sockets, fifos, etc are not preserved after copy/move (#3985) + - %view action in the user menu doesn't work on no-exec filesystem (#4242) + - Hardlinks are not colored by file type or extension (#3375) + - mcedit: silent macro makes terminal disrupted (#4171) + - mcedit: disrupting of TAGS file path (#4207) + - vfs: unable to browse compressed tar archives (#4191) + - sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified + (discovered by AUT-milCERT during an audit of open source software) (#4259) + - ftpfs vfs: month of file is always January (#4260) + - Tests: log files are written by libcheck and automake simultaneously (#3986) +- Rebase mc-ext-audio.patch. +- Rebase mc-extd-sound.patch. + mozilla-nss +- Update FIPS validation string to version-release format. +- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC + from list of FIPS approved algorithms. + +- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID + for build. + +- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES + unapproved in FIPS mode (bsc#1192080). +- Update nss-fips-constructor-self-tests.patch to allow testing + of unapproved algorithms (bsc#1192228). +- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086). + This adds FIPS version indicators. +- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087). + Most of the relevant changes are already upstream since NSS 3.60. + nvme-cli +- Update to version 2.0-rc7: + * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) + * fabrics: keep the backward compatibility + * nvme: Do not slash escape strings in JSON output (bsc#1195937) + * nvme: Print full device path + * nvme-print: Make JSON keys consistent with nvme-cli 1.x + * nvme-print: print generic device in list command + * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) + * connect: Set errno to zero on nvmf_add_ctrl() success + * documenation updates +- Set path to systemctl via newly introduced config option +- Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename +- Moved bash completion script to /usr/share/bash-completion/completions/nvme + +- Update to version 2.0-rc6: + * nvme: print out ANA state for 'list-subsys' (bsc#1195938) + * nvme: Explicit initialize all command line options (bsc#1195945) + * nvme: Explicit initialize passthru command line options + * nvme: list_ns bug fix (csi option enable) + * nvme: nvme write bug fix (no parse for option) + * documenation updates + open-iscsi +- Update to latest upstream, including test cleanup, minor + bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). + +- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains + bug fixes and cleanups. See the Changelog for more details. + openldap2 +- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression + reporting is bsc#1197004 causing SSSD to have faults. + +- jsc#PM-3288 - restore CLDAP functionality in CLI tools + patterns-base +- Fix boo#1197892 again + * move sysvinit-tools to the right pattern + +- Add enhanced_base as recommends to transactional_server boo#1197913 + pcre2 -- Added 0001-Fixed-atomic-group-backtracking-bug.patch - * bsc#1187937 - * PHP 7.6.4 on s390x returns different results for preg_match - function as compared to older PHP versions and x86 - * Sourced from upstream subversion commit: - $ svn log -r965 svn://vcs.pcre.org/pcre2/code/trunk +- version update to 10.39 + * Fix incorrect detection of alternatives in first character + search in JIT + * Update to Unicode 14.0.0 +- 0001-Fixed-atomic-group-backtracking-bug.patch released for 15:Update + due to bsc#1187937 is already upstreamed + https://bugzilla.suse.com/show_bug.cgi?id=1187937#c7 + +- added patches + fix revert https://github.com/PhilipHazel/pcre2/commit/080d7789eba00b570181dfe28809b01aa88c01f8 + + pcre2-readd-wrappers-POSIX.patch + +- pcre2 10.38: + * Following Perl's lead, \K is now locked out in lookaround + assertions by default, but an option is provided to re-enable + the previous behaviour + +- pcre2 10.37: + * removal of the actual POSIX names regcomp etc. from the POSIX + wrapper library because these have caused issues for some + applications, replacing pcre2-symbol-clash.patch + * fix a hypothetical NULL dereference + * fix two bugs related to over-large numbers so the behaviour is + now the same as Perl + * Fix propagation of \K back from the full pattern recursion + * Restore single character repetition optimization in JIT + +- Remove regcomp, regexec etc. from libpcre2-posix. + (Add pcre2-symbol-clash.patch) + +- pcre2 10.36: + * add GNU grep's -m (aka --max-count) option to pcre2grep + * unify the handling of substitution strings for both -O and + callouts in pcre2grep, with the addition of $x{...} and + $o{...} to allow for characters whose code points are greater + than 255 in Unicode mode + +- Refresh spec-file via spec-cleaner. + * Add %make_build and %license macros. +- Update to 10.35 + * https://www.pcre.org/changelog.txt + * Use PCRE2_MATCH_EMPTY flag to detect empty matches in JIT. + * A JIT bug is fixed which allowed to read the fields + of the compiled pattern before its existence is checked. + * Added PCRE2_SUBSTITUTE_LITERAL. + * Avoid some VS compiler warnings. + * Added PCRE2_SUBSTITUTE_MATCHED. + * Added (?* and (?<* as synonms for (*napla: and (*naplb: + to match another regex engine. + * Fix *THEN verbs in lookahead assertions in JIT. + * Added PCRE2_SUBSTITUTE_REPLACEMENT_ONLY. + * The JIT stack should be freed when the low-level stack + allocation fails. + * Changed setting of CMAKE_MODULE_PATH in CMakeLists.txt from SET + to LIST(APPEND...) to allow a setting from the command line + to be included. + * Updated to Unicode 13.0.0. + * CMake build now checks for secure_getenv() and strerror(). + * Restrict the configuration setting for the SELinux compatible + execmem allocator (change 10.30/44) to Linux and NetBSD. + +- Resubmit the package (bsc#1167890, jsc#SLE-11608) + +- Enable JIT on aarch64 + +- pcre2 10.34: + * implement the documented maximum number of capturing + subpatterns of 65535 + * Improve the invalid utf32 support of the JIT compiler + * Add support for matching in invalid UTF strings to the pcre2_match() + * Give more error detail for invalid UTF-8 when detected in pcre2grep + * support for invalid UTF-8 to pcre2grep. + * Adjust the limit for "must have" code unit searching, in particular, + * increase it substantially for non-anchored patterns. + * Allow (*ACCEPT) to be quantified, because an ungreedy quantifier + with a zero minimum is potentially useful. + * Some changes to the way the minimum subject length is handled + * Check for integer overflow when computing lookbehind lengths + * Implement non-atomic positive lookaround assertions + * Upgraded to Unicode 12.1.0 + * Make pcre2test -C show if libreadline or libedit is supported + * Various bug fixes and improvements + +- Update to 10.33-RC1 to fix issue with LTO (boo#1133274). + * Callouts from pcre2_substitute() are now available. + * The POSIX functions are now all called pcre2_regcomp() etc., with wrapper + functions that use the standard POSIX names. However, in pcre2posix.h the POSIX + names are defined as macros. This should help avoid linking with the wrong + library in some environments, while still exporting the POSIX names for + pre-existing programs that use them. + * Some new options: + (a) PCRE2_EXTRA_ESCAPED_CR_IS_LF makes \r behave as \n. + (b) PCRE2_EXTRA_ALT_BSUX enables support for ECMAScript 6's \u{hh...} + construct. + (c) PCRE2_COPY_MATCHED_SUBJECT causes a copy of a matched subject to be + made, instead of just remembering a pointer. + * Some new Perl features: + (a) Perl 5.28's experimental alphabetic names for atomic groups and + lookaround assertions, for example, (*pla:...) and (*atomic:...). + (b) The new Perl "script run" features (*script_run:...) and + (*atomic_script_run:...) aka (*sr:...) and (*asr:...). + (c) When PCRE2_UTF is set, allow non-ASCII letters and decimal digits in + capture group names. + * --disable-percent-zt disables the use of %zu and %td in formatting strings + in pcre2test. They were already automatically disabled for VC and older C + compilers. + * Some changes related to callouts in pcre2grep: + (a) Support for running an external program under VMS has been added, in + addition to Windows and fork() support. + (b) --disable-pcre2grep-callout-fork restricts the callout support in + to the inbuilt echo facility. + +- Disable LTO (boo#1133274). + +- Do not run profiling in parallel for reproducible builds (boo#1040589) + +- Mark all license files as %license + +- Build with --enable-jit-sealloc option, otherwise when + selinux is enabled or systemd memory protections are on, + programs will fail to work with execmem violations. + +- pcre2 10.32: + * pcre2grep now supports the inclusion of binary zeros in + patterns that are read from files via the -f option. + * In pcre2_dfa_match(), internal recursive calls no longer use + the stack for local workspace and local ovectors + * Updated to Unicode version 11.0.0. + * (*ACCEPT:ARG), (*FAIL:ARG), and (*COMMIT:ARG) are now supported. + * Add support for \N{U+dddd}, but only in Unicode mode. + * Addesupport for (?^) to unset all imnsx options + +- Drop conditions for old distributions +- Do profile guided build permissions +- Update to version 20201225: + * whitelist ksysguard network helper (bsc#1151190) + polkit-default-privs +- Update to version 13.2+20220309.ce702da: + * backport of kpmcore whitelistng (bsc#1178848) + +- Update to version 13.2+20220307.7d87af8: + * Backport Kcron whitelisting to 15.4 (bsc#1193945) + procps +- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is + ignore SIGURG + python3 +- Update bundled pip wheel to the latest SLE version patched + against bsc#1186819 (CVE-2021-3572). + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + +- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch. + +- Don't use appstream-glib on SLE-12. +- Use Python 2-based Sphinx on SLE-12. +- No documentation on SLE-12. +- Add skip_SSL_tests.patch skipping tests because of patched + OpenSSL (bpo#9425). + qemu +- Build PPC firmwares from sources on non-PPC builds as well + (bsc#1193545) +- Build RiscV firmwares on non-RiscV builds as well +- While there, refactor (and simplify!) the firmware building + logic and code + * Patches added: + Makefile-define-endianess-for-cross-buil.patch + Makefile-fix-build-with-binutils-2.38.patch + +- qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host + bus adapter (bsc#1180432, CVE-2020-35503) + * Patches added: + hw-scsi-megasas-check-for-NULL-frame-in-.patch + +- Include vmxcap in the qemu-tools package (is being very useful + for debugging bsc#1193364) + +- The qemu package should require qemu-x86, qemu-arm, etc, as there's + no point installing it without _any_ of them. Additionally, right + now, the user does not get a working qemu, if recommended packages + are disabled (e.g., on MicroOS or SLE Micro). bsc#1196087 + +- Give clearer instructions on how to modify the package patches + from the output of update_git.sh (docs change only, no functional + change) + +- qemu,kvm: potential privilege escalation via virtiofsd + (bsc#1195161, CVE-2022-0358) + * Patches added: + virtiofsd-Drop-membership-of-all-supplem.patch + +* Patches added: + block-backend-Retain-permissions-after-m.patch + iotest-065-explicit-compression-type.patch + iotest-214-explicit-compression-type.patch + iotest-302-use-img_info_log-helper.patch + iotest-303-explicit-compression-type.patch + iotest-39-use-_qcow2_dump_header.patch + iotests-60-more-accurate-set-dirty-bit-i.patch + iotests-bash-tests-filter-compression-ty.patch + iotests-common.rc-introduce-_qcow2_dump_.patch + iotests-declare-lack-of-support-for-comp.patch + iotests-drop-qemu_img_verbose-helper.patch + iotests-massive-use-_qcow2_dump_header.patch + iotests-MRCE-Write-data-to-source.patch + iotests.py-filter-out-successful-output-.patch + iotests.py-img_info_log-rename-imgopts-a.patch + iotests.py-implement-unsupported_imgopts.patch + iotests.py-qemu_img-create-support-IMGOP.patch + iotests.py-rewrite-default-luks-support-.patch + iotests-specify-some-unsupported_imgopts.patch + qcow2-simple-case-support-for-downgradin.patch + tests-qemu-iotests-Fix-051-for-binaries-.patch + +-Backport patch from upstream, bsc#1194063 CVE-2021-4158 + * Patches added: + acpi-validate-hotplug-selector-on-access.patch + smartmontools -- Remove obsolete service parameter (bsc#1183699, - smartmontools-smartd-service.patch). +- Restart smartd and generate smartd_opts only if there are real + sysconfig changes; do not trigger generate_smartd_opts by YaST, + systemd is enough (bsc#1195785). + +- Update smartmontools-drivedb.h to the latest version from the + upstream branch RELEASE_7_2_DRIVEDB. + +- smartmontools-drivedb_h-update.sh: Fix update needed logic. +- Add smartmontools-drivedb.h, the latest version from the upstream + branch RELEASE_7_2_DRIVEDB. + +- update to 7.2: + - smartctl: New option '--json=y[c]' selects YAML output. + - smartctl '-i': Prints ATA TRIM and Zoned Device capabilities. + - smartctl '-j': Fixed 'scsi_grown_defect_list' value. + - smartctl '-a': Prints SCSI 'Accumulated power on time'. + - smartctl '-n POWERMODE': SCSI support. + - smartctl '-s standby,now' and '-s standby,off': SCSI support. + - smartctl '-c': NVMe 1.4 additions. + - smartd: Support for staggered self-tests. + - smartd: No longer writes attribute log if no attributes were read + due to standby mode or other error. + - smartd: Now resolves symlinks before device names are checked for + duplicates. + - smartd: Fixed SMARTD_DEVICETYPE environment variable if DEVICESCAN is + used without '-d TYPE'. + - ATA: Device type '-d jmb39x-q,N' for JMB39x protocol variant used by + some QNAP NAS devices. + - ATA: Device type '-d jms56x,N' for JMS562 USB to SATA RAID bridges. + - SCSI: Improved heuristics for log subpages of new and very old disks. + - NVMe: Log transfer size limited to avoid device or kernel crashes. + - NVMEe/USB: Device type '-d sntrealtek' for Realtek RTL9210 USB to + NVMe bridges. + - update-smart-drivedb: New option '--branch X.Y'. + - HDD, SSD and USB additions to drive database. + - Dropped support for pre-C99 snprintf(). + - configure: Dropped option '--without-working-snprintf'. + - configure: Fixed '-fstack-protector*' detection. + - Linux: Various fixes of smartd.service file (bsc#1183699). + - Darwin: NVMe log support. + - FreeBSD: Device scan does no longer include T_ENCLOSURE devices. + - NetBSD: Fixed timeout handling. + - NetBSD big endian: Fixed ATA register handling. + - OpenBSD: Fixed timeout handling. + - Windows: Dropped backward compatibility fixes for very old compilers. +- drop smartd-service-novm.patch (upstream) +- drop smartmontools-smartd-service.patch + (SLE+Leap, now in upstream, bsc#1183699) + +- Update to version 7.1: + * smartctl: Fixed bogus exception on unknown form factor value. + * smartctl '--json=cg': Suppresses extra spaces also in 'g' + format. + * smartctl '-i': ATA ACS-4 and ACS-5 enhancements. + * smartd: No longer truncates very long device names in warning + emails. + * smartd: No longer skips scheduled tests if system clock has + been adjusted to the past. + * smartd '-A': Attribute logs now use local time instead of UTC. + * ATA: Device type '-d jmb39x,N' for drives behind JMicron JMB39x + RAID port multipliers. + * SCSI: Workaround for incomplete Log subpages response from some + SAS SSDs. + * HDD, SSD and USB additions to drive database. + * Autodetection of '-d sntjmicron' type for JMicron USB to NVMe + bridges. + * Fixed segfault on CCISS transfer sizes > 512 bytes. + * Fixed smartd.service 'Type' if libsystemd-dev is not available. + * Fixed '/dev/megaraid_sas_ioctl_node' fd leak. + * Fixed GPL licensing problem of 'linux_nvme_ioctl.h' + (smartmontools#1226, + drop smartmontools-nvme_ioctl_h-license.patch). +- Update smartmontools.keyring. Developers use new key. +- smartmontools-drivedb_h-update.sh: Recognize equal files in + different commits. +- Drop smartmontools-nvme_ioctl_h-license.patch (SLE+Leap, + now in upstream, https://www.smartmontools.org/ticket/1226) +- Remove smartmontools-drivedb.h. No update available in the + upstream branch RELEASE_7_0_DRIVEDB. + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. system-users +- Buildrequire the updated sysuser-tools which supports busybox-adduser as well + systemd +- Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11) + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c + +- Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1 + f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) + 3349f636dc man: tweak description of auto/noauto (bsc#1191502) + +- update s390 udev rules conversion script to include the case when + the legacy rule was also 41-* (bsc#1195247) + * change scripts-udev-convert-rules.sh + systemd-rpm-macros +- Bump version to 11 + +- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406) + Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and + since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d... + sysuser-tools -- Furhter enhance sysusers-generate-pre: inside the build +- Disable systemd-sysuser on SLE15 to stay compatible + (disable-systemd-sysusers.patch) + +- Add support for new shell field [bsc#1189518] + +- Use /bin/bash for sysusers-generate-pre + +- Remove usage of grep from sysusers-generate-pre +- Add a simple test of sysusers-generate-pre to %check + +- Bump version up to 3.1. The --replace parameter only appeared in + systemd 238, so we need to ensure to get the update order correct + for sysuser-generate when using the 3rd command line parameters: + * systemd -> sysuser-tools -> system-{user|group}-FOO. +- Add dependency on systemd >=238 if systemd is installed to + sysuser-shadow +- update sysuser_requires to request sysuser-shadow 3.1 + +- Support systemd-sysusers --replace=/usr/lib/sysusers.d/ option +- sysusers-generate-pre: only use first argument for grep +- sysusers2shadow.sh: use "run" prefix for systemd-sysusers call +- macros.sysusers: fix typo + +- Use /usr/sbin/nologin instead of /sbin/nologin + +- Don't abort on unbound first argument + +- Remove sysusers/nscd workaround + +- Use systemd-sysusers only if /proc is mounted, don't require it + +- Set --replace option for systemd-sysusers + +- Ignore nscd return code + +- If systemd-sysusers is used to create a new user/group, invalidate + the nscd passwd and group cache to make the new user/group + visible immediately as workaround [bsc#1181121]. + Needs to be removed after sytemd-sysusers get's fixed, since we + invalidate the cache even if the user/group file wasn't changed. + +- An "u" in a sysusers.d file will create an user and a group. + Create provides for both, user and group. + +- Use systemd-sysusers as default to create and update the user + account. Fixes the problem that a modified sysusers config file + get's ignored by useradd and adduser [bsc#1180549]. + +- useradd_or_adduser_dep must be PreReq so ordering makes sure it gets + installed before. +- suggest shadow where useradd_or_adduser_dep is actually required + +- Avoid useless use of cat +- Simplify %sysusers_requires +- Drop shebang, rpm passes it to /bin/sh itself + +- Packages providing users need /usr/bin/cat installed to create + them. Add that to the PreRequires. + +- Create system groups for system users + +- Fix bug introduced by simplification of check for useradd -g +- Refactor use of sed away + +- Use eval set -- $LINE instead of read for parsing + +- Clean up sysusers2shadow and make it use only /bin/sh +- Don't let busybox adduser create the home directory, it breaks + permissions of e.g. /sbin (home of daemon) +- Use only /bin/sh in sysusers-generate-pre and the generated code + +- Drop use of tail from the generated %pre scriptlets + +- Look for /bin/busybox, too +- Add special handling for busybox and groups + +- Use suggests shadow to prefer that over busybox in normal systems + +- Add support for busybox adduser/addgroup +- Change requirements from shadow to useradd_or_adduser_dep + +- Fix default home directory [bsc#1105934] +- Use _rpmmacrodir for macro file + +- Further enhance sysusers-generate-pre: inside the build tcl -- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc. - -- bsc#1179615: TCL_LIBS in tclConfig.sh possibly breaks build on - newer service packs and is not needed for linking to a dynamic - libtcl anyway, so make it empty. +- New version 8.6.12: + * (bug)[d43f96] [string trim*] broken for Emoji + * (bug)[22324b] [string reverse] broken for Emoji + * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use + * (bug)[8419c5] Unix tty channels tolerate EINTR + * ** POTENTIAL INCOMPATIBILITY *** + * (bug)[4c591f] [string compare] EIAS violation + * (bug)[266494] [concat foo [list #]] EIAS violation + * (bug)[24b918] Save IO buffers from modern optimizers + * (new) support for POSIX error EILSEQ + * (bug)[688fcc] segfault during traced delete of alias + * (bug)[ccc448] segfault in ensemble rewrite machinery + * (new) Update to Unicode-14 + * (bug)[a8579d] failed proc argument spec processing + * Obsoletes tcl-aa4a13c15516da45.patch +- Bump %itclver and ensure it stays in sync. + +- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d . +- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5: + Add tcl-aa4a13c15516da45.patch to disable lto for the stubs + libraries. + +- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH +- Set TCL_LIBRARY at configure time for better consistency. + +- New version: 8.6.11: + * Add tcltest::(Setup|Eval|Cleanup|)Test + * Update to Unicode-13 + * Add 3 libtommath functions to stub table + * Many more bug fixes +- Potentially incompatible changes: + * (bug)[ffeb20] [binary decode base64] ignore invalid chars + * (bug)[b8e82d] some -maxlen values break uuencode round trip + * (bug)[085913] Tcl_DStringAppendElement # quoting precision + * (bug)[81242a] revised documentation for Tcl_UtfAtIndex() + * (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes + * (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24)) + * (bug)[501974] [clock scan] +time zone (clock-34.(53-68)) + * (new) force -eofchar \032 when evaluating library scripts + * (new)[48898a] improve error message consistency + * (new) revised case of module names + +- Add a manpage symlink for tclsh8.6. + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": lib64 == lib64. + +- New version: 8.6.10: + * (bug)[7a9dc5] [file normalize ~/~foo] segfault + * (bug)[3cf3a9] variable 'timezone' deprecated in vc2017 + * (bug)[cc1e91] [list [list {*}[set a " "]]] regression + obsoletes tcl-expand-regression.patch. + * (bug)[e3f481] tests var-1.2[01] + * (new) Update to Unicode 12.0 + * (new)[TIP 527] New command [timerate] + * (bug)[39fed4] [package require] memory validity + * (new) New command tcl::unsupported::corotype + * (bug) memlink when namespace deletion kills linked var + * (new) README file converted to README.md in Markdown + * (bug)[8b9854] [info level 0] regression with ensembles + * (bug)[6bdadf] crash multi-arg write-traced [lappend] + * (bug)[f8a33c] crash Tcl_Exit before init + * (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0 + * (bug)[fec0c1] C stack overflow compiling bytecode + * tzdata updated to Olson's tzdata2019c + * (bug)[16768d] Fix [info hostname] on NetBSD + * (new) libtommath updated to release 1.2.0 + * (bug)[bcd100] bad fs cache when system encoding changes + * (bug)[135804] segfault in [next] after destroy + * (bug)[13657a] application/json us text, not binary + +- binary-40.3 is expected to fail on riscv64 which does not support NaN + propagation + +- Use FAT LTO objects in order to provide proper static + library (boo#1138797). + +- Fix a regression in the handling of denormalized empty lists + (tcl-expand-regression.patch, tcl#cc1e91552c). + +- New version: 8.6.9: + * NR-enable [package require] + * (bug)[9fd5c6] crash in object deletion, test oo-11.5 + * (bug)[3c32a3] crash deleting object with class mixed in + * (platform) stop using -lieee, removed from glibc-2.27 + (bsc#1179615, bsc#1181840). + * (bug)[8e6a9a] bad binary [string match], test string-11.55 + * (bug)[1873ea] repair multi-thread std channel init + * (bug)[db36fa] broken bytecode for index values + * (bug) broken compiled [string replace], test string-14.19 + * (bug) [string trim*] engine crashed on invalid UTF + * (bug) missing trace in compiled [array set], test var-20.11 + * (bug)[46a241] crash in unset array with search, var-13.[23] + * (bug)[27b682] race made [file delete] raise "no such file" + * (bug)[925643] 32/64 cleanup of filesystem DIR operations + * (bug) leaks in TclSetEnv and env cache + * (bug)[3592747] [yieldto] dying namespace, tailcall-14.1 + * (bug)[270f78] race in [file mkdir] + * (bug)[3f7af0] [file delete] raised "permission denied" + * (bug)[d051b7] overflow crash in [format] + * revised quoting of [exec] args in generated command line + * HTTP Keep-Alive with pipelined requests + * (new)[TIP 505] [lreplace] accepts all out of range indices + * (bug) Prevent crash from NULL keyName in the registry package + * Update tcltest package for Travis support + * (bug)[35a8f1] overlong string length of some lists + * (bug)[00d04c] Repair [binary encode base64] +- Version 8.6.8: + * [array names -regexp] supports backrefs + * Fix gcc build failures due to #pragma placement + * (bug)[b50fb2] exec redir append stdout and stderr to file + * (bug)[2a9465] http state 100 continue handling broken + * (bug)[0e4d88] replace command, delete trace kills namespace + * (bug)[1a5655] [info * methods] includes mixins + * (bug)[fc1409] segfault in method cloning, oo-15.15 + * (bug)[3298012] Stop crash when hash tables overflow 32 bits + * (bug)[5d6de6] Close failing case of [package prefer stable] + * (bug)[4f6a1e] Crash when ensemble map and list are same + * (bug)[ce3a21] file normalize failure when tail is empty + * (new)[TIP 477] nmake build system reform + * (bug)[586e71] EvalObjv exception handling at level #0 + +- Sync SLE12 with Factory to fix a bug in Itcl that was affecting + iwidgets (bsc#903017). + texlive-specs-n -- Extend patch latexdiff_perl.dif to fix boo#1118796 yet an other - unescaped left brace with perl +- Also add some obsoletes -- Port back changes for bsd_glob of latexmk(.pl) (boo#1094731) +- Backport TeXLive 2021, full python3 support and no poppler anymore +- Add missed package splits for bsc#1196711 +- Skip patch latexmk_perl.dif as this is upstream in TL 2021 (bsc#1094731) +- Ignore patch latexdiff_perl.dif for bsc#1118796 as this is + already part of upstream TeXLive 2021 +- Ignore patch fancyhdr_newtoks.dif for bsc#1190640 as this is + already part of upstream TeXLive 2021 + +- Extend patch texlive-scripts_scripts.dif + * boo#1193473 -- /etc/cron.daily/suse-texlive from texlive causes warnings + OK make them silent + +- Do not touch shebang with patch latexdiff_p2top3.dif + +- Add the patches to convert python2 helper scripts to python3 + * ejpecp_p2top3.dif + * enctex_p2top3.dif + * latexdiff_p2top3.dif + * newcommand_p2top3.dif + * punknova_p2top3.dif + +- Add patch seminar_latex20200202.dif and patch prosper_utf8.dif + * Avoid latin1 characters and the caused warning about broken + enconding in the typeouts of prosper file + * Set lowest release of the LaTeX engine for seminar class + (boo#1185941) + +- Move python detection and correction to python3 + +- Change to using systemd-sysusers + +- Reenable pygmentex as now with python3 + +- Remove patch de-macro_p2top3.dif now upstream +- Port patches + * kpathsea_cnf.dif + * latexmk_conf.dif + * lilyglyphs_p2top3.dif (now only shebang corrected) + * luatex_cnf.dif + * luaotfload_varfonts.dif + * musixtex_various.dif + * texdoc_cnf.dif + * texlive-scripts_scripts.dif + +- Update to TeXLive 2021 + +- Rename patch lilyglyphs-8ffa820e4.dif to lilyglyphs_p2top3.dif +- Add patch de-macro_p2top3.dif + * Re-enable texlive-de-macro as required by extra binary package + +- Reenable package lilyglyphs by adding patch lilyglyphs-8ffa820e4.dif + from upstream repository + +- Skip packages which are based on python2 + +- Fix the fix for boo#1046104 reported by boo#1181691 + * Increase dict size which holds the font description + to fit with added descriptions of PostScript Type 1 + +- Enhance latexmk configuration, that is add a systemwide + configuration below /etc/texmf/latexmk/ as latexmk.conf (boo#1180789) + For this add patch latexmk_conf.dif + +- Enhance spec file generator to find missing .so man page + links for better dependency resolution (bsc#1171682) + +- Modify patch texdoc_cnf.dif to ignore tlpkg/texlive.tlpdb as + kpathsea uses the ls-R files as well + +- Correct obsoletes for new packages + +- Scan *.def files as well for RequirePackage + +- Add Requires to tex(epstopdf-base.sty) to fix package split + of texlive-epstopdf + +- Skip *-dev packages from file dependendcy scanner as otherwise + we see doubling name space for some style files like amsmath.sty + +- Add patch pythontex_p2top3.dif and a removes file to fully + switch pythontex packages of TeXLive to python3 + +- Update to TeXLive 2020 + * Port patches + kpathsea_cnf.dif + latexpand_perl.dif + luaotfload_varfonts.dif + luatex_cnf.dif + musixtex_various.dif + * Delete patches not needed anymore as files have moved + tetex_scripts.dif + * Delete patche updmap-map_roboto.dif as fixed upstream + * Add new patches to catch moved files + texlive-scripts-extra_scripts.dif + texlive-scripts_scripts.dif + * Add new patch xetex_conf.dif to fit FHS location + * Remove TeXLive installer files breaking rpm database + texlive-scripts.removes + +- Enhance spec file generator to catch more required style files + e.g. readarray.sty for verbatimbox.sty as reported in boo#1155752 + +- Correct path in patch updmap-map_roboto.dif + +- Add updmap-map_roboto.dif to update encoding mappings (boo#1143065) + +- Add /scripts/texdoc/Data.tlpdb.lua (boo#1146028) + +- Remove (texlive-)axessibility package as it has a nofree license: + Creative Commons Attribution-NonCommercial 4.0 License + +- Redo spec file generation to get the various scriplets back + +- Correct /etc/texmf/web2c/texmf.cnf (boo#1136314) + +- Update to TeXLive 2019 +- Modify patches + * kpathsea_cnf.dif + * latex2man_tmphandling.dif + * latexpand_perl.dif + * luaotfload_varfonts.dif + * luatex_cnf.dif + * musixtex_various.dif + * tetex_scripts.dif + * texdoc_cnf.dif +- Drop obsolate patches + * tex4ht_env.dif + * texdraw_info.dif +- Patch bbold_bbold11.dif move from texlive-specs-c.spec to + texlive-specs-b.spec +- Patch context_fourier-map.dif move from texlive-specs-f.spec to + texlive-specs-e.spec +- Will fix Bug boo#1131436: + texlive-fontawesome5 does not update updmap on install/uninstall + +- In texlive-ukrhyph-doc use en_GB instead of en_UK (boo#1123654) + +- Map many Language Description Files (ldf) to know hypen-packages (boo#1099475) + +- In case of having OpenType and/or TrueType fonts around do disable + the PostScript Type fonts for fontconfig (boo#1102986) + +- Update tetex_scripts.dif as also updmap.pl should use /usr/share/texmf + to find the perl TeXLive modules as well + +- Port *all* changes for texlive scripts from source.dif to texconfig_scripts.dif + +- Update tetex_scripts.dif as there is no /usr/share/texmf-dist here + +- Refresh stix.tar.xz to get missed fd files + +- Reorder requirements due rename texconfig to tetex + +- Respect rename of texconfig to tetex + +- Rename patch texconfig_scripts.dif to tetex_scripts.dif + +- Remove patch latexdiff_perl.dif now upstream + +- Remove patch algorithm2e_umlauts.dif now upstream + +- Switch over to TeXLive 2018 final 20180414 + +- First initial snapshot of TeXLive pre 2018 -- Make sure texconfig/update is run only once per transaction - -- Be aware that blanks may occure around RequirePackage (bnc#872559) - -- Remove superfluous xfs dependcies - -- Make Lua(La)TeX knowing about varfonts from mktex.cnf (bnc#847102) - -- Be aware that texlive scripts are now in the packages them self - -- Change /bin/env to /usr/bin/env in latexdiff tool below doc - -- Be aware that the package texlive-ascii-font is the former - texlive-ascii - -- Do not override TEXMFLOCAL with TEXMFMAIN as this is now TEXMFDIST - -- Drop dependency freeglut-devel of texlive-asymptote (bnc#833498) - -- Make sure that TEXMFMAIN is /usr/share/texmf now -- Replace texmf.cnf if really required that is do not install - as .rpmnew but move the old to .rpmold - -- Move leipzig.tex from doc/latex/leipzig/leipzig.tex to - tex/latex/leipzig/leipzig.tex - -- Update to TeXLive 2013 (timestamp 20130620) - + Distribution layout: the top-level texmf/ directory has been - merged into texmf-dist/, for simplicity. Both the TEXMFMAIN - and TEXMFDIST Kpathsea variables now point to texmf-dist. - + Many small language collections have been merged together, - to simplify installation. - + MetaPost: native support for PNG output and floating-point - (IEEE double) has been added. - + LuaTEX: updated to Lua 5.2, and includes a new library - (pdfscanner) to process external PDF page content, among - much else (see its web pages). - + XeTEX (also see its web pages for more): - The HarfBuzz library now used for font layout instead of ICU. - Graphite2 and HarfBuzz are used instead of SilGraphite for Graphite layout. - On Macs, Core Text is used instead of the (deprecated) ATSUI. - Prefer TrueType/OpenType fonts to Type1 when the names are the same. - Fix occasional mismatch in font finding between XeTEX and xdvipdfmx. - Support OpenType math cut-ins. - + xdvi: now uses FreeType instead of t1lib for rendering. - + microtype.sty: some support for XeTEX (protrusion) and LuaTEX - (protrusion, font expansion, tracking), among other enhancements. -- Update biblatex-biber to 1.7 -- Udpate biblatex of TeXLive 2013 to 2.7a - -- Let texlive-arev require tex(mdacmr.fd) (bnc#819867) -- Avoid line break in patch pgf_plain.dif (bnc#823273) - -- As lcdf-typetools does not support kpathsea nor search below - texmf tree build the texlive-lcdftypetools(-bin) packages again - and let them conflict with the lcdf-typetools package. - -- Asymptote binaries may have the same version as the format files - of the asymptote package it self (bnc#813032) - -- Change Obsoletes from < 2012+subversion to <= 2011 (bnc#811162) -- Let mathdesign require tex(texnansi.enc) (bnc#808731) -- Let biber-bin require perl(Text::BibTeX) (bnc#811258) -- Do not require xfs as we do not use xfs at all, otherwise we - have to add some more lua code in the %post scriptlet. - -- Avoid doubling mktex.opt content with excessive patch which had - lead that the original content overrides the new one (bnc#801727) - -- Work around missing support of %posttrans scriptlets in libzypp - due missing rpm option for not to execute those scriptlets (bnc#773575) - -- Add require texlive-metapost for texlive-dvips -- Add some more requires for latex-bin -- Add require pdftex.def for texlive-pdftex -- Do not reqiure package pgfmath in pgffor.sty (bnc#783252) - -- Use disturl for rpmbuild runs -- Aggregate licenses for meta spec file automatically - -- license update: GPL-2.0+ and LPPL-1.3c and GPL-3.0+ and MPL-1.1 and - LPPL-1.0 and OFL-1.1 and Apache-2.0 - Aggregate licenses for spec file without subpackages - -- Change font config semantic as the font directories below - /usr/share/fonts will be always found by freetype - -- Source validator does not like not applied patches - -- Correct path in pgf patch - -- Make the sub packagers texlive-spec-{a..z} valid for source - validator - -- Add patch to make pgf work with plain TeX (bnc#746719) - -- Make jadetex format build in posttrans scriptlet - -- Add some missed files -- Break cycle between latex and latex-bin - -- move lgrenc.dfu from doc to tex tree - -- Avoid dependency loops between kpathsea, tetex, and texconfig - with the main package texlive as otherwise the three packages - will be isntalled before texlive - -- Make sure that posttrans scriptlets will execute update script - -- Re-run generator script to add missed docfiles - -- Avoid failing scriptlets due slice split - -- Modify the runtime Makefile to allow to build slices from the - 2236 spec files may help to speed up the serial checks and - serial rpmlint run - -- Do not forget requirements of texlive-latex-bin - -- Add some minimal requirements for texlive-tex, texlive-latex, - texlive-luatex, and texlive-texinfo - -- Fix wrong placement of tex files -- Xecyr has only win executables - -- Simplify dependency chain(s) -- Allow pure source packages (knuth, latex-tds, ...) -- Allow empty packages (hyphen, bibtexu, ...) for dependencies - -- Make RPMlint happy - -- Make main spec file run several rpmbuild processes in parallel - -- Update to frozen/final 2012 (timestamp 20120611) - -- Avoid source url for all tar balls as our checkin script can not - handle snapshots nor is knowing about the infrastructure of the - upstream TeXLive server - -- Do not forget the sub package like doc and fonts - -- Suppress leading dot in build release number - -- Change version/release scheme -- Avoid to list optional loaded but not existing files as required - -- Add fix for latex2man insecure tmp file handling (bnc#758046) - -- Avoid making delcmdchanges.bash to be a text file - -- If MT_FEATURES includes varfonts and system default is not - writable choose $HOME/.cache/texmf/fonts - -- Make rpm lint happy - -- Initial packaging of TeXLive using package database texlive.tlpdb - that is we have now a lot small packages around - tigervnc +- U_0003-Update-Surface_X11.cxx.patch + * Fix to render properly considering endianness. + * bsc#1197119 + tk -- bsc#1181840: Same fix as for tkConfig.sh is needed for tk.pc. +- New version 8.6.12: + * (bug)[7beaed] ttk::bindMouseWheel syntax error + * (new) support 4 new keycodes: CodeInput, SingleCandidate, + MultipleCandidate, PreviousCandidate + * (new) Portable keycodes: OE, oe, Ydiaeresis + * (bug)[9e1312] to parent after child destroyed + * (bug)[d3cd4c] more robust notebook processing + * (bug)[234ee4] crash in [clipboard get] invalid encoding + * (bug)[be9cad] Poor trace housekeeping -> tkwait segfault + * (bug)[9b6065] restore Tcl [update], see window-2.12 + * (bug)[34db75,ea876b] cursor motion in peer text + * (bug)[c97464] memleak in TkpDrawAngledChars + * (bug)[171ba7] crash when grab and focus are not coordinated + * crash due to failed transient record housekeeping + * (bug)[099109] segfault reusing a container toplevel + * (bug)[4efbfe] static package init order in wish + * (bug)[033886] Win: hang in font loading + * (bug)[8ebed3] multi-thread safety in Xft use + * (new)[TIP 608] New virtual event <> -- bsc#1179615: TK_LIBS in tkConfig.sh possibly breaks build on - newer service packs and is not needed for linking to a dynamic - libtk anyway, so make it empty. +- Update to version 8.6.11.1 (still presenting itself as 8.6.11) + * Fixed issue in bindMouseWheel + +- Version 8.6.11: + * Fix TkKeyEvent platform variations + * ttk respect -cursor option + * MouseWheel for ttk::scrollbar + * fix fontconfig crash when no font installed + * fix tearoff menu redraw artifacts + * stop crash w/Noto Color Emoji font + * fix crash of angled text w/o Xft + * fix crash when active button is destroyed + * disfavor Master/Slave terminology + * many more bug fixes. + +- Fix manpage symlink for wish8.6. + +- Fix build with RPM 4.16: error: bare words are no longer + supported, please use "...": lib64 == lib64. + +- Version 8.6.10: + * (bug)[0a9c91] crash in text-11a.22 + * (bug)[9705d1] crash activating "Alt" theme + * (bug)[e3b954] cursor offset at full screen display + * (bug)[18a4ba] cross-platform [winfo containing] + * (build) 'None', 'ControlMask' symbol conflicts + * (bug)[509caf] [treeview tag configure] regression + * (bug)[3003895] [scale] res rounds and -from + * (new)[TIP 533] [$mb post x y idx] + * (bug)[1529659] embed toplevel blocks outer menu + * (bug)[8814bd] crash in [NSMenu size] + * (bug)[1951ab] Prevent transient window cycles (crashed on Aqua) + * ** POTENTIAL INCOMPATIBILITY *** + * (bug)[4da219] Incomplete read of multi-image GIF + * (new)[TIP 535] Precision of ::scale widget tick mark values + * ** POTENTIAL INCOMPATIBILITY *** + * (bug)[da3914] [$treeview identify element] failure + * (bug)[897ffe] Prevent cross-manager loops of geom management + * (bug)[368fa4] Prevent toggle of hidden treeview indicators + * (bug)[928652] Apply TIP 533 for ttk::menubutton + * (bug)[1001070] X-platform rework of label options -highlight* + * (bug)[6286fd] checkbutton handling of -selectcolor + * (bug) Ttk scrolling bugs, see tests treeview-9.1, entry-3.[3-6] + * (new)[TIP 541] [combobox current] support "end" index + * (bug)[2a6c62] <> trigger on item delete + * (bug)[75b8fb] Crash with some [event generate]d + * (bug)[5ddeca] Stop app switching exposing withdrawn windows as zombies + * (new) Refactor all MouseWheel bindings + * ** POTENTIAL INCOMPATIBILITY *** + * (bug)[c8ccd1] up array key in [text] takes to index 1.0 + * (new)[TIP 532] Tk event loop rewrite to prevent ring overflow + * ** POTENTIAL INCOMPATIBILITY *** + * (bug)[2834776] Stop disabled spinbox from generating + <> & <> + * (bug)[a01b6f7] Workaround XWayland bug reporting screen width + * (bug)[b82bd4] Fix [style configure -compound] + * (bug)[69b48f] failing test textTag-18.1 + * (bug)[c4abd2] panic in stackorder command + * (bug)[53d280] [wm iconphoto] crash on empty image + * [90d555] workaround NSFontManager bad selections + * (new) Partial Emoji support in text displays +- tk-8.5.12-fix-xft.patch is not needed anymore. + +- Use FAT LTO objects in order to provide proper static + library (boo#1138797). + +- Version 8.6.9: + * (platform) stop using -lieee, removed from glibc-2.27 + (bsc#1179615, bsc#1181840). + * (bug)[aa7679] crash using window after master destroyed + * (bug)[925262] New option -state for ttk::scale + * (bug)[fa8de7] Crash [ttk::checkbutton .x -variable {}] + * (bug)[382712] Crash in [event generate . ] + * (bug)[657c38] Crash in menu destroy with checkbutton entry + * (bug)[de156e] Deny PRIMARY selection access in safe interps + * (bug)[b68710] Fixes in [text] bindings + * (bug)[e20d5c] Stop failures of textTag-18.1 + * (bug)[5d991b] Fortify var traces against deleted vars + * (bug)[1821174] Stop RenderBadPicture X error + * (bug)[502e74] Stop X errors on untrusted connections + * (bug)[71b131] Regression in Tk_DrawChars() + * (bug)[59fccb] menu flaws when empty menubar clicked + * (bug)[7423f9] improved legacy support for [tk_setPalette] + * (bug)[de01e2] Crash in [$text replace] + * (bug)[135696] Crash in [wm transient] + * (bug)[309b42] Improve ttk high-contrast-mode support + * (bug)[fabed1] GIF photo support for "deferred clear code" + * (bug)[3441086] error message in layout-2 + * (bug)[05bd7f] vista theme for combobox + * (bug)[382712] crash in KeyPress event handling + * (bug)[6fcaaa] insertion cursor visibility in ttk::entry + * (bug)[822923] cascade menu indicator color + * (bug)[9658bc] borderwidth calculations on menu items + * (bug)[ca403f] treeview border drawing + * (bug)[4b555a] hang in [$text search -all] + * (bug)[6b22d4] [treeview] binding fix + +- Update tkcon.tcl to CVS revision 1.124: + * Use -underline clearly to disambiguate from new 8.6.6 option + - underlinefg + * prevent file edit from undoing loading of file + +- add explicit buildrequire on fontconfig-devel + +- Version 8.6.8: + * (bug)[f1a3ca] Memory leak in [text] B-tree + * (bug)[ee40fd] Report [console] init errors + * (bug)[3295446] Improve history visibility in [console] + * (bug)canvas closed polylines fully honor -joinstyle + * (bug)[cc42cc] out of mem crash in tests imgPhoto-18.* + * (bug)[3406785] fix coords rounding when drawing canvas items + * (bug)[8277e1] linux fontchooser sync with available fonts + * (bug)[5239fd] Segfault copying a photo image to itself + * (bug)[514ff6] canvas rotated text overlap detection + * (bug)[1e0db2] canvas rchars artifacts + * (bug)[d9fdfa] display of Long non-wrapped lines in text + * (bug)[dd9667] text anchor not set + * (bug)[bb6b40] ::tk::AmpMenuArgs and 'entryconf' + * (bug)[55b95f] Crash [scale] with a bignum value + * (bug)[ce62c8] text-37.1 fails + * (bug)[0ef1c5] OS X - tests menu-22.[345] hang + * (bug) display of embedded toplevels + * (bug)[73ba07] Correct property type for MULTIPLE conversion + * (bug) Memory leak in tkImgPhoto.c. + * (bug) Defeat zombie toplevels + * (bug) [wm withdraw] on Window and Dock menus + * (new)[TIP 477] nmake build system reform + +- Sync SLE12 with Factory to fix a bug in Itcl that was affecting + iwidgets (bsc#903017). -- Update to 8.6.2: - * Ocaml trouble with Tk and tailcall splice. - * Accept [image create -format PNG] (upper case). - * fix png wrong component indices - * PNG parser accept uppercase -format - * fix double free of a TkFont - * support PPM maxval up to 65535 - * fix multi-interp font teardown double free - * fix option file \n syntax support - * X: correct fontconfig dependence - * fix @TK_LIBS@ in pkgconfig - * fix autoscroll initiation - -- Add tk-fix-pkgconfig-file.patch to fix undefined linker flag - (@TK_LIBS@) in tk.pc pkgconfig file; patch sent upstream, see - https://core.tcl.tk/tcl/tktview?name=5bcb5026ad51abb7 . - update-alternatives +- break bash <-> update-alternatives cycle by coolo's rewrite + of %post in lua [bsc#1195654] + -- Use SUSE not SuSE. - -- add dpkg-ppc64le.diff (adds ppc64le architecture) - -- Add dpkg-sparc.diff to unbreak compilation on sparcv9 build - -- update to 1.16.10 - * Fix update-alternatives test suite to behave correctly on non-Debian - binary paths. Known to be affecting at least Gentoo and Mac OS X. - * Do not leak subcall command arguments in update-alternatives. - * Fix segfault on update-alternatives when passing --slave without any - action at all. lp#1037431 - -- update to 1.16.8 - -- update to 1.16.7 - * Print master and slave alternarive link names in update-alternatives - - -query and always print alternative link in --config. Closes: #679010 - * Check parsed integers for invalid or no digit errors in - update-alternatives. Check all parsed integers for out of range - errors. On "update-alternatives --install" only warn for now on - out of range priorities and clamp the values - -- fix the reworked patch - -- update to 1.16.3 -- reworked patch - -- update to 1.15.8.12 - * no changes, just keep in sync with deb - -- update to 1.15.8.11 -- remove unused tarballs and patches - -- Remove redundant tags/sections from specfile - (cf. packaging guidelines) -- Use %_smp_mflags for parallel build - -- update to 1.15.8.10 - bug fix release -- build it in the same source tree as package deb - -- update to 1.15.8.5 - * update-alternatives is now implemented in C -- fix bnc#647151 - update-alternatives: false claim in the description - * removed jpackage only part, as it's now don't have any sense - -- fix bnc#669716 - update-alternatives corrupt - the pack/unpack removal code broke the java update-alternatives file - util-linux +- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, + util-linux-libuuid-extend-cache.patch). + util-linux-systemd +- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, + util-linux-libuuid-extend-cache.patch). + wireless-tools +- Fix URLs (wireless-tools home page has been migrated to github.io) + +- install modprobe.conf files in %_modprobedir (bsc#1196275, jsc#SLE-20639) + +- Convert wireless-tools.changes to proper UTF-8 format: new + version of RPM are getting strict in interpreting files. + -- license update: GPL-2.0 - See line 22 of ifrename.c - -- Remove redundant tags/sections from specfile - -- update to 30.pre9: - o Create iwlib-private.h to minimise namespace pollution [iwlib] - o More fix to the 64->32bit band-aid for encode [iwlib] - o Update udev rule to remove a warning [19-udev-ifrename.rules] - (from Ritesh Raj Sarraf and Guus Sliepen) - o Propagate error codes out of main for get [iwconfig/iwlist/iwspy] - (From Guus Sliepen ) - o Remove spurious commands from Czech iwconfig manpage. - -- fixed typo in specfile; shall be /etc/modprobe.d/50-iwlagn.conf - -- added iwlagn.modprobe with option to enable 11n connections - options iwlagn 11n_disable=0 - -- iwl3945.modprobe added, bnc #556665 - -- remove inline hacking from iwlib.h, it breaks C++ - usage of iwlib.h - -- enable parallel build - -- fix build with --as-needed -- fix -devel package dependencies - -- use find_lang macro - -- Remove requires on libiw-devel, all dependend packages have been - checked and adjusted to use libiw-devel in BuildRequires - themselves. - -- disable as-needed for this package as it fails to build with it - -- Remove ipw2100.modprobe, the associate parameter already defaults - to 0 since 2.6.30 -- Update ipw2200.modprobe, the associate parameter already defaults - to 0 since 2.6.30 - -- Split libiw30 and libiw-devel out of wireless-tools - -- Update install_acx100_firmware and install_intersil_firmware - (bnc#486195) -- Update to 30pre8, changes: - o Workaround kernel bug when getting ESSID [iwlib/iwconfig/iwgetid] - o Enable scan buffer to grow up to 65535 instead of 32768 [iwlist] - o Return a proper error if scan result exceed buffer max [iwlist] - o Do above two fixes for the simple scan API [iwlib] - o Spelling and typos in [iwconfig.8] - -- renamed modprobe configs to /etc/modprobe.d/50-*.conf - (required by new module-init-tools). - xorg-x11-server +- U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch + * avoid consequently failing page flip (boo#1197269) + +- u_sync-pci-ids-with-Mesa-21.2.4.patch + * sync pci ids with Mesa 21.2.4 (related to boo#1197046) + +- U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch + U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch + U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch + U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch + * sync GL driver PCI IDs with Mesa (boo#1197046) + xscreensaver +- update to 6.03: + * New hacks squirtorus, mapscroller + * sphereeversion now has corrugation-mode, and can evert the Earth + * glplanet is higher resolution, and displays time zones + * glslideshow displays relative pathnames again + * X11: fixed sonar failing to ping on some Linux systems + * X11: Touch-screens work + * X11: Hold down Backspace to clear the whole password field (bsc#1196593) +- drop xscreensaver-6.02-marbling-std-c.patch + yast2 +- Extend the Package module to force using PackageSystem or + PackageAI without having the mode into account. +- AutoYaST: properly detect whether firewalld, bind and + yast2-dns-server packages are installed when cloning a system + (bsc#1196963). +- 4.4.47 + yast2-country +- Fixed French (Canada) keyboard layout (bsc#1196891): + Use "ca", not "ca-fr-legacy" +- 4.4.12 + yast2-installation +- Do not stop xvnc.socket but run the YaST2-Second-Stage and + YaST2-Firsboot services before it in order to prevent early + vnc connections (bsc#1197265) +-4.4.50 + +- Run the YaST2-Second-Stage and YaST2-Firsboot services after + purge-kernels to prevent a zypper lock error message + (bsc#1196431). +- 4.4.49 + +- Prevent getty auto-generation because it makes xvnc to fail when + it is started in YaST second stage (bsc#1196614). +- 4.4.48 + yast2-network +- Display the network configuration in the AutoYaST user interface + (see bsc#1197019). +- 4.4.45 + yast2-packager +- Read the products from libzypp in installed system, fixes crash + during online migration (related to jsc#SLE-17309) +- 4.4.26 + +- do not keep file handle to repo metadata open accidentally (bsc#1196061) +- 4.4.25 + yast2-security +- Always check for the package in the underlying system when + trying to detect if running on systemd (bsc#1196963). +- 4.4.13 + yast2-trans +- Update to version 84.87.20220313.3dfcfc0d1f: + * Translated using Weblate (Hindi) + * Translated using Weblate (Polish) + * New POT for text domain 'base'. + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Hindi) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * New POT for text domain 'packager'. + * New POT for text domain 'autoinst'. + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Indonesian) +