------------------------------------------------------------------ --- Changelog.all ----------- Sat May 28 16:52:24 UTC 2022 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2022-5-28 - May 28 2022 ------------------- ------------------------------------------------------------------ ++++ instlux: - upgraded to 15.4.1. * Set Leap 15.4 as default (latest stable) ------------------------------------------------------------------ ------------------ 2022-5-23 - May 23 2022 ------------------- ------------------------------------------------------------------ ++++ nextcloud: - Update to 23.0.5 * Fix boo#1199812 - CVE-2022-29163 (CWE-671): User can create a link that is not password protected even if the administrator requires it * Changes - Use the nextcloud certificate bundle for s3 (server#31818) - Federated share performance improvements (server#31902) - Principal search by display name case insensitive (server#31976) - Log why the login token can’t be used for credentials (server#31978) - Bump babel-loader from 8.2.4 to 8.2.5 (server#32100) - Bump moment from 2.29.2 to 2.29.3 (server#32101) - Fix showing of all apps are up-to-date in apps management (server#32115) - Do not update _lastChanged on auto-detected attributes (server#32120) - Tell mysql to ignore the sort index for search queries (server#32124) - Get not only time-sensitive next job from list but any when not in cron-mode (server#32131) - Update description of cronjob settings to be aligned to the documenta… (server#32135) - Fx translations with trailing colon (server#32160) - L10n: Change apostrophe (server#32174) - Fix social sharing buttons (server#32182) - Don’t use plain URL on the email subject (server#32247) - Don’t use hash to check if binding worked (server#32284) - Fix preview generator trying to recreate an existing folder (server#32323) - Fix for transferring ownership of groupfolders (server#32330) - Bump @testing-library/vue from 5.8.2 to 5.8.3 (server#32334) - Explicitly close div element (server#32417) - Fix user agent trimming on installation (server#32420) - Show user account on grant loginflow step (server#32422) - Add Email validation (server#32474) - Fix array key on import() (circles#1027) - Switch to getOption() (circles#1043) - Add new diagram templates (example-files#24) - Update phpunit workflows (files_pdfviewer#600) - Prevent video file downloads when there is a download limit (files_videoplayer#276) - Fix password generation (password_policy#358) - Bump babel-loader from 8.2.4 to 8.2.5 (privacy#764) - Build(deps): bump prosemirror-view from 1.23.12 to 1.23.13 (text#2348) - Improve preloading (viewer#1232) - Changes from 23.0.4 - Run tests with primary object storage in CI + large upload fixes (server#31453) - User_ldap fix ldap connection resets #31421 (server#31514) - Validate overwrite.cli.url to be a url in setup check (server#31518) - Fix duplicated UUID detection when there are empty uuids (server#31521) - Fix occ user:add-app-password (server#31536) - Fix the logger that is imported for critical actions (server#31540) - Toggle profile globally (server#31624) - Improve imagick, bcmath and gmp extension warnings (server#31634) - Add optional WebDav propfind properties to count sub elements (server#31641) - Fix listeners declaration in case of occ usage (server#31656) - Do not forget DB table prefix with truncate query (server#31666) - Limit the length of app password names (server#31678) - Add OPcache recommendations to Transifex (server#31705) - Bump babel-loader from 8.2.3 to 8.2.4 (server#31721) - Add oauth2_clients migration for Owncloud (server#31730) - Don’t create cards_abiduri it if already exists (server#31733) - Show that the web updater is not recommended on big instances (server#31740) - Add direct arg to login flow (server#31748) - Wrap oauth2 migrations inside conditions (server#31774) - Fix assignment of the LDAP Wizard connection (server#31785) - Fix ldap wizard styling (server#31804) - Bump guzzlehttp/psr7 from 1.8.3 to 1.8.5 (server#31821) - Ignore errors when searching for bundled preview (server#31831) - Deduplicate storage ids in list before reusing (server#31835) - Dont re-query fileinfo when getting dav quota (server#31836) - Take permissions from multiple paths into account for share permissions (server#31846) - Log in audit log federated shares events (server#31856) - Update autoloaders and Node package-lock.json (server#31862) - Fix incorrect if conditions in View (server#31878) - Do not decorate the CLI output if it’s explicitly turned off (server#31880) - Fix _App::getCurrentApp() when being called from CLI or phpunit (server#31882) - Bump moment from 2.29.1 to 2.29.2 (server#31913) - Fix shared mount roots not being returned from getSharesInFolder (server#31923) - Confirm user is internal to globalscale (server#31940) - AmazonS3: allow not implemented versioning (server#31946) - Fix accept/reject remote share action (server#31949) - Update CRL after revocation of socialsharing_telegram.csr (server#31955) - Fix LDAP Dark Theme Issue (server#31968) - Bump guzzlehttp/psr7 from 1.8.3 to 1.8.5 (3rdparty#1016) - Fallback to the admin settings if the user did not configure it (activity#781) - Bypass/limit permissions (circles#1001) - Update memberships on path change (circles#1007) - Check owner attendance (circles#1010) - Remove child shares (circles#1015) - Update displayName (circles#1017) - Oracle support (circles#978) - Limit some feature when Circles is managed by an app (circles#982) - Use stable23 for oci tests (circles#985) - Missing $prec (circles#995) - Update population (circles#997) - Disable social recommendation (firstrunwizard#693) - Fix settings navigation order (firstrunwizard#697) - Bump babel-loader from 8.2.3 to 8.2.4 (privacy#752) - Build(deps): bump prosemirror-view from 1.23.7 to 1.23.9 (text#2233) - Build(deps): bump prosemirror-view from 1.23.9 to 1.23.10 (text#2259) - Build(deps): bump prosemirror-view from 1.23.10 to 1.23.11 (text#2274) - Fix: menu bubble size at the end of the line (text#2277) - Build(deps): bump prosemirror-view from 1.23.11 to 1.23.12 (text#2286) - Properly cancel and reset ongoing streams when unmounting (viewer#1208) - Changes from 23.0.3 - Allow writing audit log to syslog and systemdlog (server#30852) - Allow to disable AuthToken v1 (server#30949) - Add primary key for ratelimit table (server#30965) - Bump samba images in tests (server#30967) - Update variables.scss - Fallback font before Noto Color Emoji (server#30969) - Show if the mail server settings are not set or verified (server#30998) - Use the unjailed-path in OC_Helper::getStorageInfo() for files located in SharedStorage. (server#30999) - Fix: Birthday events missing after reimporting contacts (server#31000) - Bump clipboard from 2.0.9 to 2.0.10 (server#31023) - Fix bugs with incorrect currentFileList in the favorite and share by you view (server#31050) - Allow specify a config prefix for another database connection (server#31059) - Don't provide favorite activity settings (server#31084) - Only setup part of the filesystem for appdata requests (server#31098) - Allow sub-admins to access delegated settings. (server#31102) - Ignore contact interaction with self (server#31120) - Fix overlapping buttons in apps-management (server#31179) - Fix typo in DAV namespace registration (server#31183) - Fix a broken tooltip (server#31184) - Improve user status revert performance (server#31192) - Fix path handling when transferring incoming shares (server#31204) - Bump dompurify from 2.3.5 to 2.3.6 (server#31226) - Improve caching policy use immutable when loading versionned assets (server#31244) - Hide download button for images (server#31253) - Don't redirect when loading files index page (server#31255) - Consider only reminders with calendar data (server#31262) - Also cache non-existing to reuse it (server#31297) - Ignore cache in occ ldap:check-ldap command (server#31299) - Wrap S3 multipart upload exception (server#31302) - Fix ldap:check-user method for newly created LDAP users (server#31306) - Avoid PHP errors in the checkers drone step (server#31313) - Background job time windows (server#31318) - Mark split database configs as sensitive (server#31331) - Update CRL after revocation of rocket_integration.csr (server#31350) - Bump backbone from 1.4.0 to 1.4.1 (server#31369) - Make Sabre File exception messages translatable (server#31392) - Censor more configs (server#31399) - Don't set up full filesystem to check for certificates (server#31401) - Also use hashed/indexed column on delete (server#31402) - Fix caching of the user avatar (server#31410) - Fix duplicate primary email message (server#31412) - Fix developer link (server#31423) - Fix fileactions for sharing overview (server#31424) - Prevent default right-click options when hideDownload is enabled (server#31427) - Fix return type of avatar file (server#31432) - Fix "Nextcloud is not allowed to use the OPcache API" warning (server#31437) - Add Nextcloud docs link to OPcache recommends (server#31438) - Be conservative when reading from fresh created column (server#31442) - Init user's file system if not existing on ownership transfer (server#31445) - Use persistent connections when connecting to redis (server#31450) - Fix settings error message timeout (server#31457) - Connectivity check: allow using the protocol in 'connectivity_check_domains' (server#31479) - Add option to disallow creation of local storages (server#31481) - Fix too many file download notifications when watching a video (server#31485) - Fix new file menu (server#31490) - Fix listeners declaration in case of occ usage (server#31529) - Fix user status not resetting correctly after a call (server#31543) - Prevent reading key on SFTP stat bool (server#31547) - Fix more than 1000 entries in queries exception in CardDavBackend (server#31550) - Update CRL after revoke deckimportfromtrello.csr (server#31618) - Revert "Fix listeners declaration in case of occ usage" (server#31642) - Try to reduce the load from writing (activity#731) - Allow specify a config prefix for another database connection (activity#735) - Adjust nextcloud lib version (activity#739) - Make background job time insensitive (activity#741) - Fix cached circle returning bool before being parsed as JSON (circles#932) - MembershipsService -> membershipService (circles#934) - Block/force circle types (circles#938) - Set member as INVITED only if not external (circles#940) - Allow configuration of one single password per circle (circles#944) - Display spent time on request (circles#949) - Lighter SQL requests and compat with Oracle (circles#956) - Update population (circles#959) - Fix PrimaryKey on circles_event (circles#965) - Fix import (circles#970) - Only refresh notifications once with notify push (notifications#1155) - Improve mass notification processing (notifications#1156) - Bump url-parse from 1.5.4 to 1.5.10 (photos#1043) - Fix privacy UI with subscription (privacy#707) - Bump vue-loader from 15.9.6 to 15.9.8 (privacy#712) - Bump @nextcloud/babel-config from 1.0.0-beta.1 to 1.0.0 (privacy#715) - Bump @babel/core from 7.13.15 to 7.13.16 (privacy#718) - Bump eslint-import-resolver-webpack from 0.13.0 to 0.13.2 (privacy#721) - Bump babel-loader from 8.2.2 to 8.2.3 (privacy#724) - Bump sass from 1.32.10 to 1.32.13 (privacy#731) - Bump vue and vue-template-compiler (privacy#732) - Bump eslint-config-standard from 16.0.2 to 16.0.3 (privacy#733) - Bump node-polyfill-webpack-plugin from 1.1.0 to 1.1.4 (privacy#734) - Bump eslint-webpack-plugin from 2.5.3 to 2.5.4 (privacy#738) - Add index for last_contact in text_sessions table (text#2147) - Use file.path to track EditorWrapper instances more accurately (text#2150) - Build(deps): bump prosemirror-transform from 1.3.3 to 1.3.4 (text#2159) - Fix: only apply bullet style to ul > li (text#2195) - Build(deps): bump prosemirror-view from 1.23.6 to 1.23.7 (text#2207) - Fix: update psalm baseline to account for changes in server (text#2208) - Derpgon cz fix/stable23/image data urls (text#2210) - Display content first and then load menus (text#2228) - Build(deps-dev): bump @babel/plugin-proposal-class-properties from 7.16.0 to 7.16.7 (viewer#1171) - Build(deps-dev): bump @nextcloud/webpack-vue-config from 4.1.0 to 4.1.4 (viewer#1174) - Build(deps): bump camelcase from 6.2.0 to 6.2.1 (viewer#1175) - Build(deps): bump @nextcloud/event-bus from 2.1.0 to 2.1.1 (viewer#1176) - Build(deps-dev): bump @cypress/browserify-preprocessor from 3.0.1 to 3.0.2 (viewer#1178) - Build(deps-dev): bump @nextcloud/eslint-config from 6.1.0 to 6.1.2 (viewer#1179) - Build(deps-dev): bump wait-on from 6.0.0 to 6.0.1 (viewer#1180) ++++ openSUSE-EULAs: - Update to version 84.87.20220520.1491bf6: * license for Mesa-dri-nouveau no longer needed (boo#1186721) * Prepare for deepin-feature-enable ------------------------------------------------------------------ ------------------ 2022-5-19 - May 19 2022 ------------------- ------------------------------------------------------------------ ++++ openSUSE-EULAs: - Update to version 84.87.20220225.c939427: * Use https instead of git ------------------------------------------------------------------ ------------------ 2022-5-17 - May 17 2022 ------------------- ------------------------------------------------------------------ ++++ grass: - Use python3 on Leap 15.4 ++++ kicad: - Use python3 on Leap 15.4 ------------------------------------------------------------------ ------------------ 2022-5-16 - May 16 2022 ------------------- ------------------------------------------------------------------ ++++ clustershell: - Disable py2 support on Leap 15.4 ++++ patterns-lxde: - Remove Resommends lxcc, lxcc will be deleted ------------------------------------------------------------------ ------------------ 2022-5-13 - May 13 2022 ------------------- ------------------------------------------------------------------ ++++ autotrace: - biWidth*biBitCnt integer overflow fix (bsc#1182158, CVE-2019-19004, CVE-2019-19004.patch). - Bitmap double free fix (bsc1182159, CVE-2019-19005, CVE-2017-9182, CVE-2017-9190, CVE-2019-19005.patch). ------------------------------------------------------------------ ------------------ 2022-5-11 - May 11 2022 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 101.0.4951.64 (boo#1199409) * CVE-2022-1633: Use after free in Sharesheet * CVE-2022-1634: Use after free in Browser UI * CVE-2022-1635: Use after free in Permission Prompts * CVE-2022-1636: Use after free in Performance APIs * CVE-2022-1637: Inappropriate implementation in Web Contents * CVE-2022-1638: Heap buffer overflow in V8 Internationalization * CVE-2022-1639: Use after free in ANGLE * CVE-2022-1640: Use after free in Sharing * CVE-2022-1641: Use after free in Web UI Diagnostics ++++ kernel-64kb: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-azure: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-default: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ dtb-aarch64: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ htmldoc: - security update - added patches fix CVE-2022-27114 [bsc#1199370], image_load_jpeg can cause integer overflow + htmldoc-CVE-2022-27114.patch ++++ kernel-debug: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-source: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-source-azure: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-docs: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-kvmsmall: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-obs-build: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-obs-qa: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-syms: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-syms-azure: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ kernel-zfcpdump: - PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (bsc#1199405). - PCI: vmd: Assign VMD IRQ domain before enumeration (bsc#1199405). - commit 93b2923 ++++ release-notes-openSUSE: - Fix double-byte languages segfaulting (boo#1199388) - Change git:// to https:// in _service file - Clean up spec file ------------------------------------------------------------------ ------------------ 2022-5-10 - May 10 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-azure: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-default: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ dtb-aarch64: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-debug: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-source: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-source-azure: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-docs: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-kvmsmall: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-obs-build: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-obs-qa: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-syms: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-syms-azure: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ kernel-zfcpdump: - Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) - commit 49db222 - btrfs: qgroup: fix deadlock between rescan worker and remove qgroup (bsc#1199295). - btrfs: fix deadlock between quota disable and qgroup rescan worker (bsc#1199295). - commit 0d6264b ++++ orthanc: - version 1.11.0 * new API version 1.7 * new configuration parameter * for detailed changelog see NEWS ++++ orthanc-dicomweb: - Version 1.8 * Show an error message when trying to send studies > 4GB via STOW-RS * Optimized QIDO-RS to build its responses from DB if tags are saved in "ExtraMainDicomTags". * New configuration "PublicRoot" ++++ python-scikit-image: - Skip test_imageio_truncated_jpg test ------------------------------------------------------------------ ------------------ 2022-5-9 - May 9 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-azure: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-default: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ dtb-aarch64: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-debug: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-source: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-source-azure: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-docs: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-kvmsmall: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-obs-build: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-obs-qa: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-syms: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-syms-azure: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ++++ kernel-zfcpdump: - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - commit d8dc579 - Correct a typo in the patch reference for hisilicon fix (bsc#1198240) - commit 358b264 ------------------------------------------------------------------ ------------------ 2022-5-6 - May 6 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-azure: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-default: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ dtb-aarch64: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-debug: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-source: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-source-azure: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-docs: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-kvmsmall: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-obs-build: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-obs-qa: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-syms: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-syms-azure: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ kernel-zfcpdump: - cifs: fix NULL ptr dereference in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit e7a2e2d - cifs: prevent bad output lengths in smb2_ioctl_query_info() (CVE-2022-0168 bsc#1197472). - commit 3a95308 ++++ slurm: - Add 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations as part of CVE-2022-29500: This new option provides additional protection against a potential exploit. - Update to 20.11.9: * burst_buffer - add missing common directory to the Makefile SUBDIRS. * sacct - fix truncation when printing jobidraw field. * GRES - Fix loading state of jobs using --gpus to request gpus. * Fix minor logic error in health check node state output * Fix GCC 11.1 compiler warnings. * Delay steps when memory already used instead of rejecting step request. * Fix memory leak in the slurmdbd when requesting wckeys from all clusters. * Fix determining if a reservation is used or not. * openapi/v0.0.35 - Honor kill_on_invalid_dependency as job parameter. * openapi/v0.0.36 - Honor kill_on_invalid_dependency as job parameter. * Fix various issues dealing with updates on magnetic reservations that could lead to abort slurmctld. * openapi/v0.0.36 - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.36 - Clear user hold on job update if hold=false. * Fix slurmctld segfault due to a bit_test() call with a MAINT+ANY_NODES reservation NULL node_bitmap. * Fix slurmctld segfault due to a bit_copy() call with a REPLACE+ANY_NODES reservation NULL node_bitmap. * Fix error in GPU frequency validation logic. * Fix error in pmix logic dealing with the incorrect size of buffer. * PMIx v1.1.4 and below are no longer supported. * Fix shutdown of slurmdbd plugin to correctly notice when the agent thread finishes. * Fix slurmctld segfault due to job array --batch features double free. * CVE-2022-29500 - Prevent credential abuse (bsc#1199278). * CVE-2022-29501 - Prevent abuse of REQUEST_FORWARD_DATA (bsc#1199279). - Update to 20.11.8: * slurmctld - fix erroneous "StepId=CORRUPT" messages in error logs. * Correct the error given when auth plugin fails to pack a credential. * Fix unused-variable compiler warning on FreeBSD in fd_resolve_path(). * acct_gather_filesystem/lustre - only emit collection error once per step. * srun - leave SLURM_DIST_UNKNOWN as default for --interactive. * Add GRES environment variables (e.g., CUDA_VISIBLE_DEVICES) into the interactive step, the same as is done for the batch step. * Fix various potential deadlocks when altering objects in the database dealing with every cluster in the database. * slurmrestd - handle slurmdbd connection failures without segfaulting. * slurmrestd - fix segfault for searches in slurmdb/v0.0.36/jobs. * slurmrestd - remove (non-functioning) users query parameter for slurmdb/v0.0.36/jobs from openapi.json * slurmrestd - fix segfault in slurmrestd db/jobs with numeric queries * slurmrestd - add argv handling for job/submit endpoint. * srun - fix broken node step allocation in a heterogeneous allocation. * Fail step creation if -n is not multiple of --ntasks-per-gpu. * job_container/tmpfs - Fix slowdown on teardown. * Fix problem with SlurmctldProlog where requeued jobs would never launch. * job_container/tmpfs - Fix issue when restarting slurmd where the namespace mount points could disappear. * sacct - avoid truncating JobId at 34 characters. * scancel - fix segfault when --wckey filtering option is used. * select/cons_tres - Fix memory leak. * Prevent file descriptor leak in job_container/tmpfs on slurmd restart. * slurmrestd/dbv0.0.36 - Fix values dumped in job state/current and job step state. * slurmrestd/dbv0.0.36 - Correct description for previous state property. * perlapi/libslurmdb - expose tres_req_str to job hash. * scrontab - close and reopen temporary crontab file to deal with editors that do not change the original file, but instead write out then rename a new file. * sstat - fix linking so that it will work when --without-shared-libslurm was used to build Slurm. * Clear allocated cpus for running steps in a job before handling requested nodes on new step. * Don't reject a step if not enough nodes are available. Instead, defer the step until enough nodes are available to satisfy the request. * Don't reject a step if it requests at least one specific node that is already allocated to another step. Instead, defer the step until the requested node(s) become available. * slurmrestd - add description for slurmdb/job endpoint. * Better handling of --mem=0. * Ignore DefCpuPerGpu when --cpus-per-task given. * sacct - fix segfault when printing StepId (or when using --long). ++++ orthanc: - switched source urls to https ++++ rsyslog: - (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP syslog reception (bsc#1199061) * add CVE-2022-24903.patch ------------------------------------------------------------------ ------------------ 2022-5-5 - May 5 2022 ------------------- ------------------------------------------------------------------ ++++ civetweb: - do not load libcrypto/libssl dynamically, just link against them (bsc#1199047) ++++ kernel-64kb: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-azure: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-default: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ curl: - Securiy fix: [bsc#1199223, CVE-2022-27781] * CERTINFO never-ending busy-loop * Add curl-CVE-2022-27781.patch - Securiy fix: [bsc#1199224, CVE-2022-27782] * TLS and SSH connection too eager reuse * Add curl-CVE-2022-27782.patch ++++ dtb-aarch64: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ enlightenment: - Recommend acpid for bindings (Should now remove popup) [boo#1196609] - system.conf allow all users, this is required because we no longer automatically add people to the users group. [boo#1196609] ++++ enlightenment: - Recommend acpid for bindings (Should now remove popup) [boo#1196609] - system.conf allow all users, this is required because we no longer automatically add people to the users group. [boo#1196609] ++++ kernel-debug: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-source: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-source-azure: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-docs: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-kvmsmall: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-obs-build: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-obs-qa: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-syms: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-syms-azure: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ kernel-zfcpdump: - Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch (bsc#1189999 (Scheduler functional and performance backports) stable-5.14.4 bsc#1197446 ltc#183000). - commit 65227e4 - Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). - commit 0d949cf - Update patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch (stable-5.14.12 CVE-2021-20321 bsc#1191647). - commit babea76 ++++ pcre2: - do not enable jit-sealloc [bsc#1182864] [bsc#1199208] - enable jit for s390x [bsc#1199196] ++++ lxd: - Update to LXD 5.1. The full upstream changelog is available from: https://discuss.linuxcontainers.org/t/lxd-5-1-has-been-released/13956 boo#1199216 + Sysinfo system call interception + lxc cluster role sub-command * lxc storage volume info shows volume total size + Configurable host network interface naming pattern * Overrideable evacuation mode * Setting profiles during an image copy - Backport upstream patch to fix build on x32 systems. + 0001-lxd-secommp-Fix-sysinfo-syscall-interception-on-32-b.patch - Make CRIU a Recommends so that we can still use LXD on 32-bit openSUSE. - Update to LXD 4.24. The full upstream changelog is available from: https://discuss.linuxcontainers.org/t/lxd-4-24-has-been-released/13550 boo#1199215 This is the last release before LXD 5.0 (which does not support the Leap 15.3 kernel -- LXD 5.0 requires kernel 5.4 or newer). Thus this will be the last LXD release for Leap 15.3. + lxc file mount and new files API + Cluster event hub role * Reworked lxc storage volume info + AppArmor profiles for image extractors + Grafana dashboard + Degraded startup (missing disk) + restricted.containers.interception project option + core.metrics_authentication server option + Network interface name and MTU in virtual machines + I/O uring support for VM storage + ipv4.neighbor_probe and ipv6.neighbor_probe NIC options ++++ python-poppler-qt5: - Update to 21.3.0: Fix #43: Building 21.1.0 fails with unsupported function return type by Ben Greiner - Drop patch merged upstream: * python-poppler-qt5-mapqvector.patch - Drop support for sip4, which means only 15.4 and higher are now supported (also solves boo#1198526) ++++ yast2-registration: - Import the SSL certificate from the AutoYaST data also in the self-update step (bsc#1199091) - 4.4.21 - Fixed importing SSL certificates (bsc#1195220) (by jacek.tomasiak@gmail.com) - 4.4.20 ------------------------------------------------------------------ ------------------ 2022-5-4 - May 4 2022 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 101.0.4951.54 (boo#1199118) - Chromium 101.0.4951.41 (boo#1198917) * CVE-2022-1477: Use after free in Vulkan * CVE-2022-1478: Use after free in SwiftShader * CVE-2022-1479: Use after free in ANGLE * CVE-2022-1480: Use after free in Device API * CVE-2022-1481: Use after free in Sharing * CVE-2022-1482: Inappropriate implementation in WebGL * CVE-2022-1483: Heap buffer overflow in WebGPU * CVE-2022-1484: Heap buffer overflow in Web UI Settings * CVE-2022-1485: Use after free in File System API * CVE-2022-1486: Type Confusion in V8 * CVE-2022-1487: Use after free in Ozone * CVE-2022-1488: Inappropriate implementation in Extensions API * CVE-2022-1489: Out of bounds memory access in UI Shelf * CVE-2022-1490: Use after free in Browser Switcher * CVE-2022-1491: Use after free in Bookmarks * CVE-2022-1492: Insufficient data validation in Blink Editing * CVE-2022-1493: Use after free in Dev Tools * CVE-2022-1494: Insufficient data validation in Trusted Types * CVE-2022-1495: Incorrect security UI in Downloads * CVE-2022-1496: Use after free in File Manager * CVE-2022-1497: Inappropriate implementation in Input * CVE-2022-1498: Inappropriate implementation in HTML Parser * CVE-2022-1499: Inappropriate implementation in WebAuthentication * CVE-2022-1500: Insufficient data validation in Dev Tools * CVE-2022-1501: Inappropriate implementation in iframe - Added patches: * chromium-101-libxml-unbundle.patch * chromium-101-segmentation_platform-type.patch - Removed patches: * chromium-100-SCTHashdanceMetadata-move.patch * chromium-100-GLImplementationParts-constexpr.patch * chromium-100-macro-typo.patch ++++ hdf5: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-mpich-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-mvapich2-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-openmpi2-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-openmpi3-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5_1_10_8-gnu-openmpi4-hpc: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5-mvapich2: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5-openmpi2: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5-openmpi3: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ hdf5-openmpi4: - Security Fix: Add configure option --disable-hltools to disable GIF tools as recommended in the 1.10.8 release: CVE-2018-17433 (bsc#1109565), CVE-2018-17436 (bsc#1109568), CVE-2020-10809 (bsc#1167404). ++++ kdump: - kdumptool calibrate: add more margin to reservation calculations (bsc#1196728) - remount target filesystem r/w for fadump (bsc1197125) - stop reloading FADump on CPU hot-add event (jsc#IBM-768) - mkdumprd: add option to run dracut in debug mode ++++ manpages-l10n: - Update to version 4.14.0: * New language: Ukrainian. * Updated many translations. - Remove unused argument in %man_lang_package macro definition. ++++ python-Twisted: - Stop removing test directories, it also removes a public module. (bsc#1198852, bsc#1198854, bsc#1198855) ++++ sshuttle: - depend on setuptools_scm also on older dists ------------------------------------------------------------------ ------------------ 2022-5-3 - May 3 2022 ------------------- ------------------------------------------------------------------ ++++ 389-ds: - Resolve bsc#1199008 - An incorrectly backported fix would cause dscontainer not to start due to a missing function definition - Update to version 2.0.15~git17.498ec3e93: * Issue 5273 - CLI - add arg completer for instance name * Issue 2893 - CLI - dscreate - add options for setting up replication * Issue 4866 - CLI - when enabling replication set changelog trimming by default * Issue 5241 - UI - Add account locking missing functionality (#5251) * Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266) * Issue 5098 - Fix cherry-pick error * Fix cherry-pick error * Issue 4904 - Fix various small issues * Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261) * Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256) * Issue 5210 - Python undefined names in lib389 * Issue 4959 - BUG - Invalid /etc/hosts setup can cause isLocalHost (#4960) * Issue 5249 - dscontainer: ImportError: cannot import name 'get_default_db_lib' from 'lib389.utils' ++++ Mesa: - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ++++ Mesa-drivers: - _constraints: * raised requirements to 9 GB disk space and added aarch64 architecture (bsc#1199040) ++++ kernel-64kb: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-azure: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-default: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ dtb-aarch64: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-debug: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-source: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-source-azure: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-docs: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-kvmsmall: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-obs-build: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-obs-qa: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-syms: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-syms-azure: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ kernel-zfcpdump: - iova: Export alloc_iova_fast() and free_iova_fast() (bsc#1199124). - commit 281942e ++++ s390-tools: - Added s390-tools-sles15sp4-zdump-fix-segfault-due-to-double-free.patch for bsc#1199128. zgetdump --info may lead to a core dump when issued for the device node (not a partition) right after installing multi-volume dump tool (without taking actual dump). ++++ python-protonvpn-nm-lib: - Requiring python-Jinja2 instead of python-jinja2 ++++ texlive-specs-p: - Port back mltex.doc from latest version 4.2svn63213 as upstream has now removed all .dvi, .pdf, and .tex files from doc tree due to the used Creative Commons Attribution-NonCommercial-ShareAlike license ++++ yast2-packager: - Run the package solver after selecting additional system packages, fixes possible broken package dependencies after system upgrade (bsc#1195828) - 4.4.31 ------------------------------------------------------------------ ------------------ 2022-5-2 - May 2 2022 ------------------- ------------------------------------------------------------------ ++++ go1.17: - Remove remaining use of gold linker when bootstrapping with gccgo. The binutils-gold package will be removed in the future. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM ++++ go1.18: - Remove remaining use of gold linker when bootstrapping with gccgo. The binutils-gold package will be removed in the future. * History: go1.8.3 2017-06-18 added conditional if gccgo defined BuildRequires: binutils-gold for arches other than s390x * No information available why binutils-gold was used initially * Unrelated to upstream recent hardcoded gold dependency for ARM ++++ libpulp: - Update package with libpulp-0.2.2 (jsc#SLE-20049). - Use colored output by default (disable with --color=no) - Packer now reports errors in .dsc in a GCC 5+ fashion. - Trigger now has a summarized mode (disable with -v) ++++ post-build-checks-malwarescan: - EXLUDELIST: Whitelist qemu binaries to avoid a FP (bsc#1199055) ++++ systemd-presets-branding-openSUSE: - Enable acpid (boo#1196609), its not installed by default on most systems anymore but the enlightenment desktop still uses its events to trigger various bindings and shows an error dialog when acpid is not running. ++++ terminology: - Removed debug code accidently left in ------------------------------------------------------------------ ------------------ 2022-5-1 - May 1 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-05-02 (bsc#1084929) ++++ desktop-translations: - Update to version 84.87.20220427.80cb897f: * Translated using Weblate (Slovenian) * Translated using Weblate (Polish) * Translated using Weblate (Russian) * Translated using Weblate (Finnish) * Translated using Weblate (Czech) ++++ re2: - Use Release config so O3 is used ++++ ovmf: - Respin amd-sev and amd-sev-es features After more testing, we found that not all descriptors can support both amd-sev with amd-sev-es. So we removed all amd-sev and amd-sev-es feature tags but only keep them in ovmf-x86_64-2m.json and 60-ovmf-x86_64.json. (bsc#1198246#c75) ++++ terminology: - Build "Flat" colorscheme as part of build process so that it gets the right name and is useable. * feature-flat-colorscheme.patch ++++ terminology-theme-openSUSE: - 20220430.1.26 - Major change to theme based off new Dimensions theme. ------------------------------------------------------------------ ------------------ 2022-4-30 - Apr 30 2022 ------------------- ------------------------------------------------------------------ ++++ enlightenment-theme-openSUSE: - 20220430.1.26 - Major change to theme based off new Dimensions theme. ------------------------------------------------------------------ ------------------ 2022-4-29 - Apr 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ curl: - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774-2.patch + openssl: don't leak the SRP credentials in redirects either + this is a follow up patch after the initial patch. ++++ htmldoc: - security update - added patches fix CVE-2022-28085 [bsc#1198933], Heap buffer overflow in function pdf_write_names in ps-pdf.cxx + htmldoc-CVE-2022-28085.patch ++++ libapparmor: - add php8-fpm-mr876.patch so that php8 php-fpm can read its config (boo#1186267#c11) - parser: add conflict with apparmor-utils < 3.0 to avoid aa-status file conflict on upgrade (boo#1198958) - utils: add missing dependency on apparmor-parser (boo#1198958#c4) ++++ openblas_0_3_20-gnu-hpc: - For non-HPC builds create links (bsc#1198885): %_lib/libopenblas_.so[.0] -> %_lib/openblas-/libopenblas.so[.0] ++++ openblas-pthreads_0_3_20-gnu-hpc: - For non-HPC builds create links (bsc#1198885): %_lib/libopenblas_.so[.0] -> %_lib/openblas-/libopenblas.so[.0] ++++ openblas_openmp: - For non-HPC builds create links (bsc#1198885): %_lib/libopenblas_.so[.0] -> %_lib/openblas-/libopenblas.so[.0] ++++ openblas_pthreads: - For non-HPC builds create links (bsc#1198885): %_lib/libopenblas_.so[.0] -> %_lib/openblas-/libopenblas.so[.0] ++++ openblas_serial: - For non-HPC builds create links (bsc#1198885): %_lib/libopenblas_.so[.0] -> %_lib/openblas-/libopenblas.so[.0] ++++ systemd: - Call pam_loginuid when creating user@.service (bsc#1198507) It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. ++++ liburing2: - avoid requiring kernel-default (bsc#1193522) ++++ libxcam: - Use -std=gnu++11 in ppc64le to work around a bug in gcc7 which redefines bool in altivec.h thus making all code that uses bool fail to build (boo#1195517) ++++ rpmlint: - whitelist kcron (bsc#1199006) ++++ systemd-mini: - Call pam_loginuid when creating user@.service (bsc#1198507) It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. ------------------------------------------------------------------ ------------------ 2022-4-28 - Apr 28 2022 ------------------- ------------------------------------------------------------------ ++++ chafa: - bsc#1198965 (CVE-2022-1507): Fix NULL pointer deref in gif_internal_decode_frame * Add chafa-CVE-2022-1507.patch ++++ kernel-64kb: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-azure: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-default: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ dpdk: - security update - added patches fix CVE-2021-3839 [bsc#1198963], dpdk: OOB write irelated to vhost communication n vhost_user_set_inflight_fd() + dpdk-CVE-2021-3839.patch fix CVE-2022-0669 [bsc#1198964], dpdk: DoS by exhausting available fd in vhost-user slave process + dpdk-CVE-2022-0669.patch ++++ dpdk-thunderx: - security update - added patches fix CVE-2021-3839 [bsc#1198963], dpdk: OOB write irelated to vhost communication n vhost_user_set_inflight_fd() + dpdk-CVE-2021-3839.patch fix CVE-2022-0669 [bsc#1198964], dpdk: DoS by exhausting available fd in vhost-user slave process + dpdk-CVE-2022-0669.patch ++++ dracut: - Update to version 055+suse.252.g4988b0bf: * fix(resume): do not add this module if there is no suitable swap (bsc#1198095) * feat(resume): improve sanity check by verifying volatile swap (bsc#1198095) * feat(resume): sanity check (bsc#1197192) ++++ dtb-aarch64: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-debug: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-source: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-source-azure: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-docs: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-kvmsmall: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-obs-build: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-obs-qa: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-syms: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-syms-azure: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ kernel-zfcpdump: - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - commit 4ed546a ++++ re2: - Avoid sporadic failures by setting until-pass on CTest ++++ patterns-gnome: - Enable bijiben for default installation on SLE as well (bsc#1192326). ------------------------------------------------------------------ ------------------ 2022-4-27 - Apr 27 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ libcaca: - When a zero-width or zero-height image is given, a divide-by-zero occurs. This patch checks for this and produces a zero-sized output. [bsc1197028-correctly-handle-zero-width-or-height-images.patch, CVE-2022-0856, bsc#1197028] ++++ libapparmor: - Enhance zgrep-profile-mr870.diff to also allow/support zstd (boo#1198922). ++++ re2: - Disable tests on ARMv6 ++++ tor: - tor 0.4.7.7 * New feature: Congestion control to improve traffic speed and stability on the network once a majority of Exit nodes upgrade boo#1198949 * Directory authorities: improved handling of "MiddleOnly" relays * Improved mitigation against guard discovery attacks on clients and short-lived services * Improve observed performance under DNS load * Improve handling of overload state * end-of-life relays running version 0.4.2.x, 0.4.3.x, 0.4.4.x and 0.4.5 alphas/rc, 0.3.5.x are now rejected * Onion service v2 addresses are no longer recognized ++++ yast2-packager: - Don't rely on install.inf availability #(bsc#1198560) - 4.4.30 - Fixed migration summary in Leap -> SLES migration (bsc#1198562) - 4.4.29 ------------------------------------------------------------------ ------------------ 2022-4-26 - Apr 26 2022 ------------------- ------------------------------------------------------------------ ++++ containerized-data-importer: - Increase storage requirements in _constraints (bsc#1198791) ++++ leechcraft: - Obsoleted torrent plugin for Leap 15.4 because of rasterbar update. openSUSE Leap 15.4 still ships too legacy Qt & gcc packages. - Disabled qml requires. ++++ re2: - Disable tests on ZSystems and RISCV ++++ permissions: - Update to version 20201225: * backport of apptainer whitelisting (bsc#1196145, bsc#1198720) ++++ spotify-easyrpm: - Remove dependency on gconf2 ++++ touchegg: - update to 2.0.14: * Performance improvements calculating the size of the animations * Fix crash that might happen when multiple input devices are added and removed ++++ vagrant: - Add patch to disable failing ftp tests Added patches: * disable-failing-ftp-tests.patch ------------------------------------------------------------------ ------------------ 2022-4-25 - Apr 25 2022 ------------------- ------------------------------------------------------------------ ++++ bcm20702a1-firmware: - Drop superfluous dependency on kernel-firmware (bsc#1198795) ++++ hugin: - Also set CMAKE_SKIP_INSTALL_RPATH=OFF (boo#1198785) ++++ libslirp: - Fix a dhcp regression [bsc#1198773] +libslirp-fix-dhcp-1.patch +libslirp-fix-dhcp-2.patch ++++ polkit-default-privs: - Update to version 13.2+20220422.7977f05: * Backport of power-profiles-daemon (bsc#1198693) ++++ python-contextvars: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ python-immutables: - Add the package to SUSE Linux Enterprise 15 (jsc#SLE-24404) ++++ rpmlint: - Backport of power-profiles-daemon (bsc#1198693). ++++ sshuttle: - version update to 1.1.0 * Support the sudo use_pty option which is now the default in some operating systems. See #712. * Support doas as well as sudo. See #708. * for more details see https://github.com/sshuttle/sshuttle/releases/ - modified patches % fix-shebang.patch (refreshed) - python-mock is not required for build ++++ telegraf: - Refresh harden_telegraf.service.patch - Update to version 1.22.1: * fix: bump gonum.org/v1/gonum from 0.9.3 to 0.11.0 (#10937) * fix: bump github.com/golang-jwt/jwt/v4 from 4.2.0 to 4.4.1 (#10906) * chore: add actions/setup-go@v2 to linter config (#10935) * docs(external.psi): add psi plugin (#10462) * fix: Update gopsutil and associated dependencies for improved OpenBSD supp… (#10931) * docs: update rpm/deb instructions with stable URLs (#10905) * fix: inconsistencies in sql*Requests queries (#10553) * fix: default value for logfile rotation interval (#10883) * fix: redundant zfs pool tag (#10871) * docs: update license of dependencies (#10914) * fix: update vsphere info message to debug (#10903) * docs: fix contribute button link (#10904) * docs: improve documentation around contribution (#10825) * chore: set telegraf log as text block in bug reports (#10895) * fix: include body in error message (#10866) * docs: clarify the k and fields topk params (#10830) * chore: remove slow process test (#10856) * chore: update slow file rotation tests (#10857) * chore: switch HTTP 100 test case values (#10858) * chore: fix slow running intel-pmu test (#10859) * chore: skip longer/integration tests on -short mode (#10860) * chore: remove CircleCI parallelism (#10862) * chore: reduce timeouts and sleeps (#10861) - Update to version 1.22.0: * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10843) * fix: fix handling of imports in protocol-buffer definitions (#10798) * fix: change name of snmp translator setting (#10872) * fix: rename consul_metrics -> consul_agent (#10876) * fix: consul_metrics input plugin docs (#10873) * tests: remove redundant newlines that go 1.18 treats as errors (#10847) * fix: Add option to select translator (#10802) * feat: new input Hugepages plugin (#10763) * fix: update the precision parameter default value (#10814) * fix: bump github.com/nats-io/nats-server/v2 from 2.7.3 to 2.7.4 (#10807) * feat: add new rtt per op field to nfsclient (#10787) * fix(parsers.json_v2): Check if gpath exists and support optional in fields/tags (#10799) * fix(inputs.snmp): use the correct path when evaluating symlink (#10748) * fix: bump github.com/Shopify/sarama from 1.29.1 to 1.32.0 (#10772) * fix: update parsing logic of config.Duration (#10803) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10805) * feat(parsers.influx): New influx line protocol via feature flag (#10749) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10804) * docs: Improve language related to the New Relic license key. (#10796) * fix: correctly read ntpq long poll output (#10790) * fix(inputs.docker): keep field type of tasks_desired the same (#10711) * fix(json_v2): allow multiple optional objects (#10777) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10789) * docs: update wavefront docs for clearer proxy server use (#10774) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10779) * feat: HTTP basic auth for webhooks (#9332) * docs: update uri scheme for default RavenDB configuration (#10764) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10769) * fix: sql unsigned settings (#10673) * docs: better specify agent precision is integer + unit (#10746) * fix: bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.2 (#10758) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10760) * style: Add deprecation notices to plugin options (#10616) * fix: sanitize stasd names (#10466) * fix: bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds (#10759) * fix: bump github.com/miekg/dns from 1.1.43 to 1.1.46 (#10757) * fix: bump github.com/aws/aws-sdk-go-v2/service/dynamodb (#10751) * fix: bump github.com/nats-io/nats-server/v2 from 2.7.2 to 2.7.3 (#10752) * docs: add value_field_name to value processor (#10740) * fix: log err when loading mibs (#10735) * docs: add info on Graylog GELF spec (#10745) * fix: typo metadata support in csv parser (#10742) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10737) * feat: Add tag batch-processing to XPath parser (#10585) * fix: add push only updated values flag to histogram aggregator (#10515) * feat(parsers/csv): Add metadata support to CSV parser plugin (#10083) * fix: Revert "fix: error msg for missing env variables in config (#10681)" (#10727) * fix: bump github.com/aws/aws-sdk-go-v2/config from 1.8.3 to 1.13.1 (#10720) * fix: bump github.com/testcontainers/testcontainers-go (#10728) * fix: bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs (#10719) * fix: bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds (#10721) * fix: bump github.com/wavefronthq/wavefront-sdk-go from 0.9.9 to 0.9.10 (#10718) * fix: bump github.com/ClickHouse/clickhouse-go from 1.5.1 to 1.5.4 (#10717) * fix: Linter fixes for config/config.go (#10710) * fix: bump k8s.io/api from 0.23.3 to 0.23.4 (#10713) * fix: bump cloud.google.com/go/pubsub from 1.17.1 to 1.18.0 (#10714) * fix: bump github.com/newrelic/newrelic-telemetry-sdk-go (#10715) * fix: mdstat when sync is less than 10% (#10701) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10708) * fix: Remove verbose logging from disk input plugin (#10527) * feat: Bump github.com/aerospike/aerospike-client-go from 1.27.0 to 5.7.0 (#10604) * feat(inputs/memcached): Support client TLS origination to memcached (#10642) * feat: socks5 proxy support for websocket (#10672) * fix: error msg for missing env variables in config (#10681) * fix: include influxdb bucket name in error messages (#10706) * fix: openweathermap add feels_like field (#10705) * fix: Set NextCheckTime to LastCheckTime to avoid GroundWork to invent a value (#10623) * fix: bump github.com/aws/aws-sdk-go-v2/service/dynamodb from 1.5.0 to 1.13.0 (#10692) * fix: bump github.com/sensu/sensu-go/api/core/v2 from 2.12.0 to 2.13.0 (#10704) * fix: bump github.com/gophercloud/gophercloud from 0.16.0 to 0.24.0 (#10693) * fix: bump github.com/jackc/pgx/v4 from 4.14.1 to 4.15.0 (#10702) * fix(dedup): Modifying slice while iterating is dangerous (#10684) * fix: linter fixes for "import-shadowing: The name '...' shadows an import name" (#10689) * fix: bump github.com/aws/aws-sdk-go-v2/service/sts from 1.7.2 to 1.14.0 (#10602) * fix: update gosmi from v0.4.3 to v0.4.4 (#10686) * feat: update configs (#10676) * feat[elastic output]: add elastic pipeline flags (#10505) * fix: ensure folders do not get loaded more than once (#10551) * docs: update VMWare doc links (#10663) * fix: prometheusremotewrite wrong timestamp unit (#10547) * feat: update configs (#10662) * fix: add graylog toml tags (#10660) * feat: add socks5 proxy support for kafka output plugin (#8192) * docs: override reported OpenSearch version (#10586) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10659) * fix: bump all go.opentelemetry.io dependencies (#10647) * feat: collection offset implementation (#10545) * chore: update go to 1.17.7 (#10658) * fix: check for nil client before closing in amqp (#10635) * fix: timestamp change during execution of json_v2 parser. (#10657) * fix: bump github.com/signalfx/golib/v3 from 3.3.38 to 3.3.43 (#10652) * fix: bump github.com/aliyun/alibaba-cloud-sdk-go (#10653) * fix: incorrect handling of json_v2 timestamp_path (#10618) * feat: gather additional stats from memcached (#10641) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10649) * fix: Revert deprecation of http_listener_v2 (#10648) * fix: bump github.com/denisenkom/go-mssqldb from 0.10.0 to 0.12.0 (#10503) * fix: bump github.com/gopcua/opcua from 0.2.3 to 0.3.1 (#10626) * fix: use current time as ecs timestamp (#10636) * fix: bump github.com/nats-io/nats-server/v2 from 2.6.5 to 2.7.2 (#10638) * chore: add -race flag to go tests (#10629) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10631) * fix: license doc outdated causing CI failure (#10630) * fix: bump k8s.io/client-go from 0.22.2 to 0.23.3 (#10589) * feat: Implemented support for reading raw values, added tests and doc (#6501) * fix: Improve parser tests by using go-cmp/cmp (#10497) * feat(mongodb): add FsTotalSize and FsUsedSize informations (#10625) * docs: update quay docs for auth (#10612) * chore: allow downgrade of go version in windows script (#10614) * chore: update CI go to 1.17.6 (#10611) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10600) * fix(inputs.opcua): add more data to error log (#10465) * fix: bump github.com/aws/aws-sdk-go-v2/service/kinesis from 1.6.0 to 1.13.0 (#10601) * refactor: use early return pattern (#10591) * fix: bump github.com/benbjohnson/clock from 1.1.0 to 1.3.0 (#10588) * feat: add dynamic tagging to gnmi plugin (#7484) * fix: bump github.com/Azure/azure-kusto-go from 0.5.0 to 0.5.2 (#10598) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10584) * fix(parsers.json_v2): allow optional paths and handle wrong paths correctly (#10468) * docs: add expriation_interval to readme (#10583) * feat: aggregator histogram add expiration (#10520) * fix[elasticsearch output]: add scheme to fix error in sniffing option (#10513) * chore: fix typo in bug report template (#10582) * style: Add deprecated warning and version to win_perf_counters option (#10579) * feat: Add autorestart and restartdelay flags to Windows service (#10559) * fix: Statefull parser handling (#10575) * fix: bump github.com/vmware/govmomi from 0.27.2 to 0.27.3 (#10571) * fix: bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#10572) * fix: remove signed macOS dotfile artifacts (#10560) * fix: bump go.mongodb.org/mongo-driver from 1.7.3 to 1.8.3 (#10564) * fix: bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#10563) * fix: bump go.opentelemetry.io/collector/model from 0.39.0 to 0.43.2 (#10562) * fix: bump github.com/multiplay/go-ts3 from 1.0.0 to 1.0.1 (#10538) * fix: bump cloud.google.com/go/monitoring from 0.2.0 to 1.2.0 (#10454) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10561) * docs: updates readme to add service SID auth and cleans up AAD auth dupe info (#10541) * feat: Add caching to internet_speed (#10530) * feat: Xtremio input (#9697) * feat(inputs.win_perf_counter): allow errors to be ignored (#10535) * fix(outputs/azure_data_explorer): Added azureBlob controls to lower RAM usage (#10179) * fix: bump github.com/vmware/govmomi from 0.26.0 to 0.27.2 (#10536) * docs: add apt and knot to EXTERNAL_PLUGINS.md (#10552) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10546) * fix: move "Starting Telegraf" log (#10528) * fix: update docker memory usage calculation (#10491) * feat: Add ClickHouse driver to sql inputs/outputs plugins (#9671) * fix: collapsed fields by calling more indepth function (#10430) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10533) * feat: process group tag for groundwork output plugin (#10499) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10532) * docs: Update deprecation readme (#10529) * feat: add FileVersion and icon to Win exe (#10487) * chore: update grpc to v1.44.0 (#10525) * fix: bump google.golang.org/api from 0.54.0 to 0.65.0 (#10434) * fix: typo in docs (#10441) * fix: bump github.com/antchfx/xmlquery from 1.3.6 to 1.3.9 (#10507) * fix: bump github.com/nsqio/go-nsq from 1.0.8 to 1.1.0 (#10521) * fix: bump github.com/prometheus/common from 0.31.1 to 0.32.1 (#10506) * fix: ipset crash when command not found (#10474) * fix: bump cloud.google.com/go/pubsub from 1.17.0 to 1.17.1 (#10504) * fix: bump github.com/influxdata/influxdb-observability/influx2otel from 0.2.8 to 0.2.10 (#10432) * fix: Update modbus readme (#10501) * Fix: Update README.md (#10500) * docs: Fixes for input/sql readme (#10498) * feat: update configs (#10490) * fix: graylog readme to use graylog 3 URLs (#10481) * fix: add RFC3164 to RFC5424 translation to docs (#10480) * fix: add comment to logparser (#10479) * chore: Add `openConnections` to enterprise cluster metrics Readme (#10483) * fix: remove duplicate addition of fields (#10478) * fix(parsers.nagios): nagios parser now uses real error for logging #10472 (#10473) * fix: add newline in execd for prometheus parsing (#10463) * fix: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.12 (#10451) * fix: do not save cache on i386 builds (#10464) * chore: readme escape rpm variables * fix: address flaky tests in cookie_test.go and graylog_test.go (#10326) * feat: check TLSConfig early to catch missing certificates (#10341) * fix: ensure CI tests runs against i386 (#10457) * fix: bump github.com/jackc/pgx/v4 from 4.6.0 to 4.14.1 (#10453) * fix: bump github.com/Azure/azure-event-hubs-go/v3 from 3.3.13 to 3.3.17 (#10449) * fix: bump github.com/gosnmp/gosnmp from 1.33.0 to 1.34.0 (#10450) * fix: wavefront_disable_prefix_conversion case missing from missingTomlField func (#10442) * fix: bump github.com/hashicorp/consul/api from 1.9.1 to 1.12.0 (#10435) * feat: Parser plugin restructuring (#8791) * fix: bump github.com/antchfx/jsonquery from 1.1.4 to 1.1.5 (#10433) * fix: bump github.com/prometheus/procfs from 0.6.0 to 0.7.3 (#10414) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10429) * feat: Add noise plugin (#10057) * feat: update configs (#10425) * fix: Accept non-standard OPC UA OK status by implementing a configurable workaround (#10384) * feat: support headers for http plugin with cookie auth (#10404) * fix: snmp input plugin errors if mibs folder doesn't exist (#10346) (#10354) * fix: correctly set ASCII trailer for syslog output (#10393) * feat: update configs (#10424) * chore: go mod tidy (#10423) * fix: bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.5.2 to 1.12.0 (#10415) * fix: bump github.com/kardianos/service from 1.0.0 to 1.2.1 (#10416) * fix: ensure http body is empty (#10396) * feat: add bearer token support to elasticsearch output (#10399) * fix: bump github.com/couchbase/go-couchbase from 0.1.0 to 0.1.1 (#10417) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10411) * fix(json_v2): use raw values for timestamps (#10413) * fix: bump github.com/pion/dtls/v2 from 2.0.9 to 2.0.13 (#10418) * chore: update mqtt documentation (#10394) * feat: deprecate unused snmp_trap timeout configuration option (#10339) * fix: update containerd to 1.5.9 (#10402) * feat: update configs (#10400) * feat: add compression to Datadog Output (#9963) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10395) * fix: re-enable OpenBSD modbus support (#10385) * fix: Fix batching logic with write records, introduce concurrent requests (#8947) * feat: Add additional stats to bond collector (#10137) * fix(outputs/amqp): Close the last connection when writing error to avoid connection leaks (#10360) * feat: update docker client API version (#10382) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10381) * fix: fix missing storage in container with disk plugin (#10318) * feat: add systemd notify support (#10340) * chore: typos across source code comments (#10361) * chore: sql readme with more details on data types (#10378) * fix: empty import tzdata for Windows binaries (#10377) * feat: update configs (#10374) * chore: document deprecation of timeout (#10373) * feat: update configs (#10345) * feat: add mock input plugin (#9782) * chore: use 4 cores on linux systems (#10342) * fix: update go-ldap to v3.4.1 (#10343) * chore: remove "i386" test job (#10344) * fix: update GroundWork SDK and improve logging (#10255) * feat: add more functionality to template processor (#10316) * chore: run release signing jobs at the same time (#10333) * feat: update configs (#10336) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10335) * feat: add builds for riscv64 (#10262) * feat: add consul metrics input plugin (#10258) * fix: snmp marshal error (#10322) * feat: add exclude_root_certs option to x509_cert plugin (#9822) * feat: add option to disable prepared statements for PostgreSQL (#9710) * fix: cumulative interval start times for stackdriver output (#10097) * feat: add option to skip errors during CSV parsing (#10267) * feat: update configs (#10334) * feat: socketstat input plugin (#3649) * fix: update djherbis/times and fix dependabot (#10332) * fix: warning output when running with --test (#10329) * feat: update configs (#10325) * docs: add note about dpdk and socket availability (#10324) * feat: reworked varnish_cache plugin (#9432) * chore: release packaging run in parallel (#10314) * fix: update bug template * chore: add logs section for bug reports (#10323) * fix: do not require networking during tests (#10321) * chore: update mac signing job to use latest xcode (#10311) * chore: update Go version to 1.17.5 (#10310) * feat: update configs (#10319) * chore: cleanup go.mod (#10313) * feat: add timeout-setting to Graylog-plugin (#10220) * feat: Improve error logging on plugin initialization (#10307) * fix: Fix panic in logparser due to missing Log. (#10296) * fix: panic due to no module (#10303) * fix: grab table columns more accurately (#10295) * fix: check index before assignment (#10299) * feat: adds optional list of non retryable http statuscodes to http output plugin (#10186) * fix: panic is no mibs folder is found (#10301) * fix: mac signing issue with arm64 (#10293) * fix: Update go-sensu to v2.12.0 (#10247) * fix: typo in openstack neutron input plugin (newtron) (#10284) * fix: Fix panic in parsers due to missing Log for all plugins using SetParserFunc. (#10288) * fix: mark TestGatherUDPCert as an integration test (#10279) * feat: support darwin arm64 (#10239) * feat: update configs (#10275) * fix: run gofmt (#10274) * fix: run go mod tidy (#10273) * fix: inputs.snmp to respect number of retries configured (#10268) * feat: add Redis Sentinel input plugin (#10042) * fix: flush wavefront output sender on error to clean up broken connections (#10225) * feat: Add option to disable Wavefront prefix conversion (#10252) * feat: add heap_size_limit field for input.kibana (#10243) * fix: use sha256 for RPM digest (#10272) * feat: Update underlying KNX library to support new types. (#10263) * chore: restart service if it is already running and upgraded via RPM (#9970) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10237) * fix: Handle duplicate registration of protocol-buffer files gracefully. (#10188) * fix(http_listener_v2): fix panic on close (#10132) * feat: add Vault input plugin (#10198) * feat: support aws managed service for prometheus (#10202) * fix: Make telegraf compile on Windows with golang 1.16.2 (#10246) * feat: Modbus add per-request tags (#10231) * fix: Implement NaN and inf handling for elasticsearch output (#10196) * feat: add nomad input plugin (#10106) * fix: Print loaded plugins and deprecations for once and test (#10205) * fix: eliminate MIB dependency for ifname processor (#10214) * feat: Optimize locking for SNMP MIBs loading. (#10206) * feat: Add SMART plugin concurrency configuration option, nvme-cli v1.14+ support and lint fixes. (#10150) * feat: update configs (#10236) * fix(inputs/kube_inventory): set TLS server name config properly (#9975) * fix: Sudden close of Telegraf caused by OPC UA input plugin (#10230) * fix: bump github.com/eclipse/paho.mqtt.golang from 1.3.0 to 1.3.5 (#9913) * fix: json_v2 parser timestamp setting (#10221) * fix: ensure graylog spec fields not prefixed with '_' (#10209) * docs: remove duplicate links in CONTRIBUTING.md (#10218) * fix: pool detection and metrics gathering for ZFS >= 2.1.x (#10099) * fix: parallelism fix for ifname processor (#10007) * chore: Forbids "log" package only for aggregators, inputs, outputs, parsers and processors (#10191) * docs: address documentation gap when running telegraf in k8s (#10215) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10211) * fix: mqtt topic extracting no longer requires all three fields (#10208) * fix: windows service - graceful shutdown of telegraf (#9616) * feat: update etc/telegraf.conf and etc/telegraf_windows.conf (#10201) * feat: Modbus support multiple slaves (gateway feature) (#9279) * fix: Revert unintented corruption of the Makefile from #10200. (#10203) * chore: remove triggering update-config bot in CI (#10195) - Update to version 1.21.4: * fix: ensure folders do not get loaded more than once (#10551) * docs: update VMWare doc links (#10663) * fix: prometheusremotewrite wrong timestamp unit (#10547) * docs: override reported OpenSearch version (#10586) * fix: bump all go.opentelemetry.io dependencies (#10647) * chore: update go to 1.17.7 (#10658) * fix: check for nil client before closing in amqp (#10635) * fix: timestamp change during execution of json_v2 parser. (#10657) * fix: bump github.com/signalfx/golib/v3 from 3.3.38 to 3.3.43 (#10652) * fix: bump github.com/aliyun/alibaba-cloud-sdk-go (#10653) * fix: incorrect handling of json_v2 timestamp_path (#10618) * fix: Revert deprecation of http_listener_v2 (#10648) * fix: bump github.com/denisenkom/go-mssqldb from 0.10.0 to 0.12.0 (#10503) * fix: bump github.com/gopcua/opcua from 0.2.3 to 0.3.1 (#10626) * fix: update go.mod * fix: use current time as ecs timestamp (#10636) * fix(outputs/azure_data_explorer): Added azureBlob controls to lower RAM usage (#10179) * fix: bump github.com/nats-io/nats-server/v2 from 2.6.5 to 2.7.2 (#10638) * chore: add -race flag to go tests (#10629) * fix: license doc outdated causing CI failure (#10630) * fix: bump k8s.io/client-go from 0.22.2 to 0.23.3 (#10589) * docs: update quay docs for auth (#10612) * chore: allow downgrade of go version in windows script (#10614) * chore: update CI go to 1.17.6 (#10611) * fix: bump github.com/aws/aws-sdk-go-v2/service/kinesis from 1.6.0 to 1.13.0 (#10601) * refactor: use early return pattern (#10591) * fix: bump github.com/benbjohnson/clock from 1.1.0 to 1.3.0 (#10588) * fix: bump github.com/Azure/azure-kusto-go from 0.5.0 to 0.5.2 (#10598) * fix(parsers.json_v2): allow optional paths and handle wrong paths correctly (#10468) * fix[elasticsearch output]: add scheme to fix error in sniffing option (#10513) * chore: fix typo in bug report template (#10582) * style: Add deprecated warning and version to win_perf_counters option (#10579) * fix: bump github.com/vmware/govmomi from 0.27.2 to 0.27.3 (#10571) * fix: bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#10572) * fix: remove signed macOS dotfile artifacts (#10560) * fix: bump go.mongodb.org/mongo-driver from 1.7.3 to 1.8.3 (#10564) * fix: bump github.com/google/go-cmp from 0.5.6 to 0.5.7 (#10563) * fix: bump go.opentelemetry.io/collector/model from 0.39.0 to 0.43.2 (#10562) * fix: bump github.com/multiplay/go-ts3 from 1.0.0 to 1.0.1 (#10538) * fix: bump cloud.google.com/go/monitoring from 0.2.0 to 1.2.0 (#10454) * fix: bump github.com/vmware/govmomi from 0.26.0 to 0.27.2 (#10536) * docs: add apt and knot to EXTERNAL_PLUGINS.md (#10552) * fix: update docker memory usage calculation (#10491) - Update to version 1.21.3: * Update license of dependencies file * fix: collapsed fields by calling more indepth function (#10430) * docs: Update deprecation readme (#10529) * chore: update grpc to v1.44.0 (#10525) * fix: bump google.golang.org/api from 0.54.0 to 0.65.0 (#10434) * fix: typo in docs (#10441) * fix: bump github.com/antchfx/xmlquery from 1.3.6 to 1.3.9 (#10507) * fix: bump github.com/nsqio/go-nsq from 1.0.8 to 1.1.0 (#10521) * fix: bump github.com/prometheus/common from 0.31.1 to 0.32.1 (#10506) * fix: ipset crash when command not found (#10474) * fix: bump cloud.google.com/go/pubsub from 1.17.0 to 1.17.1 (#10504) * fix: bump github.com/influxdata/influxdb-observability/influx2otel from 0.2.8 to 0.2.10 (#10432) * fix: Update modbus readme (#10501) * Fix: Update README.md (#10500) * docs: Fixes for input/sql readme (#10498) * fix: graylog readme to use graylog 3 URLs (#10481) * fix: add RFC3164 to RFC5424 translation to docs (#10480) * fix: add comment to logparser (#10479) * chore: Add `openConnections` to enterprise cluster metrics Readme (#10483) * fix: remove duplicate addition of fields (#10478) * fix(parsers.nagios): nagios parser now uses real error for logging #10472 (#10473) * fix: add newline in execd for prometheus parsing (#10463) * fix: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.12 (#10451) * fix: do not save cache on i386 builds (#10464) * chore: readme escape rpm variables * fix: address flaky tests in cookie_test.go and graylog_test.go (#10326) * fix: ensure CI tests runs against i386 (#10457) * fix: bump github.com/jackc/pgx/v4 from 4.6.0 to 4.14.1 (#10453) * fix: bump github.com/Azure/azure-event-hubs-go/v3 from 3.3.13 to 3.3.17 (#10449) * fix: bump github.com/gosnmp/gosnmp from 1.33.0 to 1.34.0 (#10450) * fix: wavefront_disable_prefix_conversion case missing from missingTomlField func (#10442) * fix: bump github.com/hashicorp/consul/api from 1.9.1 to 1.12.0 (#10435) * fix: bump github.com/antchfx/jsonquery from 1.1.4 to 1.1.5 (#10433) * fix: bump github.com/prometheus/procfs from 0.6.0 to 0.7.3 (#10414) * fix: snmp input plugin errors if mibs folder doesn't exist (#10346) (#10354) * fix: correctly set ASCII trailer for syslog output (#10393) * chore: go mod tidy (#10423) * fix: bump github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs from 1.5.2 to 1.12.0 (#10415) * fix: bump github.com/kardianos/service from 1.0.0 to 1.2.1 (#10416) * fix: ensure http body is empty (#10396) * fix: bump github.com/couchbase/go-couchbase from 0.1.0 to 0.1.1 (#10417) * fix(json_v2): use raw values for timestamps (#10413) * fix: bump github.com/pion/dtls/v2 from 2.0.9 to 2.0.13 (#10418) * chore: update mqtt documentation (#10394) * fix: update containerd to 1.5.9 (#10402) * fix: Fix batching logic with write records, introduce concurrent requests (#8947) * fix(outputs/amqp): Close the last connection when writing error to avoid connection leaks (#10360) * fix: cumulative interval start times for stackdriver output (#10097) * fix: Make telegraf compile on Windows with golang 1.16.2 (#10246) ++++ texlive-specs-a: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-b: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-c: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-d: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-e: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-f: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-g: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-h: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-i: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-j: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-k: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-l: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-m: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-n: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-o: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-p: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-q: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-r: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-s: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-t: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-u: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-w: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-v: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-x: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-y: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ texlive-specs-z: - Add a _constraints file to increase required disk size (boo#1198793) - Avoid doubled luatex/texlua shebangs (boo#1198790) - Do not bail out if local ls-R is not writable (boo#1194496) ++++ yast2-installation: - Revert changes introduced in v4.3.50 as it produces some ordering cycle issues (bsc#1198294) - 4.4.52 ++++ yast2-trans: - Update to version 84.87.20220422.7945491fb3: * Translated using Weblate (Russian) * Translated using Weblate (Korean) * New POT for text domain 'storage'. * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) ------------------------------------------------------------------ ------------------ 2022-4-24 - Apr 24 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-04-25 (bsc#1084929) ++++ gpxsee: - Update to version 10.7 * Multiple IMG maps loading/rendering fixes. ++++ re2: - Switch build to CMake, otherwise CMake config is not installed. Required for Apache ORC and arrow, and google-or-tools. (https://github.com/google/re2/issues/304) - Run some real tests via CTest ------------------------------------------------------------------ ------------------ 2022-4-22 - Apr 22 2022 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches fix CVE-2022-1114 [bsc#1198700], heap-use-after-free in RelinquishDCMInfo of dcm.c + ImageMagick-CVE-2022-1114.patch fix CVE-2022-1115 [bsc#1198701], heap-buffer-overflow in PushShortPixel of quantum-private.h + ImageMagick-CVE-2022-1115.patch ++++ webkit2gtk3-soup2: - Disable gold linker. It is unmaintained and now disabled on factory. - Switch to gcc 11. - Increase mem_per_process. Attempt to fix sporadic bild failure (bsc#1198743). ++++ webkit2gtk3: - Disable gold linker. It is unmaintained and now disabled on factory. - Switch to gcc 11. - Increase mem_per_process. Attempt to fix sporadic bild failure (bsc#1198743). ++++ webkit2gtk4: - Disable gold linker. It is unmaintained and now disabled on factory. - Switch to gcc 11. - Increase mem_per_process. Attempt to fix sporadic bild failure (bsc#1198743). ++++ cacti: - Update to 1.2.20 * Security fix for CVE-2022-0730, boo#1196692 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. * Security fix: Device, Graph, Graph Template, and Graph Items may be vulnerable to XSS issues * Security fix: Lockout policies are not properly applied to LDAP and Domain Users * Security fix: When using 'remember me' option, incorrect realm may be selected * Security fix: User and Group maintenance are vulnerable to SQL attacks * Security fix: Color Templates are vulnerable to XSS attack * Features: * When creating a Data Source Profile, allow additional choices for Heartbeat * Change select all options to use Font Awesome icons * Improve spine performance by storing the total number of system snmp_ports in use * Prevent Template User Accounts from being Removed * When managing by users, allow filtering by Realm * Allow plugins to supply template account names * When viewing logs, additional message types should be filterable * When creating a Graph Template Item, allow filtering by Data Template * Allow language handler to be selected via UI * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco * Add Advanced Ping Graph Template to initial Installable templates * Add LDAP Debug Mode option * Allow Reports to include devices not on a Tree * Allow Basic Authentication to display custom failure message * Fix: When replicating data during installation/upgrade, system may appear to hang * Fix: Graph Template Items may have duplicated entries * Fix: Unable to Save Graph Settings * Fix: Script Server may crash if an OID is missing or unavailable * Fix: When system-wide polling is disabled, remote pollers may fail to sync changed settings * Fix: When updating poller name, duplicate name protection may be over zealous * Fix: Titles may show "Missing Datasource" incorectly * Fix: Checking for MIB Cache can cause crashes * Fix: Polling cycles may not always complete as expected * Fix: When viewing graph data, non-numeric values may appear * Fix: Utilities view has calculation errors when there are no data sources * Fix: When editing Reports, drag and drop may not function as intended * Fix: When data drive is full, viewing a Graph can result in errors * Various other bug fixes ++++ cacti-spine: - cacti-spine 1.2.20: * Add support for newer versions of MySQL/MariaDB * When checking for uptime of device, don't assume a non-response is always fatal * Fix description and command trunctation issues * Improve spine performance when only one snmp agent port is in use ++++ kernel-64kb: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-azure: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-default: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ curl: - Security fix: [bsc#1198766, CVE-2022-27776] * Auth/cookie leak on redirect * Add curl-CVE-2022-27776.patch - Security fix: [bsc#1198723, CVE-2022-27775] * Bad local IPv6 connection reuse * Add curl-CVE-2022-27775.patch - Security fix: [bsc#1198608, CVE-2022-27774] * Credential leak on redirect * Add curl-CVE-2022-27774.patch * Disable test 1568, which is broken by upstream patch. - Add curl-CVE-2022-27774-disabletest-1568.patch - Security fix: [bsc#1198614, CVE-2022-22576] * OAUTH2 bearer bypass in connection re-use * Add curl-CVE-2022-22576.patch ++++ dtb-aarch64: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-debug: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-source: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-source-azure: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-docs: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-kvmsmall: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-obs-build: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-obs-qa: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-syms: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-syms-azure: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ kernel-zfcpdump: - netfilter: nf_tables: validate registers coming from userspace (CVE-2022-1015 bsc#1197227). - commit 0aabb62 - mm: vmalloc: introduce array allocation functions (bsc#1198110). - commit dbcab11 - mm: use vmalloc_array and vcalloc for array allocations (bsc#1198110). - commit 4993f07 - KVM: use __vcalloc for very large allocations (bsc#1198110). - commit 525fc7a ++++ python-autobahn: - Skip python2 build and ensure do not pull python-trollius as it's python2 only ++++ python-pikepdf: - Disable test on Leap 15.4 ++++ yast2-registration: - Reload the SUSEConnect cache after importing a SSL certificate (bsc#1195220) (by jacek.tomasiak@gmail.com) - 4.4.19 ------------------------------------------------------------------ ------------------ 2022-4-21 - Apr 21 2022 ------------------- ------------------------------------------------------------------ ++++ amazon-ssm-agent: - Fix mangled ExlusiveArch field ++++ branding-openSUSE: - Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader ++++ chromium: - Fixes for go 1.18 ++++ clamav-database: - database refresh on 2022-04-21 (bsc#1084929) ++++ kernel-64kb: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-azure: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-default: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ dtb-aarch64: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ grub2: - Fix Power10 LPAR error "The partition fails to activate as partition went into invalid state" (bsc#1198714) * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch ++++ jasper: - bsc#1184757 CVE-2021-3467: Fix NULL pointer deref in jp2_decode() Add jasper-CVE-2021-3467.patch - bsc#1184798 CVE-2021-3443: Fix NULL pointer derefin jp2_decode() Add jasper-CVE-2021-3443.patch - bsc#1182104 CVE-2021-26927: Fix NULL pointer deref in jp2_decode() bsc#1182105 CVE-2021-26926: Fix Out of bounds read in jp2_decode() Add jasper-CVE-2021-26926-CVE-2021-26927.patch ++++ kernel-debug: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-source: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-source-azure: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-docs: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-kvmsmall: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-obs-build: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-obs-qa: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-syms: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-syms-azure: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ kernel-zfcpdump: - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). - commit c813453 ++++ openssl-1_1: - FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch * Known answer test for ECDSA * bsc#1185319 - FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch * Enable tests for Deterministic Random Bit Generator * bsc#1198207 - Bypass a regression test that fails in FIPS mode. * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch] ++++ libtorrent-rasterbar: - Fix pkgconfig file for Leap 15.4 ++++ patterns-base: - Backports fips pattern from SLE15 SP4 * Since patterns_base has huge different compared to SLE ones, backport fips pattern from SLE then fips pattern is not missing ++++ python-Twisted: - Add patch CVE-2022-24801-http-1.1-leniency.patch: * Do not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (CVE-2022-24801, bsc#1198086) ++++ yast2-s390: - Don't call 'mkinitrd' in the inst-sys (bsc#1197632) - 4.4.6 ------------------------------------------------------------------ ------------------ 2022-4-20 - Apr 20 2022 ------------------- ------------------------------------------------------------------ ++++ amazon-ssm-agent: - Update to version 3.1.1260.0 + Added missing check for invalid S3 path parameter + Added support for domain join using a non-local username + Fixed broken links in README.md + Fixed ECS Exec issue where agent was using environment variables for credentials + Updated Ec2Detector test to query smbios directly for system information - from version 3.1.1208.0 + Updated ec2detector module to use Get-CmiInstance instead of wmic.exe + Fixed file creation mode of ssm-agent-users sudoer file (bsc#1196556, CVE-2022-29527) - from version 3.1.1188.0 + Added new ec2detector module to determine if agent is on EC2 + Added support for port forwarding to remote host + Added quotes around inventory parameter ValueName on Windows + Fix for domain join DNS IP assignments in shared directories + Replaced namedpipe updater test with ec2detector test - from version 3.1.1141.0 + Add application inventory by file for Bottlerocket + Fix infinite retry logic to send failed replies in MGSInteractor + Remove usage of io/fs package - from version 3.1.1080.0 + (windows only) Remove symlink scan during update - from version 3.1.1045.0 + Fixed sourceHash validation for aws:application document plugin + Added document parameter validation for values passed to target document of aws:runDocument plugin + (windows only) Fix process leak when legacy cloudwatch plugin is enabled + (windows only) Fail installation if C:\ProgramData\Amazon\SSM\ has symlinks - from version 3.1.1004.0 + Added platform detection for Bottlerocket OS + Consolidated regional endpoint generation to common endpoint module - from version 3.1.941.0 + Added support for Rocky linux + Fixed sharefile/shareprofile not being propagated to updateutil + Fixed incorrect darwin platform detection post BigSur + Fixed log flush issue in updater + Updated .NET dependencies for domainjoin and cloudwatch (windows only) + Updated go version to 1.17.6 - from version 3.1.821.0 + Implement new core module named MessageService to start processing commands from both MGS and MDS * Merge functionalities from RunCommandService core module and Session core module. * Receive run command documents through MGS if connected and fallback to MDS otherwise. This functionality requires appropriate permissions for both endpoints and will be rolled out gradually to end users. * Provide filesystem based idempotency check to avoid duplicate run command document execution. * Increase default run command pool buffer size from 1 to 5 to load additional documents before-hand for processing. + Fix nil pointer deference panic produced in named pipe test case during agent update + Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop - from version 3.1.804.0 + Add support for upstart when running get-diagnostic command using ssm-cli + Fix systemctl service name to support older versions of systemctl + Include changes to facilitate testing + Update DNS server selection logic for seamless domain join on linux and darwin + Update go version to go1.17.5 + Update golang sys package dependency - from version 3.1.715.0 + Derive default directories from appconfig on Darwin + Set x-bit on newly-created directories - from version 3.1.634.0 + Fix for ssm-setup-cli to be able to select service manager without the agent being installed - from version 3.1.630.0 + Added greengrass component recipe for the new SystemsManagerAgent component + Added support for registering agent on a greengrass device + Added support for downloading more than 1000 objects in downloadContent + Fixed retry logic for onprem and s3 upload + Fixed unit tests when running on Mac + Update AWS SDK to v1.41.4 + Update logic to retrieve platform details for Rocky Linux - from version 3.1.501.0 + Add diagnostics command to ssm-cli + Fix caching for onprem credentials + Additional configuration options for Seamless Domain Join + Gracefully exit session if group of runas user is modified + Skip retries for cert validation errors in S3 HEAD requests + Fix DNS failures on CentOS 8.2 + Update several dependencies - from version 3.1.459.0 + Fixed a bug with powershell command for Inventory - from version 3.1.426.0 + Fixed cpu spike issue manifesting on snap + Fixed issue with version comparison in EC2Config update plugin + Fixed panic when command output was being truncated + Updated build to use go1.16.8 + Removed Profile from inventory powershell commands on Windows - from version 3.1.338.0 + Fix to eliminate WaitGroup reuse panic triggered during agent reboot + Fix to include applications without UninstallString in Inventory for Windows + Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand + Fixed a bug where RunCommand could delay executions for up to 15 minutes - from version 3.1.282.0 + Add serial port logging of AwsNitroEnclaves package version on windows during startup + Allow usage of existing loggroup/logstream when the user does not have create permission + Change service interrogate request log to debug + Cleanup old surveyor channel files on startup + Fix filehandle leak in windows leading to agent going offline + Fix to schedule correct next run time during orchestration directories cleanup + Fix to sequentially update correct runcount value in the document bookkeeping file + Fix a bug with version parsing EC2Config updater + Updated rpm packaging for fips compliance - from version 3.1.192.0 + Added darwin arm64 to makefile + Added logic to limit orchestration directory cleanup + Added packaging for public SSM Agent container image + Fixed cloudwatch endpoint for telemetry metrics requests + Fixed handling of Windows filepaths and mutex locks + Fixed agent worker handling of OS signals and termination channel requests + Updated datachannel retry strategy to not retry for a specific error scenario + Updated default gomaxproc value for Windows + Update build to use go1.16.6 - from version 3.1.127.0 + Added a workaround for windows random halts + Fixed race condition during reboot document execution - from version 3.1.90.0 + Updated to version 3.1 + Updated build to build statically linked binaries for linux 64bit * Minimum supported linux kernel version for linux 64bit is 3.2+ + Fixed permissions for docker config file + Fixed issue with ubuntu prerm and postinst scripts + Fixed issue where processor stop was being called twice - from version 3.0.1390.0 + Added config option to delete orchestration folder + Added snapcraft packaging config + Added workaround for aws:runDocument status bug + Added improved handling of file closure + Added support for go mod and updated build to use go 1.16.4 + Fixed bug parsing vpce s3 urls + Refactored use of agent identity in agent cli + Updated check if agent is running as windows service + Updated handling of session cancellation to still send output to client side + Updated interactive session exit code logic to match non-interactive mode + Updated vendor dependencies - Update directory path for GOPATH ++++ kernel-64kb: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-azure: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-default: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ nodejs14: Update to 14.19.1: * deps: upgrade openssl sources to 1.1.1n (bsc#1196877, CVE-2022-0778) Infinite loop in BN_mod_sqrt() reachable when parsing certificates More details at https://www.openssl.org/news/secadv/20220315.txt - CVE-2021-44906.patch: fix prototype pollution in npm dependency (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) ++++ dtb-aarch64: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ gstreamer-plugins-libav: - Change the license to LGPL-2.1-or-later as specified in the COPYING file ++++ haruna: - Update to version 0.8.0 * fix: wrong height for playlist items * Fix freezes on systems with slow disks * Fix build warnings and errors * fix: mark methods as override * chore: remove unused code * fix: load correct files and call functions from actions manager * fix: release date for 0.7.3 * fix: don't run animation when component is hidden * SVN_SILENT made messages (.desktop file) - always resolve ours * GIT_SILENT made messages (after extraction) * fix: menubar not hiding in fullscreen * refactor: improvements to framedecoder * feat: add global menu support * fix: compile with MPV_CLIENT_API_VERSION 1 and 2 * feat: add action to seek to watch later position (Ctrl+Shift+P) * feat: add action to restart playback (seek to 0/beginning, F5 key) * feat: add action to load last played file (Ctrl+Shift+L) * chore: add .directory to gitignore * fix: rename icons license files * fix(osd): when file can't be played show filename if there's no title * build: use ECMAddAppIcon module * feat: allow to control the time position saving interval * refactor: add Settings to settings qml file names * refactor: rename SettingsEditor to SettingsWindow * refactor: put settings window in a loader * build: add KDECMakeSettings and KDECompilerSettings * fix: get actions from actionsManager * chore: add license info to actionsmanager.cpp/h * refactor: move actions cpp code to its own class * fix: remove unused cursor hiding/showing code * fix(playlist): use position from PlaylistSettings * fix(playlist): set height to mpv height * fix(playlist): unable to close the playlist * feat(menu): add more actions * build: add header files to target_sources * chore: remove more unneeded code * chore: remove unneeded code * chore: remove id from repeater * feat: add menu to open recent files * build: add FindYtdlp.cmake file * Add i18n() * SVN_SILENT made messages (.desktop file) - always resolve ours * GIT_SILENT made messages (after extraction) * feat: Add setting to pause the player if minimized * fix(settigs): clarify remember time position settings * chore(settings): remove labels from .kcfg files * fix(settings): load subtitles folders correctly - Drop haruna-mpv_v2_fix.patch (merged upstream) ++++ haruna: - Update to version 0.8.0 * fix: wrong height for playlist items * Fix freezes on systems with slow disks * Fix build warnings and errors * fix: mark methods as override * chore: remove unused code * fix: load correct files and call functions from actions manager * fix: release date for 0.7.3 * fix: don't run animation when component is hidden * SVN_SILENT made messages (.desktop file) - always resolve ours * GIT_SILENT made messages (after extraction) * fix: menubar not hiding in fullscreen * refactor: improvements to framedecoder * feat: add global menu support * fix: compile with MPV_CLIENT_API_VERSION 1 and 2 * feat: add action to seek to watch later position (Ctrl+Shift+P) * feat: add action to restart playback (seek to 0/beginning, F5 key) * feat: add action to load last played file (Ctrl+Shift+L) * chore: add .directory to gitignore * fix: rename icons license files * fix(osd): when file can't be played show filename if there's no title * build: use ECMAddAppIcon module * feat: allow to control the time position saving interval * refactor: add Settings to settings qml file names * refactor: rename SettingsEditor to SettingsWindow * refactor: put settings window in a loader * build: add KDECMakeSettings and KDECompilerSettings * fix: get actions from actionsManager * chore: add license info to actionsmanager.cpp/h * refactor: move actions cpp code to its own class * fix: remove unused cursor hiding/showing code * fix(playlist): use position from PlaylistSettings * fix(playlist): set height to mpv height * fix(playlist): unable to close the playlist * feat(menu): add more actions * build: add header files to target_sources * chore: remove more unneeded code * chore: remove unneeded code * chore: remove id from repeater * feat: add menu to open recent files * build: add FindYtdlp.cmake file * Add i18n() * SVN_SILENT made messages (.desktop file) - always resolve ours * GIT_SILENT made messages (after extraction) * feat: Add setting to pause the player if minimized * fix(settigs): clarify remember time position settings * chore(settings): remove labels from .kcfg files * fix(settings): load subtitles folders correctly - Drop haruna-mpv_v2_fix.patch (merged upstream) ++++ java-11-openjdk: - Update to upstream tag jdk-11.0.15+10 (April 2022 CPU) * Security fixes: + JDK-8284920: Incorrect Token type causes XPath expression to return empty result + JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException + JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo + JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character + JDK-8278356: Improve file creation + JDK-8270504, bsc#1198672, CVE-2022-21426: Better Xpath expression handling + JDK-8272594: Better record of recordings + JDK-8277672, bsc#1198674, CVE-2022-21434: Better invocation handler handling + JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 + JDK-8278972, bsc#1198673, CVE-2022-21496: Improve URL supports + JDK-8272261: Improve JFR recording file processing + JDK-8269938: Enhance XML processing passes redux + JDK-8272255: Completely handle MIDI files + JDK-8278805: Enhance BMP image loading + JDK-8278449: Improve keychain support + JDK-8277227: Better identification of OIDs + JDK-8275151, bsc#1198675, CVE-2022-21443: Improved Object Identification + JDK-8274221: More definite BER encodings + JDK-8278798: Improve supported intrinsic * Other changes: + JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names + JDK-8283018: 11u GHA: Update GCC 9 minor versions + JDK-8275082, bsc#1198671, CVE-2022-21476: Update XML Security for Java to 2.3.0 + JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods + JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport of JDK-8253795 + JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem + JDK-8277795: ldap connection timeout not honoured under contention + JDK-8276141: XPathFactory set/getProperty method + JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider + JDK-8211333: AArch64: Fix another build failure after JDK-8211029 + JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition + JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream) + JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using Xcode 13.1: call to 'log2_intptr' is ambiguous + JDK-8214004: Missing space between compiler thread name and task info in hs_err + JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup fails with some symbols + JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 + JDK-8247515: OSX pc_to_symbol() lookup does not work with core files + JDK-8254085: javax/swing/text/Caret/ /TestCaretPositionJTextPane.java failed with "RuntimeException: Wrong caret position" + JDK-8247272: SA ELF file support has never worked for 64-bit causing address to symbol name mapping to fail + JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/ /8001470/bug8001470.java for windows-x64 + JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake + JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale + JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication + JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors on Windows+ARM64 build + JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2 + JDK-8266889: [macosx-aarch64] Crash with SIGBUS in MarkActivationClosure::do_code_blob during vmTestbase/nsk/jvmti/.../bi04t002 test run + JDK-8241004: NMT tests fail on unaligned thread size with debug build + JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port + JDK-8280414: Memory leak in DefaultProxySelector + JDK-8280526: x86_32 Math.sqrt performance regression with - XX:UseSSE={0,1} + JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0 + JDK-8281520: JFR: A wrong parameter is passed to the constructor of LeakKlassWriter + JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is redundant since JDK-8268801 + JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently + JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames + JDK-8280155: [PPC64, s390] frame size checks are not yet correct + JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks + JDK-8261205: AssertionError: Cannot add metadata to an intersection type + JDK-8277992: Add fast jdk_svc subtests to jdk:tier3 + JDK-8216969: ParseException thrown for certain months with russian locale + JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec + JDK-8264650: Cross-compilation to macos/aarch64 + JDK-8256321: Some "inactive" color profiles use the wrong profile class + JDK-8280999: array_bounds should be array-bounds after 8278507 + JDK-8177814: jdk/editpad is not in jdk TEST.groups + JDK-8279702: [macosx] ignore xcodebuild warnings on M1 + JDK-8280786: Build failure on Solaris after 8262392 + JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient + JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134 + JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16 + JDK-8273277: C2: Move conditional negation into rc_predicate + JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/ /TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost" + JDK-8236210: javac generates wrong annotation for fields generated from record components + JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful + JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor + JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty + JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop + JDK-8275610: C2: Object field load floats above its null check resulting in a segfault + JDK-8266421: Deadlock in Sound System + JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler + JDK-8232533: G1 uses only a single thread for pretouching the java heap + JDK-8273933: [TESTBUG] Test must run without preallocated exceptions + JDK-8268542: serviceability/logging/TestFullNames.java tests only 1st test case + JDK-8251998: remove usage of PropertyResolvingWrapper in vmTestbase/jit/t + JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests + JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests + JDK-8273341: Update Siphash to version 1.0 + JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob + JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected + JDK-8251127: clean up FileInstaller $test.src $cwd in remaining vmTestbase_vm_compiler tests + JDK-8252005: narrow disabling of allowSmartActionArgs in vmTestbase + JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id" + JDK-8193277: SimpleFileObject inconsistency between getName and getShortName + JDK-8225559: assertion error at TransTypes.visitApply + JDK-8220634: SymLinkArchiveTest should handle not being able to create symlinks + JDK-8214026: Canonicalized archive paths appearing in diagnostics + JDK-8251126: nsk.share.GoldChecker should read golden file from ${test.src} + JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java + JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt" + JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing initializer for member _jvmtiHeapCallbacks::heap_reference_callback + JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last + JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time + JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows + JDK-8251132: make main classes public in vmTestbase/jit tests + JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/ /bug6364882.java failures + JDK-8273634: [TEST_BUG] Improve javax/swing/text/ /ParagraphView/6364882/bug6364882.java + JDK-8249019: clean up FileInstaller $test.src $cwd in vmTestbase_vm_compiler tests + JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror" + JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest + JDK-8273682: Upgrade Jline to 3.20.0 + JDK-8256154: Some TestNG tests require default constructors + JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo* from shell to java + JDK-8223142: Clean-up WS and CB. + JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT + JDK-8278172: java/nio/channels/FileChannel/ /BlockDeviceSize.java should only run on Linux + JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler + JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers + JDK-8276623: JDK-8275650 accidentally pushed "out" file + JDK-8279379: GHA: Print tests that are in error + JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime + JDK-8274658: ISO 4217 Amendment 170 Update + JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/ /6318524/bug6318524.java never fails + JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for + JDK-8275650: Problemlist java/io/File/createTempFile/ /SpecialTempFile.java for Windows 11 + JDK-8268014: Build failure on SUSE Linux Enterprise Server 11.4 (s390x) due to 'SYS_get_mempolicy' was not declared + JDK-8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default + JDK-8065704: Set LC_ALL=C for all relevant commands in the build system + JDK-8254827: JVMCI: Enable it for Windows+AArch64 + JDK-8276314: [JVMCI] check alignment of call displacement during code installation + JDK-8265150: AsyncGetCallTrace crashes on ResourceMark + JDK-8276177: nsk/jvmti/RedefineClasses/ /StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here" + JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F + JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F + JDK-8277385: Zero: Enable CompactStrings support + JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx + JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx + JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily + JDK-8278309: [windows] use of uninitialized OSThread::_state + JDK-8202142: jfr/event/io/TestInstrumentation is unstable + JDK-8207793: [TESTBUG] runtime/Metaspace/ /FragmentMetaspace.java fails: heap needs to be increased + JDK-8211170: AArch64: Warnings in C1 and template interpreter + JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated + JDK-8266187: Memory leak in appendBootClassPath() + JDK-8240904: Screen flashes on test failures when running tests from make + JDK-8234930: Use MAP_JIT when allocating pages for code cache on macOS + JDK-8275811: Incorrect instance to dispose + JDK-8186780: clang fastdebug assertion failure in os_linux_x86:os::verify_stack_alignment() + JDK-8266171: -Warray-bounds happens in imageioJPEG.c + JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp + JDK-8207011: Remove uses of the register storage class specifier + JDK-8266172: -Wstringop-overflow happens in vmError.cpp + JDK-8274714: Incorrect verifier protected access error message + JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure + JDK-8214761: Bug in parallel Kahan summation implementation + JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong + JDK-8255035: Update BCEL to Version 6.5.0 + JDK-8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305 + JDK-8233827: Enable screenshots in the enhanced failure handler on Linux/macOS + JDK-8210236: Prepare ciReceiverTypeData::translate_receiver_data_from for concurrent class unloading + JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/ /bug6302464.java fails on macOS12 + JDK-8199079: Test javax/swing/UIDefaults/6302464/ /bug6302464.java is unstable + JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not work in a minimized state + JDK-8274523: java/lang/management/MemoryMXBean/ /MemoryTest.java test should handle Shenandoah + JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/ /StressRedefineWithoutBytecodeCorruption/TestDescription.java failed with NullPointerException + JDK-8266168: -Wmaybe-uninitialized happens in check_code.c + JDK-8266174: -Wmisleading-indentation happens in libmlib_image sources + JDK-8251558: J2DBench should support shaped and translucent windows + JDK-8254940: AArch64: Cleanup non-product thread members + JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c + JDK-8263185: Mallinfo deprecated in glibc 2.33 + JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported at sigset() in exesigtest.c + JDK-8266176: -Wmaybe-uninitialized happens in libArrayIndexOutOfBoundsExceptionTest.c + JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp + JDK-8222825: ARM32 SIGILL issue on single core CPU (not supported PLDW instruction) + JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly + JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc + JDK-8272345: macos doesn't check `os::set_boot_path()` result + JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15 - Modified patch: * fips.patch + rediff to changed context ++++ java-17-openjdk: - Update to upstream tag jdk-17.0.3+7 (April 2022 CPU) * Security fixes: + JDK-8284920: Incorrect Token type causes XPath expression to return empty result + JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException + JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo + JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character + JDK-8278356: Improve file creation + JDK-8270504, bsc#1198672, CVE-2022-21426: Better Xpath expression handling + JDK-8272588: Enhanced recording parsing + JDK-8272594: Better record of recordings + JDK-8277672, bsc#1198674, CVE-2022-21434: Better invocation handler handling + JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 + JDK-8278972, bsc#1198673, CVE-2022-21496: Improve URL supports + JDK-8272261: Improve JFR recording file processing + JDK-8269938: Enhance XML processing passes redux + JDK-8272255: Completely handle MIDI files + JDK-8278805: Enhance BMP image loading + JDK-8278449: Improve keychain support + JDK-8277227: Better identification of OIDs + JDK-8275151, bsc#1198675, CVE-2022-21443: Improved Object Identification + JDK-8274221: More definite BER encodings + JDK-8277233, bsc#1198670, CVE-2022-21449: Improve ECDSA signature support + JDK-8278798: Improve supported intrinsic * Other changes: + JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods + JDK-8277795: ldap connection timeout not honoured under contention + JDK-8276141: XPathFactory set/getProperty method + JDK-8274471: Add support for RSASSA-PSS in OCSP Response + JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX + JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition + JDK-8276841: Add support for Visual Studio 2022 + JDK-8272866: java.util.random package summary contains incorrect mixing function in table + JDK-8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled + JDK-8278185: Custom JRE cannot find non-ASCII named module inside + JDK-8281460: Let ObjectMonitor have its own NMT category + JDK-8278163: --with-cacerts-src variable resolved after GenerateCacerts recipe setup + JDK-8277383: VM.metaspace optionally show chunk freelist details + JDK-8271721: Split gc/g1/TestMixedGCLiveThreshold into separate tests + JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 + JDK-8270117: Broken jtreg link in "Building the JDK" page + JDK-8279695: [TESTBUG] modify compiler/loopopts/ /TestSkeletonPredicateNegation.java to run on C1 also + JDK-8278080: Add --with-cacerts-src='user cacerts folder' to enable deterministic cacerts generation + JDK-8277762: Allow configuration of HOTSPOT_BUILD_USER + JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake + JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine + JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches + JDK-8274562: (fs) UserDefinedFileAttributeView doesn't correctly determine if supported when using OverlayFS + JDK-8273655: content-types.properties files are missing some common types + JDK-8279385: [test] Adjust sun/security/pkcs12/ /KeytoolOpensslInteropTest.java after 8278344 + JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492 + JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication + JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 + JDK-8272600: (test) Use native "sleep" in Basic.java + JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key + JDK-8277299: STACK_OVERFLOW in Java_sun_awt_shell_Win32ShellFolder2_getIconBits + JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames + JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions + JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently + JDK-8274750: java/io/File/GetXSpace.java failed: '/dev': 191488 != 190976 + JDK-8273387: remove some unreferenced gtk-related functions + JDK-8279702: [macosx] ignore xcodebuild warnings on M1 + JDK-8277180: Intrinsify recursive ObjectMonitor locking for C2 x64 and A64 + JDK-8277449: compiler/vectorapi/TestLongVectorNeg.java fails with release VMs + JDK-8275643: C2's unaryOp vector intrinsic does not properly handle LongVector.neg + JDK-8271056: C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity + JDK-8275847: Scheduling fails with "too many D-U pinch points" on small method + JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info + JDK-8275874: [JVMCI] only support aligned reads in c2v_readFieldValue + JDK-8271506: Add ResourceHashtable support for deleting selected entries + JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec + JDK-8279124: VM does not handle SIGQUIT during initialization + JDK-8277497: Last column cell in the JTable row is read as empty cell + JDK-8278604: SwingSet2 table demo does not have accessible description set for images 8278526: [macos] Screen reader reads SwingSet2 JTable row selection as null, dimmed row for last column + JDK-8275645: [JVMCI] avoid unaligned volatile reads on AArch64 + JDK-8280414: Memory leak in DefaultProxySelector + JDK-8273381: Assert in PtrQueueBufferAllocatorTest.stress_free_list_allocator_vm + JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error + JDK-8280155: [PPC64, s390] frame size checks are not yet correct + JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks + JDK-8280526: x86_32 Math.sqrt performance regression with - XX:UseSSE={0,1} + JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0 + JDK-8279445: Update JMH devkit to 1.34 + JDK-8274753: ZGC: SEGV in MetaspaceShared::link_shared_classes 8274935: dumptime_table has stale entry + JDK-8251216: Implement MD5 intrinsics on AArch64 + JDK-8278241: Implement JVM SpinPause on linux-aarch64 + JDK-8275608: runtime/Metaspace/elastic/ /TestMetaspaceAllocationMT2 too slow + JDK-8276057: Update JMH devkit to 1.33 + JDK-8275082, bsc#1198671, CVE-2022-21476: Update XML Security for Java to 2.3.0 + JDK-8177814: jdk/editpad is not in jdk TEST.groups + JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/ /TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost" + JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful + JDK-8272553: several hotspot runtime/CommandLine tests don't check exit code + JDK-8275687: runtime/CommandLine/PrintTouchedMethods test shouldn't catch RuntimeException + JDK-8278344: sun/security/pkcs12/ /KeytoolOpensslInteropTest.java test fails because of different openssl output + JDK-8273972: Multi-core choke point in CMM engine (LCMSTransform.doTransform) + JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests + JDK-8278389: SuspendibleThreadSet::_suspend_all should be volatile/atomic + JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests + JDK-8277503: compiler/onSpinWait/ /TestOnSpinWaitAArch64DefaultFlags.java failed with "OnSpinWaitInst with the expected value 'isb' not found." + JDK-8277137: Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1 + JDK-8273341: Update Siphash to version 1.0 + JDK-8269032: Stringdedup tests are failing if the ergonomically select GC does not support it + JDK-8186670: Implement _onSpinWait() intrinsic for AArch64 + JDK-8276766: Enable jar and jmod to produce deterministic timestamped content 8279453: Disable tools/jar/ /ReproducibleJar.java on 32-bit platforms + JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id" + JDK-8280002: jmap -histo may leak stream + JDK-8277069: [REDO] JDK-8276743 Make openjdk build Zip Archive generation "reproducible" + JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16 + JDK-8273277: C2: Move conditional negation into rc_predicate + JDK-8279412: [JVMCI] failed speculations list must outlive any nmethod that refers to it + JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty + JDK-8263567: gtests don't terminate the VM safely + JDK-8269206: A small typo in comment in test/lib/sun/hotspot/WhiteBox.java + JDK-8278309: [windows] use of uninitialized OSThread::_state + JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root + JDK-8276764: Enable deterministic file content ordering for Jar and Jmod + JDK-8273967: gtest os.dll_address_to_function_and_library_name_vm fails on macOS12 + JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/ /bug6302464.java fails on macOS12 + JDK-8277846: Implement fast-path for ASCII-compatible CharsetEncoders on ppc64 + JDK-8273526: Extend the OSContainer API pids controller with pids.current + JDK-8269849: vmTestbase/gc/gctests/PhantomReference/ /phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + JDK-8269087: CheckSegmentedCodeCache test fails in an emulated-client VM + JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob + JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop + JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT + JDK-8225559: assertion error at TransTypes.visitApply + JDK-8276654: element-list order is non deterministic + JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest + JDK-8273682: Upgrade Jline to 3.20.0 + JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134 + JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt" + JDK-8269037: jsig/Testjsig.java doesn't have to be restricted to linux only + JDK-8269523: runtime/Safepoint/ /TestAbortOnVMOperationTimeout.java failed when expecting 'VM operation took too long' + JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test + JDK-8272398: Update DockerTestUtils.buildJdkDockerImage() + JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT + JDK-8278020: ~13% variation in Renaissance-Scrabble + JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers + JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups + JDK-8279379: GHA: Print tests that are in error + JDK-8278987: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in __write_sample_info__ + JDK-8278627: Shenandoah: TestHeapDump test failed + JDK-8278824: Uneven work distribution when scanning heap roots in G1 + JDK-8278239: vmTestbase/nsk/jvmti/RedefineClasses/ /StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d + JDK-8277919: OldObjectSample event causing bloat in the class constant pool in JFR recording + JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for + JDK-8278104: C1 should support the compiler directive 'BreakAtExecute' + JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/ /bug6364882.java failures + JDK-8273933: [TESTBUG] Test must run without preallocated exceptions + JDK-8278172: java/nio/channels/FileChannel/ /BlockDeviceSize.java should only run on Linux + JDK-8275800: Redefinition leaks MethodData::_extra_data_lock + JDK-8273634: [TEST_BUG] Improve javax/swing/text/ /ParagraphView/6364882/bug6364882.java + JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/ /6318524/bug6318524.java never fails + JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected + JDK-8274130: C2: MulNode::Ideal chained transformations may act on wrong nodes + JDK-8279011: JFR: JfrChunkWriter incorrectly handles int64_t chunk size as size_t + JDK-8276662: Scalability bottleneck in SymbolTable::lookup_common() + JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime + JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3 + JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories + JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor + JDK-8275610: C2: Object field load floats above its null check resulting in a segfault + JDK-8278099: two sun/security/pkcs11/Signature tests failed with AssertionError + JDK-8276623: JDK-8275650 accidentally pushed "out" file + JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows + JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last + JDK-8274714: Incorrect verifier protected access error message + JDK-8274658: ISO 4217 Amendment 170 Update + JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler + JDK-8277777: [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad + JDK-8276314: [JVMCI] check alignment of call displacement during code installation + JDK-8265150: AsyncGetCallTrace crashes on ResourceMark + JDK-8276177: nsk/jvmti/RedefineClasses/ /StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here" + JDK-8275650: Problemlist java/io/File/createTempFile/ /SpecialTempFile.java for Windows 11 + JDK-8273704: DrawStringWithInfiniteXform.java failed: drawString with InfiniteXform transform takes long time + JDK-8273162: AbstractSplittableWithBrineGenerator does not create a random salt + JDK-8273351: bad tag in jdk.random module-info.java + JDK-8247980: Exclusive execution of java/util/stream tests slows down tier1 + JDK-8272327: Shenandoah: Avoid enqueuing duplicate string candidates + JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx + JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx + JDK-8277992: Add fast jdk_svc subtests to jdk:tier3 + JDK-8278016: Add compiler tests to tier{2,3} + JDK-8277385: Zero: Enable CompactStrings support + JDK-8275586: Zero: Simplify interpreter initialization + JDK-8269175: [macosx-aarch64] wrong CPU speed in hs_err file - Do not include back the JavaEE modules in the JDK - Removed patches: * activation-module.patch * annotation-module.patch + The pached JavaEE modules do not exist any more ++++ kernel-debug: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-source: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-source-azure: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-docs: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-kvmsmall: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-obs-build: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-obs-qa: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-syms: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-syms-azure: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ kernel-zfcpdump: - intel_idle: add core C6 optimization for SPR (bsc#1198602). - commit d6fb753 - intel_idle: add 'preferred_cstates' module argument (bsc#1198602). - commit 0bc7d2b - intel_idle: add SPR support (bsc#1198602). - commit 2bc31de ++++ libinput-extra: - Update to version 1.19.4 (boo#1198111): * This release includes a fix for CVE-2022-1215, a format string vulnerability in the evdev device handling. ++++ libinput: - Update to version 1.19.4 (boo#1198111): * This release includes a fix for CVE-2022-1215, a format string vulnerability in the evdev device handling. ++++ ruby2.5: - Update suse.patch: - backport fix for CVE-2022-28739: ruby: Buffer overrun in String-to-Float conversion (boo#1198441) - back port date 2.0.3 CVE-2021-41817 (boo#1193035) - merge the previous bug fixes into suse.patch - CVE-2021-32066.patch - CVE-2021-31810.patch - CVE-2021-31799.patch - Add Requires to make and gcc to ruby-devel to make the default extconf.rb work ++++ patterns-deepin: - Disable wayland plugins (boo#1198692) ++++ qbittorrent: - Require libQt6Svg at runtime (fixes boo#1198544) ++++ raspberrypi-firmware-dt: - Switch back to platform driver until upstream gain support for VEC clock in clk-raspberrypi driver. Add following patch to fix immediate issue described in bsc#1198061. Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch ------------------------------------------------------------------ ------------------ 2022-4-19 - Apr 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-azure: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-default: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ dtb-aarch64: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ gcompris-qt: - Update to bugfix release 2.4 + Recompress image to webp (30% smaller) + Fixes for qt 5.15 ++++ gcompris-qt-voices: - Update to version 2.4~20220419 for gcompris-qt 2.4 ++++ kernel-debug: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-source: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-source-azure: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-docs: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-kvmsmall: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-obs-build: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-obs-qa: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-syms: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-syms-azure: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ kernel-zfcpdump: - Move upstreamed patches into sorted section - commit e93d073 - SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). - SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). - scsi: qedi: Fix failed disconnect handling (bsc#1197685). - scsi: iscsi: Fix NOP handling during conn recovery (bsc#1197685). - scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). - scsi: iscsi: Fix conn cleanup and stop race during iscsid restart (bsc#1197685). - scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). - scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). - scsi: iscsi: Fix offload conn cleanup when iscsid restarts (bsc#1197685). - scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). - commit d5cdaca - Sorted using series_sort.py Since sequence_patch required it. - commit 6bf7976 ++++ libglvnd: - provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages (bsc#1196576) ++++ podofo: - Add podofo-CVE-2019-20093.patch: fix a NULL pointer dereference (boo#1159921 CVE-2019-20093). ++++ raft: - raft 0.13.0: * move to raft_fsm v2 introducing snapshot_finalize ++++ systemd: - Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b 6256b14446 test: adapt install_pam() for openSUSE 3ea5b7e295 test: add test checking tmpfiles conf file precedence e63e641ee8 test tmpfiles: add a test for 'w+' b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails - Move coredumpctl completion files into systemd-coredump sub-package. ++++ mirrorsorcerer: - Update to version 0.1.0~13: * Fix issue with dns resolving * Improve consistency ++++ mutt: - Add patch uudecode-e5ed080c.patch for bsc#1198518 and CVE-2022-1328 to fix a buffer overflow in uudecoder ++++ qemu: - enable aio=io_uring on all kvm architectures (bsc#1197699) ++++ qemu-linux-user: - enable aio=io_uring on all kvm architectures (bsc#1197699) ++++ qemu-testsuite: - enable aio=io_uring on all kvm architectures (bsc#1197699) ++++ rpmlint: - fix kpmcore, nm-priv and tukitd whitelistings that contained absolute paths instead of only the basenames (bsc#1198521) ++++ systemd-mini: - Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b 6256b14446 test: adapt install_pam() for openSUSE 3ea5b7e295 test: add test checking tmpfiles conf file precedence e63e641ee8 test tmpfiles: add a test for 'w+' b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails - Move coredumpctl completion files into systemd-coredump sub-package. ++++ yast2-trans: - Update to version 84.87.20220419.0c85b52778: * New POT for text domain 'migration_sle'. * New POT for text domain 'hana-update'. * New POT for text domain 'firstboot'. * New POT for text domain 'control'. * New POT for text domain 'cc-control'. * Fixed control.xml translations * Fixed control.xml translations * Fixed control.xml translations * Translated using Weblate (Finnish) ------------------------------------------------------------------ ------------------ 2022-4-18 - Apr 18 2022 ------------------- ------------------------------------------------------------------ ++++ proteus: - Version 6.0.6 - Bugfix Release ++++ tryton: - Version 6.0.15 - Bugfix Release ++++ trytond: - Version 6.0.17 * Werkzeug 2.0 compatibility added * fix_werkzeug_2.x.patch removed ++++ trytond_account: - Version 6.0.10 - Bugfix Release ++++ trytond_account_invoice: - Version 6.0.6 - Bugfix Release ++++ trytond_stock: - Version 6.0.13 - Bugfix Release ++++ trytond_stock_supply: - Version 6.0.2 - Bugfix Release ++++ yast2-trans: - Update to version 84.87.20220415.000649bca9: * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Slovak) * Translated using Weblate (Russian) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Translated using Weblate (Slovak) * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed messages extracted from XML files * Fixed translations * Fixed translations * Fixed messages extracted from XML files * Fixed firstboot translations * New POT for text domain 'iscsi-client'. * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'firstboot'. ------------------------------------------------------------------ ------------------ 2022-4-17 - Apr 17 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-04-18 (bsc#1084929) ------------------------------------------------------------------ ------------------ 2022-4-16 - Apr 16 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ++++ libapparmor: - update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) ++++ libtorrent-rasterbar: - Update to version 2.0.6 * fix issue creating a v2 torrent from torrent_info containing an empty file * make recheck files also update which files use partfile * add write_through disk_io_write_mode, which flushes pieces to disk immediately * improve copy file function to preserve sparse regions (when supported) * add function to truncate over-sized files part of a torrent * fix directory creation on windows shared folders * add flag to make add_files() not record file attributes * deprecate (unused) allow_partial_disk_writes settings * fix disk-full error reporting in mmap_disk_io * fixed similar-torrents feature for v2 torrents * fix potential unbounded recursion in add_completed_job, in disk I/O * deprecated (unused) volatile_read_cache setting - Drop libtorrent-rasterbar-boost_178.patch (merged upstream) - Switch to _service ++++ mkvtoolnix: - Update to version 67.0.0 New features and enhancements: * all: IETF BCP 47/RFC 5646 language tags: when deriving the legacy language element codes to use a language tag's ISO 639 code is also potentially interpreted as an & its prefix is used as the legacy language code. For example, "Yue Chinese" = `yue` is not part of ISO 639-2. However, there is an extlang subtag `yue` with a valid prefix of `zh` ("Chinese"), and for "Chinese" there is an ISO 639-2 language code: `chi`. In this example the IETF language element would be set to `yue` and the corresponding legacy element to `chi`. * all: IETF BCP 47/RFC 5646 language tags: grandfathered language tags are now supported. * all: IETF BCP 47/RFC 5646 language tags: all deprecated subtags from the IANA language subtag registry are now supported. * all: IETF BCP 47/RFC 5646 language tags: all lists of valid subtags have been updated from their respective authoritative sources. * all: IETF BCP 47/RFC 5646 language tags: all in the IANA language subtag registry are now supported, even those marked as deprecated and of type 'grandfathered'. * all: IETF BCP 47/RFC 5646 language tags: reduced the maximum number of extended language subtags that are present in a valid tag from 3 to 1 in compliance with RFC 5646 section 2.2.2. * all: IETF BCP 47/RFC 5646 language tags: all language codes reserved for private/local use (`qaa`–`qtz`) are now supported. * all: IETF BCP 47/RFC 5646 language tags: Digital Cinema Naming Convention language codes that fall into the IETF BCP 47 range of "private use" tags (`qaa`–`qtz`) are now replaced by their IETF BCP 47 equivalents during normalization (e.g. `QMS` → `cmn-Hans`). * all: added a new translation to Chinese Simplified (Singapore) by Dian Li. * mkvmerge, mkvpropedit: added a new command line option called `--enable-legacy-font-mime-types`. With this option on the two programs will use the same legacy MIME types for fonts whenever new attachments are added (both programs), when reading existing attachments (only `mkvmerge`) or when replacing existing ones (only `mkvpropedit`). * mkvmerge, mkvpropedit: IETF BCP 47/RFC 5646 language tags: added a command line option `--normalize-language-ietf ` which turns on normalization of IETF BCP 47 language tags to either their canonical (mode `canonical`) or extended language subtags form (mode `extlang`) or turns it off (mode `off`). If the option isn't given, language tags will now be normalized to the canonical form. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: ISO 639-3 and 639-5 languages will now be used by default. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: the language editor dialog will now show warnings in several cases: when deprecated tags are used; when the tag's canonical and/or extlang forms differ from the user input. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: the language editor now has a button to replace the current tag with a normalized form (canonical or extlang) if those differ from the current tag. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: added an option in the preferences to always normalize all language tags to their canonical or extlang forms or to turn normalization off. Can also be enabled from the language editor dialog. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: the language dialog now shows a warning if a variant is used with a prefix that isn't in the variant's list of suitable prefixes. It'll also say if the corresponding canonical/extlang forms would have a suitable prefix. * MKVToolNix GUI: IETF BCP 47/RFC 5646 language tags: the language dialog now shows a warning if a script is used with a language for which it should be suppressed. * MKVToolNix GUI: multiplexer: the track property group boxes in the scrollable pane are now collapsible & expandable, saving their state over restarts of the GUI. This is in preparation of adding many more track properties in future releases, allowing the user to hide parts they don't use all that often. * MKVToolNix GUI: multiplexer: if the option "use legacy font MIME types" is enabled in the preferences, the new command line option `--enable-legacy-font-mime-types` will be passed to `mkvmerge` in order to have it remap the MIME types of existing attachments, too. Bug fixes: * all: IETF BCP 47/RFC 5646 language tags: variants aren't validated wrt. to prefixes anymore as BCP 47 doesn't actually pose restrictions on them, saying only that prefixes "are suitable sequences" for use with the variants. What is now verified, though, is that no variant is used multiple times within the same language tag. * build system & MKVToolNix GUI: fixed detecting the presence of & the compilation with the multimedia module of Qt version 6.2.0 and newer. * MKVToolNix GUI: job queue: fixed compiling in the audio player code for the the "play audio" end-of-job action. * MKVToolNix GUI: multiplexer: recognizing added XML chapter, segment info or chapter files required the XML declaration & root node (e.g. `` for chapters) be located within the first 1 KB, which wasn't enough for files that contain a lot of comments at the start like the included `example-chapters-2.xml`. The detection range was extended to 10 KB. Build system changes: * The bundled `fmt` library was updated to v8.1.1. * The bundled `nlohmann-json` library was updated to v3.10.5. * The bundled `pugixml` library was updated to v1.12.1. ------------------------------------------------------------------ ------------------ 2022-4-15 - Apr 15 2022 ------------------- ------------------------------------------------------------------ ++++ AusweisApp2: - New upstream release + Version 1.22.5 * Update of the release notes has been corrected. * On Windows 10, the window size is no longer changed after a language change. * Minor bug fixes and optimizations. * Under certain circumstances it was possible that the SDK did not send an INSERT_CARD message. * Update of OpenSSL to version 1.1.1n. ++++ chromium: - Chromium 100.0.4896.127 (boo#1198509) * CVE-2022-1364: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives ++++ enlightenment: - boo#1197326,1196609 - Don't Enable modules that don't exist in profile migration. * fix-upstream-dont-migrate-sysinfoluncher.patch - Recommend acpid for bindings ++++ enlightenment: - boo#1197326,1196609 - Don't Enable modules that don't exist in profile migration. * fix-upstream-dont-migrate-sysinfoluncher.patch - Recommend acpid for bindings ------------------------------------------------------------------ ------------------ 2022-4-14 - Apr 14 2022 ------------------- ------------------------------------------------------------------ ++++ cloud-regionsrv-client: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success ++++ gimp-help: - Update _constraints: this requires more than 4gb of disk space (bsc#1197717). ++++ git: - git 2.35.3: * usability fix-up for CVE-2022-24765 bsc#1198234: '*' can be used as the value for the `safe.directory` variable to signal that the user considers that any directory is safe. * The code that was meant to parse the new `safe.directory` configuration variable was not checking what configuration variable was being fed to it ++++ libqt5-qtwebkit: - Add patch to fix build with gstreamer >= 1.19: * gst-1.29.patch ++++ s390-tools: - Updated the cputype script to include the model number of IBM's recently announced z16 processor. ++++ libgcrypt: - FIPS: extend the service indicator [bsc#1190700] * introduced a pk indicator function * adapted the approved and non approved ciphersuites * Add libgcrypt_indicators_changes.patch * Add libgcrypt-indicate-shake.patch ++++ openldap2: - bsc#1191157 - Correct version specification in ppolicy to allow submission to SP3 for TLS1.3 ++++ lmms: - Create the missing libwine.so symlink for Leap 15.4 ++++ pdf2djvu: - Use C++17 for fix Leap build ++++ peazip: - Update to 8.6.0: BACKEND * Pea 1.07 * 7z updated to 21.07 * (Linux) Zstd 1.5.2 CODE * Fixed dictionary size for ZIP using XZ compression * Compiled with Lazarus 2.2.0 * Various fixes FILE MANAGER * Improved theming * New .ico and .png icons are now available in (peazip)/res/share/icons directory for customizing the application on Linux, macOS, and Windows systems * Simplified organization of UI layout * Added link to devices mounted in /var/run/media in filesystem treeview, when applicable * File / archive browser can now alternatively display larger details, and large list modes (from Style menu on status bar) in order to improve readability and touch usability EXTRACTION and ARCHIVING * Added "Immediate execution" option for Profiles and Presets, in Add button's dropdown menu * Added command line switches to compress items using one of the compression presets or loading a saved custom compression setting * Added option to not immediately save edited files into archive, keeping changes for further editing (or for manually saving to archive from context menu, More submenu) * Labels in status bar of Archiving and Extraction screens are clickable to show synthetic information about the task * Improved compression settings * Improved usage of Layouts - Switch from GTK2 to QT5 ++++ python-check-manifest: - Add executable.patch to check for the existence of 'python' executable necessary for test_python_from_path test (gh#mgedmin/check-manifest#57 and bsc#1198295). ++++ python-llvmlite: - Supported llvm version is llvm10 or llvm9 ++++ python-pyface: - Use python-importlib_resources for SLE15 and Leap 15 ++++ python-pykeepass: - Fix SPEC file to be all-version compatible. (bsc#1198336) ++++ rpi-imager: - fix for new autoconf ++++ yq: - Add conflicts for Leap 15.4 ------------------------------------------------------------------ ------------------ 2022-4-13 - Apr 13 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ kernel-64kb: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-azure: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-default: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ dtb-aarch64: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ git: - Require bash in git-daemon because the service file uses it - Reword git-daemon.service description to get a useful sentence in journalctl -b ++++ hwinfo: - merge gh#openSUSE/hwinfo#112 - fix bug in determining serial console device name (bsc#1198043) - 21.81 ++++ kernel-debug: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-source: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-source-azure: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-docs: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-kvmsmall: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-obs-build: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-obs-qa: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-syms: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-syms-azure: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kernel-zfcpdump: - PCI: hv: Remove unused hv_set_msi_entry_from_desc() (bsc#1198228). - commit b61cd71 - x86/platform/uv: Log gap hole end size (bsc#1198417). - commit 8618bf4 - x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). - commit 3d0fd26 - x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). - commit 76ba15c - powerpc/numa: Handle partially initialized numa nodes (bsc#1197658). - commit 061e1c6 ++++ kexec-tools: - kexec-tools-print-error-if-kexec_file_load-fails.patch: print error if kexec_file_load fails (bsc#1197176). ++++ libapparmor: - Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon which now will spawn new additional services on demand. We need to modify the existing smbd/winbind profiles and additionally add a new set of profiles to cater for the new functionality; (bnc#1198309); ++++ mozilla-nss: - Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This makes the PBKDF known answer test compliant with NIST SP800-132. ++++ suseconnect-ng: - Update to version 0.0.8~git0.16545bf: * Allow reloading CA certs pool (bsc#1195220) ++++ linuxrc: - merge gh#openSUSE/linuxrc#294 - do not use zram if there's more than 64 GiB free memory (bsc#1197253) - 7.0.31.7 ++++ siproxd: - Do not BuildRequires texlive-texconfig on Leap 15.4 and Tumbleweed * texlive-texconfig has been merged per newer texlive stack update ++++ wicked: - version 0.6.69 - redfish: decode smbios and setup host interface Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) structure and expose it as wicked `firmware:redfish` configuration to setup a Host Network Interface (to the BMC) using the `Redfish over IP` protocol allowing access to the Redfish Service (via redfish-localhost in /etc/hosts) used to manage the computer system. Tech Preview (jsc#SLE-17762). - buffer: fix size_t length downcast to uint, add guards to init functions - wireless: fix to not expect colons in 64byte long wpa-psk hex hash string - xml-schema: reference counting fix to not crash at exit on schema errors - compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: fix reading of sysctl addr_gen_mode to wrong variable - auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - removed obsolete patch included in the master sources (bsc#1194392) [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] ------------------------------------------------------------------ ------------------ 2022-4-12 - Apr 12 2022 ------------------- ------------------------------------------------------------------ ++++ GraphicsMagick: - security update - added patches fix CVE-2022-1270 [bsc#1198351], Heap buffer overflow when parsing MIFF + GraphicsMagick-CVE-2022-1270.patch ++++ webkit2gtk3-soup2: - Update to version 2.36.0 (boo#1198290): + Add new accessibility implementation using ATSPI DBus interfaces instead of ATK. + Add support for requestVideoFrameCallback. + Change hardware-acceleration-policy setting default value to always. + Add support for media session. + Add new API to set HTTP response information to custom uri schemes. + Make user interactive threads (event handler, scrolling, …) real time in linux. + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. - Rebase no-forced-sse.patch. - Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. - Add webkit2gtk3-old-ruby.patch: fix a build failure. ++++ webkit2gtk3: - Update to version 2.36.0 (boo#1198290): + Add new accessibility implementation using ATSPI DBus interfaces instead of ATK. + Add support for requestVideoFrameCallback. + Change hardware-acceleration-policy setting default value to always. + Add support for media session. + Add new API to set HTTP response information to custom uri schemes. + Make user interactive threads (event handler, scrolling, …) real time in linux. + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. - Rebase no-forced-sse.patch. - Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. - Add webkit2gtk3-old-ruby.patch: fix a build failure. ++++ webkit2gtk4: - Update to version 2.36.0 (boo#1198290): + Add new accessibility implementation using ATSPI DBus interfaces instead of ATK. + Add support for requestVideoFrameCallback. + Change hardware-acceleration-policy setting default value to always. + Add support for media session. + Add new API to set HTTP response information to custom uri schemes. + Make user interactive threads (event handler, scrolling, …) real time in linux. + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. - Rebase no-forced-sse.patch. - Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. - Add webkit2gtk3-old-ruby.patch: fix a build failure. ++++ chromium: - Chromium 100.0.4896.88 (boo#1198361) * CVE-2022-1305: Use after free in storage * CVE-2022-1306: Inappropriate implementation in compositing * CVE-2022-1307: Inappropriate implementation in full screen * CVE-2022-1308: Use after free in BFCache * CVE-2022-1309: Insufficient policy enforcement in developer tools * CVE-2022-1310: Use after free in regular expressions * CVE-2022-1311: Use after free in Chrome OS shell * CVE-2022-1312: Use after free in storage * CVE-2022-1313: Use after free in tab groups * CVE-2022-1314: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives ++++ kernel-64kb: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-azure: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-default: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ dcraw: - Added patches: * iowrappers.patch + Written wrappers of fread(),fwrite(),fseek() library functions which check their return values. If an input/output failure is detected, dcraw immediately exits with non-zero status and prints a descriptive message (bsc#1097973, CVE-2018-5805; bsc#1097974, CVE-2018-5806; bsc#1117622, CVE-2018-19565; bsc#1117517, CVE-2018-19566; bsc#1117512, CVE-2018-19567; bsc#1117436, CVE-2018-19568) * dcraw-CVE-2021-3624.patch + Bail out if integer overflow happened and the allocated buffer would be too small (bsc#1189642, CVE-2021-3624) ++++ dtb-aarch64: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ git: - git 2.35.2 (CVE-2022-24765, bsc#1198234): * CVE-2022-24765: git may execute commands defined by other users from unexpected worktrees ++++ go1.17: - go1.17.9 (released 2022-04-12) includes security fixes to the crypto/elliptic and encoding/pem packages, as well as bug fixes to the linker and runtime. Refs boo#1190649 go1.17 release tracking CVE-2022-24675 CVE-2022-28327 * boo#1198423 go#51853 CVE-2022-24675 * go#52036 encoding/pem: stack overflow * boo#1198424 go#52075 CVE-2022-28327 * go#52076 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes * go#51736 plugin: tls handshake panic: unreachable method called. linker bug? * go#51696 runtime: some tests fails on Windows with CGO_ENABLED=0 * go#51458 runtime: finalizer call has wrong frame size * go#50611 internal/poll: deadlock in Read on arm64 when an FD is closed ++++ go1.18: - go1.18.1 (released 2022-04-12) includes security fixes to the crypto/elliptic, crypto/x509, and encoding/pem packages, as well as bug fixes to the compiler, linker, runtime, the go command, vet, and the bytes, crypto/x509, and go/types packages. Refs boo#1193742 go1.18 release tracking CVE-2022-24675 CVE-2022-28327 CVE-2022-27536 * boo#1198423 go#51853 CVE-2022-24675 * go#52037 encoding/pem: stack overflow boo#1198424 go#52075 CVE-2022-28327 * go#52077 crypto/elliptic: generic P-256 panic when scalar has too many leading zeroes * boo#1198427 go#51759 CVE-2022-27536 * go#51763 crypto/x509: Certificate.Verify crash on macOS with Go 1.18 * go#52140 cmd/go: go work use -r panics when given a directory that does not exist * go#52119 go/types, cmd/compile: type set overlapping implementation for interface types might be not correct * go#52032 go/types: spurious diagnostics for untyped shift operands with GoVersion < go1.13 * go#52007 go/types, types2: scope is unset on receivers of instantiated methods * go#51874 cmd/go: Segfault on ppc64le during Go 1.18 build on Alpine Linux * go#51855 cmd/compile: internal compiler error: panic: runtime error: index out of range [0] with length 0 * go#51852 crypto/x509: reject SHA-1 signatures in Verify * go#51847 cmd/compile: cannot import "package" (type parameter bound more than once) * go#51846 cmd/compile: internal compiler error: walkExpr: switch 1 unknown op RECOVER * go#51796 bytes: Trim returns empty slice instead of nil in 1.18 * go#51767 cmd/go: "go test" seems to now require git due to -buildvcs * go#51764 cmd/go: go work use panics when given a file * go#51741 cmd/cgo: pointer to incomplete C type is mangled when passed through interface type and generic type assert * go#51737 plugin: tls handshake panic: unreachable method called. linker bug? * go#51727 cmd/vet, go/types: go vet crash when using self-recursive anonymous types in constraints * go#51697 runtime: some tests fails on Windows with CGO_ENABLED=0 * go#51669 cmd/compile: irgen uses wrong dict param to generate code for getting dict type * go#51665 go/types, types2: gopls crash in recordTypeAndValue ++++ gpxsee: - Update to version 10.6 * Improved marine charts rendering. ++++ indic-fonts: - update or add Bengali fonts [bsc#1197977]: * AkaashNormal.ttf Ani.ttf JamrulNormal.ttf MitraMono.ttf MuktiBold.ttf Mukti.ttf - remove obsoleted Bengali fonts [bsc#1197977c#4] * mitra.ttf MuktiNarrow.ttf MuktiNarrowBold.ttf bng2-n.ttf bng2-b.ttf ++++ kernel-debug: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-source: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-source-azure: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-docs: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-kvmsmall: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-obs-build: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-obs-qa: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-syms: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-syms-azure: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ kernel-zfcpdump: - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (bsc#1198330 CVE-2022-28893). - commit d2a1b78 ++++ libpulp: - Update package with libpulp-0.2.1 (jsc#SLE-20049). - Fix base address load of non-library variables in target process. - Dump references information on `ulp dump`. ++++ python-matplotlib: - Clean up spec and correct to proper single-spec SPEC file. Fixes FTBFS (bsc#1198319). ++++ salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions proceesed at the same time (bsc#1197637) - Added: * fix-regression-with-depending-client.ssh-on-psutil-b.patch * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch ++++ qgis: - BuildRequires sip4 to instead of sip6 on Leap 15.4 ------------------------------------------------------------------ ------------------ 2022-4-11 - Apr 11 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ audit-secondary: - Drop buildrequire on C++ compiler. - Modernize specfile constructs. ++++ audit: - Modernize specfile constructs. ++++ binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ kernel-64kb: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-azure: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-default: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ cross-aarch64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-arm-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-avr-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-epiphany-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-hppa-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-hppa64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-i386-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-ia64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-m68k-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-mips-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-ppc-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-ppc64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-ppc64le-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-riscv64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-rx-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-s390-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-s390x-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-sparc-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-sparc64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-spu-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ cross-x86_64-binutils: - Add binutils-add-z16-name.diff so that the now official name z16 for arch14 is recognized. [bsc#1198237] ++++ dtb-aarch64: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-debug: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-source: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-source-azure: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-docs: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-kvmsmall: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-obs-build: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-obs-qa: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-syms: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-syms-azure: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ kernel-zfcpdump: - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1198228). - Drivers: hv: balloon: Disable balloon and hot-add accordingly (bsc#1198228). - Drivers: hv: balloon: Support status report for larger page sizes (bsc#1198228). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (bsc#1198228). - PCI: hv: Propagate coherence from VMbus device to PCI device (bsc#1198228). - Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (bsc#1198228). - Drivers: hv: vmbus: Fix initialization of device object in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests (bsc#1183682). - PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() on ARM64 (bsc#1198228). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - commit 0c3a755 - additional reference for arm64 erratum 1418040 (bsc#1198228). - commit 7a1dfd5 ++++ libapparmor: - Add samba_deny_net_admin.patch to add new rule to deny noisy setsockopt calls from systemd; (bnc#1196850). ++++ s390-tools: - Added the following patches for bsc#1198285: s390-tools-sles15sp4-01-genprotimg-remove-DigiCert-root-CA-pinning.patch s390-tools-sles15sp4-02-genprotimg-check_hostkeydoc-relax-default-issuer-che.patch The certificate verification of check_hostkeydoc is too strict and doesn't match the checking performed by genprotimg. - Added the following patch for bsc#1198284: s390-tools-sles15sp4-libseckey-Fix-re-enciphering-of-EP11-secure-key.patch When re-enciphering the identity key and/or wrapping key of the zkey KMIP plugin via 'zkey kms reencipher', the operation completes without an error, but the secure keys are left un-reenciphered. ++++ libpsm2: - Run modprobe.conf handling scriptlets in -compat subpackage (bsc#1198322) ++++ patterns-yast: - Neither recommend nor suggest YaST NIS packages for TW (bsc#1183893). - 20220411 ++++ python-Django: - Update to 2.2.28 (bsc#1198297) * Many CVEs fixes (check https://github.com/django/django/blob/main/docs/releases/) - Update to 1.11.29 (bsc#1198297) * CVE-2020-9402: Potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle - Add CVE-2021-32052.patch: Header injection possibility since "URLValidator" accepted newlines in input on Python 3.9.5+ ++++ python-pyramid: - Fix python_module macro usage ++++ python-pytest-asyncio: - Fix python_module macro usage ++++ yast2-trans: - Update to version 84.87.20220410.9099c51b0c: * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * New POT for text domain 'users'. * Translated using Weblate (Ukrainian) * Translated using Weblate (German) * Translated using Weblate (Slovak) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'packager'. * New POT for text domain 'iscsi-client'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2022-4-10 - Apr 10 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ++++ chromium: - Patches for GCC 12: * chromium-fix-swiftshader-template.patch * chromium-missing-include-tuple.patch * chromium-webrtc-stats-missing-vector.patch ++++ clamav-database: - database refresh on 2022-04-11 (bsc#1084929) ++++ libapparmor: - add profile for zgrep and xzgrep to prevent CVE-2022-1271 (zgrep-profile-mr870.diff) ++++ paraview: - Revert gl2ps change. TW and 15.4 have a recent gl2ps, and the 15.3 package will not be upgraded (but is available in science). ++++ nbd: - update to 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496): * https://github.com/advisories/GHSA-q9rw-8758-hccj ------------------------------------------------------------------ ------------------ 2022-4-9 - Apr 9 2022 ------------------- ------------------------------------------------------------------ ++++ openblas_0_3_20-gnu-hpc: - Fix issues in update paths from earlier versions introduced by recent structural changes (bsc#1198264): - Add Obsoletes for old package names - Handle the change from directories to soft links properly ++++ openblas-pthreads_0_3_20-gnu-hpc: - Fix issues in update paths from earlier versions introduced by recent structural changes (bsc#1198264): - Add Obsoletes for old package names - Handle the change from directories to soft links properly ++++ openblas_openmp: - Fix issues in update paths from earlier versions introduced by recent structural changes (bsc#1198264): - Add Obsoletes for old package names - Handle the change from directories to soft links properly ++++ openblas_pthreads: - Fix issues in update paths from earlier versions introduced by recent structural changes (bsc#1198264): - Add Obsoletes for old package names - Handle the change from directories to soft links properly ++++ openblas_serial: - Fix issues in update paths from earlier versions introduced by recent structural changes (bsc#1198264): - Add Obsoletes for old package names - Handle the change from directories to soft links properly ++++ yaml-cpp: - Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20573, bsc#1121227) - Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in yaml-cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2018-20574, bsc#1121230) - Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in cpp allows remote attackers to cause DOS via a crafted YAML file (CVE-2019-6285, bsc#1122004) - Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in yaml-cpp which cause DOS by stack consumption (CVE-2019-6292, bsc#1122021) - Added patch cve-2018-20574.patch ++++ python-pybind11: - update to 2.9.2: * Enum now has an ``__index__`` method on Python <3.8 too. * Local internals are now cleared after finalizing the interpreter. * Better support for Python 3.11 alphas. * ``PYBIND11_TYPE_CASTER`` now uses fully qualified symbols, so it can be used outside of ``pybind11::detail``. * Some fixes for PyPy 3.9. * Fixed a potential memleak in PyPy in ``get_type_override``. * Fix usage of ``VISIBILITY_INLINES_HIDDEN``. * Uses ``sysconfig`` module to determine installation locations on Python >= 3.10, instead of ``distutils`` which has been deprecated. * Support Catch 2.13.5+ (supporting GLIBC 2.34+). * Fix test failures with numpy 1.22 by ignoring whitespace when comparing ``str()`` of dtypes. ++++ python-pyfakefs: - Add skip_fstest.patch to follow the upstream lead in skipping failing test_mknod_raises_if_unsupported_options (bsc#1197845). - Build actually requires full python3 package (because of the readline module), otherwise tests fail. ++++ rpm-repos-openSUSE: - Switch from MirrorBrain to MirrorCache based repositories to improve reliability ++++ wine-nine-standalone: - Mesa-libd3d's d3dadapter9.so is loaded with dlopen and thus not automatically recognized as runtime dependency, add it manually. ------------------------------------------------------------------ ------------------ 2022-4-8 - Apr 8 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 91.8 * changed: Google accounts using password authentication will be migrated to OAuth2. See KB Article. * fixed: OpenPGP ECC keys created by Thunderbird could not be imported into GnuPG * fixed: Exporting multiple public PGP keys from Thunderbird was not possible * fixed: Replying to a newsgroup message erroneously displayed a "No-reply" popup warning * fixed: Opening `mid:` URLs on macOS failed * fixed: Address books stored in older formats were loaded as SQLite files, causing a crash * fixed: Replicated LDAP directories were lost after switching Thunderbird to "Offline"`mode * fixed: Importing webcals from the commandline failed if the URI ended with an `.ics` file extension * fixed: Various security fixes MFSA 2022-15 (bsc#1197903) * CVE-2022-1097 (bmo#1745667) Use-after-free in NSSToken objects * CVE-2022-28281 (bmo#1755621) Out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1197 (bmo#1754985) OpenPGP revocation information was ignored * CVE-2022-1196 (bmo#1750679) Use-after-free after VR Process destruction * CVE-2022-28282 (bmo#1751609) Use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285 (bmo#1756957) Incorrect AliasSet used in JIT Codegen * CVE-2022-28286 (bmo#1735265) iframe contents could be rendered outside the border * CVE-2022-24713 (bmo#1758509) Denial of Service via complex regular expressions * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508, bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776) Memory safety bugs fixed in Thunderbird 91.8 ++++ jboss-logging: - Build against the provider of mvn(log4j:log4j:1.2.16) instead of mvn(log4j:log4j), in order to be able to build both on systems with and without reload4j (bsc#1197642) ++++ jetty-artifact-remote-resources: - Do not require mvn(log4j:log4j) for build (bsc#1197642) ++++ libnvme: - Update to version 1.0: * tree: Remove default port setting for TCP and RDMA ports * tree: add 'f_args' argument to pass user data to the filter function * tree: remove 'ctrl_get_ana_state()' * tree: add namespace path iterators * tree: filter out namespaces * tree: update nvme_scan_filter_t usage ++++ netty: - Upgrade to latest upstream version 4.1.75 - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + rebase ++++ nvme-cli: - Update to version 2.0: * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) * fabrics: Set KATO for discovery controller when connecting * fabrics: Do no modify default config for discovery controller * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) * fabrics: Support connect even when no /etc/nvme/hostnqn file exists * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) * plugins/intel: make 'buckets' a json array * plugins: Update WDC capabilities command with new commmands * plugins: Add OCP plugin ++++ pgadmin4: - Add patch from upstream to fix an issue throwing an error in when uploading a CSV Desktop mode: * 0001-Fixed-an-issue-when-uploading-a-CSV.patch - Add patch from upstream to fix an unrestricted file upload in pgAdmin (boo#1197143, CVE-2022-0959): * 0002-Ensure-that-upload-paths-are-children-of-the-storage-directory.patch ++++ python-Twisted: - Remove 9580-test_fails_cryptography_25.patch which is not necessary with changes in OpenSSL ++++ xen: - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) 624ebcef-VT-d-dont-needlessly-look-up-DID.patch 624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch 624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch ------------------------------------------------------------------ ------------------ 2022-4-7 - Apr 7 2022 ------------------- ------------------------------------------------------------------ ++++ golang-github-prometheus-prometheus: - Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it - firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run ++++ go1.17: - Template gcc-go.patch to substitute gcc_go_version and eliminate multiple similar patches each with hardcoded gcc go binary name. gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate for current lack of gcc-go update-alternatives usage. * add gcc-go.patch * drop gcc6-go.patch * drop gcc7-go.patch - For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go. gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or go1.18 on SLE-12 aarch64 ppc64le or s390x. * gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0): undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 ++++ go1.18: - Template gcc-go.patch to substitute gcc_go_version and eliminate multiple similar patches each with hardcoded gcc go binary name. gcc-go.patch inserts gcc-go binary name e.g. go-8 to compensate for current lack of gcc-go update-alternatives usage. * add gcc-go.patch * drop gcc6-go.patch * drop gcc7-go.patch - For SLE-12 set gcc_go_version to 8 to bootstrap using gcc8-go. gcc6-go and gcc7-go no longer successfully bootstrap go1.17 or go1.18 on SLE-12 aarch64 ppc64le or s390x. * gcc6-go fails with errors e.g. libnoder.a(_go_.o):(.toc+0x0): undefined reference to `__go_pimt__I4_DiagFrN4_boolee3 ++++ hdf5: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-mpich-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-mvapich2-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-openmpi2-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-openmpi3-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5_1_10_8-gnu-openmpi4-hpc: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5-mvapich2: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5-openmpi2: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5-openmpi3: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ hdf5-openmpi4: - add hdf5-wrappers.patch from Fedora, so strip flags from wrappers and prefer shared linking - add missing zlib-devel devel dep ++++ xz: - Fix ZDI-CAN-16587 Fix escaping of malicious filenames (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) * bsc1198062.patch ++++ python-M2Crypto: - Add missing bug references to this changelog. ++++ python-flaky: - Add pytest41-compatibility.patch to make the package compatible with pytest 4.1+ (bsc#1197844). ++++ python-python3-saml: - Add patch 269-update-expiry-date-for-responses.patch to fix bsc#1197846 (originally from gh#onelogin/python3-saml#269). - Add additional-expired-resources.patch with some more updated expired resources. - Update bug-testDecryptElement.patch to work for SP2 and SP4. ++++ spack: - Fix: Fix-error-during-documentation-build-due-to-recursive-module-inclusion.patch This is needed to prevent an AttributeError during 'import spack.environment as some_name' when building Sphinx documentation - due to an outdated Python on SLE. The original version caused errors: 'NameError: name 'uenv' is not defined' when using 'spack env activate' et.al. (bsc#1198212). ++++ spack: - Fix: Fix-error-during-documentation-build-due-to-recursive-module-inclusion.patch This is needed to prevent an AttributeError during 'import spack.environment as some_name' when building Sphinx documentation - due to an outdated Python on SLE. The original version caused errors: 'NameError: name 'uenv' is not defined' when using 'spack env activate' et.al. (bsc#1198212). ++++ tomcat: - Security hardening. Deprecate getResources() and always return null. (bsc#1198136) - Added patch: tomcat-9.0-hardening_getResources.patch ++++ yast2-bootloader: - AutoYaST: do not clone device for hibernation and also check during autoinstallation if device for hibernation exists and if not then use proposed one. (bsc#1187690 and bsc#1197192) - 4.4.17 ++++ yast2-trans: - Update to version 84.87.20220406.6a9f225e0e: * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * New POT for text domain 'autoinst'. * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Catalan) * Translated using Weblate (Vietnamese) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Catalan) * New POT for text domain 'network'. * New POT for text domain 'country'. ------------------------------------------------------------------ ------------------ 2022-4-6 - Apr 6 2022 ------------------- ------------------------------------------------------------------ ++++ gstreamer-rtsp-server: - Remove BuildRequires: hotdoc and disable the doc generation. It's really not used at all. ++++ open-iscsi: - Updated to latest upstream, including bug fixes and cleanups. Changes included: * add handling name/value pairs for firmware login (bsc#1196113), including man page update for same * Fix bug where some package parts were installed using DESTDIR twice * general build cleanup (in prep for removing DB files from /etc/iscsi some day soon) Also, now delivering a "package config" file for libopeniscsiusr. ++++ libqt5-qtwebengine: - Update to version 5.15.9: * QPdfView: scale page rendering according to devicePixelRatio * Update documented Chromium version * Use IsSameDocument() rather than IsLoadingToDifferentDocument() * Update module-split for installer * Fix printing PDF files * Do not override signal handlers * Avoid using xkbcommon in non-X11 builds * Update documentation * Update Chromium: * Bump V8_PATCH_LEVEL * Do not overwrite signal handlers in the browser process. * Replace base::ranges::set_union with std::set_union to fix MSVC2017 build * [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API * [Backport] CVE-2022-0102: Type Confusion in V8 * [Backport] CVE-2022-0103: Use after free in SwiftShader * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE * [Backport] CVE-2022-0108: Inappropriate implementation in Navigation * [Backport] CVE-2022-0109: Inappropriate implementation in Autofill * [Backport] CVE-2022-0111 and CVE-2022-0117 * [Backport] CVE-2022-0113: Inappropriate implementatio n in Blink * [Backport] CVE-2022-0116: Inappropriate implementation in Compositing * [Backport] CVE-2022-0289: Use after free in Safe browsing * [Backport] CVE-2022-0291: Inappropriate implementation in Storage * [Backport] CVE-2022-0293: Use after free in Web packaging * [Backport] CVE-2022-0298: Use after free in Scheduling * [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager * [Backport] CVE-2022-0456: Use after free in Web Search * [Backport] CVE-2022-0459: Use after free in Screen Capture * [Backport] CVE-2022-0460: Use after free in Window Dialog * [Backport] CVE-2022-0461: Policy bypass in COOP * [Backport] CVE-2022-0606: Use after free in ANGLE * [Backport] CVE-2022-0607: Use after free in GPU * [Backport] CVE-2022-0608: Integer overflow in Mojo * [Backport] CVE-2022-0609: Use after free in Animation * [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API * [Backport] CVE-2022-0971 (boo#1197163) * [Backport] CVE-2022-1096 (boo#1197552) * [Backport] CVE-2022-23852 * [Backport] Copy 'name_' member during StyleRuleProperty::Copy * [Backport] Security bug 1256885 * [Backport] Security bug 1258603 * [Backport] Security bug 1259557 * [Backport] Security bug 1261415 * [Backport] Security bug 1265570 * [Backport] Security bug 1268448 * [Backport] Security bug 1270014 * [Backport] Security bug 1274113 * [Backport] Security bug 1276331 * [Backport] Security bug 1280743 * [Backport] Security bug 1289394 * [Backport] Security bug 1292537 * [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled - Drop patches, now upstream: * CVE-2022-0971-qtwebengine-5.15.patch * CVE-2022-1096-qtwebengine-5.15.patch ++++ libqt5-qtdeclarative: - Increase the disk constraint to 6GB since the SLE build use 5.5GB already (boo#1197992) ++++ texlive: - Make sure that texlive-texconfig package from 2017 are obsolete (bsc#1197979) ++++ openblas_0_3_20-gnu-hpc: - Also build for s390x using latest gcc as requested by IBM (jsc#SLE-18143, bsc#1197721). ++++ openblas-pthreads_0_3_20-gnu-hpc: - Also build for s390x using latest gcc as requested by IBM (jsc#SLE-18143, bsc#1197721). ++++ openblas_openmp: - Also build for s390x using latest gcc as requested by IBM (jsc#SLE-18143, bsc#1197721). ++++ openblas_pthreads: - Also build for s390x using latest gcc as requested by IBM (jsc#SLE-18143, bsc#1197721). ++++ openblas_serial: - Also build for s390x using latest gcc as requested by IBM (jsc#SLE-18143, bsc#1197721). ++++ tvm: - Add patch to fix boo#1197347: * tvm-do-not-force-synr-version.patch ++++ nvme-stas: - Update to version v1.0: * Do not call persistent_set() from libnvme * dbus: return native dbus data instead of json when possible. * update documentation ++++ python-paramiko: - Add CVE-2022-24302-race-condition.patch: * Fix a race condition between creation and chmod when writing private keys. (bsc#1197279) ++++ python-tox: - Add use-Sphinx-2.patch to make package work with Sphinx >= 2. - Skip tests depending on modern venv (bsc#1197847). ++++ texlive-specs-w: - Make sure that texlive-texconfig package from 2017 are obsolete (bsc#1197979) ++++ yast2-packager: - Show package downloads in the global progress bar during package installation (bsc#1195608) PR: https://github.com/yast/yast-packager/pull/609 - 4.4.28 ------------------------------------------------------------------ ------------------ 2022-4-5 - Apr 5 2022 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 100.0.4896.75: * CVE-2022-1232: Type Confusion in V8 (boo#1198053) ++++ kernel-preempt: - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - commit 7d8a3b5 - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: add a locked version of drm_is_current_master (bsc#1197914). - commit 05fda16 - blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460) - commit 8d52c36 - Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" (CVE-2022-0854 bsc#1196823). - swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854 bsc#1196823). - commit ff554b5 - blacklist.conf: list unneeded commit - commit 27adcc4 - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - commit 0460a48 - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit 7111961 ++++ dnsmasq: - bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: Heap use after free in dhcp6_no_relay ++++ dracut: - Update to version 055+suse.248.g92d06110: * fix(resume): correct call to block_is_netdevice function (bsc#1197737) * chore(suse): remove fipscheck requirement (bsc#1198065) ++++ sanlock: - spec: Add libuuid as a build requirement to fix compilation on SLE15 SP4 bsc#1197853 ++++ kernel-vanilla: - Update patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch references (add CVE-2022-28356 bsc#1197391). - commit 923d4a9 - netfilter: nf_tables: initialize registers in nft_do_chain() (CVE-2022-1016 bsc#1197227). - commit 4726ea9 - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - commit caaa7d4 ++++ SDL: - Add CVE-2021-33657.patch: always create a full 256-entry color map in case color values are out of range (boo#1198001 CVE-2021-33657). - Add CVE-2021-33657.patch: always create a full 256-entry color map in case color values are out of range (boo#1198001 CVE-2021-33657). ++++ liblangtag: - allow to build for later service packs of SLE 15 [bsc#1197767] (-Wno-error=format-extra-args) ++++ subversion: - Fix CVE-2022-24070 mod_dav_svn is vulnerable to memory corruption (CVE-2022-24070, bsc#1197940) * subversion-CVE-2022-24070.patch - Fix CVE-2021-28544 SVN authz protected copyfrom paths regression (CVE-2021-28544, bsc#1197939) * subversion-CVE-2021-28544.patch ++++ systemd: - Import commit e62acb68de9bccfa272bef98fe5b38effc37528a b70267d883 journald: make use of CLAMP() in cache_space_refresh() 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut 05499d5a30 fs-util: fix typos in comments 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() 4d07c034da fs-util: add openat_report_new() wrapper around openat() 258c04836d meson: build kernel-install man page when necessary 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) 9145684460 build: include status of TPM2 in the feature string show by --version ++++ postgresql10-pgagent: - Build also postgresql14 flavors from SLE15-SP4 on (SLE-20673) ++++ postgresql12-pgagent: - Build also postgresql14 flavors from SLE15-SP4 on (SLE-20673) ++++ postgresql13-pgagent: - Build also postgresql14 flavors from SLE15-SP4 on (SLE-20673) ++++ postgresql14-pgagent: - Build also postgresql14 flavors from SLE15-SP4 on (SLE-20673) ++++ python-Flask: - Update to 1.0.4: * The key information for BadRequestKeyError is no longer cleared outside debug mode, so error handlers can still access it. #3249 * send_file url quotes the “:” and “/” characters for more compatible UTF-8 filename support in some browsers. #3074 * Fixes for PEP451 import loaders and pytest 5.x. #3275 * Show message about dotenv on stderr instead of stdout. #3285 * send_file() encodes filenames as ASCII instead of Latin-1 (ISO-8859-1). [#2766] * Allow custom CLIs using FlaskGroup to set the debug flag without it always being overwritten based on environment variables. #2765 * flask --version outputs Werkzeug’s version and simplifies the Python version. #2825 * send_file() handles an attachment_filename that is a native Python 2 string (bytes) with UTF-8 coded bytes. #2933 * A catch-all error handler registered for HTTPException will not handle RoutingException, which is used internally during routing. This fixes the unexpected behavior that had been introduced in 1.0. #2986 * Passing the json argument to app.test_client does not push/pop an extra app context. #2900 - Use %pytest macro for testing. - Delete .gitignore files so they do not get shipped. ++++ python-Flask-Migrate: - Add patch use-sys-executable-for-tests.patch: - Fix build failure by using sys.executable (bsc#1197824) ++++ python-Whoosh: - Update in SLE-15 (bsc#1197830) ++++ python-uamqp: - Update in SLE-15 (bsc#1197848) ++++ systemd-mini: - Import commit e62acb68de9bccfa272bef98fe5b38effc37528a b70267d883 journald: make use of CLAMP() in cache_space_refresh() 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut 05499d5a30 fs-util: fix typos in comments 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() 4d07c034da fs-util: add openat_report_new() wrapper around openat() 258c04836d meson: build kernel-install man page when necessary 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) 9145684460 build: include status of TPM2 in the feature string show by --version ------------------------------------------------------------------ ------------------ 2022-4-4 - Apr 4 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-azure: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-default: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-preempt: - Delete patches.suse/net-tipc-validate-domain-record-count-on-input.patch. This was the original work-in-progress patch for CVE-2022-0435 / bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266 ("tipc: improve size validations for received domain records") was added as patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but this patch was left in place. As it adds the check a bit later than upstream fix, it did not cause a conflict so nobody noticed the duplicity. - commit ef08708 - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - commit 2237578 - net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028). - commit 49e69cc - ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205 bsc#1198027). - ax25: Fix NULL pointer dereferences in ax25 timers (CVE-2022-1205 bsc#1198027). - ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205 bsc#1198027). - ax25: fix UAF bugs of net_device caused by rebinding operation (CVE-2022-1205 bsc#1198027). - ax25: fix reference count leaks of ax25_dev (CVE-2022-1205 bsc#1198027). - commit cfa1c37 - Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028) - commit 1b5a483 - ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199 bsc#1198028). - ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199 bsc#1198028). - commit f30e94a - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (CVE-2022-1198 bsc#1198030). - commit 6da2b7d - hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195 bsc#1198029). - commit fcd70e2 - hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195 bsc#1198029). - hamradio: defer 6pack kfree after unregister_netdev (CVE-2022-1195 bsc#1198029). - hamradio: defer ax25 kfree after unregister_netdev (CVE-2022-1195 bsc#1198029). - net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195 bsc#1198029). - commit d30e348 - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389 bsc#1198033). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388 bsc#1198032). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390 bsc#1198031). - commit d6e6523 - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - commit 96da58a - VFS: filename_create(): fix incorrect intent (bsc#1197534). - commit bd0a18b ++++ deja-dup: - Add deja-dup-vala-fix.patch: fix for new vala (bsc#1197712). ++++ dtb-aarch64: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ inkscape: - Add upstream patches required to build on SP4 (bsc#1197731): inkscape-poppler-build-fix.patch inkscape-c-standard.patch inkscape-new-glib.patch ++++ kernel-debug: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-source: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-source-azure: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-docs: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-kvmsmall: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-obs-build: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-obs-qa: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-syms: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-syms-azure: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ kernel-vanilla: - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (CVE-2022-28389 bsc#1198033). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28388 bsc#1198032). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (CVE-2022-28390 bsc#1198031). - commit 2396928 - xprtrdma: fix incorrect header size calculations (CVE-2022-0812 bsc#1196639). - commit 19d5b1d ++++ kernel-zfcpdump: - iwlwifi: fix use-after-free (bsc#1197762 git-fixes). - commit d5140bb - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) Correct the entries that have *-64.ucode instead of *-63.ucode - commit d8b5646 - Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) - commit 69353e8 - USB: gadget: validate interface OS descriptor requests (CVE-2022-25258 bsc#1196095 git-fixes). - commit 4a7f6a3 - Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) - commit 5b2f9f9 - vdpa: clean up get_config_size ret value handling (CVE-2022-0998 bsc#1197247). - commit 0d2ae2e - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (bsc#1196806, bsc#1196961). - commit 2771ae3 ++++ keybinder: - Disable python2 bindings on 15.4 - they fail to build. ++++ libqt5-qtwebengine: - Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) ++++ qt6-webengine: - Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) ++++ openblas_0_3_20-gnu-hpc: - Build HPC packages with gcc- >= 10 on Leap/SLE. ++++ openblas-pthreads_0_3_20-gnu-hpc: - Build HPC packages with gcc- >= 10 on Leap/SLE. ++++ openblas_openmp: - Build HPC packages with gcc- >= 10 on Leap/SLE. ++++ openblas_pthreads: - Build HPC packages with gcc- >= 10 on Leap/SLE. ++++ openblas_serial: - Build HPC packages with gcc- >= 10 on Leap/SLE. ++++ paraview: - Fixes cli11 dependency for 15.3. - Drops system gl2ps on Leap 15.x since a higher version of gl2ps is needed than the system provided version on Leap 15.x. ++++ systemd: - spec: make sure /lib exists when installing conf files in /lib/modprobe.d ++++ thunar: - Update to version 4.16.11 * Don't reload the view when text is copied (gxo#xfce/thunar#706) * NULL checks to prevent crash on malformed bookmark URI (gxo#xfce/thunar#716) * Use 'g_timeout_add_full' to set tree-view cursor (gxo#xfce/thunar#351) * Fix signal disconnect in thunar_window_unrealize * Don't go beyond THUNAR_N_VISIBLE_COLUMNS while parsing col widths * Translation Updates ++++ polkit-default-privs: - Update to version 13.2+20220404.53052a9: * Add missing GNOME Control Center login helper * Reorder gnome and budgie control center entries * Backport budgie-control-center whitelisting (bsc#1195023) ++++ qt6-webengine-docs: - Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) ++++ rubygem-puma: - updated to version 4.3.11 * fix bsc#1196222, CVE-2022-23634 rubygem-puma: puma would not always call 'close' on the response body * fix bsc#1191681, CVE-2021-41136 * fix bsc#1188527, CVE-2021-29509 ++++ systemd-mini: - spec: make sure /lib exists when installing conf files in /lib/modprobe.d ++++ xen: - bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions between dirty vram tracking and paging log dirty hypercalls (XSA-397) xsa397.patch - bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID cleanup (XSA-399) xsa399.patch - bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359, CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) xsa400-01.patch xsa400-02.patch xsa400-03.patch xsa400-04.patch xsa400-05.patch xsa400-06.patch xsa400-07.patch xsa400-08.patch xsa400-09.patch xsa400-10.patch xsa400-11.patch xsa400-12.patch - Additional upstream bug fixes for XSA-400 (bsc#1027519) 61d6ea2d-VT-d-split-domid-map-cleanup-check-into-a-function.patch 61d6ea7b-VT-d-dont-leak-domid-mapping-on-error-path.patch 6229ba46-VT-d-drop-undue-address-of-from-check_cleanup_domid_map.patch ------------------------------------------------------------------ ------------------ 2022-4-3 - Apr 3 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-04-04 (bsc#1084929) ++++ llvm: - Now that python3-clang uses libclang.so.XX and is versioned, we provide a metapackage for it to replace existing installations. - Merge llvm-LTO-devel into llvm-devel just like the underlying versioned packages have been merged. - Remove baselibs.conf: it didn't do anything, and we shouldn't need any of these to be imported. - Only suggest documentation packages. - Update README.packaging to reflect the new packaging strategy. We don't need to touch the old package on version updates any longer, but we need to change the project configuration. ++++ llvm13: - Split up Clang libraries: libclang.so is no longer so-versioned alongside LLVM but will stay at libclang.so.13 for now. So we put it into a separate package from libclang-cpp.so. Since we can't have multiple LLVM versions generate the same package, we prefix it for the non-default LLVM with a mechanism inspired by the GCC packaging. - Patch exported clang/ClangTargets-relwithdebinfo.cmake to refer to libclang only by soname, because the installed library might be newer than the one originally build with the package. - Use the same mechanism to for libc++ and package Clang scripts only for the default version. This means we'll no longer have to touch the package when a new major version comes out. - Make sure we properly clean up the clang scripts if we're not packaging them. - Let python3-clang use libclang.so.XX, which means we can always build it and makes it depend on libclang instead of clang-devel. - Fix some rpmlint issues: we don't need explicit library dependencies that are detected automatically, and we add proper library dependencies to the *-devel packages. - Merge llvm-LTO-devel into llvm-devel. That's where the header files already are, and they are hard to separate. - Let llvm-polly-devel depend on llvm-devel. - Remove libLTO and *-devel packages from baselibs, they don't seem to be needed. We mostly need libLLVM and maybe libclang-cpp. - Consistently set host triple as *-suse-linux-gnu*. - Only suggest documentation packages. ++++ moarvm: - update to version 2022.03 + Bump mimalloc to v2.0.5 + The result of a getenv() call should not be freed + Some nativeref optimizations and fixes + Fix all returned native integers getting treated as signed + Fix potential invalid free in nativecall + Add missing _u cases to disp program callsite code + Correctly allocate/free CStrs when using mimalloc + Root orig since MVM_frame_capturelex can allocate + Restore jitting of sp_getarg_[inso] + Jit even more *_u versions of ops + Fix frame walker finding wrong value after multi level inlining + Fix spesh of named uint parameters + Add an MVM_nativecall_encode_string function - remove moarvm_wrong_value_after_multi_level_inlining.diff as is contained in the release ++++ nqp: - update to version 2022.03 * Remove some not-needed trys, or convert to nqp::can + the method call * Provide op coerce_ns on MoarVM and JVM * Fix all returned native integers getting treated as signed ------------------------------------------------------------------ ------------------ 2022-4-2 - Apr 2 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-azure: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-default: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-preempt: - KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - commit 706a179 ++++ dtb-aarch64: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ gnuhealth: - version 4.0.3 * Remove pinning from vobject library version (Vanilla installation) * fix bug #62235: Traceback on default health professional ++++ hylafax+: - version 7.0.5 * hylafax.diff removed - included in source * extend Class1RecvAbortOK = 0 timeout to 500 ms (4 Dec 2021) * cope with Si2435 V.34/V.8 connection glitch (17, 19 Nov 2021) * cope with spurious +FCERROR or other delayed messages from modem (26 Oct 2021) * avoid letting corrupt RTC signals lead to RTN (26 Oct 2021) * don't refer to DCN as an invalid response in error messages (20 Oct 2021) * handle TSI during procedural interrupt (19 Oct 2021) * do better with waiting on prologue frames from receiver (13 Oct 2021) * cope with echo of ERR (13 Oct 2021) * run ps2fax, pdf2fax, tiff2fax, pcl2fax coverters as fax user (12 Oct 2021) * attempt to cope with receivers who signal RTN in ECM Phase D (23 Sep 2021) * fix hfaxd build when LDAP libs are not present (23 Sep 2021) * handle PPR echo after fourth PPR (22 Sep 2021) * don't use CRP when waiting for CFR following training (15 Sep 2021) * attempt to cope with receivers which signal CFR after PPS (14 Sep 2021) * cope with senders who signal FTT in Phase D (10 Sep 2021) * fix problem with handling NSF/CSI/DIS frame after CTC/EOR (9 Sep 2021) * cope with senders who signal PPS without the PPS FCF (9 Sep 2021) * handle echo of PPR when expecting CTC/EOR (8 Sep 2021) * add failure messages for unspecified training failures (7 Sep 2021) * don't use CRP when waiting for CTR (7 Sep 2021) * handle echo of EOR, don't use CRP when waiting for ERR (7 Sep 2021) * repeat PIN if sender repeats post-page or partial-page message (7-8 Sep 2021) ++++ kernel-debug: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-source: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-source-azure: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-docs: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-kvmsmall: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-obs-build: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-obs-qa: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-syms: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-syms-azure: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ kernel-zfcpdump: - Move upstreamed ALSA fix into sorted section - commit 051af6b ++++ mousepad: - Update to version 0.5.9 * Add Shortcuts plugin, requires libxfce4ui >= 4.17.5 and as such remains disabled at build time until Xfce 4.18 is released (gxo#apps/mousepad#70, gxo#apps/mousepad!121) * Add search history (gxo#apps/mousepad!119) * File monitoring: Add an automatic reloading option * Move the document modification mark to the close button (gxo#apps/mousepad#63, gxo#apps/mousepad!122) * Add mousepad styleclass for easier theming (gxo#apps/mousepad#33) * Hide search bar by pressing Esc key even when not focused * Search: Escape selection when regex search is enabled * Plugins: Add a skeleton plugin to ease writing of new plugins * Test plugin: Sanitize memory management of sources * Honor GTK_CSD * Filter entries from `accels.scm` on non-detailed action name * i18n: Check for `bind_textdomain_codeset()` * Update Copying (gxo#apps/mousepad#160, gxo#apps/mousepad!120) * Session history: Never clear session array on exit (gxo#apps/mousepad#162) * Fix broken feature "Show menubar temporarily when hidden" * Force encoding when reloading * Force encoding when it has been explicitly set by the user * Do not consider encoding as always user-set in the "Open" dialog * Fix antonym of the word "indent" in preferences dialog (gxo#apps/mousepad!118) * File monitoring: Try to filter out fake deletions * Add ellipsis to preferences menu entry (gxo#apps/mousepad!117) * Switch all labels to title case in prefs dialog (gxo#apps/mousepad!116) * Correctly restore font size after zooming when using system font (gxo#apps/mousepad#158) * Printing: Enable line wrapping by default (gxo#apps/mousepad#156) * Fix a warning from GCC static analyzer * Search: Do not delay the search when the text changes * Translation Updates ++++ opentoonz: - Update to 1.6.0: + Audio * Improved Audio Recording + Cleanup * Enabled to Cleanup Without Line Processing + Flipbook / Viewers * (new) Zoom in/out and fit floating panel geometry commands * Enhanced Flipbook playback * (new) 30bit display feature + Xsheet / Timeline * (new) "Implicit hold" move by Shift+dragging cells * (new) Cell Mark feature * Allowed changing parent of column from XSheet (Tahoma2D port) * (new) Xsheet Minimum Layout * (new) Xsheet zoom control * Enhanced Note level column + Xsheet (Export) * (new) Export Xsheet to PDF * (new) TVPaint JSON export + Image Levels / Rendering / FFMPEG * Enabled to set Raster level frame number format * Enabled to use PNG for new Raster level * (new) Multi-Thread FFMPEG option * Enhanced FFMPEG GIF export * (new) OpenEXR I/O + Palettes / Style Editor * (new) Raster Lock Alpha tool setting * (new) Hex editbox in Style Editor * (new) Hex color names editor * Enabled to paste style's color into a color field + File Browser * Enabled To view palette files from the File Browser + Effects / Schematic * (new) Conical Transform option for Fractal Noise Fx Iwa * (new) "Image Size" option for the Input Size parameter for Tile Fx Iwa * Allowed Renaming Pass Through Nodes (Tahoma2D port) * (new) Shader Fx: HSL Blend GPU * (new) Fx Global Controls parameter * Redesigned Pass Through Fx Node * (new) Bokeh Advanced Iwa Fx * (new) Compass Gadget for Radial and Spin Blur Fxs * (new) Linear color space option for all Layer Blending Ino fxs + File I/O * (new) File Path Processing Using Regular Expression + Camera Capture / Stop Motion * (new) Camera calibration for the Camera Capture feature * Enabled inputting frame with suffix in Camera Capture * Enhanced Stop motion feature - Enable build on all archs but ARM. ++++ patterns-base: - Fix boo#1197892 again * move sysvinit-tools to the right pattern ++++ ruqola: - Update to version 1.7.0 * Add support for 2FA * Don't repeat the same avatar and sender in consecutive messages, also skip the context for threaded messages if it's the same * Allow to follow/unfollow messages and threads * Implement Search History * Allow to open specific messages from URL ++++ xfce4-terminal: - Update to version 1.0.0 * Replace the deprecated GtkActionEntries with XfceGtkActionEntries (gxo#apps/xfce4-terminal#79) * Opening a dialog from a drop-down window closes the window (gxo#apps/xfce4-terminal#136) * Add `Fill` background image style (gxo#apps/xfce4-terminal!23). * Improved options parsing (for both short and long forms) * Add a menu entry to send signals to the foreground process (gxo#apps/xfce4-terminal#59) * Fix `keep window open` preference being applied on restart. * Rework "--tab" and "--window" behavior (gxo#apps/xfce4-terminal#13) * Ignore unused modifiers for scroll wheel zooming * Add alternative shortcuts for zooming (gxo#apps/xfce4-terminal#126) * Expand scrolled window and make dialog size 70% of parent (gxo#apps/xfce4-terminal!17) * Support libxfce4ui XfceTitledDialog new API * Update unsafe paste dialog text (gxo#apps/xfce4-terminal#73) * Fix paste button focus * Replace subtitle by infobar for Unsafe paste dialog * Fix the `unsafe paste` dialog to actually paste * Update `.gitignore`, HACKING, AUTHORS, COPYRIGHTS * Update --preferences, --tab and --window documentation * Fix various typos * Fix compilation warnings * Remove unnecessary function call (gxo#apps/xfce4-terminal!24) * Add a "Do not warn me again" checkbox for the "Unsafe Paste" dialog (gxo#apps/xfce4-terminal#129) * Use GtkScrolledWindow for TerminalScreen and add an overlay-scrolling preference (gxo#apps/xfce4-terminal#149) * Support the new Shortcuts editor widget (requires libxfce4ui 4.17.2 or greater) * New preference: Select right click action * Improved `scrolling-on-output` behaviour. * Unsafe Paste Dialog temporary override (gxo#apps/xfce4-terminal#106) * Fix regression: File Menu missing `Close Window` entry * Fix regression: Disable Help shortcut does not work * Fix regression: go-to accelerators not working on startup * Fix regression: Revert accelerator paths to maintain backwards compatibility * Use the latest .glade file structure * Change incorrect reference to ${XDG_CONFIG_DIRS} in man page (gxo#apps/xfce4-terminal#47) * Change outdated documentation links * Use XfceTitledDialog for `Find` (gxo#apps/xfce4-terminal#168) * Include '\r' in unsafe-paste checks * Update tab accelerators at runtime * Consume events that activate accelerator callbacks (gxo#apps/xfce4-terminal#159, gxo#apps/xfce4-terminal#153) * Center on the active terminal window. * Change handling of goto-tab accelerators so they can be changed through the editor. * Menubar changes size when the window is maximized (gxo#apps/xfce4-terminal#156) * Context Menu: Revert changes in order and contents introduced by the transition to XfceGtkActionEntries * Add "Show Window Borders" entry in View menu (it was missing in the last 2 dev releases) * Revert view menu order (Zoom entries below checkboxes) * Fix the visibility flag of the scrollbar (gxo#apps/xfce4-terminal#161, could lead to broken themes) * Replace GTimeVal with gint64 * Fix build warnings * Update Copyright * Translation Updates ------------------------------------------------------------------ ------------------ 2022-4-1 - Apr 1 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 91.8.0 ESR (bsc#1197903) Release candidate! Details filled in later, once it has been released ++++ autoyast2: - Respect general/signature-handling settings during the 2nd stage (bsc#1197655). - 4.4.36 ++++ kernel-preempt: - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - commit e2095ad - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/perf: Don't use perf_hw_context for trace IMC PMU (bsc#1156395). - commit 130da3b - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - commit c0f79a1 - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - commit 972eb7f - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - commit 6fc0429 - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - commit 01f6f64 ++++ gnome-shell-extensions: - Add gnome-shell-extensions-restore-classic-css.patch: the version of gnome-classic.css in the tarball is wrong, somehow it contains the CSS file for GNOME42, so restore to the right version by this patch before the upstream release the new tarball. - Revert gse-sle-classic-ext.patch to the last revision (bsc#1197175, glgo#GNOME/gnome-shell-extensions#382). ++++ mozilla-nss: - Mozilla NSS 3.68.3 (bsc#1197903) This release improves the stability of NSS when used in a multi-threaded environment. In particular, it fixes memory safety violations that can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). We presume that with enough effort these memory safety violations are exploitable. * Remove token member from NSSSlot struct (bmo#1756271). * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots (bmo#1755555). * Check return value of PK11Slot_GetNSSToken (bmo#1370866). ++++ libnvme: - Update to version 1.0-rc8: * types: Add support for get log - MI Command Supported * types: Add new Identify constant * types: Update persistent event entry struct added new fields * types: Add Host Initiated Data Gen Number to telemetry log struct * tree: always allocate config file in nvme_read_config() * tree: rework nvme_scan_subsystem() * tree: make subsystem name mandatory in nvme_scan_ctrl() * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() * tree: do not return error when filtering out subsystems * tree: add debugging messages during scanning * tree: Handle NULL subsysname in nvme_scan_ctrl() * tree: Fix subsystem initialization in nvme_scan_ctrl() * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL * tree: Clarify NULL return values from nvme_get_attr() * fabrics: Invoke nvmf_dim() with provided tas argument * fabrics: add 'nvmf_update_config()' * fabrics: Avoid out of bounds string chomping * fabrics: Free old traddr in nvmf_add_ctrl * fabrics: update log level for write failures * fabrics: Streamlining documentation * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() * fabrics: Add missing break in a switch * ioctl: Remove attribute packed and alignedof for args structs * ioctl: Align arguments indentation with braces * json: fix endless loop scanning for controllers * Remove nvme_init_id_ns * Add lbstm support for create-ns * documentation updates ++++ openjpeg2: - Add security fixes: openjpeg2-CVE-2018-5727.patch (CVE-2018-5727, bsc#1076314), openjpeg2-CVE-2018-5785.patch (CVE-2018-5785, bsc#1076967), openjpeg2-CVE-2018-6616.patch (CVE-2018-6616, bsc#1079845), openjpeg2-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), openjpeg2-CVE-2018-16375.patch (CVE-2018-16375, bsc#1106882), openjpeg2-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), openjpeg2-CVE-2018-20845.patch (CVE-2018-20845, bsc#1140130), openjpeg2-CVE-2020-6851.patch (CVE-2020-6851, bsc#1160782), openjpeg2-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), openjpeg2-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), openjpeg2-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), openjpeg2-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774), openjpeg2-CVE-2022-1122.patch (CVE-2022-1122, bsc#1197738). - Add security fixes: openjpeg-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), openjpeg-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), openjpeg-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), openjpeg-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), openjpeg-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), openjpeg-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774). ++++ re2: - Update to 2022-04-01: * Improve performance slightly * Prog::Fangout() is no longer experimental ++++ nfs-utils: - Add 0023-cache.c-removed-a-couple-warning.patch Fix compilation with new glibc (SLE15-SP4) (bsc#1197788) ++++ nvme-cli: - Update to version 2.0-rc8: * fabrics: Add DIM command * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) * fabrics: Free non-matching controller during discovery * fabrics: add 'nvme config' command * fabrics: Correctly stringify discovery.conf and config.json paths * nvme-print: Add human readable print for nsattr field * nvme-print: Update Persistent Event log fields * nvme-print: print discovery async event support * nvme-rpmb: Fix spelling for 'Partition' * nvme-copy: add missing field to the command * nvme: add get_mi_cmd_support_effects_log command * nvme: Fixup namespace filtering yet again * nvme: Use type bool for OPT_FLAG * nvme: use filter for 'list-subsys ' (bsc#1195938) * Add lbstm option to create-ns * argconfig: Do not use default value loading by getopt_long_only * argconfig: Rename CFG_NONE to CFG_FLAG * plugins: Use type bool for OPT_FLAG * documenation updates - Drop 'ProtectKernelTunables=true' (bsc#1197076) ++++ patterns-base: - Add enhanced_base as recommends to transactional_server boo#1197913 ++++ permissions: - Update to version 20201225: * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) ++++ polkit-default-privs: - Update to version 13.2+20220401.c64d869: * Backport of deepin-api whitelisting (bsc#1196681 bsc#1070943) * Fix generation of file /etc/polkit-1/rules.d/90-default-privs.rules ++++ python-evtx: - bsc#1197837 - FTBFS: python-evtx won't compile on SP4 python-evtx.spec ++++ rpmlint: - Backport of deepin-api (bsc#1196681 bsc#1070943) ------------------------------------------------------------------ ------------------ 2022-3-31 - Mar 31 2022 ------------------- ------------------------------------------------------------------ ++++ 389-ds: - Resolve bsc#1197275 - CVE-2022-0918 - Crafted message may cause DoS - Update to version 2.0.15~git4.f46ab49c9: * Issue 5242- Craft message may crash the server (#5243) * Issue 5234 - UI - rename Users and Groups tab * Issue 5217 - Simplify instance creation and administration by non root user (#5224) * Issue 5227 - UI - No way to move back to Get Started step (#5233) * Bump version to 2.0.15 * Issue 5230 - Race condition in RHDS disk monitoring functions * Issue 4299 - UI - Add CoS funtionality (#5196) * Issue 5225 - UI - impossible to manually set entry cache * Issue 5186 - UI - Fix SASL Mapping regex test feature * Issue 5221 - User with expired password can still login with full privledges ++++ ceph: - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean ++++ ceph-test: - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean ++++ kernel-preempt: - printk: disable optimistic spin during panic (bsc#1197894). - commit 0716386 - printk: Add panic_in_progress helper (bsc#1197894). - commit f29520c - blacklist.conf: printk: cosmetic problem - commit eabafef - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - commit dcd324e - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - commit dc4697b - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - commit b03bb01 - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1197888). - commit 2252be2 - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - commit c49b58c - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - commit bcb58d4 - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - commit 215b0a5 - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - commit ebbb134 - x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - commit ed78280 - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - commit 54994e0 - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - commit e642242 - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - commit 1fd0acd - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - commit df30719 - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - commit e2ffdf0 - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - Refresh patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch. - commit 2097b4a - ext2: correct max file size computing (bsc#1197820). - commit f1d2053 - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - commit 6f18f30 - block: update io_ticks when io hang (bsc#1197817). - commit 4ee5ce6 - fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815). - commit 0c58e0d - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - commit 18f264d - ecryptfs: Fix typo in message (bsc#1197811). - commit 9a64b6f ++++ hdf5: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-mpich-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-mvapich2-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-openmpi2-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-openmpi3-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5_1_10_8-gnu-openmpi4-hpc: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5-mvapich2: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5-openmpi2: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5-openmpi3: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ hdf5-openmpi4: - Add hdf5-1.10.8-pr1494-fix-release-check-version.patch * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 * Avoids package crashes due to an overeager version check. Packages depending on the shared libraries are not being rebuilt in Factory after a patchlevel version bump of hdf5 without SONAME changes. ++++ intel-ipsec-mb: - Move documentation out of libintel-ipsec-mb1 (conflicts with a future libintel-ipsec-mb2). ++++ kdump: - pull sources directly from git using obs_scm - fix bsc#1190299, bsc#1186272 - remove patches included in upstream git: kdump-calibrate-include-af_packet.patch, kdump-calibrate-fix-nic-naming.patch, kdump-calibrate.conf-depends-on-kdumptool.patch ++++ mediainfo: - Update to version 22.03 Added features: * NSV (Nullsoft Video): full featured support * NSV: support of proprietary StarDiva metadata (by reverse engineering) * HEVC: CEA-608/708 support * Dolby Audio Metadata: First frame of action, binaural render modes * Dolby Audio Metadata: 5.1 and 5.1.x downmix, 5.1 to 2.0 downmix, associated video frame rate, trim modes * MOV/MP4, TTML, SCC, MXF TC: time code of last frame * EIA-608: first displayed caption type * EIA-608: Maximum count of lines per event and total count of lines * EIA-608: duration of the visible content * TTML: Total count of lines * TTML: Maximum count of lines per event (including overlapping times) * TTML: Frame count, display aspect ratio * TTML: Support of timestamps in frames * SCC: Delay * Matroska: Encoding settings metadata support * MOV/MP4: Gamma metadata output * MPEG-4/MOV: difference between audio Center and Mono when possible * MP4/MOV: Support of dec3 atom in wave atom * MPEG-4/MOV: show both values in case of chan atom ChannelLayoutTag / ChannelDescriptions mismatch * MP4/MOV: Support of dec3 atom in wave atom * MXF: better support of AVC streams without SPS/PPS * ADM: display channel index of trackUIDs Fixed bugs: * WAV: fix freeze with 32-bit PCM * DPX: fix regression with DPX files more than 64 MB * Dolby E: fix crash with some invalid streams * E-AC-3: service kind was not correctly handled * EXR: fix of bad handling of files with long names in attributes * TTML: correct handling of 29.97 DF time codes * AV1: fix of the parsing of some streams, especially the ones with HDR metadata * WebVTT: was not correctly handling WebVTT header with comment * Matroska: fix false positive detection of bad CRC32 * Several other parsing bug/crash fixes ++++ libmediainfo: - Update to version 22.03 Added features: * NSV (Nullsoft Video): full featured support * NSV: support of proprietary StarDiva metadata (by reverse engineering) * HEVC: CEA-608/708 support * Dolby Audio Metadata: First frame of action, binaural render modes * Dolby Audio Metadata: 5.1 and 5.1.x downmix, 5.1 to 2.0 downmix, associated video frame rate, trim modes * MOV/MP4, TTML, SCC, MXF TC: time code of last frame * EIA-608: first displayed caption type * EIA-608: Maximum count of lines per event and total count of lines * EIA-608: duration of the visible content * TTML: Total count of lines * TTML: Maximum count of lines per event (including overlapping times) * TTML: Frame count, display aspect ratio * TTML: Support of timestamps in frames * SCC: Delay * Matroska: Encoding settings metadata support * MOV/MP4: Gamma metadata output * MPEG-4/MOV: difference between audio Center and Mono when possible * MP4/MOV: Support of dec3 atom in wave atom * MPEG-4/MOV: show both values in case of chan atom ChannelLayoutTag / ChannelDescriptions mismatch * MP4/MOV: Support of dec3 atom in wave atom * MXF: better support of AVC streams without SPS/PPS * ADM: display channel index of trackUIDs Fixed bugs: * WAV: fix freeze with 32-bit PCM * DPX: fix regression with DPX files more than 64 MB * Dolby E: fix crash with some invalid streams * E-AC-3: service kind was not correctly handled * EXR: fix of bad handling of files with long names in attributes * TTML: correct handling of 29.97 DF time codes * AV1: fix of the parsing of some streams, especially the ones with HDR metadata * WebVTT: was not correctly handling WebVTT header with comment * Matroska: fix false positive detection of bad CRC32 * Several other parsing bug/crash fixes ++++ rssguard: - Recommend nodejs and npm (fixes boo#1197561) ++++ libvirt: - qemu: Improve save operation by increasing pipe size c61d1e9b-virfile-set-pipe-size.patch, 47d6d185-virfile-fix-indent.patch, cd7acb33-virfile-report-error.patch bsc#1196625 ++++ parsec: - Update to 1.0.0: * Update changelog file only - Disable build on x86 since the build fails ++++ perl: - Stabilize Socket::VERSION comparisons [bnc#1193489] new patch: perl-Stabilize-Socket-VERSION-comparisons.patch ++++ ppp: - bsc#1197799: Add ppp-2.4.7-DES-openssl.patch to fix build on SLE-15-SP3 and SP4. ++++ salt: - Fix salt-ssh opts poisoning (bsc#1197637) - Added: * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch - Fix multiple security issues (bsc#1197417) * Sign authentication replies to prevent MiTM (CVE-2022-22935) * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) * Prevent job and fileserver replays (CVE-2022-22936) * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) - Added: * fix-multiple-security-issues-bsc-1197417.patch ++++ python-uamqp: - New upstream release + Version 1.5.3 + For detailed information about changes see the HISTORY.rst file provided with this package ++++ qemu: - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch ++++ qemu-linux-user: - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch ++++ qemu-testsuite: - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch ++++ sgi-bitmap-fonts: - backport from TW: fix tumbleweed build [bsc#1197854] ++++ squid: - Do not try to set special permissions for basic_pam_auth (bsc#1197649) ++++ yast2-packager: - Fixed regression in repository alias name for add-ons (bsc#1193214) - 4.4.27 ------------------------------------------------------------------ ------------------ 2022-3-30 - Mar 30 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698) ++++ Photini: - Update to version 2022.3.2 * Fix urllib import error porblem on some systems. * / Fix non-existing cache directory error. ++++ ceph: - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include ++++ ceph-test: - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include ++++ chromium: - Chromium 100.0.4896.60 (boo#1197680) * CVE-2022-1125: Use after free in Portals * CVE-2022-1127: Use after free in QR Code Generator * CVE-2022-1128: Inappropriate implementation in Web Share API * CVE-2022-1129: Inappropriate implementation in Full Screen Mode * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP * CVE-2022-1131: Use after free in Cast UI * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard * CVE-2022-1133: Use after free in WebRTC * CVE-2022-1134: Type Confusion in V8 * CVE-2022-1135: Use after free in Shopping Cart * CVE-2022-1136: Use after free in Tab Strip * CVE-2022-1137: Inappropriate implementation in Extensions * CVE-2022-1138: Inappropriate implementation in Web Cursor * CVE-2022-1139: Inappropriate implementation in Background Fetch API * CVE-2022-1141: Use after free in File Manager * CVE-2022-1142: Heap buffer overflow in WebUI * CVE-2022-1143: Heap buffer overflow in WebUI * CVE-2022-1144: Use after free in WebUI * CVE-2022-1145: Use after free in Extensions * CVE-2022-1146: Inappropriate implementation in Resource Timing - Added patches: * chromium-100-compiler.patch * chromium-100-GLImplementationParts-constexpr.patch * chromium-100-InMilliseconds-constexpr.patch * chromium-100-SCTHashdanceMetadata-move.patch * chromium-100-macro-typo.patch - Removed patches: * chromium-98-compiler.patch * chromium-86-nearby-explicit.patch * chromium-glibc-2.34.patch * chromium-v8-missing-utility-include.patch * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch ++++ kernel-64kb: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-azure: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-default: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-preempt: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 2d63590 - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit db7647d - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - commit 5fff22c - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 4c7dc78 - blacklist.conf: kABI - commit 79d1df3 - blacklist.conf: cleanup, not a bugfix - commit 3a5b1ab - blacklist.conf: cleanup, not a bugfix - commit a1c1b85 - Revert "usb: dwc3: gadget: Use list_replace_init() before traversing lists" (git-fixes). - commit 978c488 ++++ dtb-aarch64: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ intel-gpu-tools: - release 1.24 (23 Apr 2021) * fixed build against sle15-sp4 (boo#1197732) - supersedes * n_disable-build-of-gem_userptr_blits.patch * n_disable-build-of-pm_rpm.patch - refreshed u_respect_cflags.diff ++++ kernel-debug: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-source: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-source-azure: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-docs: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-kvmsmall: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-obs-build: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-obs-qa: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-syms: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-syms-azure: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ kernel-vanilla: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5ef2c78 - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 62bc950 ++++ kernel-zfcpdump: - ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. - commit 5e55cab - net: sched: fix use-after-free in tc_new_tfilter() (CVE-2022-1055 bsc#1197702). - commit 77a7f01 ++++ libexif: - libexif-CVE-2020-0198-CVE-2020-0181.patch: adjusted overflow checking code to in exif-data to not be optimized away. (CVE-2020-0198, CVE-2020-0181, bsc#1172802, bsc#1172768) - libexif-CVE-2020-0452.patch: adjusted a overflow check to not be optimized away by the compiler (CVE-2020-0452 bsc#1178479) ++++ openblas_0_3_20-gnu-hpc: - Build PPC64LE libraries with the lastest gcc available to take advantage of instruction sets in later CPUs used in the CPU specific kernels (jsc#SLE-18143, bsc#1197721). For fortran use the stock compiler to avoid compatibility issues between different versions of libfortran. This is relevant for Leap/SLE only. It may be dropped once gcc < 10 is no longer supported. - Do the same for x86_64 on SLE to make sure Cooperlake support is built properly. - Remove: * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch Instead, add from upstream: * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch * Fix-checks-for-AVX512-and-atomics.patch * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch ++++ openblas-pthreads_0_3_20-gnu-hpc: - Build PPC64LE libraries with the lastest gcc available to take advantage of instruction sets in later CPUs used in the CPU specific kernels (jsc#SLE-18143, bsc#1197721). For fortran use the stock compiler to avoid compatibility issues between different versions of libfortran. This is relevant for Leap/SLE only. It may be dropped once gcc < 10 is no longer supported. - Do the same for x86_64 on SLE to make sure Cooperlake support is built properly. - Remove: * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch Instead, add from upstream: * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch * Fix-checks-for-AVX512-and-atomics.patch * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch ++++ openblas_openmp: - Build PPC64LE libraries with the lastest gcc available to take advantage of instruction sets in later CPUs used in the CPU specific kernels (jsc#SLE-18143, bsc#1197721). For fortran use the stock compiler to avoid compatibility issues between different versions of libfortran. This is relevant for Leap/SLE only. It may be dropped once gcc < 10 is no longer supported. - Do the same for x86_64 on SLE to make sure Cooperlake support is built properly. - Remove: * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch Instead, add from upstream: * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch * Fix-checks-for-AVX512-and-atomics.patch * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch ++++ openblas_pthreads: - Build PPC64LE libraries with the lastest gcc available to take advantage of instruction sets in later CPUs used in the CPU specific kernels (jsc#SLE-18143, bsc#1197721). For fortran use the stock compiler to avoid compatibility issues between different versions of libfortran. This is relevant for Leap/SLE only. It may be dropped once gcc < 10 is no longer supported. - Do the same for x86_64 on SLE to make sure Cooperlake support is built properly. - Remove: * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch Instead, add from upstream: * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch * Fix-checks-for-AVX512-and-atomics.patch * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch ++++ openblas_serial: - Build PPC64LE libraries with the lastest gcc available to take advantage of instruction sets in later CPUs used in the CPU specific kernels (jsc#SLE-18143, bsc#1197721). For fortran use the stock compiler to avoid compatibility issues between different versions of libfortran. This is relevant for Leap/SLE only. It may be dropped once gcc < 10 is no longer supported. - Do the same for x86_64 on SLE to make sure Cooperlake support is built properly. - Remove: * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch Instead, add from upstream: * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch * Fix-checks-for-AVX512-and-atomics.patch * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch ++++ libosinfo: - bsc#1197769 - FTBFS: libosinfo won't compile on SP4 libosinfo.spec ++++ libpulp: - Update package with libpulp-0.2.0 (jsc#SLE-20049). - Embed metadata (.ulp) into livepatch container (.so). ++++ wireplumber: - Add patch from upstream to fix no sound on reconnection of bluetooth device (glfo#pipewire/wireplumber#234): * 0001-scripts-policy-device-profile-clear-tables-when-devices-removed.patch ++++ python-subliminal: - Build only for default python3 version - version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 ------------------------------------------------------------------ ------------------ 2022-3-29 - Mar 29 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ bluedevil5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ breeze: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * Fix build without QtQuick and QtX11Extras ++++ c3p0: - fix building on EL8 OSes ++++ cantata: - Use libvlc for MPD http stream playback. QtMultimedia is too old on Leap 15.3 to build Cantata 2.5. ++++ cantata: - Use libvlc for MPD http stream playback. QtMultimedia is too old on Leap 15.3 to build Cantata 2.5. ++++ chromium: - Update disk constraints ++++ kernel-64kb: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-azure: - enable SERIAL_8250_PNP to avoid IRQ conflict between ttyS0 and rtc0 (bsc#1197303) - commit c637e49 - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-default: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-preempt: - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - commit d7f7c48 - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - commit 14ca561 - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - commit b8afee8 - usb: bdc: remove duplicated error message (git-fixes). - commit 3971aef - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - commit 0a2966f - usb: bdc: Use devm_clk_get_optional() (git-fixes). - commit f4c7fea - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - commit 3293f5c - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - commit 686f431 - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - misc: sgi-gru: Don't cast parameter in bit operations (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - commit ed99607 - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - commit d8de3ca - driver core: dd: fix return value of __setup handler (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - commit 34d0dc9 - blacklist.conf: Add 1e9d74660d4d "bpf: Fix mount source show for bpffs" Missing required dependency - commit 5a8e47e - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - commit 36f2c3d - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - commit b94b06c ++++ discover: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * Fix searchfield focus on touch launch ++++ python-kiwi: - Bump version: 9.24.16 → 9.24.17 This version includes fixes for: * Fix booting GRUB submenu entries with hybrid images (linux/linuxefi) Variables assigned with "set" are not visible in submenus for some reason. Export $linux and $initrd, so that they also work in submenu entries. Fixes bsc#1192523 ++++ drkonqi5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ dtb-aarch64: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ plasma5-workspace: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * kcms/users: Adjust for padding in overlay sheet (kde#451031) * [Media Controller] Explicitly set slider "to" before setting "value" * [Notifications] Fix implicit size propagation in SelectableLabel * applets/kicker: Skip creating KService for non-desktop files or folders (kde#442970) * Fix sleep/suspend sometimes not working ... from ksmserver-logout-greeter, by making the DBus calls synchronous. * kicker/actionlist: Ensure we parse the args for the jumplist actions (kde#451418) * libtaskmanager: recompute active task when a task is removed * sddm/lockscreen: Fix weird behaviour * [Notifications] Limit notification heading line count ++++ pipewire: - Reorder BuildRequires and space conditions a bit better in the spec file. - Update to version 0.3.49: * Highlights - Sample rate switching should work again. - pw-dot can now use the output of pw-dump to render a graph. - Bluetooth A2DP streaming was improved that would reduce stuttering on some devices. - A JACK bug was fixed that would sometimes make it impossible to add more tracks in Ardour. (#1714) - Many bugfixes and improvements. * PipeWire - Fix a potential crash when NULL params were configured. - Add some simple functional tests to avoid some recent regressions. Improve the test framework for this as well. - Improvements to the poll loop to avoid some use-after-free scenarios. - Fix samplerate switching again. - setlocale is not called anymore from the pipewire library. This should be called by the application. (#2223) - pw_init() and pw_deinit() can now be nested and called multiple times. - pw_stream will now report the resampler delay in the pw_time.queued field. * modules - module-filter-chain now supports arbitrary many properties and will use property hints to assign them the right type. - The ROC modules now accept a sink/source_properties parameter. - The module-rt can now also be built without RT-Kit support. - module-echo-cancel can now use a fraction to specify the delay for more precise control. * SPA - The channelmixer will now do upmixing by default and will not use normalization. It will also use a simple upmixing algorithm that duplicates channels by default. A more interesting upmix method is also available (PSD) but needs to be enabled manually. (#861) - Add SSE optimized (de)interleave functions for 32 bits samples with and without byteswap. - JSON parsing of empty strings will now give an invalid number instead of 0. - JSON numbers are now parsed and serialized in a locale independent way so that , and . are not mixed up. - The resampler will now report the resample delay and queued samples as the extra delay. * tools - pw-cat will read more dsf files correctly and will not crash at the end. - pw-top now has a man page. - pw-dot can now use the output of pw-dump to render a graph. * bluetooth - Improve interactions with oFono. - Fix recovery with slow connections. - Improve frame size of AptX-ll. - A2DP can now use any quantum and will flush packets in smaller chunks when needed to adapt. This improves stuttering in some cases. * pulse-server - The server configuration can now be placed in pulse.properties section, which also makes it possible to have custom overrides. - Implement FIX_ flags for capture as well. - Small fixes and improvements in module loading. * JACK - Clear the last error before executing a new action or else we could end up with error from a previous action. This causes some problems in Ardour where adding a track would fail after some time. (#1714) - Rebase reduce-meson-dependency.patch. ++++ breeze-gtk: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kactivitymanagerd: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kcm_sddm: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kde-cli-tools5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kde-gtk-config5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kernel-debug: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-source: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-source-azure: - enable SERIAL_8250_PNP to avoid IRQ conflict between ttyS0 and rtc0 (bsc#1197303) - commit c637e49 - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-docs: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-install-tools: - Update to version v0.3.0: * specfile: accept OBS cleanups * specfile: fix UsrMerge support * specfile: silence OBS warning about no-binary * specfile: fix license tag * Makefile: install the installkernel script directly in /sbin * installkernel: Don't force hostonly ++++ kernel-kvmsmall: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-obs-build: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-obs-qa: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-syms: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-syms-azure: - enable SERIAL_8250_PNP to avoid IRQ conflict between ttyS0 and rtc0 (bsc#1197303) - commit c637e49 - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kernel-zfcpdump: - powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 ltc#196362). - commit be99d79 ++++ kgamma5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ khotkeys5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kinfocenter5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kinfocenter5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kmenuedit5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kmenuedit5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kscreen5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * KCM: Center Orientation label when there's no automatic options * X11: align touchscreen to internal display (kde#415683) - Drop code for obsolete versions ++++ kscreenlocker: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ ksshaskpass5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ libksysguard5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 - Force PIE when building with gcc-10 (boo#1195628, boo#1197641) ++++ ksystemstats5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kwayland-integration: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ kwayland-server: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * outputchangeset: set default values for vrr policy and rgb range (kde#442520) ++++ kwin5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * backends/drm: attempt a modeset on output disabling (kde#449878) * plugins/screencast: Fix a glitch in cursor bitmap * backends/drm: set max bpc in DrmPipeline * backends/drm: fall back to legacy mode in virtual machines (kde#427060) * backends/drm: only allow ARGB8888 as the cursor format * effects/blur: Fix window flickering when the clip intersected with the current blur region. (kde#421135) * screencast: better solution for missing context on cursor move * Revert "screencast: make context current in tryEnqueue" * src/kcmkwin: fix botched indentation code for final checkbox * backends/drm: don't do direct scanout with software rotation * screencast: make context current in tryEnqueue * effects/desktopgrid: don't forget to schedule repaints when timeline is running (kde#444678) * effects/desktopgrid: register down gesture (kde#444694) * inputmethod: Do not reset when hiding * inputmethod: Listen to text-input enablement changes when starting disabled - Drop patches, now upstream: * 0001-backends-drm-fall-back-to-legacy-mode-in-virtual-mac.patch ++++ kwrited5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ layer-shell-qt: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ libkscreen2: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ libapparmor: - ensure precompiled cache files are newer than (text) profiles - reload profiles in %posttrans instead of %post to ensure both - profiles and -abstractons package are updated before the cache in /var/cache/apparmor/ gets built (boo#1195463 #c20) ++++ libkdecoration2: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * Add RtL support (kde#432390) ++++ libvirt: - CVE-2022-0897: nwfilter: fix crash when counting number of network filters a4947e8f-nwfilter-CVE-2022-0897.patch bsc#1197636 ++++ wireplumber: - Add patch from upstream to set locale in apps now that pw_init doesn't call it by itself anymore in pipewire 0.3.49: * 0001-src-setlocale-in-main-for-tools-and-the-daemon.patch ++++ mchange-commons: - Added patch: * fix-javadoc-lint-errors.patch + fix javadoc lint errors ++++ milou5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ oxygen5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ pam_kwallet: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma-browser-integration: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 - Drop handling for 0%{?suse_version} < 1330 ++++ plasma-nm5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma-vault: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-addons: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-openSUSE: - Update to 5.24.4 ++++ plasma5-desktop: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * kcms/componentchooser: unify combobox lengths (kde#451365) ++++ plasma5-disks: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-firewall: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-integration: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-nano: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-pa: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-phone-components: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * mmplugin: set all connections to not autoconnect on setMobileDataEnabled(false) (#182) ++++ plasma5-sdk: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-systemmonitor: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-thunderbolt: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plasma5-workspace-wallpapers: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ plymouth-theme-breeze: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ podman: - Add patches to fix bsc#1196751: * 0002-Add-JSON-version-of-the-machine-list.patch * 0003-Add-completion-for-machine-list-format.patch * 0004-Not-all-fields-in-machine-list-were-set-properly.patch * 0005-Record-the-image-stream-along-with-the-path.patch * 0006-System-tests-fix-RHEL8-gating-tests.patch * 0007-buildah-bud-tests-skip-failing-tests.patch * 0008-Makefile-fix-darwin-detection.patch * 0009-Fix-images-since-after-tests.patch * 0010-Changes-of-docker-descriptions.patch * 0011-CI-DOCS-logformatter-handle-python-logs.patch * 0012-Disable-search-images-test.patch * 0013-v.3.4-vendor-containers-common-v0.44.5.patch * 0014-Bump-github.com-prometheus-client_golang-to-v1.11.1.patch * 0015-Backport-of-https-github.com-containers-podman-pull-.patch ++++ polkit-kde-agent-5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ powerdevil5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ qemu: - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch ++++ qemu-linux-user: - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch ++++ qemu-testsuite: - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch ++++ qqc2-breeze-style: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ raspberrypi-firmware-dt: - With recent Linux kernel gpio-ranges Device Tree property is now required. Add following patches to fix immediate issue described in bsc#1197578. ARM-dts-gpio-ranges-property-is-now-required.patch ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch We do not update whole package because this will create new issues like the one described in comment#12 in bsc#1193434 and comment#2 in bsc#1196632. Once patches referenced in bsc#1196632 are accepted upstream. _This_ package could be upgraded too. ++++ rpi-imager: - version 1.7.2 - Advanced options: remove overscan option - Advanced options: remove first run wizard suppression option - gz/xz/zstd custom images: pad if image size is not dividable by 512 byte - Store saved wifi password hashed - Make buttons blue on focus, to ease keyboard navigation - Add Japan, Korean translations - rpi-imager-noupdates.diff removed (included in current version) ++++ spacecmd: - version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) ++++ squid: - Fix upgrade path from squid 4.x where we replaced some symlinks with directories in pretrans section (bsc#1197333) - old_nettle_compat.patch: refresh patch ++++ systemsettings5: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - Changes since 5.24.3: * Don't let back arrow be re-colored to monochrome * systemsettings runner: Ensure that we match keywords case insensitively (kde#451634) ++++ typesafe-config: - Added patch: * fix-doc-lint.patch + fix javadoc lint errors ++++ vokoscreenNG: - Update to 3.2.0 * Adjust log file name, add timestamps * Only show filename without path in the player window title * Improve audio recording when recording from multiple devices on PulseAudio * Show message in audio tab if no PulseAudio server is found * Translation Updates ++++ xdg-desktop-portal-kde: - Update to 5.24.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.4 - No code changes since 5.24.3 ++++ yast2-installation: - AutoYaST: move custom file creation past user creation so that the element files/file/file_owner actually has an effect (bsc#1196595) - 4.4.51 ------------------------------------------------------------------ ------------------ 2022-3-28 - Mar 28 2022 ------------------- ------------------------------------------------------------------ ++++ ClusterTools2: - change version from 3.1.1 to 3.1.2 - As newer versions of pacemaker display the output from command 'crmadmin --quiet' on stdout instead on stderr, the command 'cs_clusterstate' was enhanced to adapt these change. (bsc#1188652) - Adapt 'cs_show_scores' to support newer versions of pacemaker and crmsh (bsc#1188456) - man page updates ++++ ant: - Security fixes: * [CVE-2021-36373, bsc#1188468] excessive memory allocation when reading a specially crafted TAR archive * [CVE-2021-36374, bsc#1188469] excessive memory allocation when reading a specially crafted ZIP archive or a derived formats - Add patches: * ant-CVE-2021-36373-and-CVE-2021-36374.patch - Security fixes: * [CVE-2021-36373, bsc#1188468] excessive memory allocation when reading a specially crafted TAR archive * [CVE-2021-36374, bsc#1188469] excessive memory allocation when reading a specially crafted ZIP archive or a derived formats - Add patches: * ant-CVE-2021-36373-and-CVE-2021-36374.patch - Security fixes: * [CVE-2021-36373, bsc#1188468] excessive memory allocation when reading a specially crafted TAR archive * [CVE-2021-36374, bsc#1188469] excessive memory allocation when reading a specially crafted ZIP archive or a derived formats - Add patches: * ant-CVE-2021-36373-and-CVE-2021-36374.patch - Security fixes: * [CVE-2021-36373, bsc#1188468] excessive memory allocation when reading a specially crafted TAR archive * [CVE-2021-36374, bsc#1188469] excessive memory allocation when reading a specially crafted ZIP archive or a derived formats - Add patches: * ant-CVE-2021-36373-and-CVE-2021-36374.patch ++++ kernel-64kb: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-azure: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-default: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-preempt: - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature. - commit 9b8fd9f - Metadata update - commit 20a72ea - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243). - commit 1e324a1 - Drop HID multitouch fix patch (bsc#1197243) Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch. Replaced with another revert patch. - commit 169cf98 - usb: dwc3: qcom: add IRQ check (git-fixes). - commit 0f04f35 - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - commit fa45b43 - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - commit 6c80c92 - Add CVE tags to patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch (bsc#1189562 bsc#1196761 CVE-2022-0850). - commit f3cb08f - blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP - commit ae70ffd - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - commit 99cd925 - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - commit 9c986de - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - commit 38ac9a8 - Refresh patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch. Alt-commit - commit 81cf826 - Refresh patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch. Alt-commit - commit 9f55faf - Refresh patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch. Alt-commit - commit eb12d1f - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - commit 1b3e76b - blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don\'t offset by 2 in FRU EEPROM - commit 6877985 - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - commit fb7d1f2 - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - commit 4a1a717 - drm/doc: overview before functions for drm_writeback.c (git-fixes). - commit 6d05b7f - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - commit 8027fb9 - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - commit c253ca8 - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - commit 42a3562 - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - commit f2138e4 - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - commit 4765cfb - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - commit 047d2b7 - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - commit 3094fd1 - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - commit 0e082ec ++++ compat-libpthread-nonshared: - Also build s390x version (bsc#1197272) ++++ dtb-aarch64: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-debug: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-source: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-source-azure: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-docs: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-kvmsmall: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-obs-build: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-obs-qa: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-syms: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-syms-azure: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ kernel-vanilla: - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562 bsc#1196761 CVE-2022-0850). - commit 8570e10 - Update patches.suse/sr9700-sanity-check-for-packet-length.patch (bsc#1196836 CVE-2022-26966). fixed typo in References - commit e04f4f1 ++++ kernel-zfcpdump: - watch_queue: Actually free the watch (CVE-2022-0995 bsc#1197246). - watch_queue: Fix NULL dereference in error cleanup (CVE-2022-0995 bsc#1197246). - commit 9f97636 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - commit 7ca9b7d - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - commit bdcd5ee - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - commit 8bb5c1f - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 4ce87ae ++++ multipath-tools: - If multipath-tools is newly installed, load dm-multipath (bsc#1196898) ++++ texlive: - Add also a Conflicts for texlive-texconfig-bin in texlive-scripts-extra-bin (bsc#1197569) ++++ systemd: - spec: enable 'efi' support regardless of whether sd_boot is enabled or not We should support EFI systems even if systemd-boot is not enabled. ++++ lksctp-tools: - Update to version 1.0.17 (bsc#1197590) * Build: add option to disable tests build * sctp_test: fix hostname resolution * man: remove sysctl listing from sctp.7 * Fix recieved->received typos * Fix usage help for sctp_test * test_1_to_1_accept_close: also expect EACCES when accept on an established socket * lksctp-tools: make bind_test can do while disable IPV6 * libsctp: add pkg-config support * autoconf: add m4 folder - Run spec-cleaner ++++ systemd-mini: - spec: enable 'efi' support regardless of whether sd_boot is enabled or not We should support EFI systems even if systemd-boot is not enabled. ------------------------------------------------------------------ ------------------ 2022-3-27 - Mar 27 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-03-28 (bsc#1084929) ++++ gnote: - Update to version 42.0: + Updated translations. ++++ gpxsee: - Update to version 10.5 * Improved handling of MBTiles maps with nonconsecutive zoom levels. * Fixed broken loading of some IMG maps. * Added a basic IMG nautical charts style. ++++ moarvm: - Fix installation on RHEL7 On Redhat based distros, rpm's auto-provides requires shared libs to be executable. - Fix build on RHEL7 which seems to lack libzstd ++++ nqp: - Fix build on RHEL7 RHEL doesn't include perl's core libraries in its perl package, so we need to explicitly depend on the modules we need for building. ++++ python-pybind11: - update to 2.9.1: * If possible, attach Python exception with py::raise_from to TypeError when casting from C++ to Python. This will give additional info if Python exceptions occur in the caster. * Add a mapping of C++11 nested exceptions to their Python exception equivalent using py::raise_from. This attaches the nested exceptions in Python using the __cause__ field. * Propagate Python exception traceback using raise_from if a pybind11 function runs out of overloads. * py::multiple_inheritance is now only needed when C++ bases are hidden from pybind11. * Allow py::args to be followed by other arguments; the remaining arguments are implicitly keyword-only, as if a py::kw_only{} annotation had been used. * Fix a rare warning about extra copy in an Eigen constructor. * Fix caching of the C++ overrides. * Add missing std::forward calls to some cpp_function overloads. * Support PyPy 7.3.7 and the PyPy3.8 beta. Test python-3.11 on PRs with the python dev label. * Replace usage of deprecated Eigen::MappedSparseMatrix with Eigen::Map> for Eigen 3.3+. * Tweaks to support Microsoft Visual Studio 2022. ++++ dnf-plugins-extras: - Update to 4.0.16 + Fix cleaning up destdir after system-upgrade (rh#2024430) ------------------------------------------------------------------ ------------------ 2022-3-26 - Mar 26 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix buildrequire for openldap2-devel - audit doesn't require the (outdated) C++ binding, but the C headers that happen to be pulled in by buildrequiring the C++ devel package ++++ chromium: - Chromium 99.0.4844.84: * CVE-2022-1096: Type Confusion in V8 (boo#1197552) ++++ gstreamer-plugins-bad: - Add 8440e2a373e5ce681d15f5880cb2f2562be332cf.patch: nvh264dec,nvh265dec: Fix broken key-unit trick and reverse playback. - Quiet setup, we do not need to see the unpacking of the tarball. ++++ gstreamer-plugins-base: - Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink: Complete reconfiguration on pad release. - Use ldconfig_scriptlets macro for post(un) handling. ------------------------------------------------------------------ ------------------ 2022-3-25 - Mar 25 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645) * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch - Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517) * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch ++++ caddy: - Update to version 2.4.6: * caddycmd: Add `--keep-backup` to upgrade commands (#4387) * caddycmd: Add `--skip-standard` to `list-modules` command, quieter output (#4386) * caddycmd: fix caddy validate/fmt help message (#4377) * caddyhttp: Add support for triggering errors from `try_files` (#4346) * caddyhttp: Placeholder for client cert in DER + base64 format (#4241) * caddyhttp: reverseproxy: clarify warning for -insecure (#4379) * caddyhttp: Sanitize the path before evaluating path matchers (#4407) * caddytls: Mark storage clean timestamp at end of routine (#4401) * docs: General minor improvements * fastcgi: Fix Caddyfile parsing when `handle_response` is used (#4342) * fastcgi: Implement `try_files` override in Caddyfile directive (#4347) * fileserver: Fix compression breaks using httpInclude (#4352) (#4358) * fileserver: Fix displayed file size if it is symlink (#4354) * fileserver: Make file listing links purple once visited (#4356) * fileserver: Prevent focusing filter from scrolling on page load (#4393) * fileserver: properly handle escaped/non-ascii paths (#4332) * headers: Canonicalize case in replace (fix #4330) * httpcaddyfile: Empty tls policy for internal http localhost (#4398) * httpcaddyfile: Preserve IPv6 addresses through normalization (fix #4381) * map: Fix 95c03506 (avoid repeated expansions) * map: Fix regex mappings * reverseproxy: Log error at error level (fix #4360) * reverseproxy: Prevent copying the response if a response handler ran (#4388) * reverseproxy: Sanitize scheme and host on incoming requests (#4237) * templates: Add 'import' action (#4321) * templates: Add tests for funcInclude and funcImport (#4357) * templates: Propagate httpError to HTTP response ++++ kernel-preempt: - esp: Fix possible buffer overflow in ESP transformation (bsc#1197131 CVE-2022-0886 CVE-2022-27666). - commit 39a5891 - Update patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch (bsc#1194589 bsc#1197366 CVE-2021-45868). - commit 1a6f8a7 ++++ dnf: - Add Fix-processing-of-download-errors.patch backported from upstream * Fix dnf incorrectly aborting on non-English systems when packages already cached (rh#2024527) ++++ firewalld: - Provide dummy firewalld-prometheus-config package (bsc#1197042) ++++ gdcm: - version 3.0.11 * Fix for a significant issue with JPEG-LS and RGB color space * tons of small bug fixes ++++ java-17-openjdk: - Set a non-zero alternatives priority for Factory builds - Added patch: * JDK-8282004.patch + fix missing CALL effects on x86_32 ++++ libqt5-qtwebengine: - Add patch to fix build with GCC 12: * 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch ++++ zlib: - CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 * bsc1197459.patch ++++ libpulp: - Add patch build macros and deployment scripts. (jsc#SLE-20049) ++++ wireplumber: - Make the wireplumber-audio noarch as it just contains a lua config file. ++++ libzypp: - ZConfig: Update solver settings if target changes (bsc#1196368) - version 17.30.0 (22) ++++ nvme-stas: - Update to version 1.0-rc5: * Remove misconfiguration check. (bsc#1197361) * Document how to increase the number of interfaces that Avahi can monitor. - Removed python3-netifaces dependency (bsc#1197361) - Added ahahi dependency - Do not list files twice (add %dir to directory paths) - Drop workaround for Python interpreter path fixup. ++++ orthanc: - version 1.10.1 * for detailed changelog see NEWS ++++ orthanc-gdcm: - Version 1.5 * Take the configuration option "RestrictTransferSyntaxes" into account not only for decoding, but also for transcoding * Upgrade to GDCM 3.0.10 for static builds- ++++ orthanc-gdcm: - Version 1.5 * Take the configuration option "RestrictTransferSyntaxes" into account not only for decoding, but also for transcoding * Upgrade to GDCM 3.0.10 for static builds- ++++ patterns-gnome: - Recommend systemd-icon-branding by gnome_x11: try to get the correct branding installed, allowing to show the correct icon in gnome-control-center. ++++ pdns: - Update to 4.6.1 * fixes incomplete validation of incoming IXFR transfer for secondary zones for which IXFR transfers have been enabled and the network path to the primary server is not trusted. Note that IXFR transfers are not enabled by default. (CVE-2022-27227, bsc#1197525) ++++ pdns-recursor: - update to 4.6.1 fixes incomplete validation of incoming IXFR transfer in the Recursor. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. (bsc#1197525, CVE-2022-27227) ++++ qbittorrent: - Update to version 4.4.2 New features: * Allow to limit max memory working set size Bug fixes: * Fix UI crash when torrent is in a non-existent category * Correctly handle changing of global save paths * Disable performance alert * Prevent loading resume data with inconsistent ID * Properly handle metadata download for an existing torrent * Prevent crash when open torrent destination folder ++++ qemu: - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). ++++ qemu-linux-user: - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). ++++ qemu-testsuite: - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). ++++ yast2-migration-sle: - Updated README - Fixed starting the module from the control center - Allow migration to SLED or other products if supported by SCC - Added unit tests - Fixed build problems - First public release (related to jsc#SLE-17309) - 4.4.0 ------------------------------------------------------------------ ------------------ 2022-3-24 - Mar 24 2022 ------------------- ------------------------------------------------------------------ ++++ apparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ bash: - Do use old legacy PreReq to get bash installed before bash-sh but do not require bash-sh by bash (bsc#1197448) ++++ ceph: - Update to 16.2.7-650-gd083eaa3886 + (pr#469) cephadm: update image paths to registry.suse.com + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + (pr#467) cephadm: infer the default container image during pull + (pr#465) mgr/cephadm: try to get FQDN for inventory address + Sync _constaints file for IBS and OBS ++++ ceph-test: - Update to 16.2.7-650-gd083eaa3886 + (pr#469) cephadm: update image paths to registry.suse.com + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + (pr#467) cephadm: infer the default container image during pull + (pr#465) mgr/cephadm: try to get FQDN for inventory address + Sync _constaints file for IBS and OBS ++++ chrony: - Fix config file handling in the spec file and remove "ntsdumpdir" from default config, because augeas-lenses cannot parse it during installation of SLE Micro on SLE-15-SP3 (bsc#1194220). ++++ kernel-64kb: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-azure: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-default: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-preempt: - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - commit 33bac97 - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - commit 364280e - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 0f1f53e - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - commit d014f56 ++++ dtb-aarch64: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-debug: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-source: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-source-azure: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-docs: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-kvmsmall: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-obs-build: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-obs-qa: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-syms: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-syms-azure: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kernel-vanilla: - esp: Fix possible buffer overflow in ESP transformation (bsc#1197131 CVE-2022-0886). - commit d9e58bc - Refresh patches.suse/xfrm-fix-mtu-regression.patch. - commit 0ee241b - quota: check block number when reading the block in quota file (bsc#1197366 CVE-2021-45868). - commit b7d9616 - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch. - commit f284bec ++++ kernel-zfcpdump: - supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce - commit e6b9e81 ++++ kwin5: - Add patch to fix client cursor offset in VMs (kde#427060): * 0001-backends-drm-fall-back-to-legacy-mode-in-virtual-mac.patch ++++ libapparmor: - Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on /proc/{pid}/fd for samba-bgqd (bnc#1196850). - Add update-usr-sbin-smbd.diff to add new rule to allow reading of openssl.cnf (bnc#1195463). ++++ texlive: - Gzip manual page of biber ++++ python310-core: - (bsc#1196784, CVE-2022-25236) Rename patch: support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 as it was fully patched against CVE-2022-25236. ++++ suseconnect-ng: - Update to version 0.0.7~git0.3ef988e: * Fix product tree traversal (bsc#1197398) * Revert "Remove self from LD_PRELOAD (bsc#1196326)" * Remove self from LD_PRELOAD (bsc#1196326) ++++ nfs-utils: - Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch Ensure "sloppy" is added correctly for newer kernels. Particularly required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. (boo#1197297) ++++ python-Twisted: - Add skip-namespacewithwhitespace.patch to make the test suite skip test failing with the modern libexpat. ++++ python310: - (bsc#1196784, CVE-2022-25236) Rename patch: support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 as it was fully patched against CVE-2022-25236. ++++ python310-documentation: - (bsc#1196784, CVE-2022-25236) Rename patch: support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 as it was fully patched against CVE-2022-25236. ++++ qemu: - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ++++ qemu-linux-user: - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ++++ qemu-testsuite: - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ++++ strongswan: - 0001-Modularize-the-IKEv2-key-derivation-so-it-can-be-pro.patch: Outsource the IKE key deriviation to openssl for FIPS certification. (bsc#1195919) ------------------------------------------------------------------ ------------------ 2022-3-23 - Mar 23 2022 ------------------- ------------------------------------------------------------------ ++++ audit-secondary: - add audit-userspace-517-compat.patch ++++ kernel-preempt: - blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation() - commit 2d7347b - quota: check block number when reading the block in quota file (bsc#1197366 CVE-2021-45868). - commit a7d4915 ++++ distribution-gpg-keys: - Update to v1.67 + Add EPEL9 key + Add keys of RPM Fusion Fedora 37 + Add Navy Linux RPM GPG official key + add new MySQL key + add Fedora 37 + Add symlink for CentOS Stream 9 to main official key + Add EuroLinux 9 key + move Fedora Rawhide key to F37 + Add remi 2022 key + Refresh all CentOS SIG keys (rh#2059424) ++++ gnuhealth: - version 4.0.2 * Use ODT binary format for pediatric growth charts reports * Force Beren library to 0.7.0 to make it compatible with Python 3.6 * Allow Python minor versions > 10 (ej Python 3.10.2) * fix webdav import error, bug #62165 ++++ gstreamer-plugins-bad: - Add patch to support building with srt 1.3.4 in SLE * fix-build-with-srt-1.3.4.patch - Do not build the gstldac plugin in s390x where pkgconfig(ldacBT-enc) is not available. ++++ jsr-305: - Build with java source and target levels 8 ++++ kernel-vanilla: - Fixing a series_sort.py issue for a patch The patch: blk-mq-move-_blk_mq_update_nr_hw_queues-synchronize_rcu-call was placed at the end of the sorted section by series_insert.py at one time, but now series_sort.py is complaining. So move this patch to later in series.conf, outside of the sorted section, making series_sort.py happy. - commit a65cae5 ++++ openldap2: - bsc#1191157 - allow specification of max/min TLS version with TLS1.3 * 0239-ITS-9422-Update-for-TLS-v1.3.patch * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch * 0241-TLS-set-protocol-version.patch - bsc#1197004 - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. ++++ rssguard: - Update to version 4.2.1 Added: * Number format of unread counts in task bar icon and tray icon is now enhanced. It shows format "%1k" for number bigger than 999, for example 16 000 of unread articles will be displayed as "16k". ++++ spice: - Add patch to let spice build with gstreamer 1.20.x (https://gitlab.freedesktop.org/spice/spice/-/merge_requests/207) * fix-build-with-gstreamer-1.20.patch ++++ systemd: - spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE ++++ nvme-stas: - Update to version 1.0-rc4: * Check ignore-iface when creating TransportId object * Adding man pages for ip-family and ignore-iface * Add ignore-iface and ip-family conf. options * Update the documentation * Change default address returned by name resolver * Filter out invalid IP addresses. (bsc#1197361) * When reading the Host NQN, warn people if the NQN seems invalid * Print descriptive message when unable to run stafctl/stacctl * Use the newly added cntlrtype to check the type of controller * minor fix to previous change to set the log level on libnvme * LOG: enable libnvme debug when trace is enabled - Added python3-netifaces dependency ++++ openCryptoki: - Added the following two patches for bac#1197395. The CKM_IBM_DILITHIUM mechanism does not show up as supported by the EP11 token when an upgraded EP11 host library is used. * openCryptoki-sles15-sp4-EP11-Dilithium-Specify-OID-of-key-strength-at-key-ge.patch * openCryptoki-sles15-sp4-EP11-Fix-host-library-version-query.patch ++++ postgresql10-pgaudit: - version update [bsc#1197148] - 1.2.3: https://github.com/pgaudit/pgaudit/releases/tag/1.2.4 - 1.4.2: https://github.com/pgaudit/pgaudit/releases/tag/1.4.3 - 1.5.1: https://github.com/pgaudit/pgaudit/releases/tag/1.5.2 - 1.6.2: https://github.com/pgaudit/pgaudit/releases/tag/1.6.2 ++++ postgresql12-pgaudit: - version update [bsc#1197148] - 1.2.3: https://github.com/pgaudit/pgaudit/releases/tag/1.2.4 - 1.4.2: https://github.com/pgaudit/pgaudit/releases/tag/1.4.3 - 1.5.1: https://github.com/pgaudit/pgaudit/releases/tag/1.5.2 - 1.6.2: https://github.com/pgaudit/pgaudit/releases/tag/1.6.2 ++++ postgresql13-pgaudit: - version update [bsc#1197148] - 1.2.3: https://github.com/pgaudit/pgaudit/releases/tag/1.2.4 - 1.4.2: https://github.com/pgaudit/pgaudit/releases/tag/1.4.3 - 1.5.1: https://github.com/pgaudit/pgaudit/releases/tag/1.5.2 - 1.6.2: https://github.com/pgaudit/pgaudit/releases/tag/1.6.2 ++++ postgresql14-pgaudit: - version update [bsc#1197148] - 1.2.3: https://github.com/pgaudit/pgaudit/releases/tag/1.2.4 - 1.4.2: https://github.com/pgaudit/pgaudit/releases/tag/1.4.3 - 1.5.1: https://github.com/pgaudit/pgaudit/releases/tag/1.5.2 - 1.6.2: https://github.com/pgaudit/pgaudit/releases/tag/1.6.2 ++++ python-Kivy: - python-mock is not required for build ++++ qemu: - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch ++++ qemu-linux-user: - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch ++++ qemu-testsuite: - Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall (bsc#1196924) * Patches added: tools-virtiofsd-Add-rseq-syscall-to-the-.patch ++++ systemd-mini: - spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE ------------------------------------------------------------------ ------------------ 2022-3-22 - Mar 22 2022 ------------------- ------------------------------------------------------------------ ++++ 389-ds: - Resolve bsc#1197345 - CVE-2022-0996 - Mishandling of password expiry - Update to version 2.0.14~git25.e6431d959: * Issue 5221 - User with expired password can still login with full privledges * Issue 5218 - double-free of the virtual attribute context in persistent search (#5219) * Issue 5200 - dscontainer should use environment variables with DS_ prefix * Issue 5193 - Incomplete ruv occasionally returned from ruv search (#5194) * Issue 5189 - memberOf plugin exclude subtree not cleaning up groups on modrdn * Issue 5188 - UI - LDAP editor - add entry and group types * Issue 5184 - memberOf does not work correctly with multiple include scopes * Issue 5162 - BUG - error on importing chain files (#5164) * Issue 5186 - UI - Fix SASL Mapping regex validation and other minor improvements * Issue 5048 - Support for nsslapd-tcp-fin-timeout and nsslapd-tcp-keepalive-time (#5179) ++++ Photini: - Update to version 2022.3.1 * Fix bug when removing marker from Bing map. * Fix bug in comparing version numbers. ++++ branding-openSUSE: - Bump to 15.4 ++++ kernel-64kb: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-azure: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-default: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-preempt: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 8a9b87d - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 12628f8 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit aee063f - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - commit 8c138d0 - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 112493c - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: cavium/nitrox - don't cast parameter in bit operations (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - crypto: ccree - don't attempt 0 len DMA mappings (git-fixes). - crypto: qat - don't cast parameter in bit operations (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - iwlwifi: don't advertise TWT support (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - commit 240077f - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - commit 4fc5228 - blacklist.conf: Add 2ecedd756908 ("membarrier: Add an actual barrier before rseq_preempt()") - commit e7a5059 - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - commit 3a3c855 - netfilter: conntrack: don't refresh sctp entries in closed state (bsc#1197389). - commit d30cf2f - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Don't skip directory entries when doing uncached readdir (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Ensure the server has an up to date ctime before hardlinking (git-fixes). - commit 0dffa33 ++++ dtb-aarch64: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ httpcomponents-asyncclient: - Build with java source and target levels 8 ++++ kernel-debug: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-source: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-source-azure: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-docs: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-kvmsmall: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-obs-build: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-obs-qa: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-syms: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-syms-azure: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ kernel-vanilla: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 86d43c7 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit e5bbf41 - ALSA: pcm: Fix races among concurrent prealloc proc writes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (CVE-2022-1048 bsc#1197331). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (CVE-2022-1048 bsc#1197331). - commit 0f72275 ++++ kernel-zfcpdump: - ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 bsc#1197331). - commit 15a1bad - fuse: handle kABI change in struct fuse_args (bsc#1197343 CVE-2022-1011). - fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 CVE-2022-1011). - commit 879fc92 - crypto: hisilicon/sec - fix the aead software fallback for engine (bsc#1198240). - commit 7a54f7c - Refresh patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch Add info about context deviation from upstream. - commit f8cba97 - Refresh patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch Add info about context deviation from upstream. - commit 1d085d3 - Refresh patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit e44090b - Refresh patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch Add info about context deviation from upstream. - commit da99102 - Refresh patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch Add info on context deviation from upstream. - commit aa0e1a6 - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch Add info about context deviation from upstream. - commit 2d1de22 - bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 8bc21d0 ++++ libfdata: - Add libfdata-20211023-1TB-fix.patch * Fixes bug associated with image offsets beyond 1TB * see https://github.com/libyal/libbde/issues/47 ++++ libgcrypt: - FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] * Mark RSA public key encryption and private key decryption with padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks peer key assurance validation requirements per SP800-56Brev2. * Mark ECC as approved only for NIST curves P-224, P-256, P-384 and P-521 with check for common NIST names and aliases. * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. * Add libgcrypt-FIPS-SLI-pk.patch * Rebase libgcrypt-FIPS-service-indicators.patch - Run the regression tests also in FIPS mode. * Disable tests for non-FIPS approved algos. * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch ++++ rssguard: - Update to version 4.2.0 Added: * Items in feed list * Article list now can display full article titles with multiline layout. Switch the feature in "Settings -> Feeds & articles -> Articles list". * Date/time format of articles in article list is now VERY customizable, you can set to display e. g. time only for today's items, or show relative dates for recent items etc. * RSS Guard now builds with cmake. * "Add feed" and "Edit feed" dialogs were redesigned a bit for better UX. * New action "Open main menu" can now be added to toolbars. * If feed does not provide date/time for its articles, then current date/time is used and now this artificial date/time is iterated to achieve consistent sorting for those articles. * Individual feeds can now be turned off. Turning feed "off" disables it and it won't get any new articles. See "Edit feed" dialog, specifically "Miscellaneous" tab. * Gmail: Synchronization of e-mails is now MUCH faster, especially subsequent synchronizations. Also, some Gmail-related fixes were added. * TT-RSS: Added "share to published" feature which allows user to save custom notes to TT-RSS. Can be used with context menu on "[SYSTEM] User-published articles" feed list item. * Count of unread articles in taskbar is now switchable. * Documentation was updated. * All modal dialogs now should have "maximize" button. * Context menu of article list now offers action "Copy links". * Articles downloaded from single feed are now de-duplicated before they are processed and saved into RSS Guard DB. * Node.js integration was polished and generalized and will be used for more optional features in the future. * Firefox-inspired "reader mode" is now available in WebEngine version of RSS Guard. Check internal web browser toolbar for the relevant "Open in reader mode" button. * New action "Open in internal browser * Polishing of feed import feature. * Updated built-in "nudus-*" skins. Thanks to akinokonomi for this. * RSS Guard is now aware of "qt5/6-ct" style used by "qtct" tool. * Handling of skins, Qt stylesheets and Qt styles is now rewritten quite a lot to achieve more consistent UX and allow for much greater flexibility for skin creators. Fixed: * Feedly: HTML entities/code in article titles were not encoded and displayed correctly. * GUI separators were resetting their positions to middle, hopefully fixed. * Inaccurate reporting of new articles when there are no new articles, due to DB layer error. * "New messages" feed status is now more persistent. * Handling of character set in MariaDB backend is now improved, all UTF-8 characters should now work correctly. * Loading of skins/themes is now done more early to avoid some clashes with GUI initialization. * Fixed displaying of special characters in RSS/RDF/ATOM account name. * No separators in custom source specification are needed now. - Refresh rssguard-4.0.2-add_library_version.patch as rssguard-4.2.0-add_library_version.patch - Drop rssguard-4.1.2-Qt512.patch (too much hassle) ++++ wireplumber: - Update to version 0.4.9: * Fixes: - restore-stream no longer crashes if properties for it are not present in the config (#190) - spa-json no longer crashes on non-x86 architectures - Fixed a potential crash in the bluetooth auto-switch module (#193) - Fixed a race condition that would cause Zoom desktop audio sharing to fail (#197) - Surround sound in some games is now exposed properly (pipewire#876) - Fixed a race condition that would cause the default source & sink to not be set at startup - policy-node now supports the 'target.object' key on streams and metadata - Multiple fixes in policy-node that make the logic in some cases behave more like PulseAudio (regarding nodes with the dont-reconnect property and regarding following the default source/sink) - Fixed a bug with parsing unquoted strings in spa-json * Misc: - The policy now supports configuring "persistent" device profiles. If a device is manually set to one of these profiles, then it will not be auto-switched to another profile automatically under any circumstances (#138, #204) - The device-activation module was re-written in lua - Brave, Edge, Vivaldi and Telegram were added in the bluetooth auto-switch applications list - ALSA nodes now use the PCM name to populate node.nick, which is useful at least on HDA cards using UCM, where all outputs (analog, hdmi, etc) are exposesd as nodes on a single profile - An icon name is now set on the properties of bluetooth devices - Drop patches already upstream: * 0001-spa-json-fix-va_list-APIs-for-different-architectures.patch * 0001-restore-stream-do-not-crash-if-config_properties-is-nil.patch * 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch * 0003-si-audio-adapter-relax-format-parsing.patch - Update split-config-file.py script ++++ nvme-cli: - Fix install conflict caused by new bash completion script location (bsc#1197365). ++++ ocfs2-tools: - fsck.ocfs2: do not try locking after replaying journals if -F is given (bsc#1196705) + fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch ++++ python-nltk: - Update to 3.7 - Improve and update the NLTK team page on nltk.org (#2855, [#2941]) - Drop support for Python 3.6, support Python 3.10 (#2920) - Update to 3.6.7 - Resolve IndexError in `sent_tokenize` and `word_tokenize` (#2922) - Update to 3.6.6 - Refactor `gensim.doctest` to work for gensim 4.0.0 and up (#2914) - Add Precision, Recall, F-measure, Confusion Matrix to Taggers (#2862) - Added warnings if .zip files exist without any corresponding .csv files. (#2908) - Fix `FileNotFoundError` when the `download_dir` is a non-existing nested folder (#2910) - Rename omw to omw-1.4 (#2907) - Resolve ReDoS opportunity by fixing incorrectly specified regex (#2906, bsc#1191030, CVE-2021-3828). - Support OMW 1.4 (#2899) - Deprecate Tree get and set node methods (#2900) - Fix broken inaugural test case (#2903) - Use Multilingual Wordnet Data from OMW with newer Wordnet versions (#2889) - Keep NLTKs "tokenize" module working with pathlib (#2896) - Make prettyprinter to be more readable (#2893) - Update links to the nltk book (#2895) - Add `CITATION.cff` to nltk (#2880) - Resolve serious ReDoS in PunktSentenceTokenizer (#2869) - Delete old CI config files (#2881) - Improve Tokenize documentation + add TokenizerI as superclass for TweetTokenizer (#2878) - Fix expected value for BLEU score doctest after changes from [#2572] - Add multi Bleu functionality and tests (#2793) - Deprecate 'return_str' parameter in NLTKWordTokenizer and TreebankWordTokenizer (#2883) - Allow empty string in CFG's + more (#2888) - Partition `tree.py` module into `tree` package + pickle fix (#2863) - Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs (#2877) - Rewind Wordnet data file after each lookup (#2868) - Correct __init__ call for SyntaxCorpusReader subclasses (#2872) - Documentation fixes (#2873) - Fix levenstein distance for duplicated letters (#2849) - Support alternative Wordnet versions (#2860) - Remove hundreds of formatting warnings for nltk.org (#2859) - Modernize `nltk.org/howto` pages (#2856) - Fix Bleu Score smoothing function from taking log(0) (#2839) - Update third party tools to newer versions and removing MaltParser fixed version (#2832) - Fix TypeError: _pretty() takes 1 positional argument but 2 were given in sem/drt.py (#2854) - Replace `http` with `https` in most URLs (#2852) - Update to 3.6.5 - modernised nltk.org website - addressed LGTM.com issues - support ZWJ sequences emoji and skin tone modifer emoji in TweetTokenizer - METEOR evaluation now requires pre-tokenized input - Code linting and type hinting - implement get_refs function for DrtLambdaExpression - Enable automated CoreNLP, Senna, Prover9/Mace4, Megam, MaltParser CI tests - specify minimum regex version that supports regex.Pattern - avoid re.Pattern and regex.Pattern which fail for Python 3.6, 3.7 - Update to 3.6.4 - deprecate `nltk.usage(obj)` in favor of `help(obj)` - resolve ReDoS vulnerability in Corpus Reader - solidify performance tests - improve phone number recognition in tweet tokenizer - refactored CISTEM stemmer for German - identify NLTK Team as the author - replace travis badge with github actions badge - add SECURITY.md - Update to 3.6.3 - Dropped support for Python 3.5 - Run CI tests on Windows, too - Moved from Travis CI to GitHub Actions - Code and comment cleanups - Visualize WordNet relation graphs using Graphviz - Fixed large error in METEOR score - Apply isort, pyupgrade, black, added as pre-commit hooks - Prevent debug_decisions in Punkt from throwing IndexError - Resolved ZeroDivisionError in RIBES with dissimilar sentences - Initialize WordNet IC total counts with smoothing value - Fixed AttributeError for Arabic ARLSTem2 stemmer - Many fixes and improvements to lm language model package - Fix bug in nltk.metrics.aline, C_skip = -10 - Improvements to TweetTokenizer - Optional show arg for FreqDist.plot, ConditionalFreqDist.plot - edit_distance now computes Damerau-Levenshtein edit-distance - Update to 3.6.2 - move test code to nltk/test - fix bug in NgramAssocMeasures (order preserving fix) - Update to 3.6 - add support for Python 3.9 - add Tree.fromlist - compute Minimum Spanning Tree of unweighted graph using BFS - fix bug with infinite loop in Wordnet closure and tree - fix bug in calculating BLEU using smoothing method 4 - Wordnet synset similarities work for all pos - new Arabic light stemmer (ARLSTem2) - new syllable tokenizer (LegalitySyllableTokenizer) - remove nose in favor of pytest ++++ python-tinydb: - Update to 4.7.0 * Feature: Allow inserting Document instances using Table.insert_multiple (see #455). * Performance: Only convert document IDs of a table when returning documents. This improves performance the Table.count and Table.get operations and also for Table.search when only returning a few documents (see #460). * Internal change: Run all Table tests JSONStorage in addition to MemoryStorage. * Fix: Make using callables as queries work again (see #454) * Feature: Add map() query operation to apply a transformation to a document or field when evaluating a query (see PR #445). * Note: This may break code that queries for a field named map using the Query APIs property access syntax * Feature: Add support for typing-extensions v4 - Disable mypy tests for GNUHealth submission into 15.4 jsc#SLE-23990 - This package needs typing-extensions if used with Python 3.6 ++++ qemu: - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ++++ qemu-linux-user: - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ++++ qemu-testsuite: - Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 (bsc#1197018) * Patches added: hw-i386-amd_iommu-Fix-maybe-uninitialize.patch Silence-GCC-12-spurious-warnings.patch Ignore-spurious-GCC-12-warning.patch ++++ trivy: - tie to go.17 as 1.18 became available ++++ yast2-registration: - Fixed migration rollback in Leap => SLES migration (related to jsc#SLE-17309) - 4.4.18 ------------------------------------------------------------------ ------------------ 2022-3-21 - Mar 21 2022 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 99.0.4844.82: * Fix potential problem in Hangouts (boo#1197332) ++++ kernel-64kb: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-azure: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-default: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-preempt: - blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3 - commit 7de8046 - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - commit 197c612 - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - commit 5f626af - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - commit 64e0e15 - net: enetc: initialize the RFS and RSS memories (git-fixes). - commit 48628ab - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - commit d733e4e - team: protect features update by RCU to avoid deadlock (git-fixes). - commit 0917ada - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - commit e20b4bd - Update config files. - commit 5e3d4fd - drm/i915: Fix dbuf slice config lookup (git-fixes). - commit 2e1e919 - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - commit 37de9a5 - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - commit 1372669 - Revert "Revert "build initrd without systemd" (bsc#1197300)" This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd. - commit 72ed14f - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - commit 3edad5c - Revert "Revert "rpm/kernel-source.spec.in: call fdupes per subpackage"" This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15. Which was propagated from my local local tree. Restore the commit - commit ee9cedc ++++ crmsh: - Update to version 4.4.0+20220321.8cf6a9d1: * Dev: Parametrize the log dir * Dev: ui_cluster: Check if qdevice can contribute vote * Dev: qdevice: Improve remove qdevice process * Dev: qdevice: Add lock to protect for the same cluster name * Fix: qdevice: Add lock to protect init_db_on_qnetd function (bsc#1197323) * medium: utils: update detect_cloud pattern for aws * Dev: qdevice: Consolidate qdevice related separate functions into qdevice.QDevice class * Dev: lock: Make lock.py more generic * Dev: qdevice: Add cluster name suffix to qdevice-net-node.crq on qnet * Dev: qdevice: remove askpass since it's unnecessary after passwordless configured on qnetd * Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726) * Dev: utils: Remove duplicated debug message ++++ deepin-compressor: - Fix build on ARM. ++++ deepin-voice-note: - Update version to 5.10.14 * Add CI script * Fix bugs ++++ dtb-aarch64: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ java-17-openjdk: - Added patch: * JDK-8282944.patch + Upstream fix for JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS ++++ kernel-debug: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-source: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-source-azure: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-docs: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-kvmsmall: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-obs-build: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-obs-qa: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-syms: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-syms-azure: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ kernel-vanilla: - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - commit 7e857f7 ++++ kernel-zfcpdump: - watch_queue: Make comment about setting ->defunct more accurate (CVE-2022-0995 bsc#1197246). - watch_queue: Fix lack of barrier/sync/lock between post and read (CVE-2022-0995 bsc#1197246). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (CVE-2022-0995 bsc#1197246). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (CVE-2022-0995 bsc#1197246). - watch_queue: Use the bitmap API when applicable (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to always request a pow-of-2 pipe ring size (CVE-2022-0995 bsc#1197246). - watch_queue: Fix to release page in ->release() (CVE-2022-0995 bsc#1197246). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (CVE-2022-0995 bsc#1197246). - watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). - commit 223dbc3 ++++ texlive: - Do not attach prefix texlive twice in case of texlive-scripts-extra ++++ libsolv: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code [bsc#1196514] - support parsing of Debian's Multi-Arch indicator - bump version to 0.7.22 ++++ libzypp: - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - version 17.29.7 (22) ++++ makedumpfile: - makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch: sadump, kaslr: fix failure of calculating kaslr_offset (bsc#1196736). ++++ parsec: - Update to 1.0.0-rc3: * Changelog: https://github.com/parallaxsecond/parsec/compare/1.0.0-rc2...1.0.0-rc3 * Fixes CVE-2022-24713 - boo#1196972 ++++ parsec-tool: - Update to 0.5.2: * changelog from 0.5.1 to 0.5.2: https://github.com/parallaxsecond/parsec-tool/compare/0.5.1...0.5.2 * Fixes CVE-2022-24713 - boo#1196972 ++++ polkit-default-privs: - Update to version 13.2+20220309.ce702da: * backport of kpmcore whitelistng (bsc#1178848) ------------------------------------------------------------------ ------------------ 2022-3-20 - Mar 20 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-03-21 (bsc#1084929) ++++ deepin-compressor: - Update version to 5.12.2 * Support long long filename * Support choosing 1, 2, 4, 8 CPU cores. * The minimum window size is 620*300 * Update documents * Fix bugs ++++ java-17-openjdk: - Modified patch: * disable-doclint-by-default.patch + try actually disable the doclint by default ++++ mirrorsorcerer: - Update to version 0.1.0~11: * warn when non-root. Improve daemon mode. Set default pool path * Fix repo metadata timeout ++++ opentoonz: - Use 'https://' in _service file to connect to Github. ++++ patterns-deepin: - Version 15.4.20220320 * Update a Recommend tag: use libreoffice-gtk3 instead of libreoffice-qt5 to fix input method cursor follow ++++ plasma5-openSUSE: - Use 'https://' instead of 'git://' to fetch Github changes. ------------------------------------------------------------------ ------------------ 2022-3-19 - Mar 19 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-preempt: - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - Refresh patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch. - commit 8588aa6 - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - commit 5c5db21 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - commit a719566 - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - commit 53c2db3 ++++ go1.18: - Add %define go_label as a configurable Go toolchain directory * go_label can be used to package multiple Go toolchains with the same go_api * go_label should be defined as go_api with an optional suffix e.g. %{go_api} or %{go_api}-foo * Default go_label = go_api makes no changes to package layout ++++ gstreamer-docs: - Update to version 1.20.1: + Various updates in different sub-modules. ++++ python-gst: - Update to version 1.20.1: + Fix build with Python 3.11. ++++ kernel-vanilla: - rpm: Use bash for %() expansion (jsc#SLE-18234). Since 15.4 alternatives for /bin/sh are provided by packages -sh. While the interpreter for the build script can be selected the interpreter for %() cannot. The kernel spec files use bashisms in %(). While this could technically be fixed there is more serious underlying problem: neither bash nor any of the alternatives are 100% POSIX compliant nor bug-free. It is not my intent to maintain bug compatibility with any number of shells for shell scripts embedded in the kernel spec file. The spec file syntax is not documented so embedding the shell script in it causes some unspecified transformation to be applied to it. That means that ultimately any changes must be tested by building the kernel, n times if n shells are supported. To reduce maintenance effort require that bash is used for kernel build always. - commit bb95fef ++++ vlc: - Update to version 3.0.17.3: + This is a fixup release which fixes a regression that could cause a lack of audio for adaptive streaming playback. It is identical to 3.0.17.2 otherwise. + This updates contains various fixes and improvements: - Major adaptive streaming stack overhaul - Major codec updates - Many third party libraries update - Allow brackets in the path section of URLs - Better notch support for new macbooks - Add support for DAV video and Webp image formats - Improve AV1 live streaming support - Several SRT support improvements - Numerous crash fixes - Update youtube script - Changes from version 3.0.17.2: + This is a fixup release which fixes youtube playback and contextual menus on integrated video for the Qt interface. It is identical to 3.0.17-1 otherwise. - Changes from version 3.0.17-1: + This is a fixup release which bumps libflac to 1.3.4 in order to fix CVE-2020-0499 and CVE-2021-0561 on platforms for which we provide binary releases. ++++ vlc: - Update to version 3.0.17.3: + This is a fixup release which fixes a regression that could cause a lack of audio for adaptive streaming playback. It is identical to 3.0.17.2 otherwise. + This updates contains various fixes and improvements: - Major adaptive streaming stack overhaul - Major codec updates - Many third party libraries update - Allow brackets in the path section of URLs - Better notch support for new macbooks - Add support for DAV video and Webp image formats - Improve AV1 live streaming support - Several SRT support improvements - Numerous crash fixes - Update youtube script - Changes from version 3.0.17.2: + This is a fixup release which fixes youtube playback and contextual menus on integrated video for the Qt interface. It is identical to 3.0.17-1 otherwise. - Changes from version 3.0.17-1: + This is a fixup release which bumps libflac to 1.3.4 in order to fix CVE-2020-0499 and CVE-2021-0561 on platforms for which we provide binary releases. ------------------------------------------------------------------ ------------------ 2022-3-18 - Mar 18 2022 ------------------- ------------------------------------------------------------------ ++++ arm-trusted-firmware: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-a80x0_mcbin: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-imx8mm: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-imx8mq: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-poplar: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-qemu: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-qemu_sbsa: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-rk3328: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-rk3368: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-rpi3: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-rpi4: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-sun50i_a64: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-sun50i_h6: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-tegra186: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-tegra210: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ arm-trusted-firmware-zynqmp: - Backport fallowing patches mitigating CVE-2022-23960 [1] and [2]. 0001-docs-security-security-advisory-for-CVE-2022-23960.patch 0002-fix-security-workaround-for-CVE-2022-23960.patch 0003-refactor-el3-runtime-change-Cortex-A76-implementatio.patch 0004-fix-security-loop-workaround-for-CVE-2022-23960-for-.patch 0005-fix-security-workaround-for-CVE-2022-23960-for-Corte.patch 0006-fix-security-SMCCC_ARCH_WORKAROUND_3-mitigations-for.patch Fixes bsc#1196657 [1] https://trustedfirmware-a.readthedocs.io/en/latest/security_advisories/security-advisory-tfv-9.html [2] https://review.trustedfirmware.org/q/topic:"spectre_bhb" ++++ bcm43xx-firmware: - Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) ++++ cloud-regionsrv-client: - Update to version 10.0.2 + Fix name of logfile in error message + Fix variable scoping to properly detect registration error + Cleanup any artifacts on registration failure + Fix latent bug with /etc/hosts population + Do not throw error when attemting to unregister a system that is not registered + Skip extension registration if the extension is recommended by the baseproduct as it gets automatically installed - Update to version 10.0.1 (bsc#1197113) + Provide status feedback on registration, success or failure + Log warning message if data provider is configured but no data can be retrieved - Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564) + The repo enablement timer cannot depend on guestregister.service ++++ kernel-64kb: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-azure: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-default: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-preempt: - Sort in upstreamed BHB patches - Refresh patches.suse/documentation-hw-vuln-update-spectre-doc.patch. - Refresh patches.suse/x86-speculation-add-eibrs-retpoline-options.patch. - Refresh patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch. - Refresh patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. - Refresh patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch. - commit 4062a7a - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - commit 808c094 - Revert "rpm/kernel-source.spec.in: call fdupes per subpackage" This reverts commit 1da843983718d4cfdd652a76e428abee98e37450. - commit f349b81 - Revert "build initrd without systemd" (bsc#1197300) This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76. It seems to be the cause of a stall in OBS build that resulted in the failure with obs-build-qa (and possibly others). - commit ff2b28e - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - commit 759dc2b - blacklist.conf: net/smc cleanup with no functional change - commit 5a33cbb ++++ dtb-aarch64: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ golang-github-prometheus-prometheus: - Create firewalld-prometheus-config subpackage (bsc#1197042, jsc#SLE-24374, jsc#SLE-24375) ++++ gnutls: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch - Enable to run the regression tests also in FIPS mode. ++++ gstreamer: - Update to version 1.20.1: + deinterlace: various bug fixes for yadif, greedy and scalerbob methods + gtk video sink: Fix rotation not being applied when paused + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + videoaggregator fixes (negative rate handling, current position rounding) + soup http plugin: Lookup libsoup dylib files on Apple platforms; fix Cerbero static build on Android and iOS + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros + GstPlay: Fix new error + warning parsing API (was unusuable before) + mpegtsmux: VBR muxing fixes + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + Support build against libfreeaptx in openaptx plugin + webrtc: Various fixes to the webrtc-sendrecv python example + macOS: support a relocatable `GStreamer.framework` on macOS + macOS: fix applemedia plugin failing to load on ARM64 macOS + windows: ship wavpack library + gst-python: Fix build with Python 3.11 + various bug fixes, memory leak fixes, and other stability and reliability improvements + plugin loader: show the reason when spawning of gst-plugin-scanner fails + registry, plugin loading: fix dynamic relocation if GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; improve GST_PLUGIN_SUBDIR handling + context: fix transfer annotation on gst_context_writable_structure() for bindings + baseparse: Don't truncate the duration to milliseconds in gst_base_parse_convert_default() + bufferpool: Deactivate pool and get rid of references to other objects from dispose instead of finalize ++++ gstreamer-devtools: - Update to version 1.20.1: + gst-env: various clean-ups and documentation improvements ++++ gstreamer-editing-services: - Update to version 1.20.1: + Update validate test scenarios for videoaggregator rounding behaviour change ++++ gstreamer-plugins-bad: - Update to version 1.20.1: + GstPlay: Fix new error + warning parsing API (was unusuable before) + av1parse: let the parser continue on verbose OBUs + d3d11converter: Fix RGB to GRAY conversion, broken debug messages, and add missing GRAY conversion + gs: look for google_cloud_cpp_storage.pc + ipcpipeline: fix crash and error on windows with SOCKET or _pipe() + ivfparse: Don't set zero resolution on caps + mpegtsdemux: Handle PES headers bigger than a mpeg-ts packet; fix locking in error code path; handle more program updates + mpegtsmux: Start last_ts with GST_CLOCK_TIME_NONE to fix VBR muxing behaviour + mpegtsmux: Thread safety fixes: lock mux->tsmux, the programs hash table, and pad streams + mpegtsmux: Skip empty buffers + osxaudiodeviceprovider: Add initial support for duplex devices on OSX + rtpldacpay: Fix missing payload information + sdpdemux: add media attributes to caps, fixes ptp clock handling + mfaudioenc: Handle empty IMFMediaBuffer + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + nvenc: Fix deadlock because of too strict buffer pool size + va: fix library build issues, caps leaks in the vpp transform function, and add vaav1dec to documentation + v4l2codecs: vp9: Minor fixes + v4l2codecs: h264: Correct scaling matrix ABI check + dtlstransport: Notify ICE transport property changes + webrtc: Various fixes to the webrtc-sendrecv python example + webrtc-ice: Fix memory leaks in gst_webrtc_ice_add_candidate() + Support build against libfreeaptx in openaptx plugin + Fix linking issues on Illumos distros - Drop patch already included upstream: + 1634.patch ++++ gstreamer-plugins-base: - Update to version 1.20.1: + typefindfunctions: Fix WebVTT format detection for very short files + gldisplay: Reorder GST_GL_WINDOW check for egl-device + rtpbasepayload: Copy all buffer metadata instead of just GstMetas for the input meta buffer + codec-utils: Avoid out-of-bounds error + navigation: Fix Since markers for mouse scroll events + videoaggregator: Fix for unhandled negative rate + videoaggregator: Use floor() to calculate current position + video-color: Fix for missing clipping in PQ EOTF function + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + audiovisualizer: shader: Fix out of bound write ++++ gstreamer-plugins-good: - Update to version 1.20.1: + deinterlace: various bug fixes for yadif method + deinterlace: Refactor greedyh and fix planar formats + deinterlace: Prevent race between method configuration and latency query + gtk video sink: Fix rotation not being applied when paused + jpegdec: fix RGB conversion handling + matroskademux: improved ProRes video handling + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio caps fields correctly when checking caps equality on input caps changes + rtprtx: don't access type-system per buffer (performance optimisation); code cleanups + rtpulpfecenc: fix unmatched g_slice_free() + rtpvp8depay: fix crash when making GstRTPPacketLost custom event + qtmux: Don't post an error message if pushing a sample failed with FLUSHING (e.g. on pipeline shutdown) + soup: Lookup libsoup dylib files on Apple platforms & fix Cerbero static build on Android and iOS + souphttpsrc: element not present on iOS after 1.20.0 update + v4l2tuner: return NULL if no norm set + v4l2bufferpool: Fix race condition between qbuf and pool streamoff + meson: Don't build lame plugin with -Dlame=disabled ++++ gstreamer-plugins-libav: - Update to version 1.20.1: + No changes ++++ gstreamer-plugins-ugly: - Update to version 1.20.1: + x264enc: fix plugin long-name and description ++++ gstreamer-plugins-vaapi: - Update to version 1.20.1: + No changes ++++ gstreamer-rtsp-server: - Update to version 1.20.1: + Fix race in rtsp-client when tunneling over HTTP ++++ kernel-debug: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-source: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-source-azure: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-docs: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-kvmsmall: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-obs-build: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-obs-qa: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-syms: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-syms-azure: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ kernel-zfcpdump: - arm64: PCI: Support root bridge preparation for Hyper-V (bsc#1197291). - arm64: PCI: Restructure pcibios_root_bridge_prepare() (bsc#1197291). - commit 060e164 ++++ libadwaita: - Update to version 1.1.0: + Fix introspection-related build warnings. + Updated translations. ++++ util-linux: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ++++ texlive: - Also add some obsoletes ++++ openldap2: - jsc#PM-3288 - restore CLDAP functionality in CLI tools ++++ libnvme: - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ++++ openssl-1_1: - FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] * The IG 10.3.A and SP800-132 require some minimum parameters for the salt length, password length and iteration count. These parameters should be also used in the KAT. * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch ++++ mdadm: - skip RAID assembly if DM_UDEV_DISABLE_OTHER_RULES_FLAG (bsc#1196054) * Add 0121-udev-md-raid-assembly.rules-skip-if-DM_UDEV_DISABLE_.patch ++++ nvme-cli: - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ++++ package-translations: - Update to version 89.87.20220316.36bed595: * Update pot and po files for Leap 15.4 and SLE 15 SP4 * urls_sle.txt: Update for the latest SLE15 SP4 content * Replace non-responding downloadcontent.opensuse.org by download.opensuse.org * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Dutch) * Translated using Weblate (Finnish) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Polish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) ++++ python3-libmount: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ++++ qt5integration: - Use another way to workaround crash bug: add BASED_DTK_DIR=based-dtk to qmake ++++ texlive-specs-g: - Also add some obsoletes ++++ texlive-specs-i: - Also add some obsoletes ++++ texlive-specs-n: - Also add some obsoletes ++++ texlive-specs-s: - Also add some obsoletes ++++ texlive-specs-t: - Also add some obsoletes ++++ texlive-specs-w: - Also add some obsoletes ++++ trivy: - Update to version 0.24.4: * fix(docker): Getting images without a tag (#1852) * docs(gitlab-ci): Use environment variables TRIVY_CACHE_DIR and TRIVY_NO_PROGRESS (#1801) ++++ util-linux-systemd: - Extend cache in uuid_generate_time_generic() (bsc#1194642#c51, util-linux-libuuid-extend-cache.patch). ++++ xorg-x11-server: - U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch * avoid consequently failing page flip (boo#1197269) ++++ yast2-installation: - Do not stop xvnc.socket but run the YaST2-Second-Stage and YaST2-Firsboot services before it in order to prevent early vnc connections (bsc#1197265) -4.4.50 ------------------------------------------------------------------ ------------------ 2022-3-17 - Mar 17 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, faster buildhosts, as the others struggle to build FF. ++++ MozillaThunderbird: - Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, faster buildhosts, as the others struggle to build TB. ++++ Photini: - Update to version 2022.3.0 * Removed OpenStreetMap tab. * Added licence related stuf to ownership tab. * Removed --user option from post install script. * Better caching of geocoder results. * Other minor improvements and bug fixes. ++++ apache2: - security update - modified patches % apache2-CVE-2022-23943.patch (extended by r1898772 [bsc#1197095c#10]) ++++ bind: - Obsolete bind-chrootenv as it is no longer needed. [bsc#1196990, bind.spec] ++++ kernel-64kb: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-azure: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-default: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-preempt: - Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245) - commit fd3b6e8 - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - commit 598f26f - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 1580ab2 - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - commit 1cdc779 - Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge - commit 891ddc4 ++++ desktop-translations: - Update to version 84.87.20220316.9301f89b: * Update strings from Leap 15.4. * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan)) * Translated using Weblate (Croatian) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Finnish) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Hindi) * Translated using Weblate (Indonesian) * Translated using Weblate (Italian) * Translated using Weblate (Japanese) * Translated using Weblate (Kabyle) * Translated using Weblate (Lithuanian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Turkish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Vietnamese) ++++ dtb-aarch64: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ enlightenment-profiles-openSUSE: - 20220317 - e25 dropped the teamwork module and I added the msgbus module because its useful - Updated URL moved profiles out of my namespace and into the openSUSE one. ++++ itextpdf: - Remove unneeded BuildRequires: mvn(org.codehaus.mojo:buildnumber-maven-plugin) ++++ java-11-openjdk: - Stop adding the JavaEE modules when building for Factory ++++ kernel-debug: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-source: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-source-azure: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-docs: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-kvmsmall: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-obs-build: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-obs-qa: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-syms: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-syms-azure: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ kernel-vanilla: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 95d7e2c - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - commit 065384f - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - commit f59903f ++++ kernel-zfcpdump: - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - commit 6dcb47f ++++ tigervnc: - U_0003-Update-Surface_X11.cxx.patch * Fix to render properly considering endianness. * bsc#1197119 ++++ libgnomesu: - Update to version 2.0.7: * Updated translations. * Better wording in the documentation. ++++ paraview: - Update to version 5.10.1: * User interface: - State files appear as datasets. - File dialog issues in client/server mode. - Stride in Animation View is too restricted. - Context menu in file dialog doesn't work on macOS with Qt 5.15.1. - Python tracing fails when a custom source exists. - Python Shell broken by any custom filter. - Stereo broken in CAVE environments. - Parallel Coordinates segfault. - Can't set frame rate when saving MP4 animation. - command_button widget is not visible anymore. - Client information does not show VTK version. - Only fetch favorites from server on creation. * Filters: - Ghost cell generator crash. - Redistribute dataset on Image Data then generate Ghost cells seems to give the wrong result. - TemporalParticlesToPathlines fails with AMReX particle data: "The input dataset did not have a valid DATA_TIME_STEPS information key". * Readers: - Sideset error with IOSS reader. - IOSS reader is slow with small, parallel dataset. - IOSS reader and set variables don't work. - Restart file fails with IOSS reader. - PIO reader seg faults on warnings for client-server. - PIO reader fails on extra file in directory. - PIO reader access to restart block and even/odd checkpoints. - openPMD: Fix Particle Time Series. * Catalyst: - Multiple grids with multiple pipelines produces failure in coprocessing.py. - SaveExtract volumetric cinema database crash. * Build: - Guard the list of required vtk components for paraview package. - pqPythonUtils.h not installed. - Update guide books: * ParaViewGettingStarted-5.10.1.pdf. * ParaViewTutorial-5.10.1.pdf. - Adapt defined macros for versioning to be more recyclable. - Drop some zero-length cmake files from %{_libdir}/cmake/ which are useless anyway. ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#863 - do not run blkdiscard on extended partitions (bsc#1197257) - 4.4.94 ++++ timezone: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ++++ timezone-java: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not -03-26* * zdump -v now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ++++ trivy: - BuildRequire go1.17 ++++ yast2-installation: - Run the YaST2-Second-Stage and YaST2-Firsboot services after purge-kernels to prevent a zypper lock error message (bsc#1196431). - 4.4.49 ++++ yast2-packager: - Read the products from libzypp in installed system, fixes crash during online migration (related to jsc#SLE-17309) - 4.4.26 ------------------------------------------------------------------ ------------------ 2022-3-16 - Mar 16 2022 ------------------- ------------------------------------------------------------------ ++++ apache2: - security update - added patches fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed + apache2-CVE-2022-23943.patch fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling + apache2-CVE-2022-22720.patch fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua + apache2-CVE-2022-22719.patch fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody + apache2-CVE-2022-22721.patch - apply correctly patches for CVE-2021-44790 [bsc#1193942] and CVE-2021-44224 [bsc#1193943] ++++ bind: - * When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. [CVE-2021-25220] * TCP connection slots may be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block, and as such, any hosts specified within it will be able to trigger this issue on affected versions. [CVE-2022-0396] [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch CVE-2022-0396, bsc#1197136, bind-9.16.27-0002-CVE-2022-0396.patch] ++++ budgie-desktop: - Fix upgrading from older Budgie by adding versioned Requires on shared libraries - Update versioned Requires for other Budgie applications - Update to version 10.6+4: * Only set valid target_icon_size values in icon tasklist - Avoid ISO C warnings by setting -Wno-pedantic and removing - std=c11 ++++ budgie-desktop-branding: - Update to version 20220316.1: * fix inclusion of screensaver files in meson.build - Require systemd-icon-branding for LOGO in Budgie Control Center ++++ budgie-haste-applet: - Avoid ISO C warnings by setting -Wno-pedantic ++++ budgie-screenshot-applet: - Avoid ISO C warnings by setting -Wno-pedantic ++++ chromium: - Chromium 99.0.4844.74 (boo#1197163) * CVE-2022-0971: Use after free in Blink Layout * CVE-2022-0972: Use after free in Extensions * CVE-2022-0973: Use after free in Safe Browsing * CVE-2022-0974: Use after free in Splitscreen * CVE-2022-0975: Use after free in ANGLE * CVE-2022-0976: Heap buffer overflow in GPU * CVE-2022-0977: Use after free in Browser UI * CVE-2022-0978: Use after free in ANGLE * CVE-2022-0979: Use after free in Safe Browsing * CVE-2022-0980: Use after free in New Tab Page * Various fixes from internal audits, fuzzing and other initiatives ++++ kernel-64kb: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-azure: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-default: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-preempt: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit edaafdd - s390/module: fix loading modules with a lot of relocations (git-fixes). - commit bc1865f - blacklist.conf: prerequisites break kABI - commit d0b972b - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - commit 2f0dd10 - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - commit 1cc7c78 ++++ nodejs16: - update to LTS release 16.14.1: * deps: upgrade npm to 8.5.0 * http2: fix memory leak on nghttp2 hd threshold - 42342.patch: upstreamed, dropped - versioned.patch: refreshed ++++ dtb-aarch64: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ firecracker: - Bump rust to 1.46.0 for vmm-sys-util building https://blog.rust-lang.org/2020/08/27/Rust-1.46.0.html#const-fn-improvements - Bump Regex crate to 1.5.5 (CVE-2022-24713, boo#1196972) 0001-cargo-update-regex-dependency.patch ++++ firewalld: - Add patch which fixes the zone configuration (bsc#1191837) * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch ++++ fish: - security update - added patches fix CVE-2022-20001 [bsc#1197139], Navigating to a compromised git repository may lead to arbitrary code execution + fish-CVE-2022-20001.patch ++++ gdm: - Add gdm-restart-session-when-X-server-restart.patch: Avoiding the blank screen when X server restarts with GDM_DISABLE_USER_DISPLAY_SERVER=1 (bsc#1196974). ++++ kernel-debug: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-source: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-source-azure: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-docs: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-kvmsmall: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-obs-build: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-obs-qa: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-syms: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-syms-azure: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kernel-vanilla: - Update patches.suse/sr9700-sanity-check-for-packet-length.patch (bac#1196836 CVE-2022-26966). added CVE number - commit 7e940d6 - rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942). When dependency cycles are encountered package dependencies may not be fulfilled during zypper transaction at the time scriptlets are run. This is a problem for kernel scriptlets provided by suse-module-tools when migrating to a SLE release that provides these scriptlets only as part of LTSS. The suse-module-tools that provides kernel scriptlets may be removed early causing migration to fail. - commit ab8dd2d - Delete patches.suse/net-tipc-validate-domain-record-count-on-input.patch. Change included in patches.suse/tipc-improve-size-validations-for-received-domain-re.patch - commit 064907e - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 ++++ kernel-zfcpdump: - sr9700: sanity check for packet length (bsc#1196836 CVE-2022-26966). - commit 56eea34 - Update kabi files. Update to reflect the changes from bpf CVE fixes. - commit 993b084 - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - commit f0d0e90 - nvme-rdma: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme-tcp: fix possible use-after-free in transport error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). Refresh: - patches.suse/0006-nvme-Implement-In-Band-authentication.patch - nvme: fix a possible use-after-free in controller reset during load (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-fabrics: ignore invalid fast_io_fail_tmo values (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 bsc#1197146 bsc#1193554). - nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 bsc#1197146 bsc#1193554). - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). - commit 4ccb78c - series: Resort entries The series is not sorted which makes qdoit unhappy. Sort it. - commit ce701de ++++ kexi: - Use BuildRequires/Requires: breeze5-icons-rcc for Leap 15.4 ++++ texlive: - Add missed package splits for bsc#1196711 ++++ systemd: - Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c - Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1 f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) 3349f636dc man: tweak description of auto/noauto (bsc#1191502) ++++ wavpack: - security update - added patches fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file + wavpack-CVE-2021-44269.patch ++++ linuxrc: - merge gh#openSUSE/linuxrc#292 - do not leave repository mounted when starting yast (bsc#1196061) - improve url logging function - handle umount errors better - 7.0.31.6 - merge gh#openSUSE/linuxrc#290 - check also raid devices for install repo (bsc#1196061) ++++ pam: - Between allocating the variable "ai" and free'ing them, there are two "return NO" were we don't free this variable. This patch inserts freaddrinfo() calls before the "return NO;"s. [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] ++++ pdf2djvu: - Update to 0.9.18.2: * Document minimum required Exiv2 version. * Fix build failure with upcoming Exiv2 1.0. * Remove spurious zero-width spaces from the Ukrainian manual page. * Improve the test suite - Add upstream changes: * 0001-pdf-backend-fix-compat-with-Poppler-22.02.patch * 0002-main-use-pdf-link-Destination-copy-constructor.patch * 0003-pdf-backend-fix-compat-with-Poppler-22.02.patch * 0004-pdf-backend-simplify-Poppler-22.03-compat-code.patch ++++ systemd-mini: - Import commit 5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c (merge of v249.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/23b6a8633186a2b5b2487621c81ec7e7bb068db1...5b022ce3dbad3189b7ce1e7b0f018b18ac6e583c - Import commit 23b6a8633186a2b5b2487621c81ec7e7bb068db1 f19292f18d udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) 3349f636dc man: tweak description of auto/noauto (bsc#1191502) ++++ texlive-specs-a: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-b: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-c: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-d: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-e: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-f: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-g: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip latexmk_perl.dif as alredy upstream ++++ texlive-specs-h: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-i: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip patch latexmk_perl.dif as this is upstream in TL 2021 (bsc#1094731) - Ignore patch latexdiff_perl.dif for bsc#1118796 as this is already part of upstream TeXLive 2021 - Ignore patch fancyhdr_newtoks.dif for bsc#1190640 as this is already part of upstream TeXLive 2021 ++++ texlive-specs-j: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-k: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-l: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-m: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-n: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip patch latexmk_perl.dif as this is upstream in TL 2021 (bsc#1094731) - Ignore patch latexdiff_perl.dif for bsc#1118796 as this is already part of upstream TeXLive 2021 - Ignore patch fancyhdr_newtoks.dif for bsc#1190640 as this is already part of upstream TeXLive 2021 ++++ texlive-specs-o: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-p: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-q: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-r: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-s: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip patch latexmk_perl.dif as this is upstream in TL 2021 (bsc#1094731) - Ignore patch latexdiff_perl.dif for bsc#1118796 as this is already part of upstream TeXLive 2021 - Ignore patch fancyhdr_newtoks.dif for bsc#1190640 as this is already part of upstream TeXLive 2021 ++++ texlive-specs-t: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip patch latexmk_perl.dif as this is upstream in TL 2021 (bsc#1094731) - Ignore patch latexdiff_perl.dif for bsc#1118796 as this is already part of upstream TeXLive 2021 - Ignore patch fancyhdr_newtoks.dif for bsc#1190640 as this is already part of upstream TeXLive 2021 ++++ texlive-specs-u: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-w: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 - Skip latexmk_perl.dif as alredy upstream ++++ texlive-specs-v: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-x: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-y: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ texlive-specs-z: - Backport TeXLive 2021, full python3 support and no poppler anymore - Add missed package splits for bsc#1196711 ++++ trivy: - Update to version 0.24.3: * chore(issue labels): added new labels (#1839) * refactor: clarify db update warning messages (#1808) * chore(ci): change trivy vulnerability scan for every day (#1838) * feat(helm): make Trivy service name configurable (#1825) * chore(deps): updated sprig to version v3.2.2. (#1814) * chore(deps): updated testcontainers-go to version v0.12.0 (#1822) * docs: add packages.config for .NET (#1823) * build: sign container image (#1668) * chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.4.0 to 0.5.0 (#1778) * docs: fix Installation documentation (#1804) * fix(report): ensure json report got a final new line (#1797) * fix(terraform): resolve panics in defsec (#1811) * feat(docker): Label images based on OCI image spec (#1793) * fix(helm): indentation for ServiceAccount annotations (#1795) * fix(hcl): fix panic in hcl2json (#1791) * chore(helm): remove psp from helm manifest (#1315) * build: Replace `make protoc` with `for loop` to return an error (#1655) * fix: ASFF template to match ASFF schema (#1685) * feat(helm): Add support for server token (#1734) ------------------------------------------------------------------ ------------------ 2022-3-15 - Mar 15 2022 ------------------- ------------------------------------------------------------------ ++++ ComputeLibrary: - Update to 22.02: * Public major release * Documentation (API, changelogs, build guide, contribution guide, errata, etc.) available here: https://arm-software.github.io/ComputeLibrary/v22.02 ++++ MozillaFirefox: - Firefox Extended Support Release 91.7.1 ESR * Changed: Yandex and Mail.ru have been removed as optional search providers in the drop-down search menu in Firefox. If you previously installed a customized version of Firefox with Yandex or Mail.ru, offered through partner distribution channels, this release removes those customizations, including add-ons and default bookmarks. Where applicable, your browser will revert back to default settings, as offered by Mozilla. All other releases of Firefox remain unaffected by the change. ++++ armnn: - Update to 22.02: * Changelog: https://github.com/ARM-software/armnn/releases/tag/v22.02 * Add libarmnnTestUtils ++++ armnn-opencl: - Update to 22.02: * Changelog: https://github.com/ARM-software/armnn/releases/tag/v22.02 * Add libarmnnTestUtils ++++ autofs: - autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch Fix problem with quote handling (bsc#1181715) ++++ belr: - revert license tag change: * no GPL-3.0-only declaration could be found in source ++++ ceph: - Update to 16.2.7-640-gceb23c7491b + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade ++++ ceph-test: - Update to 16.2.7-640-gceb23c7491b + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade ++++ kernel-64kb: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-azure: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-default: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-preempt: - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - commit 3863766 - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - commit 9d7504f - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit b026506 - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - commit 5ad82f7 - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - commit 6109544 - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - commit 44ceec6 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ nodejs16: - 42342.patch: fix expired certificates in unit tests ++++ deepin-start: - Change license tag to GPL-3.0-or-later ++++ deepin-system-monitor: - change license tag to GPL-3.0-or-later. ++++ dtb-aarch64: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ glib2-branding-openSUSE: - Update .gschema.override.in: Change default libreoffice startup entry to libreoffice-startcenter.desktop according to the libreoffice update (bsc#1195836, bsc#1196951). ++++ go1.18: - go1.18 (released 2022-03-15) is a major release of Go. go1.18.x minor releases will be provided through February 2023. https://github.com/golang/go/wiki/Go-Release-Cycle Go 1.18 is a significant release, including changes to the language, implementation of the toolchain, runtime, and libraries. Go 1.18 arrives seven months after Go 1.17. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. Refs boo#1193742 go1.18 release tracking * See release notes https://golang.org/doc/go1.18. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * Go 1.18 includes an implementation of generic features as described by the Type Parameters Proposal. This includes major but fully backward-compatible changes to the language. * The Go 1.18 compiler now correctly reports declared but not used errors for variables that are set inside a function literal but are never used. Before Go 1.18, the compiler did not report an error in such cases. This fixes long-outstanding compiler issue go#8560. * The Go 1.18 compiler now reports an overflow when passing a rune constant expression such as '1' << 32 as an argument to the predeclared functions print and println, consistent with the behavior of user-defined functions. Before Go 1.18, the compiler did not report an error in such cases but silently accepted such constant arguments if they fit into an int64. Since go vet always pointed out this error, the number of affected programs is likely very small. * AMD64: Go 1.18 introduces the new GOAMD64 environment variable, which selects at compile time a minimum target version of the AMD64 architecture. Allowed values are v1, v2, v3, or v4. Each higher level requires, and takes advantage of, additional processor features. A detailed description can be found here. The GOAMD64 environment variable defaults to v1. * RISC-V: The 64-bit RISC-V architecture on Linux (the linux/riscv64 port) now supports the c-archive and c-shared build modes. * Linux: Go 1.18 requires Linux kernel version 2.6.32 or later. * Fuzzing: Go 1.18 includes an implementation of fuzzing as described by the fuzzing proposal. See the fuzzing landing page to get started. Please be aware that fuzzing can consume a lot of memory and may impact your machine’s performance while it runs. * go get: go get no longer builds or installs packages in module-aware mode. go get is now dedicated to adjusting dependencies in go.mod. Effectively, the -d flag is always enabled. To install the latest version of an executable outside the context of the current module, use go install example.com/cmd@latest. Any version query may be used instead of latest. This form of go install was added in Go 1.16, so projects supporting older versions may need to provide install instructions for both go install and go get. go get now reports an error when used outside a module, since there is no go.mod file to update. In GOPATH mode (with GO111MODULE=off), go get still builds and installs packages, as before. * Automatic go.mod and go.sum updates: The go mod graph, go mod vendor, go mod verify, and go mod why subcommands no longer automatically update the go.mod and go.sum files. (Those files can be updated explicitly using go get, go mod tidy, or go mod download.) * go version: The go command now embeds version control information in binaries. It includes the currently checked-out revision, commit time, and a flag indicating whether edited or untracked files are present. Version control information is embedded if the go command is invoked in a directory within a Git, Mercurial, Fossil, or Bazaar repository, and the main package and its containing main module are in the same repository. This information may be omitted using the flag - buildvcs=false. Additionally, the go command embeds information about the build, including build and tool tags (set with -tags), compiler, assembler, and linker flags (like - gcflags), whether cgo was enabled, and if it was, the values of the cgo environment variables (like CGO_CFLAGS). Both VCS and build information may be read together with module information using go version -m file or runtime/debug.ReadBuildInfo (for the currently running binary) or the new debug/buildinfo package. The underlying data format of the embedded build information can change with new go releases, so an older version of go may not handle the build information produced with a newer version of go. To read the version information from a binary built with go 1.18, use the go version command and the debug/buildinfo package from go 1.18+. * go mod download: If the main module's go.mod file specifies go 1.17 or higher, go mod download without arguments now downloads source code for only the modules explicitly required in the main module's go.mod file. (In a go 1.17 or higher module, that set already includes all dependencies needed to build the packages and tests in the main module.) To also download source code for transitive dependencies, use go mod download all. * go mod vendor: The go mod vendor subcommand now supports a -o flag to set the output directory. (Other go commands still read from the vendor directory at the module root when loading packages with -mod=vendor, so the main use for this flag is for third-party tools that need to collect package source code.) * go mod tidy: The go mod tidy command now retains additional checksums in the go.sum file for modules whose source code is needed to verify that each imported package is provided by only one module in the build list. Because this condition is rare and failure to apply it results in a build error, this change is not conditioned on the go version in the main module's go.mod file. * go work: The go command now supports a "Workspace" mode. If a go.work file is found in the working directory or a parent directory, or one is specified using the GOWORK environment variable, it will put the go command into workspace mode. In workspace mode, the go.work file will be used to determine the set of main modules used as the roots for module resolution, instead of using the normally-found go.mod file to specify the single main module. For more information see the go work documentation. * go build -asan: The go build command and related commands now support an -asan flag that enables interoperation with C (or C++) code compiled with the address sanitizer (C compiler option -fsanitize=address). * //go:build lines: Go 1.17 introduced //go:build lines as a more readable way to write build constraints, instead of // +build lines. As of Go 1.17, gofmt adds //go:build lines to match existing +build lines and keeps them in sync, while go vet diagnoses when they are out of sync. Since the release of Go 1.18 marks the end of support for Go 1.16, all supported versions of Go now understand //go:build lines. In Go 1.18, go fix now removes the now-obsolete // +build lines in modules declaring go 1.17 or later in their go.mod files. For more information, see https://go.dev/design/draft-gobuild. * go vet: The vet tool is updated to support generic code. In most cases, it reports an error in generic code whenever it would report an error in the equivalent non-generic code after substituting for type parameters with a type from their type set. * go vet: The cmd/vet checkers copylock, printf, sortslice, testinggoroutine, and tests have all had moderate precision improvements to handle additional code patterns. This may lead to newly reported errors in existing packages. * Runtime: The garbage collector now includes non-heap sources of garbage collector work (e.g., stack scanning) when determining how frequently to run. As a result, garbage collector overhead is more predictable when these sources are significant. For most applications these changes will be negligible; however, some Go applications may now use less memory and spend more time on garbage collection, or vice versa, than before. The intended workaround is to tweak GOGC where necessary. The runtime now returns memory to the operating system more efficiently and has been tuned to work more aggressively as a result. * Compiler: Go 1.17 implemented a new way of passing function arguments and results using registers instead of the stack on 64-bit x86 architecture on selected operating systems. Go 1.18 expands the supported platforms to include 64-bit ARM (GOARCH=arm64), big- and little-endian 64-bit PowerPC (GOARCH=ppc64, ppc64le), as well as 64-bit x86 architecture (GOARCH=amd64) on all operating systems. On 64-bit ARM and 64-bit PowerPC systems, benchmarking shows typical performance improvements of 10% or more. As mentioned in the Go 1.17 release notes, this change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. See the Go 1.17 release notes for more details. * Compiler: The compiler now can inline functions that contain range loops or labeled for loops. * Compiler: The new -asan compiler option supports the new go command -asan option. * Compiler: Because the compiler's type checker was replaced in its entirety to support generics, some error messages now may use different wording than before. In some cases, pre-Go 1.18 error messages provided more detail or were phrased in a more helpful way. We intend to address these cases in Go 1.19. Because of changes in the compiler related to supporting generics, the Go 1.18 compile speed can be roughly 15% slower than the Go 1.17 compile speed. The execution time of the compiled code is not affected. We intend to improve the speed of the compiler in Go 1.19. * Linker: The linker emits far fewer relocations. As a result, most codebases will link faster, require less memory to link, and generate smaller binaries. Tools that process Go binaries should use Go 1.18's debug/gosym package to transparently handle both old and new binaries. * Linker: The new -asan linker option supports the new go command - asan option. * Bootstrap: When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 (%HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go now looks first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4. We intend for Go 1.19 to require Go 1.17 or later for bootstrap, and this change should make the transition smoother. For more details, see go#44505. * The new debug/buildinfo package provides access to module versions, version control information, and build flags embedded in executable files built by the go command. The same information is also available via runtime/debug.ReadBuildInfo for the currently running binary and via go version -m on the command line. * The new net/netip package defines a new IP address type, Addr. Compared to the existing net.IP type, the netip.Addr type takes less memory, is immutable, and is comparable so it supports == and can be used as a map key. * TLS 1.0 and 1.1 disabled by default client-side: If Config.MinVersion is not set, it now defaults to TLS 1.2 for client connections. Any safely up-to-date server is expected to support TLS 1.2, and browsers have required it since 2020. TLS 1.0 and 1.1 are still supported by setting Config.MinVersion to VersionTLS10. The server-side default is unchanged at TLS 1.0. The default can be temporarily reverted to TLS 1.0 by setting the GODEBUG=tls10default=1 environment variable. This option will be removed in Go 1.19. * Rejecting SHA-1 certificates: crypto/x509 will now reject certificates signed with the SHA-1 hash function. This doesn't apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015. This can be temporarily reverted by setting the GODEBUG=x509sha1=1 environment variable. This option will be removed in Go 1.19. * crypto/elliptic The P224, P384, and P521 curve implementations are now all backed by code generated by the addchain and fiat-crypto projects, the latter of which is based on a formally-verified model of the arithmetic operations. They now use safer complete formulas and internal APIs. P-224 and P-384 are now approximately four times faster. All specific curve implementations are now constant-time. Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or a Curve method operating on a valid point) has always been undefined behavior, can lead to key recovery attacks, and is now unsupported by the new backend. If an invalid point is supplied to a P224, P384, or P521 method, that method will now return a random point. The behavior might change to an explicit panic in a future release. * crypto/tls: The new Conn.NetConn method allows access to the underlying net.Conn. * crypto/x509: Certificate.Verify now uses platform APIs to verify certificate validity on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using the root pool returned from SystemCertPool. SystemCertPool is now available on Windows. * crypto/x509: CertPool.Subjects is deprecated. On Windows, macOS, and iOS the CertPool returned by SystemCertPool will return a pool which does not include system roots in the slice returned by Subjects, as a static list can't appropriately represent the platform policies and might not be available at all from the platform APIs. * crypto/x509: Support for signing certificates using signature algorithms that depend on the MD5 and SHA-1 hashes (MD5WithRSA, SHA1WithRSA, and ECDSAWithSHA1) may be removed in Go 1.19. * net/http: When looking up a domain name containing non-ASCII characters, the Unicode-to-ASCII conversion is now done in accordance with Nontransitional Processing as defined in the Unicode IDNA Compatibility Processing standard (UTS #46). The interpretation of four distinct runes are changed: ß, ς, zero-width joiner U+200D, and zero-width non-joiner U+200C. Nontransitional Processing is consistent with most applications and web browsers. * os/user: User.GroupIds now uses a Go native implementation when cgo is not available. * runtime/debug: The BuildInfo struct has two new fields, containing additional information about how the binary was built: GoVersion holds the version of Go used to build the binary. Settings is a slice of BuildSettings structs holding key/value pairs describing the build. * runtime/pprof: The CPU profiler now uses per-thread timers on Linux. This increases the maximum CPU usage that a profile can observe, and reduces some forms of bias. * syscall: The new function SyscallN has been introduced for Windows, allowing for calls with arbitrary number of arguments. As a result, Syscall, Syscall6, Syscall9, Syscall12, Syscall15, and Syscall18 are deprecated in favor of SyscallN. ++++ kernel-debug: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-source: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-source-azure: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-docs: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-kvmsmall: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-obs-build: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-obs-qa: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-syms: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-syms-azure: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-vanilla: - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ kernel-zfcpdump: - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-0886 bsc#1197131). - commit fa4075e - ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() (CVE-2022-0742 bsc#1197128). - commit b531b26 - aio: fix use-after-free due to missing POLLFREE handling (CVE-2021-39698 bsc#1196956). - aio: keep poll requests on waitqueue until completed (CVE-2021-39698 bsc#1196956). - signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). - commit ee17f5c - net/smc: Fix hung_task when removing SMC-R devices (bsc#1197082). - commit 5256139 - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - commit 1da8439 ++++ openssl-1_1: - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch - Added openssl-1_1-use-include-directive.patch so that the default /etc/ssl/openssl.cnf file will include any configuration files that other packages might place into /etc/ssl/engines.d/ and /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was being used to modify the openssl.cnf file. The scripting would fail if either the default openssl.cnf file, or the sample openssl-ibmca configuration file would be changed by upstream. - Updated spec file to create the two new necessary directores for the above patch. [bsc#1194187, bsc#1004463] ++++ openssl-3: - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch ++++ libyui: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-ncurses: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-ncurses-pkg: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-ncurses-rest-api: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-qt: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-qt-graph: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-qt-pkg: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-qt-rest-api: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ libyui-rest-api: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ openssl-ibmca: - Completely revamped the postinstall scriptlet so that it doesn't need to know or care about how many lines are in either /etc/ssl/openssl.cnf, or the sample file at /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample We're now using the ".include" directive for the openssl.cnf file, and only modifying that file the minimum necessary to implement the change. (bsc#1004463) ++++ ovmf: - TPM_ENABLE got renamed to TPM2_ENABLE and TPM_CONFIG_ENABLE removed (except on ARM for some reason) (boo#1197104) ++++ libyui-bindings: - Fixed release notes dialog in YQWizard clearing content on click (bsc#1195158) - Documented the different ways of displaying release notes in the UI - 4.3.3 ++++ qemu: - Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ++++ qemu-linux-user: - Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ++++ qemu-testsuite: - Proactive fix * Patches added: hw-nvram-at24-return-0xff-if-1-byte-addr.patch ++++ rpmlint: - backport of openSUSE transactional updates dbus whitelist (bsc#1196149) ++++ supportutils: - Spec file adjusted for usr-merge ++++ yast2-packager: - do not keep file handle to repo metadata open accidentally (bsc#1196061) - 4.4.25 ------------------------------------------------------------------ ------------------ 2022-3-14 - Mar 14 2022 ------------------- ------------------------------------------------------------------ ++++ autofs: - 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch Fix locking problem that causes deadlock when sss used. (bsc#1196485) ++++ kernel-64kb: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-azure: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-default: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-preempt: - af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920 bsc#1193731). - commit 7040fdd - Refresh patches.suse/xfrm-fix-mtu-regression.patch. - commit 8d867d6 ++++ dracut: - Update to version 055+suse.244.g2f624182: * fix(resume): only exclude this module when swap is netdev (bsc#1194915) ++++ dtb-aarch64: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ gnote: - Update to version 42.beta: + Fix build using meson 0.61.0. + Manual updates and fixes. + Fix wrong selection after backgrounding. + Show help for --background option. + Updated translations. - Drop 21.patch: Fixed upstream. ++++ greetd: - spec: don't directly use %{_distconfdir}, it's broken on SLE We should instead make use of %_pam_vendordir but its definition is also broken on SLE... hence let define our own macro for now. ++++ libdnf: - Skip rich deps for autodetection of unmet dependencies (rh#2033130) + Patch: 0001-Skip-rich-deps-for-autodetection-of-unmet-dependencies.patch ++++ kernel-debug: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-source: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-source-azure: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-docs: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-kvmsmall: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-obs-build: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-obs-qa: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-syms: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-syms-azure: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ kernel-zfcpdump: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 04987fb ++++ openldap2: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression reporting is bsc#1197004 causing SSSD to have faults. ++++ pcre2: - version update to 10.39 * Fix incorrect detection of alternatives in first character search in JIT * Update to Unicode 14.0.0 - 0001-Fixed-atomic-group-backtracking-bug.patch released for 15:Update due to bsc#1187937 is already upstreamed https://bugzilla.suse.com/show_bug.cgi?id=1187937#c7 ++++ libzypp: - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - version 17.29.6 (22) ++++ python310-setuptools: - Require explicitly python310-xml ++++ sblim-sfcb: - no_tls11_config.patch: add config option sslNoTLSv1_2 to optionally disable TLSv1.2 (bsc#1190107) - tls13.patch: enable TLS v1.3 by removing explicit curve selection. This should not be required for OpenSSL 1.1.0+ (bsc#1190107) - 0004-Check-for-existance-of-autoconfiscate.sh-before-call.patch: merged into autoconfiscate.sh source and dropped as patch ++++ sssd: - Fix a crash caused by a read-after-free condition; (bsc#1196564); Add patch 0053-SBUS-defer-deallocation-of-sbus_watch_ctx.patch ++++ weechat: - update to 3.4.1: * core: set again TLS verification functions after options weechat.network.gnutls_ca_system and weechat.network.gnutls_ca_user are changed (boo#1197083) ++++ xen: - bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401: xen: BHB speculation issues (XSA-398) 62278667-Arm-introduce-new-processors.patch 62278668-Arm-move-errata-CSV2-check-earlier.patch 62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch 6227866a-Arm-Spectre-BHB-handling.patch 6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch 6227866c-x86-AMD-cease-using-thunk-lfence.patch ++++ yast2-country: - Fixed French (Canada) keyboard layout (bsc#1196891): Use "ca", not "ca-fr-legacy" - 4.4.12 ++++ yast2-trans: - Update to version 84.87.20220313.3dfcfc0d1f: * Translated using Weblate (Hindi) * Translated using Weblate (Polish) * New POT for text domain 'base'. * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * Translated using Weblate (Indonesian) * New POT for text domain 'packager'. * New POT for text domain 'autoinst'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Indonesian) ------------------------------------------------------------------ ------------------ 2022-3-13 - Mar 13 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-03-14 (bsc#1084929) ++++ lvm2-device-mapper: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ gcompris-qt: - Update to bugfix release 2.3 + Fix broken 3 activities in 2.2 ("Alphabet sequence", "Even and odd numbers" and "Numbers in order") + 2.2 changelog: - Russian translation back to 100%. - Better ordering of the letters in the virtual keyboard (follows the locale set in GCompris). + Activities: - New images for Tangram, Renewable energy and Watercycle activities. - Lot of little issues fixed in Renewable energy and Watercycle activities. - Fix a crash on some Android when starting Balancebox activity. - Many other little fixes and improvements. - New voices added for Norwegian Nynorsk (all except introduction ones). ++++ gcompris-qt-voices: - Update to version 2.3~20220313 for gcompris-qt 2.3 ++++ icingaweb2: - Update to 2.8.6 This is a security release. * Security Fixes - SSH resources allow arbitrary code execution for authenticated users GHSA-v9mv-h52f-7g63 Fix boo#1196911 (CVE-2022-24715) - Unwanted disclosure of hosts and related data, linked to decommissioned services GHSA-qcmg-vr56-x9wf Fix boo#1196913 (CVE-2022-24714) ++++ lvm2: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ lvm2-lvmlockd: - lvm2 should use 'external_device_info_source="udev"' by default (bsc#1179691) + change lvm.conf item external_device_info_source from none to udev + bug-1179691_config-set-external_device_info_source-none.patch ++++ mkvtoolnix: - Update to version 66.0.0 New features and enhancements: * mkvpropedit: added a new option `--chapter-charset` allowing the user to specify the character set to use when reading the following chapter file. * MKVToolNix GUI: each language shortcut can now be associated with an optional track name that is set along with the language when the shortcut is used. Bug fixes: * mkvmerge: Ogg/OGM reader: mkvmerge will no longer abort with an exception when it encounters Vorbis comments that contain data that isn't valid UTF-8. * MKVToolNix GUI: multiplexer: fixed several issues with the tab order of elements in the "properties" pane and the "output" tab. Also fixed the language display widgets (e.g. "track language" in the "properties" pane) never receiving tab focus. * MKVToolNix GUI: multiplexer: the chapter name template will now be passed to `mkvmerge` if a chapter file is selected on the "output" tab. ++++ xfce4-screenshooter: - Update to version 1.9.10 * Use symbolic icons * Bump Xfce dependencies to 4.14 * _NET_FRAME_EXTENTS support * Add back button to take new screenshot (gxo#apps/xfce4-screenshooter!29) * Fix Imgur upload via CLI (gxo#apps/xfce4-screenshooter!26) * Set up ScreenshotData after commandline parsing * Fix compile warning (#62) * Update to description and addition of donate and translate links * Replace link to bugzilla with gitlab (gxo#apps/xfce4-screenshooter!25) * Translation Updates ++++ xorg-x11-server: - u_sync-pci-ids-with-Mesa-21.2.4.patch * sync pci ids with Mesa 21.2.4 (related to boo#1197046) ------------------------------------------------------------------ ------------------ 2022-3-12 - Mar 12 2022 ------------------- ------------------------------------------------------------------ ++++ budgie-desktop: - Update to version 10.6+3: * Proper icon tasklist scaling (#64) * Fix inconsistency when opening Raven (#68) * Add a null check to budgie_popover_manager_ungrab ++++ kernel-preempt: - bpf, selftests: Add test case trying to taint map value pointer (bsc#1196130,CVE-2021-45402). - bpf: Make 32->64 bounds propagation slightly more robust (bsc#1196130,CVE-2021-45402). - bpf: Fix signed bounds propagation after mov32 (bsc#1196130,CVE-2021-45402). - commit 63a6298 ++++ libvirt: - qemu: Fixes and improvements for SEV(-ES) guests d248e3dc-virsh-domsetlaunchsecstate-report-error.patch, 07ddb4c6-qemuDomainSetLaunchSecurityState-check-params.patch, 29605313-qemuDomainSetLaunchSecurityState-nocache.patch, 82be0ffe-conf-validate-serial-port-model.patch, aab943a6-support-firmware-debug.patch, 7714034e-qemu-debug-console-tests.patch, 3ef9b51b-qemu-fix-pflash-formatting.patch, 5adfb347-qemu-honor-user-nvram-path.patch, 08101bde-qemu-inline-nvram-path-code.patch, 24adb6c7-qemu-dont-regen-nvram-path.patch, 392292cd-tests-dont-use-autogen-nvram-path.patch, 32b9d8b0-qemu-support-fw-descriptor-mode.patch, 823a62ec-qemu-fix-undefine-crash.patch bsc#1196806 ------------------------------------------------------------------ ------------------ 2022-3-11 - Mar 11 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-preempt: - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - commit ea6e976 ++++ cronie: - Fix run-crons path in shipped crontab, bsc#1196986 * cronie-anacron-1.4.7-run-crons.patch * sample.root ++++ fwupd-efi: - Update to version 1.2: * Release fwupd-efi 1.2 * meson: use stadard objcopy binary * meson: use find_program() to find the helper scripts we run * meson: using local copy ldscript when local copy crt0 be used for SBAT * sbat: clarify project URL * trivial: Ignore some markdown issues * Wait 5 seconds to reboot on errors * Port pre-commit clang-format, codespell, markdownlint from fwupd * trivial: fixup python errors by codacity/precommit * trivial: fixup markdown format * trivial: spelling errors * Sleep longer when no updates to process * README: fix typo and URL * trivial: post release version bump - Remove 0001-meson-using-local-copy-ldscript-when-local-copy-crt0.patch (merged upstream) ++++ go1.16: - Add %define go_label as a configurable Go toolchain directory * go_label can be used to package multiple Go toolchains with the same go_api * go_label should be defined as go_api with an optional suffix e.g. %{go_api} or %{go_api}-foo * Default go_label = go_api makes no changes to package layout ++++ go1.17: - Add %define go_label as a configurable Go toolchain directory * go_label can be used to package multiple Go toolchains with the same go_api * go_label should be defined as go_api with an optional suffix e.g. %{go_api} or %{go_api}-foo * Default go_label = go_api makes no changes to package layout ++++ grub2: - Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204) * 0001-install-fix-software-raid1-on-esp.patch ++++ intel-ipsec-mb: - initial version of the SUSE package ++++ kernel-vanilla: - net: sched: use Qdisc rcu API instead of relying on rtnl lock (bsc#1196973 CVE-2021-39713). - net: sched: add helper function to take reference to Qdisc (bsc#1196973 CVE-2021-39713). - net: sched: extend Qdisc with rcu (bsc#1196973 CVE-2021-39713). - net: sched: rename qdisc_destroy() to qdisc_put() (bsc#1196973 CVE-2021-39713). - net: core: netlink: add helper refcount dec and lock function (bsc#1196973 CVE-2021-39713). - commit a22ecb0 ++++ libnvme: - Update to version 1.0-rc6: * tree: add nvme_ctrl_get_ana_state() (bsc#1195938) * tree: link paths to namespaces in nvme_subsystem_scan_namespace() (bsc#1195938) * ioctl.h: ns list bug fix (wrong cns value) * types.h: Key Value Command Set Identifier added (NVME_CSI_KV) * types: fix status code type bug (wrong masking) ++++ protobuf: - Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, bsc#1195258 * Add protobuf-CVE-2021-22570.patch ++++ mdevctl: - spec: Add /etc/mdevctl.d/scripts.d directory to %files ++++ mygnuhealth: - License string corrected ++++ nvme-cli: - Update to version 2.0-rc6: * nvme: print out ANA state for 'list-subsys' (bsc#1195938) * nvme: Explicit initialize all command line options (bsc#1195945) * nvme: Explicit initialize passthru command line options * nvme: list_ns bug fix (csi option enable) * nvme: nvme write bug fix (no parse for option) * documenation updates ++++ partitionmanager: - Update license to GPL-3.0-or-later. ++++ perl-DBD-SQLite: - Use external sqlite3 library rather than internal code. [bsc#1195771, perl-DBD-SQLite-use-external-sqlite3.patch] - updated to 1.66 see /usr/share/doc/packages/perl-DBD-SQLite/Changes - updated to 1.66 see /usr/share/doc/packages/perl-DBD-SQLite/Changes ++++ permissions: - Update to version 20201225: * whitelist ksysguard network helper (bsc#1151190) ++++ tryton: - license string corrected ++++ xorg-x11-server: - U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch * sync GL driver PCI IDs with Mesa (boo#1197046) ++++ yast2: - Extend the Package module to force using PackageSystem or PackageAI without having the mode into account. - AutoYaST: properly detect whether firewalld, bind and yast2-dns-server packages are installed when cloning a system (bsc#1196963). - 4.4.47 ++++ yast2-network: - Display the network configuration in the AutoYaST user interface (see bsc#1197019). - 4.4.45 ++++ yast2-security: - Always check for the package in the underlying system when trying to detect if running on systemd (bsc#1196963). - 4.4.13 ------------------------------------------------------------------ ------------------ 2022-3-10 - Mar 10 2022 ------------------- ------------------------------------------------------------------ ++++ FreeCAD: - Use current Coin4 instead of Coin (3). ++++ MozillaThunderbird: - Mozilla Thunderbird 91.7 * changed: Thunderbird will use the first occurrence of headers that should only appear once * fixed: Auto-complete incorrectly changed a pasted email address to the primary address of a contact * fixed: Attachments with filename extensions that were not registered in MIME types could not be opened * fixed: Copy/Cut/Paste actions not working in Thunderbird Preferences * fixed: Improved screen reader support of displayed message headers * fixed: Various security fixes MFSA 2022-12 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26386 (bmo#1752396) Temporary files downloaded to /tmp and accessible by other local users ++++ kernel-64kb: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-azure: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-default: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-preempt: - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - commit c292d6b - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit fe0a923 - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 58c801b - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit afb2dba - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit cee63b9 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit b1d434d - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit a4ec4aa - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit fd9cb30 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit 4e33999 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit 4334af7 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 19b769a - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 5aacf1f - EDAC/altera: Fix deferred probing (bsc#1178134). - commit 13cc9b2 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - commit f4a5de3 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit daa9ea7 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit d9066f6 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 5c41eb3 - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ dracut: - Update to version 055+suse.242.g76ae5ce4: * fix(multipath): align multipathd.service type with upstream (bsc#1196958) * fix(systemd-sysusers): use split systemd sysuser configs (bsc#1196223) ++++ dtb-aarch64: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ git: - fix deps for SLES 12 ++++ glm: - Add back dropped reference for bsc#1135667 ++++ grub2: - Fix riscv64 build error * 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch - Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974) * 0001-grub-install-bailout-root-device-probing.patch ++++ rdma-core: - Update spec file from upstream - install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) - fix build support for riscv - Added cmake-Make-modprobe.d-path-configurable.patch - Backport from upstream to allow modprobe files to be installed in a configurable directory ++++ kernel-debug: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-source: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-source-azure: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-docs: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-kvmsmall: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-obs-build: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-obs-qa: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-syms: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-syms-azure: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-vanilla: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 2b38f30 - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 7149843 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit a920e1c - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit e8ca175 - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 02e08de - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 78fd62a - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit 335a138 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit 69cc608 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit d8d4a06 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 9eb0e70 - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - commit 520b1bb - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit af60176 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit ee8e3fd - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 29bb7f5 - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ kernel-zfcpdump: - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, CVE-2022-23042). - commit 095b89a - xen/gnttab: fix gnttab_end_foreign_access() without page specified (bsc#1196488, XSA-396, CVE-2022-23041). - commit 20b7983 - xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit d56d4c6 - xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, CVE-2022-23041). - commit b08fc02 - xen/usb: don't use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - commit 4198f6f - xen/gntalloc: don't use gnttab_query_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23039). - commit 2239263 - xen/scsifront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23038). - commit 95b1b12 - xen/netfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23037). - commit aabdf93 - xen/blkfront: don't use gnttab_query_foreign_access() for mapped status (bsc#1196488, XSA-396, CVE-2022-23036). - commit d12d408 - xen/grant-table: add gnttab_try_end_foreign_access() (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). - commit 4da4210 - xen/xenbus: don't let xenbus_grant_ring() remove grants in error case (bsc#1196488, XSA-396, CVE-2022-23040). - commit 93f9570 - iommu/vt-d: Fix double list_add when enabling VMD in scalable mode (bsc#1196894). - commit 8aad886 - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - commit 174a64f - s390/cio: verify the driver availability for path_event call (bsc#1195927 LTC#196420). - scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195376 LTC#196087). - s390/hypfs: include z/VM guests with access control group set (bsc#1195639 LTC#196353). - s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195082 LTC#196087). - s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195082 LTC#196087). - s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194966 LTC#196029). - s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193244 LTC#195546). - s390/uv: de-duplicate checks for Protected Host Virtualization (bsc#1191740 LTC#194817). - s390/boot: disable Secure Execution in dump mode (bsc#1191740 LTC#194817). - s390/boot: move uv function declarations to boot/uv.h (bsc#1191740 LTC#194817). - commit 4d8f983 - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - commit 3e3ceb8 - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 11235e2 - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - commit 1ed63ba - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - commit 73d560e ++++ openssl-1_1: - FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch * bsc#1190652 - Provide a service to output module name/identifier and version ++++ vlc: - Disable libnfs and soxr integration on suse_version < 1500 (e.g SLE12). ++++ vlc: - Disable libnfs and soxr integration on suse_version < 1500 (e.g SLE12). ++++ wireplumber: - Add patch from upstream to fix a crash on tty switch (glfo#pipewire/wireplumber#193): * 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch - Add patch from upstream to fix issues with PulseAudio support with PipeWire 0.3.48+ (glfo#pipewire/pipewire#2189): * 0003-si-audio-adapter-relax-format-parsing.patch - Some spec clean-up. ++++ mdevctl: - Update to version v1.1.0 (jsc#SLE-18449): * use imported std::env for CARGO_PKG_VERSION in build.rs directly * fix build.rs to allow specify exact path or name of the rst2man * Don't call unnecessary to_string() * Report a useful error when /etc/mdevctl.d doesn't exist * Handle FS permissions problems for defined devices * Fix needless borrow warning from clippy * tests: read stdin in callout test scripts * Report root error when a callout can't be executed * Don't emit warning for files in /etc/mdevctl.d/scripts.d * env: add function to get base scripts directory ++++ ovmf: - Update to edk2-stable202202 - Features (https://github.com/tianocore/edk2/releases): OvmfPkg Add new target for Cloud Hypervisor Add TDVF to OvmfPkg Add new APIs to UefiCpuPkg/UefiCpuLib Add AMD Secure Nested Paging Support Add SSDT PCI generator in DynamicTablesPkg Support ACPI 6.4 PPTT changes Add FdtHwInfoParser library Add DynamicPlatRepo library Make package and platform builds reproducible across source format changes Add Uncrustify CI Plugin Apply uncrustify changes to all package C and H files - Patches (git log --oneline --reverse edk2-stable202111~..edk2-stable202202): bb1bba3d77 NetworkPkg: Fix invalid pointer for DNS response token on error ef9a059cdb EmulatorPkg/Win/Host: Update CC_FLAGS 69877614fd .pytool/Plugin/EccCheck: Remove RevertCode() 854462bd34 .pytool/Plugin/EccCheck: Remove temp directory on exception 3019f1bbab .pytool/Plugin/EccCheck: Add performance optimizations 99f84ff473 .pytools/Plugin/LicenseCheck: Use temp directory for git diff output 76a1ce4d5f .azurepipelines/templates: Update max pipeline job time to 2 hours 365dced2c3 ArmPkg: Update YAML to ignore specific ECC files/errors 1939fc9569 ArmPlatformPkg: Update YAML to ignore specific ECC files/errors c97fee87f0 ArmVirtPkg: Update YAML to ignore specific ECC files/errors d5744ecba8 CryptoPkg: Update YAML to ignore specific ECC files/errors d7d30e8f21 EmulatorPkg: Update YAML to ignore specific ECC files/errors 9deb937076 MdeModulePkg: Update YAML to ignore specific ECC files/errors df790cd6b3 MdePkg: Update YAML to ignore specific ECC files/errors 60fa40be45 SecurityPkg: Update YAML to ignore specific ECC files/errors 9944508e85 ShellPkg: Update YAML to ignore specific ECC files/errors c30c40d6c6 StandaloneMmPkg: Update YAML to ignore specific ECC files/errors c057347977 UefiPayloadPkg: Update YAML to ignore specific ECC files/errors f0f3f5aae7 UnitTestFrameworkPkg: Update YAML to ignore specific ECC files/errors dfafa8e453 MdeModulePkg/DxeCorePerformanceLib:Variable Initial a4a582e180 ArmPkg: Change use of EFI_D_* to DEBUG_* 1d2482e1e3 ArmPlatformPkg: Change use of EFI_D_* to DEBUG_* c5b3a56e4f ArmVirtPkg: Change use of EFI_D_* to DEBUG_* a1878955b2 EmbeddedPkg: Change use of EFI_D_* to DEBUG_* 9c7da8d804 EmulatorPkg: Change use of EFI_D_* to DEBUG_* 917e98f3e5 FatPkg: Change use of EFI_D_* to DEBUG_* 87000d7708 MdeModulePkg: Change use of EFI_D_* to DEBUG_* 5f289f3ae3 MdePkg: Change use of EFI_D_* to DEBUG_* c49ca4a29e NetworkPkg: Change use of EFI_D_* to DEBUG_* 47719926e8 OvmfPkg: Change use of EFI_D_* to DEBUG_* ca56749b0e PcAtChipsetPkg: Change use of EFI_D_* to DEBUG_* e905fbb05a SecurityPkg: Change use of EFI_D_* to DEBUG_* 4a1aee13d8 ShellPkg: Change use of EFI_D_* to DEBUG_* 586fda4800 SourceLevelDebugPkg: Change use of EFI_D_* to DEBUG_* 96e1cba5c1 UefiCpuPkg: Change use of EFI_D_* to DEBUG_* 1871d28eaf ArmPkg: Change OPTIONAL keyword usage style 2863ba97ca ArmPlatformPkg: Change OPTIONAL keyword usage style 9607597a74 ArmVirtPkg: Change OPTIONAL keyword usage style c8f46130f8 CryptoPkg: Change OPTIONAL keyword usage style fe2d81892f DynamicTablesPkg: Change OPTIONAL keyword usage style 792433088c EmbeddedPkg: Change OPTIONAL keyword usage style c69fc80c80 EmulatorPkg: Change OPTIONAL keyword usage style 9c721071d3 FmpDevicePkg: Change OPTIONAL keyword usage style e3917e22e7 MdeModulePkg: Change OPTIONAL keyword usage style d0e2f8232a MdePkg: Change OPTIONAL keyword usage style 8874fa199d NetworkPkg: Change OPTIONAL keyword usage style 79d49e162e OvmfPkg: Change OPTIONAL keyword usage style 237295f46d PcAtChipsetPkg: Change OPTIONAL keyword usage style dc8fe5ec95 RedfishPkg: Change OPTIONAL keyword usage style 12710fe93b SecurityPkg: Change OPTIONAL keyword usage style 9b8507cabe ShellPkg: Change OPTIONAL keyword usage style 18908e6131 SignedCapsulePkg: Change OPTIONAL keyword usage style f9c9215b55 SourceLevelDebugPkg: Change OPTIONAL keyword usage style 902e76de19 StandaloneMmPkg: Change OPTIONAL keyword usage style 4ec586b9f6 UefiCpuPkg: Change OPTIONAL keyword usage style e35dd32821 UefiPayloadPkg: Change OPTIONAL keyword usage style 78bc3bdd2a UnitTestFrameworkPkg: Change OPTIONAL keyword usage style ea85f0fe13 ArmVirtPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() e3b855f283 CryptoPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 4a9d411662 DynamicTablesPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() db52c7f755 MdeModulePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 098307e082 MdePkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() ed7f7c9168 NetworkPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 8e875037bf OvmfPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() deba54761a PcAtChipsetPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() f9f4fb2329 SecurityPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 7c2a6033c1 UefiCpuPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END() 429309e0c6 ArmPkg: Apply uncrustify changes 40b0b23ed3 ArmPlatformPkg: Apply uncrustify changes 2b16a4fb91 ArmVirtPkg: Apply uncrustify changes 7c34237831 CryptoPkg: Apply uncrustify changes 731c67e1d7 DynamicTablesPkg: Apply uncrustify changes e7108d0e96 EmbeddedPkg: Apply uncrustify changes a550d468a6 EmulatorPkg: Apply uncrustify changes bcdcc4160d FatPkg: Apply uncrustify changes 45ce0a67bb FmpDevicePkg: Apply uncrustify changes 111f2228dd IntelFsp2Pkg: Apply uncrustify changes 7c7184e201 IntelFsp2WrapperPkg: Apply uncrustify changes 1436aea4d5 MdeModulePkg: Apply uncrustify changes 2f88bd3a12 MdePkg: Apply uncrustify changes d1050b9dff NetworkPkg: Apply uncrustify changes ac0a286f4d OvmfPkg: Apply uncrustify changes 5220bd211d PcAtChipsetPkg: Apply uncrustify changes 39de741e2d RedfishPkg: Apply uncrustify changes c411b485b6 SecurityPkg: Apply uncrustify changes 47d20b54f9 ShellPkg: Apply uncrustify changes b878648967 SignedCapsulePkg: Apply uncrustify changes c1e126b119 SourceLevelDebugPkg: Apply uncrustify changes 91415a36ae StandaloneMmPkg: Apply uncrustify changes 053e878bfb UefiCpuPkg: Apply uncrustify changes e5efcf8be8 UefiPayloadPkg: Apply uncrustify changes 7c0ad2c338 UnitTestFrameworkPkg: Apply uncrustify changes dc453b5164 .pytool/Plugin/UncrustifyCheck: Add Uncrustify CI plugin 1832eb15aa UefiPayloadPkg/UefiPayloadPkg.fdf: Update DXE Apriori list ca78281c25 UefiPayloadPkg/PayloadEntry: Inherit 4/5-level paging from bootloader b2f7ee2ded UefiPayloadPkg: Increase SystemMemoryUefiRegionSize from 32M to 64M 94e0a7bddb UefiPayloadPkg: Add missing Guid gUefiAcpiBoardInfoGuid 2527723de9 UefiPayloadPkg: Add performance measurement feature ffdde9d719 UefiPayloadPkg: Skip ModuleInfo HOB in Payload 965292135b UefiPayloadPkg/UefiPayloadPkg.dsc:Add BootManagerLib for BootManagerMenuApp 85a678bf76 UefiPayloadPkg: Add integration instruction for coreboot common error 7b28310008 BaseTools: Increase the DevicePath length for support more PCD value. d25b803e51 MdeModulePkg/Bus/Pci/UhciDxe: Fix the UsbHc memory allocate and free issue c82ab4d8c1 BaseTools/VfrCompile: Correct Bit Field Flags for numeric/one of 2ddacfb6b8 OvmfPkg/SecMain: move SEV specific routines in AmdSev.c e2289d19d8 UefiCpuPkg/MpInitLib: move SEV specific routines in AmdSev.c 2fe8edfe55 OvmfPkg/ResetVector: move clearing GHCB in SecMain 3053183d41 OvmfPkg/ResetVector: introduce SEV metadata descriptor for VMM use 707c71a01b OvmfPkg: reserve SNP secrets page cca9cd3dd6 OvmfPkg: reserve CPUID page f2dc28f0b6 OvmfPkg/ResetVector: pre-validate the data pages used in SEC phase 34819f2cac OvmfPkg/ResetVector: use SEV-SNP-validated CPUID values d9822304ce OvmfPkg/MemEncryptSevLib: add MemEncryptSevSnpEnabled() 7c3b2892ea OvmfPkg/SecMain: register GHCB gpa for the SEV-SNP guest d2b998fbdc OvmfPkg/VmgExitLib: use SEV-SNP-validated CPUID values a19b648952 OvmfPkg/PlatformPei: register GHCB gpa for the SEV-SNP guest 19914edc5a OvmfPkg/AmdSevDxe: do not use extended PCI config space ade62c18f4 OvmfPkg/MemEncryptSevLib: add support to validate system RAM d706f8fec2 OvmfPkg/MemEncryptSevLib: add function to check the VMPL0 11b15336f0 OvmfPkg/BaseMemEncryptSevLib: skip the pre-validated system RAM d39f8d88ec OvmfPkg/MemEncryptSevLib: add support to validate > 4GB memory in PEI phase 202fb22be6 OvmfPkg/SecMain: validate the memory used for decompressing Fv 8eb79b5f4f OvmfPkg/PlatformPei: validate the system RAM when SNP is active 26210f9436 MdePkg: Define ConfidentialComputingGuestAttr 504ae26b80 OvmfPkg/PlatformPei: set PcdConfidentialComputingAttr when SEV is active b95908e043 UefiCpuPkg/MpInitLib: use PcdConfidentialComputingAttr to check SEV status f4e3ce5f53 UefiCpuPkg: add PcdGhcbHypervisorFeatures f5a6e1bab5 OvmfPkg/PlatformPei: set the Hypervisor Features PCD 2c354252be MdePkg/GHCB: increase the GHCB protocol max version 9c703bc0f1 UefiCpuPkg/MpLib: add support to register GHCB GPA when SEV-SNP is enabled d4d7c9ad5f UefiCpuPkg/MpInitLib: use BSP to do extended topology check b928eb44d5 OvmfPkg/MemEncryptSevLib: change the page state in the RMP table b7b8872031 OvmfPkg/MemEncryptSevLib: skip page state change for Mmio address ea3a12d970 OvmfPkg/PlatformPei: mark cpuid and secrets memory reserved in EFI map 67484aed69 OvmfPkg/AmdSev: expose the SNP reserved pages through configuration table 06544455d0 UefiCpuPkg/MpInitLib: Use SEV-SNP AP Creation NAE event to launch APs 0f1d7477c0 OvmfPkg: Remove unused print service driver (PrintDxe) 30631f0a26 MdePkg: Add missing Cache ID (in)valid define 0077c22f6d MdePkg: Remove PPTT ID type structure a50b65ce22 ShellPkg: Update Acpiview PPTT parser to ACPI 6.4 8cf2bdfcfb ShellPkg: Add Cache ID to PPTT parser b2bbe3df54 DynamicTablesPkg: Remove PPTT ID structure from ACPI 6.4 generator e139829dd6 DynamicTablesPkg: Update PPTT generator to ACPI 6.4 e81a81e584 DynamicTablesPkg: Add CacheId to PPTT generator 9afcd48a94 OvmfPkg: Handle Cloud Hypervisor host bridge 2ccefa32a6 OvmfPkg: Create global entry point for SMBIOS parsing d8ef774346 OvmfPkg: Retrieve SMBIOS from Cloud Hypervisor 66bce05f6d OvmfPkg: Generalize AcpiPlatformDxe 7594c5bfe2 OvmfPkg: Install ACPI tables for Cloud Hypervisor f6df289a1c OvmfPkg/OvmfXen: Fix Xen build 2b20a34fd5 OvmfPkg-EmuVariableFvbRuntimeDxe: Support Access To Memory Above 4G d5efc875ef MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware a124cd4ef9 SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib 8c06c53b58 SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib adf070ff56 OvmfPkg/Microvm: add PcdConfidentialComputingGuestAttr 2686468c43 OvmfPkg/Bhyve: add MemEncryptSevLib 61be49e0f7 OvmfPkg/PlatformCI: factor out PlatformBuildLib.py 21ee379407 OvmfPkg/PlatformCI: add QEMU_SKIP 64bccda534 OvmfPkg/PlatformCI: add BhyveBuild.py 04eacd3943 OvmfPkg/PlatformCI: add MicrovmBuild.py 8b8ae609a7 OvmfPkg/PlatformCI: add AmdSevBuild.py 2722856a87 OvmfPkg/PlatformCI: dummy grub.efi for AmdSev 1203eba58e OvmfPkg/PlatformCI: add XenBuild.py 64ef0dd1d3 OvmfPkg/Microvm/fdt: add device tree support 79dcaf7054 OvmfPkg/Microvm/fdt: load fdt from fw_cfg c802f8935c OvmfPkg/Microvm/fdt: add empty fdt 2a68abf6ee OvmfPkg/Microvm/virtio: add virtio-mmio support e07d27e24d OvmfPkg/Microvm: add README 7f1861be2b DynamicTablesPkg: AML Code generation for memory ranges 0e7147fe75 DynamicTablesPkg: AML Code generation to create a named Package() fd5fc4bbb7 DynamicTablesPkg: AML Code generation to create a named ResourceTemplate() b2b8def4e3 DynamicTablesPkg: AML Code generation to add _PRT entries 69ddfee1c3 DynamicTablesPkg: Add AmlAttachNode() ce306e48eb DynamicTablesPkg: Add Pci related objects e35a746cf5 DynamicTablesPkg: SSDT Pci express generator ec37fd9c1f DynamicTablesPkg: Fix multiple objects parsing 557dede8a6 OvmfPkg/PlatformPei: ScanOrAdd64BitE820Ram improvements 759e3c6d21 OvmfPkg/PlatformPei: prefer etc/e820 for memory detection 41d8bb3038 OvmfPkg/PlatformPei: stop using cmos for memory detection 7a6e6ae933 EmulatorPkg: Update lldbefi.py to work with current lldb which uses python3 4d30352445 ArmPkg: Add SMC helper functions c039fa7ff0 ArmPkg: Update SMC calls to use the new ArmCallSmc0/1/2/3 functions 90ad4b3b34 DynamicTablesPkg: Definition for HwInfoParser interface d59c5a20f8 DynamicTablesPkg: FdtHwInfoParser: CM Object descriptor helper 5d8b5d171c DynamicTablesPkg: FdtHwInfoParser: Add FDT utility functions 8d2691c3d5 DynamicTablesPkg: FdtHwInfoParser: Add Boot Arch parser 3ebe1ff5c9 DynamicTablesPkg: FdtHwInfoParser: Generic Timer Parser 51941f7558 DynamicTablesPkg: FdtHwInfoParser: Add Serial port parser e366a41ef0 DynamicTablesPkg: FdtHwInfoParser: Add GICC parser 0fa1217726 DynamicTablesPkg: FdtHwInfoParser: Add GICD parser b04cf355a0 DynamicTablesPkg: FdtHwInfoParser: Add MSI Frame parser d250d408cf DynamicTablesPkg: FdtHwInfoParser: Add ITS parser 7b6c8b30a5 DynamicTablesPkg: FdtHwInfoParser: Add GICR parser 26bf034a59 DynamicTablesPkg: FdtHwInfoParser: Add GIC dispatcher c67bf628c8 DynamicTablesPkg: FdtHwInfoParser: Add PCI config parser deb01dfd7f DynamicTablesPkg: Add FdtHwInfoParser library 9006967c8d DynamicTablesPkg: Handle 16550_WITH_GAS id b2d0ed20fd DynamicTablesPkg: Definition for DynamicPlatRepoLib interface 2e2db65e39 DynamicTablesPkg: DynamicPlatRepo: Add TokenGenerator 740e3bb634 DynamicTablesPkg: DynamicPlatRepo: Add TokenFixer 5fe5b6f94f DynamicTablesPkg: DynamicPlatRepo: Add TokenMapper 38f6d78c3b DynamicTablesPkg: Add DynamicPlatRepo library f14fff5135 StandaloneMmPkg/FvLib: Support large file with EFI_FFS_FILE_HEADER2. 3a72ec71cd OvmfPkg: remove unused TPM options from MicrovmX64.dsc b47575801e OvmfPkg: move tcg configuration to dsc and fdf include files 5711ff4d0b OvmfPkg: drop TPM_CONFIG_ENABLE b819388772 OvmfPkg: create Tcg12ConfigPei.inf 4de8d61bce OvmfPkg: rework TPM configuration e6ea1464a8 OvmfPkg/PlatformPei: Revert "stop using cmos for memory detection" a6c0418651 ArmPkg/SmbiosMiscDxe: Remove duplicate HII string definition 45e3842970 ArmPkg/SmbiosMiscDxe: Get full SMBIOS strings from OemMiscLib b451c69088 ArmPkg/ProcessorSubClassDxe: Get serial and part number from OemMiscLib 8ed8568922 SecurityPkg: Debug code to audit BIOS TPM extend operations 195f011973 SecurityPkg: Reallocate TPM Active PCRs based on platform support ab5ab2f603 SecurityPkg: TPM must go to Idle state on CRB command completion c63a10ecb7 EmbeddedPkg/AcpiLib: Add more helper functions f129b1f06f OvmfPkg/Bhyve: fix tls-enabled build ee1f8262b8 OvmfPkg: Call PlatformInitializeConsole for GPU passthrough case de9e5b7dc7 IntelFsp2WrapperPkg : FSPM/S UPD data address based on Build Type 9ec2cc1f31 IntelFsp2WrapperPkg : Remove EFIAPI from local functions. ae8272ef78 MdeModulePkg/UsbBusDxe: fix NOOPT build error 15c596aeeb OvmfPkg: Bhyve: Delete unused AcpiTables/Ssdt.asl file 6612ff8561 UefiCpuPkg: Extend measurement of microcode patches to TPM e910f076ad BaseTools: Fix the bug of --cmd-len build option 7935be0fbd IntelFsp2Pkg/FspSecCore: ExtendedImageRevision was not printed. c095122d4b MdeModulePkg/PciBusDxe: Enumerator to check for RCiEP before looking for RP d463c56ddd MdeModulePkg: Replace with UFS_UNIT_DESC to fix timeout problem 45920941d9 MdeModulePkg: Refactoring UFS DME request and fix timing problem 13d9e8ec98 MdeModulePkg: Put off UFS HCS.DP checking to fix timing problem 079a58276b OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved 9dd14fc91c MdePkg: Add registers of boot partition feature 14a731096d UnitTestFrameworkPkg: CI YAML: Grant cmockery spell check exception 6062002bd5 MdeModulePkg/PartitionDxe: Add break to handle invalid LBA0 in MBR 7438a85bf1 BaseTools: Fix wrong variable header size c712ce2bb1 OvmfPkg/CloudHv: Add new target for Cloud Hypervisor a2da72b2ca OvmfPkg/CloudHv: Replace legacy 8254 PIT with local APIC timer 6ecdda71fe OvmfPkg/CloudHv: Connect serial console 1552050ce7 OvmfPkg/CloudHv: Remove legacy 8259 PIC support fdcea7ff6f OvmfPkg/CloudHv: Remove Q35 specifics 71082d3d1b OvmfPkg/CloudHv: Reduce dependency on QemuFwCfg 196be601f9 OvmfPkg/CloudHv: Remove video support 7b6cbe0a81 OvmfPkg/CloudHv: Remove USB support e73d1bf96a OvmfPkg/CloudHv: Remove CSM support b66056ef21 OvmfPkg/CloudHv: add Maintainers.txt entry 5302bd81d9 OvmfPkg: Add CloudHvX64 to the CI 59c48c9314 UefiPayloadPkg: Change the user interface name of the Uiapp 5801910013 UefiPayloadPkg: Not use BaseCpuTimerLib by default. 772c5bb8dc FmpDevicePkg/FmpDxe: Update FmpDeviceCheckImageWithStatus() handling 7709988dd8 RedfishPkg/RedfishRestExDxe:Simplify status check 21320ef669 MdeModulePkg/Variable: Make only EFI_VARIABLE_NON_VOLATILE invalid 7e5c603cba MdeModulePkg/SdMmcPciHcDxe: Robust improvements for SD card 1.8V switch ee67067f17 MdeModulePkg: VariableSmmRuntimeDxe: Fix Variable Policy Message Length 5b39832e18 MdePkg: MmCommunication2: Update MM communicate2 function description ce37f45955 ArmPkg: MmCommunicationDxe: MM communicate function argument attributes 541a077bd1 ArmPkg: MmCommunicationDxe: Update MM communicate `CommBuffer**` checks 1aa1ec4574 ArmPkg: MmCommunicationDxe: Update MM communicate `CommSize` check 8cc5590eab ArmPkg: MmCommunicationDxe: Update MM communicate `MessageLength` check 6777e67383 EmbeddedPkg: Fix a build error in FwVol.c in X64 arch a867f3a704 UefiPayloadPkg: Use BaseCpuTimerLib for Universal Payload by default f4b7b473b4 MdeModulePkg/UefiBootManagerLib: Convert BmLoadOption to Variable Policy 76b3d45b75 ShellPkg: Add the missing VariablePolicyHelperLib in ShellPkg.dsc 8542fc5f95 NetworkPkg: Add the missing VariablePolicyHelperLib in NetworkPkg.dsc ae35314e7b Maintainers.txt: Add Sami Mujawar as reviewer for ArmPkg 862ea6e836 OvmfPkg: change qemu default resolution to 1280x800 e95b44c90e ArmVirtPkg: change qemu default resolution to 1280x800 929804b172 OvmfPkg: add PcdVideoResolutionSource 7f25ddbc03 OvmfPkg/QemuVideoDxe: simplify InitializeBochsGraphicsMode 336da55ca8 OvmfPkg/QemuVideoDxe: drop QEMU_VIDEO_BOCHS_MODES->ColorDepth 55c05427b9 OvmfPkg/QemuVideoDxe: factor out QemuVideoBochsAddMode 49a2d8cbf5 OvmfPkg/QemuVideoDxe: parse edid blob, detect display resolution ba79becd55 OvmfPkg/BaseCachingPciExpressLib: Migrate BaseCachingPciExpressLib 103fa647d1 ArmPkg: Replace CoreId and ClusterId with Mpidr in ARM_CORE_INFO struct 742dafd2cc DynamicTablesPkg: Print specifier macro for CM_OBJECT_ID 13136cc311 DynamicTablesPkg: FdtHwInfoParserLib: Parse Pmu info 5751d60821 DynamicTablesPkg: AmlLib: AmlAddPrtEntry() to handle GSI 5816bd3eab DynamicTablesPkg: AcpiSsdtPcieLibArm: Remove link device generation dc1118fa0d ArmVirtPkg: Add cspell exceptions 0dbd356983 ArmVirtPkg/Kvmtool: Add DSDT ACPI table 312ef7a0a4 ArmVirtPkg/Kvmtool: Add Configuration Manager 17a02163bd ArmVirtPkg/Kvmtool: Enable ACPI support 5b3c682d91 ArmVirtPkg/Kvmtool: Enable Acpiview 017564d637 ArmPkg/ArmMmuLib AARCH64: avoid EL0 accessible mappings 45b1612659 DynamicTablesPkg: Add Memory32Fixed function 007a95055b DynamicTablesPkg: Remove redundant cast in AmlCodeGenReturn 33189f0527 DynamicTablesPkg: Add AmlCodeGenMethodRetInteger function a4b7aa362d MdeModulePkg/Bus/Pci/PciBusDxe: Support platform PCI ROM override 6fb09da89f ShellPkg: Fix incorrect PPTT FlagName dereference c09dbc92e9 BaseTools/Conf: Add new macro for customizing dll file reduction. d4ac53aa91 BaseTools: Fix error leg in DscBuildData.py f78b937c95 MdeModulePkg/RuntimeDxe: clear mVirtualMapMaxIndex 96b8b5fd10 MdeModulePkg/UiApp: Fix spelling of 'FRONTPAGE' bd676f080a Maintainers.txt: add missing github IDs to OvmfPkf/Fdt reviewers 1f54eaa725 Maintainers.txt: update email for Leif Lindholm b360b0b589 Maintainers.txt: Update email address c9b7c6e0cc BaseTools: Update CLANG{35,38}_WARNING_OVERRIDES to ignore unused vars 42af706dfb BaseTools: Update brotli submodule 1193aa2dfb MdeModulePkg: update brotli submodule 85589ddbf6 OvmfPkg/VmgExitLib: Fix uninitialized variable warning with XCODE5 c28e376edc OvmfPkg/FvbServicesSmm: use the VmgExitLibNull 8a57673316 ShellPkg: Fix Ping GetTimerPeriod API failure b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite - Add amd-sev-es to the following descriptors because James Fehlig tested them (bsc#1196879): 60-ovmf-x86_64.json 60-ovmf-x86_64-2m.json 60-ovmf-x86_64-ms.json 60-ovmf-x86_64-2m-ms.json - Backported patches in ovmf-bsc1196879-sev-fix.patch for fixing SEV: de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea ++++ postfixadmin: - Update to PostfixAdmin 3.3.11 - Fix PHP 8 compatability for crypt() usage - Support $CONF['database_port'] for MySQL databases ------------------------------------------------------------------ ------------------ 2022-3-9 - Mar 9 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 91.7.0 ESR * Fixed: Various stability, functionality, and security fixes MFSA 2022-10 (bsc#1196900) * CVE-2022-26383 (bmo#1742421) Browser window spoof using fullscreen mode * CVE-2022-26384 (bmo#1744352) iframe allow-scripts sandbox bypass * CVE-2022-26387 (bmo#1752979) Time-of-check time-of-use bug when verifying add-on signatures * CVE-2022-26381 (bmo#1736243) Use-after-free in text reflows * CVE-2022-26386 (bmo#1752396) Temporary files downloaded to /tmp and accessible by other local users ++++ llvm13: - Add llvm-rust-mangle-for-fastcall.patch for rust 1.59. ++++ kernel-64kb: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-azure: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-default: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-preempt: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - commit 8823060 - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - commit 504b440 - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - bonding: force carrier update when releasing slave (git-fixes). - RDMA/mlx4: Don't continue event handler after memory allocation failure (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes). - RDMA/core: Don't infoleak GRH fields (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - commit 5d0d3c3 - asix: fix uninit-value in asix_mdio_read() (git-fixes). - commit 954cba8 - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - commit 831632a - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - commit 39e09e3 - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - commit 5cf33af - mask out added spinlock in rndis_params (git-fixes). - commit cf77fd5 - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - commit 6500e0b - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - commit add4eb4 - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - commit 2185cf5 - Add SCSI git-fix to blacklist: too pervasive - commit 3f4a3f6 ++++ dtb-aarch64: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ filesystem: - Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) ++++ go1.16: - add dont-force-gold-on-arm64.patch (bsc#1183043) - drop binutils-gold dependency ++++ go1.17: - add dont-force-gold-on-arm64.patch (bsc#1183043) - drop binutils-gold dependency ++++ go1.18: - add dont-force-gold-on-arm64.patch (bsc#1183043) - drop binutils-gold dependency ++++ helm: - avoid CGO to workaround missing gold dependency (bsc#1183043) ++++ kernel-debug: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-source: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-source-azure: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-docs: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-kvmsmall: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-obs-build: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-obs-qa: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-syms: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-syms-azure: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ kernel-vanilla: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e ++++ kernel-zfcpdump: - rpm/*.spec.in: Use https:// urls - commit 77b5f8e - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes bsc#1196746). - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes bsc#1196746). - commit 8ac4c67 - ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 CVE-2022-23960). - ARM: include unprivileged BPF status in Spectre V2 reporting (bsc#1085308 CVE-2022-23960). - commit 2b85b07 - ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). - Update config files. - commit 214f301 - ARM: use LOADADDR() to get load address of sections (bsc#1085308 CVE-2022-23960). - ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). - ARM: report Spectre v2 status through sysfs (bsc#1085308 CVE-2022-23960). - commit 20f8a99 - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). - commit 68439a4 - arm64: proton-pack: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Use the clearbhb instruction in mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 52f56e7 - arm64: Mitigate spectre style branch history side channels (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Update config files. - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 1403b73 - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow indirect vectors to be used without SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 39b0cd1 - arm64: Add Cortex-X2 CPU part definition (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. - commit 1489419 - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). - commit 76b95f9 - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0161c6c - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8114d57 - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit e9a2f46 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 8400263 - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bc2948e - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 6e19c5a - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 2a3d074 - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - commit e87e53d ++++ openssl-1_0_0: - Security Fix: [bsc#1196877, CVE-2022-0778] * Infinite loop in BN_mod_sqrt() reachable when parsing certificates * Add openssl-CVE-2022-0778.patch ++++ net-snmp: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). ++++ plasma5-phone-components: - Remove applets/activities, applets/krunner and the lang subpackage (since those applets where the only ones using it) as they were removed by upstream. ++++ rpmlint: - backport of kpmcore whitelisting (bsc#1178848) ++++ yast2-network: - Write NetworkManager s390 options to the ethernet section instead of the connection one (bsc#1196582) - 4.4.44 ------------------------------------------------------------------ ------------------ 2022-3-8 - Mar 8 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 91.6.2 * fixed: Temporary files from opened attachments were saved with world-readable permission * fixed: Various security fixes MFSA 2022-09 (bsc#1196809) * CVE-2022-26485 (bmo#1758062) Use-after-free in XSLT parameter processing * CVE-2022-26486 (bmo#1758070) Use-after-free in WebGPU IPC Framework ++++ bluedevil5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ breeze: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * KStyle: center QTabBar custom tab buttons vertically in vertical tabs (kde#447315) ++++ budgie-control-center: - Initial version 1.0.0+0 - Polkit security review (boo#1195023) ++++ budgie-desktop: - Update to version 10.6+0: * Tag 10.6 release * Fix SEGV when input source was switched by Alt+Shift_L * Update tab switcher style for built-in theme * Fix panel placement in dock mode * Match Raven and Menu buttons to other hover/active colors * Remove inset shadow on hover for icon tasklist * Remove notification group padding to stop Raven size shifting * Add support for mutter 10 / GNOME42 * Actually fix notification pausing sometimes breaking Firefox notifications * Fix notification mute button sometimes starting without an image * Scale down the logo too * Update logo * Fix some applications showing their own notification popups when paused * Fix Current Internal Theme * Ensure gschema override for switch-input-source* is formatted correctly. * Add keywords to budgie-desktop-settings.desktop * Perform additional sanity check on add_app due to invalid windows being tracked on app closures. * Fix vertical panel struts * Fix Raven size adjustments. * Remove background on notifs in Raven * Fix appmenu style with Plata Lumine (and other light themes) - CHANGELOG cut here (too long) - Remove override-syntax.patch: upstreamed ++++ budgie-desktop-view: - Update to version 1.2+0: * Tag 1.2 stable release * Set up directory for translations * Add FUNDING.yml * Link to releases page from release badge * Add Matrix and backer badges * Add GitHub Actions pipeline * Update comment and warning * Update to Budgie Control Center * Remove "GTK4 Port" from TODO * Fix launching of some file types. ++++ budgie-screensaver: - Update to version 5.0+0: * Unalign versioning with budgie-desktop * Format header files using clang-format * Update indentation from 8 spaces to tabs * Add FUNDING.yml * Add badges to README and update header * Implement GitHub Actions pipeline * Use S_ISDIR for PAM auth * Change C STD to C11 from GNU11 * Remove spurious directive in Meson, add comment * Update README compiling instructions * Remove unused test C files * Remove unused files * Convert to Meson - Remove GNU autotools and add meson BRs - Removed old patches: * remove-old-automake-macros.patch * gnome-screensaver-helper.patch * gnome-screensaver-xvkbd-on-lock.patch * gnome-screensaver-multihead-unlock.patch ++++ ceph: - Update to 16.2.7-596-g7d574789716 + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) ++++ ceph-test: - Update to 16.2.7-596-g7d574789716 + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) ++++ kernel-64kb: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-azure: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-default: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-preempt: - blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug - commit 511f680 - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - commit 30013c2 - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - commit 8ee9c97 - blacklist.conf: prerequisites break kABI - commit 88b00ea - blacklist.conf: kABI - commit 11980b2 - blacklist.conf: patch not applicable due to missing infrastructure - commit be9f64f - usb: dwc2: use well defined macros for power_down (git-fixes). - commit 781db9c - ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge - commit 59d5e34 - Hand over the maintainership to SLE15-SP3 maintainers - commit 0c92742 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit f6cf219 - cputime, cpuacct: Include guest time in user time in (git-fixes) - commit b360f79 - sched/core: Mitigate race (git-fixes) - commit d6e526f - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - commit 3b82dc0 - blacklist.conf: Blacklist uclamp related fixes - commit af69679 ++++ discover: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * flatpak: Do not emit about upgradeable packages that were just created * flatpak: Use the sources map to check if a resource is already being used * Set textFormat in Label to StyledText * Fix build by explicitly creating a QUrl from QString - Restore compatibility with older kf5-filesystem ++++ drkonqi5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * make sure to create the wallet folder before using it (kde#446925) - Restore compatibility with older kf5-filesystem ++++ dtb-aarch64: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ gdal: - Add gdal-fix-poppler-leap.patch: Fix build on Leap 15.4 and poppler. - Add fdups macro, BuildRequires already in place, remove duplicate files. ++++ gdcm: - use compiler gcc11-c++ to fix Leap 15.4 build ++++ plasma5-workspace: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * kcms/colors: Implement radio button layouts better * kcms/colors: fix spacing between radio buttons and content * [Battery Monitor] Only show charge threshold hint for power supply batteries (kde#451161) * [Icons KCM] Give measure delegate a text * wallpapers: Sort BackgroundListModel by title * applets/digital-clock: Fix `Qt.formatDateTime` returns different date when minute changes (kde#436796) * applets/systray: align applet labels with differing line counts in hidden view (kde#438347) * Show panel config above other windows (kde#450794) * Use current accent colour to set ColorDialog object in colour picker * SystemDialog: Allow accepting the dialogs with the keyboard (kde#450223) * applets/systemtray: Do not open context menu on mouse pressed for SNI (kde#409768) * Revert "Fix overdraw on Wayland" * startkde: Forward stdout/stderr of started processes * SDDM theme: stop eliding people's names so aggressively (kde#450673) * applets/digital-clock: Word-wrap date string for desktop representation (kde#450632) * wrap completely the invariants timer in NDEBUG * ScreenPool as the source of truth of QScreen info * Always ensure there is an user selected (kde#450182) * Prevent panel going out of screen boundaries * applets/clipboard: Focus on text area when transition is done * applets/clipboard: Fix highlight after exiting edit mode - Drop patches, now upstream: * 0001-startkde-Forward-stdout-stderr-of-started-processes.patch - Restore compatibility with older kf5-filesystem ++++ breeze-gtk: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ hwdata: - Update to version 0.357 (bsc#1196332): + Updated pci, usb and vendor ids. ++++ kactivitymanagerd: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ kcm_sddm: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ kde-cli-tools5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kde-gtk-config5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ kernel-debug: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-source: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-source-azure: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-docs: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-kvmsmall: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-obs-build: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-obs-qa: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-syms: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-syms-azure: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kernel-vanilla: - kabi/severities: Ignore NPU DMA functions (bsc#1196433 ltc#196449). These cannot be supported anymore after the following changes. These were removed upstream in 5.3 because they were never used. - commit f1f926b - kABI: Add back some NPU related structure members (bsc#1196433 ltc#196449). - commit cc295da - Move kABI patches to kABI section. - commit 9b9f67a - powerpc/powernv: remove unused NPU DMA code (bsc#1196433 ltc#196449). - commit ba1f3b7 ++++ kernel-zfcpdump: - iwlwifi: pcie: add killer devices to the driver (bsc#1196802). - iwlwifi: add new killer devices to the driver (bsc#1196802). - commit 5e7d8b6 - cpufreq: intel_pstate: Update EPP for AlderLake mobile (bsc#1196848). - cpufreq: intel_pstate: ITMT support for overclocked system (bsc#1196849). - commit 68d5eea - drm: Don't test for IRQ support in VBLANK ioctls (bsc#1195464). - commit 0ef2c9a - lib/iov_iter: initialize "flags" in new pipe_buffer (CVE-2022-0847 bsc#1196584 git-fixes). - commit 9682d38 - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - commit 378df3f ++++ kgamma5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ khotkeys5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kinfocenter5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * fix up help paths (kde#450918) ++++ kinfocenter5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * fix up help paths (kde#450918) ++++ kmenuedit5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kmenuedit5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kscreen5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * Revert "KCM: Workaround unknown Qt issue that causes the revert dialog to be invisible" ++++ kscreenlocker: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ ksshaskpass5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ libksysguard5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * Fixed computational bug for bar chart spacing (kde#449868) - Restore compatibility with older kf5-filesystem ++++ ksystemstats5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kwayland-integration: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ kwayland-server: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * Fix kdebugsettings categories file * linuxdmabuf: Add unistd.h include ++++ kwin5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * backends/drm: don't change the configuration while KWin is terminating * backends/drm: wait for pending pageflips before doing a modeset * output changes: handle to-be-enabled outputs first * platform: check all outputs, not only enabled ones for the enabled flag * backends/drm: fix recording with direct scanout (kde#450943) * backends/drm: fix multi gpu (kde#450737) * backends/drm: fix format choosing (kde#450779) * inputmethod: fix placing the virtual keyboard at the bottom * Revert "Remove mysterious s_cursorUpdateBlocking boolean flag in pointer_input.cpp" (kde#449273) - Drop patches, now upstream: * 0001-Revert-Remove-mysterious-s_cursorUpdateBlocking-bool.patch - Restore compatibility with older kf5-filesystem ++++ kwrited5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ layer-shell-qt: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ libkscreen2: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ wireless-tools: - Fix URLs (wireless-tools home page has been migrated to github.io) ++++ libkdecoration2: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ texlive: - Lower the official required perl version used for biber to get it build on SLE-15-SP4 - Drop the obsolete patches of the poppler support * fix-lua-poppler-22.01.patch * source-pdftoepdf-backport-from-2020.patch * c++17-does-not-allow-dynamic-exception-specifications.patch * fix-luatexdir-poppler-22.01.patch * do-not-use-streamSetPos.patch * fix-poppler-config-from-c.patch - Ignore patch source-dvipdfm-x.dif from bsc#1099563 as it is part of upstream since TeXLive 2018 ++++ mariadb: - Build mariadb-galera on SLE (jsc#SLE-22245) - Add dependency on galera-4 for mariadb-galera - Remove old constraints for mariadb-galera ++++ libnvme: - Update License information. The library is released under LGPL-2.1-or-later and not LGPL-2.1-only. ++++ systemd: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) The script 'upgrade-from-pre-210.sh' used to initialize the default target during migration from sysvinit to systemd. However it created symlinks to runlevel targets, which are deprecated and might be missing when systemd-sysvcompat package is not installed. If such symlinks are found the script now renames them to point to 'true' systemd target units. - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. In most cases it will do the right thing anyway. - systemd.spec: minor simplification by assuming that %{bootstrap} is always defined. - Make sure to create 'systemd-coredump' system user when systemd-coredump is installed (follow-up for the split of the sysusers config files). ++++ tcmu-runner: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed; (bsc#1196787). ++++ libtirpc: - add option to enforce connection via protocol version 2 first (bsc#1196647) add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch ++++ milou5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ oxygen5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ pam_kwallet: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ parsec: - Update to 1.0.0-rc2: * Changelog: https://github.com/parallaxsecond/parsec/compare/1.0.0-rc1...1.0.0-rc2 - Remove CryptoAuthLib (CAL) provider as it is unmaintained. ++++ plasma-browser-integration: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma-nm5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma-vault: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-addons: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-openSUSE: - Update to 5.24.3 ++++ plasma5-desktop: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * kcms/touchpad: Remove weird Q_EMIT changed(false) in resizeEvent - Drop patches, now upstream: * 0001-kcms-touchpad-Remove-weird-Q_EMIT-changed-false-in-r.patch - Restore compatibility with older kf5-filesystem - Remove duplicate mention of kimpanel-ibus-panel ++++ plasma5-disks: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ plasma5-firewall: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-integration: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * [KDEPlatformFileDialog] Don't do stat if baseUrl didn't change ++++ plasma5-nano: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-pa: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * [kcm] Update device combobox when current device changes externally ++++ plasma5-phone-components: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-sdk: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-systemmonitor: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-thunderbolt: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plasma5-workspace-wallpapers: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ plymouth-theme-breeze: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ polkit-kde-agent-5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ powerdevil5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * Improved backlight devices selection (kde#399646) - Restore compatibility with older kf5-filesystem ++++ qqc2-breeze-style: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 ++++ slirp4netns: - security update - added patches fix CVE-2020-29130 [bsc#1179467], out-of-bounds access while processing ARP packets + slirp4netns-CVE-2020-29130.patch ++++ swaylock: - Update to 1.6: * Support for the new ext-session-lock-v1 protocol * Add --indicator-{x,y}-position CLI options * Support for key repeat * Fix a potential use-after-free * Fix indicator buffer not resizing after display powers off * Prevent attaching and committing the surface twice - Remove swaylock-version.patch: fixed ++++ systemd-mini: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) The script 'upgrade-from-pre-210.sh' used to initialize the default target during migration from sysvinit to systemd. However it created symlinks to runlevel targets, which are deprecated and might be missing when systemd-sysvcompat package is not installed. If such symlinks are found the script now renames them to point to 'true' systemd target units. - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. In most cases it will do the right thing anyway. - systemd.spec: minor simplification by assuming that %{bootstrap} is always defined. - Make sure to create 'systemd-coredump' system user when systemd-coredump is installed (follow-up for the split of the sysusers config files). ++++ systemsettings5: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - Changes since 5.24.2: * app/SettingsBase: Fix systemsettings unable to start when missing plugin (kde#451054) * ModuleView: Simplify and fix custom headers logic ++++ trytond_country: - added pycountry.diff (https://bugs.tryton.org/issue11128 ) build-conditions for TW added - runtime dependency python-pycountry added ++++ xdg-desktop-portal-kde: - Update to 5.24.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.24.3 - No code changes since 5.24.2 - Restore compatibility with older kf5-filesystem ++++ xkeyboard-config: - U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch * Backport French standardized AZERTY layout (AFNOR: NF Z71-300) (bsc#1188867) ++++ yast2: - Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326) - 4.4.46 ++++ yast2-installation: - Prevent getty auto-generation because it makes xvnc to fail when it is started in YaST second stage (bsc#1196614). - 4.4.48 ++++ yast2-packager: - Properly set the repository alias for the Full medium add-ons (bsc#1193214) - 4.4.24 ------------------------------------------------------------------ ------------------ 2022-3-7 - Mar 7 2022 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 91.6.1 ESR * Fixed: Security fix - Mozilla Firefox ESR 91.6.1 MFSA 2022-09 (bsc#1196809) * CVE-2022-26485 (bmo#1758062) Use-after-free in XSLT parameter processing * CVE-2022-26486 (bmo#1758070) Use-after-free in WebGPU IPC Framework ++++ autoyast2: - Properly handle the "dopackages" option in the openFile method of the AyastSetup module (bsc#1196566). - 4.4.35 ++++ barrel: - updated translations ++++ btop: - Update to upstream release 1.2.5: * Fixed: Fallback to less accurate UTF8 char count if conversion to wstring fails * Fixed: Small ui fixes for mem and disks * Added: New theme HotPurpleTrafficLight, by @pallebone * Fixed: title_left symbol between auto and zero in the net box is not displayed, by @mrdotx * Fixed: Mouse mappings for net box ++++ kernel-64kb: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-azure: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-default: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-preempt: - sr9700: sanity check for packet length (bsc#1196836). - commit 558034f - tracing: Fix return value of __setup handlers (git-fixes). - commit 184ff86 - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - commit f1e7b8d - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit fd10ace - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - commit 8b4713c - Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch (bsc#1194516 CVE-2022-0487). - Update patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch (bsc#1195612 CVE-2022-24448). - Update patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch (bsc#1196079 CVE-2022-0617). - Update patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch (bsc#1196079 CVE-2022-0617). - Update patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch (bsc#1194888 CVE-2022-0644 bsc#1196155). - commit 096ea36 ++++ discover: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ drkonqi5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ dtb-aarch64: - Move upstreamed patches into sorted section - commit 1900045 ++++ golang-github-prometheus-prometheus: - Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338) * Added 0003-Bump-client_golang-to-1.12.1.patch ++++ frr: - Apply backport fix for a buffer overflow in isisd due to the use of strdup with a non-zero-terminated binary string (bsc#1196506,CVE-2022-26126) [+ 0006-isisd-fix-10505-using-base64-encoding.patch] - Apply backport fix for a buffer overflow in isisd due to wrong checks on the input packet length (bsc#1196505,CVE-2022-26125) with workaround for the GIT binary patch to tests/isisd/test_fuzz_isis_tlv_tests.h.gz [+ 0005-isisd-fix-router-capability-TLV-parsing-issues.patch] - Apply fix for a buffer overflow in babeld due to wrong checks on the input packet length in the packet_examin and subtlv parsing (bsc#1196504,bsc#1196507,CVE-2022-26128,CVE-2022-26129) [+ 0004-babeld-fix-10502-10503-by-repairing-the-checks-on-le.patch] - Apply fix for a heap buffer overflow in babeld due to missing check on the input packet length (bsc#1196503,CVE-2022-26127) [+ 0003-babeld-fix-10487-by-adding-a-check-on-packet-length.patch] ++++ gdal: - Add gdal-fix-build-poppler.patch: Fix build with poppler 22.03.0 and newer. ++++ plasma5-workspace: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ kactivitymanagerd: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ kcm_sddm: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ kde-gtk-config5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ kernel-debug: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-source: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-source-azure: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-docs: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-kvmsmall: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-obs-build: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-obs-qa: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-syms: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-syms-azure: - Move upstreamed patches into sorted section - commit 1900045 ++++ kernel-vanilla: - sr9700: sanity check for packet length (bsc#1196836). - commit 7ac3395 - nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION (CVE-2022-26490 bsc#1196830). - commit 47ae8c5 ++++ kernel-zfcpdump: - Move upstreamed patches into sorted section - commit 1900045 ++++ kscreenlocker: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ libksysguard5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ kwin5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ libadwaita: - Update to version 1.1.rc: + AdwAvatar: Fix invalid UTF-8 handling. + AdwStyleManager: - Follow color-scheme on macOS. - Don't disable non-CSS animations during style changes. + AdwToast: Fix GVariant handling. + Stylesheet: Fix scrollbars inside .osd widgets. + Fix carousel indicator sizing. + Memory leak fixes. + Updated translations. ++++ opae: - Update opae-missing-shebang.patch as a couple of scripts were using /usr/bin/python and causing dependencies to python2 (bsc#1196764) ++++ ndctl: - Add support for reporting dirty shutdown count (jsc#SLE-18196). + 0016-libndctl-papr-Add-support-for-reporting-shutdown-cou.patch + 0009-libndctl-papr-Fix-probe-for-papr-scm-compatible-nvdi.patch + 0003-libndctl-Unify-adding-dimms-for-papr-and-nfit-famili.patch - Merge fixes that went into v72 and v73 - Documentation updates + 0015-ndctl-docs-Clarify-update-firwmware-activation-overf.patch + 0014-Documentation-ndctl-fix-self-reference-of-ndctl-disa.patch + 0013-daxctl-Add-Soft-Reservation-theory-of-operation.patch + 0008-ndctl-Update-nvdimm-mailing-list-address.patch - Label index block calculation fix + 0012-ndctl-dimm-Fix-label-index-block-calculations.patch + 0002-Expose-ndctl_bus_nfit_translate_spa-as-a-public-func.patch - Scrub fix + 0011-ndctl-scrub-Reread-scrub-engine-status-at-start.patch + 0010-ndctl-scrub-Stop-translating-return-values.patch - Add memblock count to JSON + 0007-daxctl-emit-counts-of-total-and-online-memblocks.patch - DAX disable fix + 0006-libndctl-check-for-active-system-ram-before-disablin.patch + 0005-libdaxctl-add-an-API-to-check-if-a-device-is-active.patch + 0001-ndctl-namespace-Fix-disable-namespace-accounting-rel.patch - DAX reconfigure fix + 0004-daxctl-fail-reconfigure-device-based-on-kernel-onlin.patch ++++ openmpi_3_1_6-gnu-hpc: - Add fix-rdma-component-selection.patch to fix bad rdma component selection which can cause stall when running on multiple IB nodes (bsc#1196838). ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#862 - log some environment variables - 4.4.93 ++++ tvm: - Skip test_meta_schedule_local_runner_time_out and test_meta_schedule_local_runner_exception tests on Leap/SLE since they require python 3.7+ ++++ vlc: - Update to version 3.0.17: + Core: * Fix a regression in parsing secondary source MRLs * Allow brackets in path part of URLs + Access: * Fix support for screen capture on macOS with avcapture * Fix closing of HTTP 1.x connections * Improve HTTP2 memory usage * Improve AVCapture module * Improve AudioCD support (audio/data mixed mode, musicbrainz) * Improve SMB compatibility by changing the read size * Several improvements on the SRT modules (including streamID) + Decoders/Packetizers: * Add support for DTS LBR * Fix some HEVC hardware decoding on Windows and crashes when aspect ratio changes * Fix hardware decoding for some AMD GPU drivers * Add support for new Fourcc for E-AC3, AV1, GeoVision * Fix crashes with VP9 streams * Fix styling issues with subs tx3g (mp4) tracks * Fix playback of live AV1 streams + Audio Output: * iOS/tvOS: add support for spatial audio * macOS: fix some channels ordering for > 5.1 channels * Android: rework audio volume management + Video Output: * Fix a D3D11 crash when the stream changes aspect ratio + Demux: * Major overhaul of the adaptive streaming stack * Support for DAV video files * Add WebP image mapping * Fix missing audio start of Opus audio in MKV/WebM * Fix an infinite loop in MP4 * Fix attachments extractions in ogg files * Support Uncompressed audio in mp4 (ISO/IEC 23003-5) * Fix some lip sync issue in rare MPEG-TS streams + Interface: * Qt/macOS: Fixup user provided URLs * Add safe area handling on macOS * Qt: improve preferences search * Qt: fix --no-mouse-events option + Misc: * Update YouTube script * Fix Icecast directory parsing which could lead to missing entries * Improve UPnP compatibility with some servers - Drop vlc-srto_tsbpddelay.patch: fixed upstream. ++++ vlc: - Update to version 3.0.17: + Core: * Fix a regression in parsing secondary source MRLs * Allow brackets in path part of URLs + Access: * Fix support for screen capture on macOS with avcapture * Fix closing of HTTP 1.x connections * Improve HTTP2 memory usage * Improve AVCapture module * Improve AudioCD support (audio/data mixed mode, musicbrainz) * Improve SMB compatibility by changing the read size * Several improvements on the SRT modules (including streamID) + Decoders/Packetizers: * Add support for DTS LBR * Fix some HEVC hardware decoding on Windows and crashes when aspect ratio changes * Fix hardware decoding for some AMD GPU drivers * Add support for new Fourcc for E-AC3, AV1, GeoVision * Fix crashes with VP9 streams * Fix styling issues with subs tx3g (mp4) tracks * Fix playback of live AV1 streams + Audio Output: * iOS/tvOS: add support for spatial audio * macOS: fix some channels ordering for > 5.1 channels * Android: rework audio volume management + Video Output: * Fix a D3D11 crash when the stream changes aspect ratio + Demux: * Major overhaul of the adaptive streaming stack * Support for DAV video files * Add WebP image mapping * Fix missing audio start of Opus audio in MKV/WebM * Fix an infinite loop in MP4 * Fix attachments extractions in ogg files * Support Uncompressed audio in mp4 (ISO/IEC 23003-5) * Fix some lip sync issue in rare MPEG-TS streams + Interface: * Qt/macOS: Fixup user provided URLs * Add safe area handling on macOS * Qt: improve preferences search * Qt: fix --no-mouse-events option + Misc: * Update YouTube script * Fix Icecast directory parsing which could lead to missing entries * Improve UPnP compatibility with some servers - Drop vlc-srto_tsbpddelay.patch: fixed upstream. ++++ minidlna: - update to version 1.3.1 (bsc#1196814) - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. (CVE-2022-26505) - Fix an socket leakage issue on some platforms. - Minor bug fixes. - added patch minidlna-1.3.0-1.3.1.patch as the new version was not tagged or released upstream - added BR for automake to fix build and readd autogen call - drop patch minidlna-multiple_definition.patch (upstreamed) - add "su minidlna minidlna" to the logrotate config ++++ mpich: - Update to mpich 4.0.1 (bsc#1194369) - All MPI-4 APIs have been implemented. Major MPI-4 features include MPI sessions, partitioned point-to-point communications, events in the MPI tool information interface, large-count functions, persistent collectives, MPI_Comm_idup_with_info, MPI_Isendrecv and MPI_Isendrecv_replace, MPI_Info_get_string, MPI_Comm_split_type with new split_type -- MPI_COMM_TYPE_HW_GUIDED and MPI_COMM_TYPE_HW_UNGUIDED. - Add MPIX_Delete_error_{class,code,string}. - MPI_Info objects can be accessed before MPI_Init{_thread}. - Drop support for UCX version < 1.7.0. - Multi-NIC support in ch4:ofi. - Extend IPC to support non-contig datatypes. - Many bug fixes and code clean-ups. - Drop 0001-Drop-real128.patch as it was fixed upstream - Refresh autogen-only-deal-with-json-yaksa-if-enabled.patch against latest sources ++++ mpich_4_0_1-gnu-hpc: - Update to mpich 4.0.1 (bsc#1194369) - All MPI-4 APIs have been implemented. Major MPI-4 features include MPI sessions, partitioned point-to-point communications, events in the MPI tool information interface, large-count functions, persistent collectives, MPI_Comm_idup_with_info, MPI_Isendrecv and MPI_Isendrecv_replace, MPI_Info_get_string, MPI_Comm_split_type with new split_type -- MPI_COMM_TYPE_HW_GUIDED and MPI_COMM_TYPE_HW_UNGUIDED. - Add MPIX_Delete_error_{class,code,string}. - MPI_Info objects can be accessed before MPI_Init{_thread}. - Drop support for UCX version < 1.7.0. - Multi-NIC support in ch4:ofi. - Extend IPC to support non-contig datatypes. - Many bug fixes and code clean-ups. - Drop 0001-Drop-real128.patch as it was fixed upstream - Refresh autogen-only-deal-with-json-yaksa-if-enabled.patch against latest sources ++++ mpich-ofi: - Update to mpich 4.0.1 (bsc#1194369) - All MPI-4 APIs have been implemented. Major MPI-4 features include MPI sessions, partitioned point-to-point communications, events in the MPI tool information interface, large-count functions, persistent collectives, MPI_Comm_idup_with_info, MPI_Isendrecv and MPI_Isendrecv_replace, MPI_Info_get_string, MPI_Comm_split_type with new split_type -- MPI_COMM_TYPE_HW_GUIDED and MPI_COMM_TYPE_HW_UNGUIDED. - Add MPIX_Delete_error_{class,code,string}. - MPI_Info objects can be accessed before MPI_Init{_thread}. - Drop support for UCX version < 1.7.0. - Multi-NIC support in ch4:ofi. - Extend IPC to support non-contig datatypes. - Many bug fixes and code clean-ups. - Drop 0001-Drop-real128.patch as it was fixed upstream - Refresh autogen-only-deal-with-json-yaksa-if-enabled.patch against latest sources ++++ mpich-ofi_4_0_1-gnu-hpc: - Update to mpich 4.0.1 (bsc#1194369) - All MPI-4 APIs have been implemented. Major MPI-4 features include MPI sessions, partitioned point-to-point communications, events in the MPI tool information interface, large-count functions, persistent collectives, MPI_Comm_idup_with_info, MPI_Isendrecv and MPI_Isendrecv_replace, MPI_Info_get_string, MPI_Comm_split_type with new split_type -- MPI_COMM_TYPE_HW_GUIDED and MPI_COMM_TYPE_HW_UNGUIDED. - Add MPIX_Delete_error_{class,code,string}. - MPI_Info objects can be accessed before MPI_Init{_thread}. - Drop support for UCX version < 1.7.0. - Multi-NIC support in ch4:ofi. - Extend IPC to support non-contig datatypes. - Many bug fixes and code clean-ups. - Drop 0001-Drop-real128.patch as it was fixed upstream - Refresh autogen-only-deal-with-json-yaksa-if-enabled.patch against latest sources ++++ multiload-ng: - Adding '_service' file to do the git leg work correctly. - Moving all 'BuildRequires' items to a single spot. - Removing 'make', replacing with '%make_build'. - Removing '%defattr'. ++++ openmpi3: - Add fix-rdma-component-selection.patch to fix bad rdma component selection which can cause stall when running on multiple IB nodes (bsc#1196838). ++++ openmpi3-testsuite: - Add fix-rdma-component-selection.patch to fix bad rdma component selection which can cause stall when running on multiple IB nodes (bsc#1196838). ++++ openmpi_3_1_6-gnu-hpc-testsuite: - Add fix-rdma-component-selection.patch to fix bad rdma component selection which can cause stall when running on multiple IB nodes (bsc#1196838). ++++ pam_kwallet: - Don't set LIBEXEC_INSTALL_DIR at build time, the variable is unused since plasma 5.22. - Use %_libexecdir - Make pam_wallet-common noarch ++++ plasma5-desktop: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ plasma5-disks: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ polkit-default-privs: - Update to version 13.2+20220307.7d87af8: * Backport Kcron whitelisting to 15.4 (bsc#1193945) ++++ polkit-kde-agent-5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ powerdevil5: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ qemu: - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++ qemu-linux-user: - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++ qemu-testsuite: - Build PPC firmwares from sources on non-PPC builds as well (bsc#1193545) - Build RiscV firmwares on non-RiscV builds as well - While there, refactor (and simplify!) the firmware building logic and code * Patches added: Makefile-define-endianess-for-cross-buil.patch Makefile-fix-build-with-binutils-2.38.patch - qemu,kvm,xen: NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503) * Patches added: hw-scsi-megasas-check-for-NULL-frame-in-.patch ++++ trytond: - on special request of our facory check script, we add the patches between tryton 5 and 6: * revert_werkzeug_setup.patch is being deleted * Update_changed_fields_6.0.diff is being added * Update_changed_fields.diff is being deleted * fix_werkzeug.patch is being deleted ++++ xdg-desktop-portal-kde: - Replace %_libdir/libexec with %_libexecdir (boo#1174075) ++++ yast2-trans: - Update to version 84.87.20220305.ba29422b84: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Swedish) * Translated using Weblate (Finnish) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'autoinst'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Slovak) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) ------------------------------------------------------------------ ------------------ 2022-3-6 - Mar 6 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-03-07 (bsc#1084929) ++++ llvm13: - Fix armv6hl cpu architecture typo. ++++ fpc: - Add fpc-3.2.2-ppc64le-toc-fixes.patch (fixes lazarus 2.2.0 build on ppc64le) ++++ fpc-doc: - Add fpc-3.2.2-ppc64le-toc-fixes.patch (fixes lazarus 2.2.0 build on ppc64le) ++++ gnuhealth: - version 4.0.0 * based on Tryton 6.0 * Improved ergonomics on the GTK client * New HELP command that allows offline and contextualized documentation * WebDAV and CalDAV packages are fully integrated in GH (no links) * Weblate now holds 34 language teams! * Removed obsoleted binary ODT (except for some charts) * Improved integration with OpenStreetMap (OSM) * Improved surgery and patient evaluation flows * New health service Dx imaging package * Update person gender list * Add medical evaluations to health services * Include (optional) expiration date on the person ID * Add context field for Dx Imaging and Lab tests ++++ gnuhealth-client: - version 4.0.0 * based on Tryton 6.0 * for details see CHANGELOG ++++ mirrorsorcerer: - Update to version 0.1.0~9: * Fix oneshot mode to work correctly * Improve options for performance ++++ moarvm: - Backport fix for issue discovered after release. Add moarvm_wrong_value_after_multi_level_inlining.diff to be removed with the next version. ++++ python-Kivy: - Update to version 2.1.0, see changelog.rst ------------------------------------------------------------------ ------------------ 2022-3-5 - Mar 5 2022 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-azure: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-default: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-preempt: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - commit 46ecf36 - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 0f3e3c7 ++++ dtb-aarch64: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ expat: - Security fixes: * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 breaks biboumi, ClairMeta, jxmlease, libwbxml, openleadr-python, rnv, xmltodict - Added expat-CVE-2022-25236-relax-fix.patch ++++ open-iscsi: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ++++ java-1_8_0-openjdk: - Update to version jdk8u322 (icedtea-3.22.0) * January 2022 CPU * Security fixes + JDK-8264934, CVE-2022-21248, bsc#1194926: Enhance cross VM serialization + JDK-8268488: More valuable DerValues + JDK-8268494: Better inlining of inlined interfaces + JDK-8268512: More content for ContentInfo + JDK-8268795: Enhance digests of Jar files + JDK-8268801: Improve PKCS attribute handling + JDK-8268813, CVE-2022-21283, bsc#1194937: Better String matching + JDK-8269151: Better construction of EncryptedPrivateKeyInfo + JDK-8269944: Better HTTP transport redux + JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String constructions + JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction of Identity maps + JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of URIs + JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser configuration management + JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of XML entities + JDK-8271962: Better TrueType font loading + JDK-8271968: Better canonical naming + JDK-8271987: Manifest improved manifest entries + JDK-8272014, CVE-2022-21305, bsc#1194939: Better array indexing + JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar Verification + JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms for transport + JDK-8272272: Enhance jcmd communication + JDK-8272462: Enhance image handling + JDK-8273290: Enhance sound handling + JDK-8273748, CVE-2022-21349: Improve Solaris font rendering + JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image support + JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP processing * Import of OpenJDK 8 u322 + JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken + JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/ /MetalUtils/bug6190373.java fails NPE since 7u25b03 + JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/ /bug5076514.java failed since jdk8b108 + JDK-8041928: MouseEvent.getModifiersEx gives wrong result + JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402 + JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + JDK-8048021: Remove @version tag in jaxp repo + JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage + JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java + JDK-8066588: javax/management/remote/mandatory/connectio /RMIConnector_NPETest.java fails to compile + JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS + JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure + JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade + JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank + JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated + JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind + JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator + JDK-8148915: Intermittent failures of bug6400879.java + JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism + JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black + JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests + JDK-8182036: Load from initializing arraycopy uses wrong memory state + JDK-8183369: RFC unconformity of HttpURLConnection with proxy + JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" + JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll + JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar + JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride + JDK-8190793: Httpserver does not detect truncated request body + JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail + JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit + JDK-8210058: Algorithmic Italic font leans opposite angle in Printing + JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 + JDK-8225083: Remove Google certificate that is expiring in December 2021 + JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread + JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software + JDK-8231438: [macOS] Dark mode for the desktop is not supported + JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina + JDK-8232226: [macos 10.15] test/jdk/java/awt/color/ /EqualityTest/EqualityTest.java may fail + JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/ /DrawImageBG/SystemBgColorTest.java fails + JDK-8236897: Fix the copyright header for pkcs11gcm2.h + JDK-8237499: JFR: Include stack trace in the ThreadStart event + JDK-8239886: Minimal VM build fails after JDK-8237499 + JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0 + JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" + JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/ /PageDialogMarginTest.java catches all exceptions + JDK-8273308: PatternMatchTest.java fails on CI + JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 + JDK-8273826: Correct Manifest file name and NPE checks + JDK-8273968: JCK javax_xml tests fail in CI + JDK-8274407: (tz) Update Timezone Data to 2021c + JDK-8274467: TestZoneInfo310.java fails with tzdata2021b + JDK-8274468: TimeZoneTest.java fails with tzdata2021b + JDK-8274595: DisableRMIOverHTTPTest failed: connection refused + JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST + JDK-8275766: (tz) Update Timezone Data to 2021e + JDK-8275849: TestZoneInfo310.java fails with tzdata2021e + JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 - Added patch: * JDK-8076190.patch + backport reviewed fix for JDK-8076190 Customizing the generation of a PKCS12 keystore (bsc#1195163) ++++ kernel-debug: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-source: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-source-azure: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-docs: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-kvmsmall: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-obs-build: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-obs-qa: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-syms: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-syms-azure: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ kernel-zfcpdump: - scsi: smartpqi: Add PCI IDs (bsc#1196627). - commit 7890c4e ++++ xfce4-diskperf-plugin: - Update to version 2.7.0 * Enable high-frequency tooltip updates * Remove rounding to multiples of 5 MiB/s * Change default maximum I/O bandwidth from 40 MiB/s to 1024 MiB/s * Adjust tooltip spacing * Update and sort the list of authors * Bump required GTK+ version to 3.16 * Update README * Reformat copyright notices * Update configuration files * Fix compilation warnings * Code cleanups * Translation Updates ------------------------------------------------------------------ ------------------ 2022-3-4 - Mar 4 2022 ------------------- ------------------------------------------------------------------ ++++ FreeCAD: - Add some unit test fixes: * 0001-Test-remove-not-needed-u-before-py3-unicode-string.patch * 0001-Test-fix-exception-handling-in-tests-for-units.patch * 0001-Test-Provide-more-useful-information-when-unit-trans.patch * 0002-Base-Fix-wrong-character-encoding-for-micro-siemens.patch ++++ autoyast2: - Avoid login while running AutoYaST init-scripts (bsc#1196594 and related to bsc#1195059). - 4.4.34 ++++ bluez: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ ceph: - Update to 16.2.7-577-g3e3603b5dd1 + Update prometheus-server version ++++ ceph-test: - Update to 16.2.7-577-g3e3603b5dd1 + Update prometheus-server version ++++ chromium: - Chromium 99.0.4844.51 (boo#1196641) * CVE-2022-0789: Heap buffer overflow in ANGLE * CVE-2022-0790: Use after free in Cast UI * CVE-2022-0791: Use after free in Omnibox * CVE-2022-0792: Out of bounds read in ANGLE * CVE-2022-0793: Use after free in Views * CVE-2022-0794: Use after free in WebShare * CVE-2022-0795: Type Confusion in Blink Layout * CVE-2022-0796: Use after free in Media * CVE-2022-0797: Out of bounds memory access in Mojo * CVE-2022-0798: Use after free in MediaStream * CVE-2022-0799: Insufficient policy enforcement in Installer * CVE-2022-0800: Heap buffer overflow in Cast UI * CVE-2022-0801: Inappropriate implementation in HTML parser * CVE-2022-0802: Inappropriate implementation in Full screen mode * CVE-2022-0803: Inappropriate implementation in Permissions * CVE-2022-0804: Inappropriate implementation in Full screen mode * CVE-2022-0805: Use after free in Browser Switcher * CVE-2022-0806: Data leak in Canvas * CVE-2022-0807: Inappropriate implementation in Autofill * CVE-2022-0808: Use after free in Chrome OS Shell * CVE-2022-0809: Out of bounds memory access in WebXR - Removed patches: * chromium-96-EnumTable-crash.patch * chromium-89-missing-cstring-header.patch * chromium-95-libyuv-aarch64.patch * chromium-95-libyuv-arm.patch * chromium-98-MiraclePtr-gcc-ice.patch * chromium-98-WaylandFrameManager-check.patch - Added patches: * chromium-97-arm-tflite-cast.patch * chromium-98-gtk4-build.patch * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch * chromium-98-EnumTable-crash.patch * chromium-third_party-symbolize-missing-include.patch * chromium-v8-missing-utility-include.patch ++++ kernel-64kb: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-azure: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-default: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-preempt: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 0c68bb9 - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - commit 4dafe3d - net/mlx5e: Fix modify header actions memory leak (git-fixes). - commit 2d08f14 - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - commit 644c57f - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - commit 09653f6 - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - commit b2241ca - net: sfc: Replace in_interrupt() usage (git-fixes). - commit 254377d - gtp: remove useless rcu_read_lock() (git-fixes). - commit 2588833 - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - commit 28ecaea - Refresh patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch. - Refresh patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch. - Refresh patches.suse/ibmvnic-complete-init_done-on-transport-events.patch. - Refresh patches.suse/ibmvnic-define-flush_reset_queue-helper.patch. - Refresh patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch. - Refresh patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch. - Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch. - Refresh patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch. - Refresh patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch. - Refresh patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch. - Refresh patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch. - Refresh patches.suse/xfrm-fix-mtu-regression.patch. - commit 25457d5 - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit 30b89a9 - batman-adv: Don't expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - commit 1c8fa49 - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 1dafeb6 ++++ dtb-aarch64: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ firewalld: - Fix modprobe.d directory for SLE15 SP3 - Always own %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ google-guest-configs: - install modprobe.d files to /lib/modprobe.d on SLE (bsc#1196275, jsc#SLE-20639) ++++ grub2: - Support saving grub environment for POWER signed grub images (jsc#SLE-23854) * 0001-Add-grub_envblk_buf-helper-function.patch * 0002-Add-grub_disk_write_tail-helper-function.patch * 0003-grub-install-support-prep-environment-block.patch * 0004-Introduce-prep_load_env-command.patch * 0005-export-environment-at-start-up.patch - Use enviroment variable in early boot config to looking up root device * grub2.spec ++++ kernel-debug: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-source: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-source-azure: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-docs: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-kvmsmall: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-obs-build: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-obs-qa: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-syms: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-syms-azure: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ kernel-vanilla: - Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584) - commit 43f0d0b ++++ kernel-zfcpdump: - Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403) Deleted: patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch - commit 4606b8c - Update kabi files for intel_pmt_dev_create (bsc#1196591) - commit 40a0e22 ++++ util-linux: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ++++ s390-tools: - install modprobe.conf files into %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ wireless-tools: - install modprobe.conf files in %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ texlive: - Backport TeXLive 2021, full python3 support and no poppler anymore ++++ ndctl: - Install modprobe.conf file to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ openssl-1_1: - Security fix: [bsc#1192820, CVE-2002-20001] * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE calculation. * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST * Rebase openssl-DEFAULT_SUSE_cipher.patch ++++ papi: - Change papi_hl_output_writer.py script to reference Python3 (bsc#1196709) New patch: python3.patch ++++ papi_6_0_0_1-hpc: - Change papi_hl_output_writer.py script to reference Python3 (bsc#1196709) New patch: python3.patch ++++ libpsm2: - move modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ plasma5-pk-updates: - Update to version 0.3.2+git70: * Improve EULA dialog layout after QQC2 regressions ++++ python-ipython: - Add CVE-2022-21699-unnecessary-privs.patch confining executed process to have limited privileges. (CVE-2022-21699 bsc#1194936). ++++ python3-libmount: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ++++ raspberrypi-firmware: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ raspberrypi-firmware-config: - Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) ++++ supportutils: - Changes to version 3.1.20 + Added command blkid #114 + Added s390x specific files and output #115 + Fix for invalid argument during updates (bsc#1193204) + Optimized conf_files, conf_files_text and log_cmd functions #118 + Fixed iscsi initiator name (bsc#1195797) + Added rpcinfo -p output #116 + Included /etc/sssd/conf.d configuration files #100 ++++ texlive-filesystem: - Backport TeXLive 2021, full python3 support and no poppler anymore ++++ util-linux-systemd: - Prevent root owning of /var/lib/libuuid/clock.txt (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). ++++ xorg-x11-server: - U_xfree86-Fix-NULL-pointer-dereference-crash.patch * Fix a regression in u_xfree86-Change-displays-array-to-pointers-array-to-f.patch (boo#1196577) * Credits go to Simon Lees for finding the fix! - renamed u_xfree86-Change-displays-array-to-pointers-array-to-f.patch to U_xfree86-Change-displays-array-to-pointers-array-to-f.patch since it's a backport from an upstream patch ++++ yast2-installation: - Avoid terminal login prompt when running Second Stage service (bsc#1196594 and related to bsc#1195059). - 4.4.47 ------------------------------------------------------------------ ------------------ 2022-3-3 - Mar 3 2022 ------------------- ------------------------------------------------------------------ ++++ FreeCAD: - Update to version 0.19.4: * Lots of bugfixes, for details see https://github.com/FreeCAD/FreeCAD/releases/tag/0.19.4 ++++ Mesa: - baselibs.conf: readded mistakenly removed packages * Mesa-libVulkan-devel * Mesa-vulkan-device-select * Mesa-vulkan-overlay ++++ Mesa-drivers: - baselibs.conf: readded mistakenly removed packages * Mesa-libVulkan-devel * Mesa-vulkan-device-select * Mesa-vulkan-overlay ++++ audacity: - Remove ffmpeg-3 requirement, audacity finds ffmpeg by itself. See boo#1196685 ++++ autoyast2: - Consider user selected packages as optional to not block the installation (bsc#1195747). - 4.4.33 ++++ libcaca: - If an image has a size of 0x0, when exporting, no data is written and space is allocated for the header only, not taking into account that sprintf appends a NUL byte. [CVE-2021-30498, CVE-2021-30499, bsc#1184751, bsc#1184752, bsc1184751-add-space-for-NUL-byte.patch] ++++ rust1.59: - Resolve issue with multibuild test ++++ kernel-64kb: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-azure: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-default: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-preempt: - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - commit 3d0b2e2 - blacklist.conf: Add 51e50fbd3efc psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n - commit 2727993 - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - commit a54291e - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit 59ca885 - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - commit 6dcfd65 - blk-mq: don't free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - commit 5b79ad2 ++++ dtb-aarch64: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ go1.16: - go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and to the net package Refs boo#1182345 go1.16 release tracking CVE-2022-24921 * boo#1196732 go#51112 CVE-2022-24921 * go#51117 regexp: stack overflow (process exit) handling deeply nested regexp * go#51331 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists * go#51198 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations * go#51161 net: use EDNS to increase DNS packet size [freeze exception] * go#50733 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two ++++ go1.17: - go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509, and net packages. Refs boo#1190649 go1.17 release tracking CVE-2022-24921 * boo#1196732 go#51112 CVE-2022-24921 * go#51118 regexp: stack overflow (process exit) handling deeply nested regexp * go#51332 cmd/go/internal/modfetch: erroneously resolves a v2+incompatible version when a v2/go.mod file exists * go#51199 cmd/compile: "runtime: bad pointer in frame" in riscv64 with complier optimizations * go#51162 net: use EDNS to increase DNS packet size [freeze exception] * go#50734 runtime/metrics: time histogram sub-bucket ranges are off by a factor of two * go#51000 crypto/x509: invalid RDNSequence: invalid attribute value: unsupported string type: 18 ++++ pipewire: - Update to version 0.3.48: * Highlights - Fix IEC958 passthrough again. - Fix pulse-server crashes when playing a sample. - Support for more a more advanced upmixing algorithm. - filter-chain now supports arbitrary many ports. - Fix multichannel support in WINE (with new WirePlumber). - Many bugfixes and improvements. * PipeWire - The work queue is now created in the context so we can fail early and avoid further error checking in various places. - Fix a potential use after free with threaded loops. - The protocol now has a message footer. This is used to pass around global state such as the last registered object serial number. This can be used to detect when a client tries to bind to old (but reused) object ids. This avoids some races in the session manager but also when binding objects. - The zero-denormals CPU flag is now not touched anymore unless explicitly selected by the user. Denormals are avoided in filter-chain now in software. If the zero-denormals are now only configured in the data thread. This should fix issues with luajit. - Configuration parsing will not actually fail on errors. - pw-top now correctly clips unicode characters. - Many places now use a dynamic POD builder to support arbitrary large property sets. - pw-stream now support PropInfo parameters so that they can announce custom properties. - Serial number are now also set on metadata and session-manager objects. * SPA - audioadapter is now smarter when trying to fixate the format. It will use the PortConfig format to fill in any wildcards. This results in the least amount of conversions when the stream can handle it. It also is part of a fix (also requires a session manager fix) for WINE multichannel support. - Fix 5.1 to 2 channels mixing. It was using the volume of the stereo pair on all channels. - Fix some weird volume issues when a source is capturing and channelmixing. - Add stereo to 7.1 upmixing. - The channelmix parameters can be changed at runtime now. - Many improvements to the upmixing algorithms. Rear channels are now constructed from the ambient sound and can have delay and phase shift applied to them to improve spacialisation. The stereo channels can be filtered so that the dialogue is more concentrated in the centre channel. * modules - Module X11 bell received cleanups and improvements. - The module now has a private method to schedule unload later. This simplifies cleanup in many modules. - module-filter-chain now handles arbitrary many ports and control ports. - Fix a bug in RAOP where it was reading from the wrong port. * pulse-server - Nodes with the DONT_MOVE property should fail with -EINVAL when they are moved. - Fix a segfault when playing a sample. - The _FIX flags in pulse-server also now ignore the configured sample format, just like pulseaudio does. - Fix IEC958 passthrough again. It got accidentally broken since 0.3.45 with a fix for another issue. - Fix module-null-sink device.description. * Bluetooth - Don't try to connect HSP/HFP when no backend is available. - Drop patches already included upstream: * 0001-revert-loop-remove-destroy-list.patch * 0002-pulse-server-free-pending-sample-reply.patch - Rebase reduce-meson-dependency.patch. - Enable pulseaudio-setup use on openSUSE Leap 15.4. - Some spec clean-up. ++++ helm: - build against go 1.17 similar to how upstream does ++++ instlux: - upgraded to 15.4.0. * Added Leap 15.4 (but not default) ++++ kernel-debug: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-source: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-source-azure: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-docs: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-kvmsmall: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-obs-build: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-obs-qa: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-syms: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-syms-azure: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ kernel-vanilla: - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - commit 936ea82 ++++ kernel-zfcpdump: - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - commit de17db9 ++++ util-linux: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ++++ libnvme: - Update to version 1.0-rc5: * ioctl: Set lsp to action in nvme_get_log_persistent_event (bsc#1196121) * tree: Ignore traddr case in nvme_lookup_ctrl() (bsc#1194025) * fabrics: Do not swap bytes for system uuid (bsc#1196565) * documentation updates ++++ o2scl: - Add o2scl-eos_quark_cfl6-test-increase-tol.patch: Increase the tolerance of a test that fails due to minor tolerance issues on x86_64 [gh#awsteiner/o2scl#18]. ++++ subversion: - Fix testCrash_RequestChannel_nativeRead_AfterException test on aarch64 and ppc64le, bsc#1195486 bsc#1193778 * fix-javahl-test.patch ++++ libyui: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-ncurses: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-ncurses-pkg: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-ncurses-rest-api: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-qt: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-qt-graph: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-qt-pkg: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-qt-rest-api: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ libyui-rest-api: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ nvme-cli: - Update to version 2.0-rc5: * nvme: passthru bugfix(wrong jump, wrong file descriptor) * nvme-cli: Ignore traddr case (bsc#1194025) * nvme: fix segfault in nvme telemetry-log error handling * fabrics: ensure zero kato for non-persistent controllers * documenation updates ++++ nvme-stas: - Correct License information. This project is licenced under Apache License 2.0. - Mark sys.conf.doc as config file. - Add gobject-introspection BuildRequires: enable typelib introspection. This allows RPM to add a bunch of autodetected dependenices by inspecting the python scripts (basedon python-gobject). ++++ ongres-scram: - update to version 2.1 * Added standard SASLPrep (bsc#1196693)(jsc#SLE-23993, jsc#SLE-23994) * Failover to bouncy castle implementation of PBKDF2WithHmacSHA256 to support Oracle JDK 7 * Updated saslprep to version 1.1 to remove a build dependency coming from stringprep module ++++ ongres-stringprep: - ongres-stringprep 1.1 - initial package (bsc#1196693) (jsc#SLE-23993, jsc#SLE-23994) Add: * fix-dir-create.patch ++++ libyui-bindings: - Update also the stylesheet (theme) for the RichText content when changing the UI theme (bsc#1196296) - 4.3.2 ++++ postgresql-jdbc: - Upgrade to upstream version 42.2.25 * uses SASLprep normalization for SCRAM authentication fixing some issues with spaces in passwords. (bsc#1196693) (jsc#SLE-23993, jsc#SLE-23994) * https://jdbc.postgresql.org/documentation/changelog.html ++++ python3-libmount: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ++++ python-magic-wormhole: - Module ipaddress is part of the standard library now (bsc#1195072). ++++ python-protonvpn-nm-lib: - Update to 3.7.0 * Bug fixes and improvments ++++ sudo: - Add sudo-1.9.9-honor-T_opt.patch * the -T option of sudo does nothing even when 'Defaults user_command_timeouts' is present in the configuration. * [bsc#1193446] * Credit to Jaroslav Jindrak ++++ systemd-rpm-macros: - Bump version to 11 - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406) Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d... ++++ trivy: - Update to version 0.24.2: * fix(pom): keep an order of dependencies (#1784) * chore: bump up Go to 1.17 (#1781) * chore(deps): bump actions/setup-python from 2 to 3 (#1776) * chore(deps): bump golangci/golangci-lint-action from 2 to 3.1.0 (#1777) ++++ util-linux-systemd: - Make uuidd lock state file usable and time based UUIDs safe again (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). - Fix "su -s" bash completion (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). ++++ xen: - bsc#1196545 - GCC 12: xen package fails gcc12-fixes.patch ++++ yast2-audit-laf: - Set the name of the auto client in the desktop file (bsc#1196590). - 4.4.2 ++++ yast2-installation: - Fixed crash when starting the expert console (bsc#1196724) - 4.4.46 ++++ yast2-network: - Added connection config writers for Qeth and Hipersocket devices (bsc#1196582) - 4.4.43 ------------------------------------------------------------------ ------------------ 2022-3-2 - Mar 2 2022 ------------------- ------------------------------------------------------------------ ++++ apache2: - security update - added patches fix CVE-2021-44224 [bsc#1193943], NULL dereference or SSRF in forward proxy configurations + apache2-CVE-2021-44224.patch fix CVE-2021-44790 [bsc#1193942], buffer overflow when parsing multipart content in mod_lua + apache2-CVE-2021-44790.patch ++++ cantata: - Update to 2.5.0: * Update translations. * Limit number of album tracks shown in context view to 500, thanks to ccoors. * Fix Community Radio Browser search. * Remove dirble from radio section, as its no longer active. * Better handling of CUE tracks when MPD is set to list as directory. * Disable CUE parsing in cantata by default, as MPD handles this better now. * Remember, and restore, main window position. * Disable categorized view, as its been reported to crash (#1530) * Remove stream providers, as many broken. * Fix decoding URLs when playing local files via in-built HTTP server. * Remove option to select cover image providers, always use all. * Remove Google and Spotify image search, not working. * Allow smaller images in itemviews. * Fix newlines showing as HTML tags in contextview. * Fix updating now-plying metadata for radio streams that transmit track numbers. * When stopping Cantata controlled MPD instance, wait up to 2 seconds for MPD to gracefully terminate (so config can be saved) before killing process. * Add support for MPD's "Partitions" - implemented by dphoyes. Requires MPD 0.22 or above. * Allow queue to be sorted by path. * Fix some deprecation warnings - thanks to John Regan. * Fix crash when trying to copy songs to MTP device but libMTP has failed to get storage list. * Don't save queue if string entered in dave dialog but cancel button pressed. * Handle case where IceCast list is not GZipped. * Remove SoundCloud support, no longer works due to API changes. * Correctly update play queue time when re-order tracks - thanks to Philip Sequeira. * When searching for lyrics, if fail and artist starts with "The " then try again without "The " * Add "Refresh" action to hover actions for podcasts. * Remove superfluous blank space from the top of the cover tooltip. * Fix looking for cover-art with MPD's new cue track file listing. * Add Grouping tag support to playlists and play queue. * Use QCollator to compare strings. * If using table-style play queue, then only sort one column at a time. * Stop user MPD instance from GUI thread when terminating, to ensure state can be saved. * Don't write empty genres to tags. - Remove fix-translations-with-qt5.diff ++++ cantata: - Update to 2.5.0: * Update translations. * Limit number of album tracks shown in context view to 500, thanks to ccoors. * Fix Community Radio Browser search. * Remove dirble from radio section, as its no longer active. * Better handling of CUE tracks when MPD is set to list as directory. * Disable CUE parsing in cantata by default, as MPD handles this better now. * Remember, and restore, main window position. * Disable categorized view, as its been reported to crash (#1530) * Remove stream providers, as many broken. * Fix decoding URLs when playing local files via in-built HTTP server. * Remove option to select cover image providers, always use all. * Remove Google and Spotify image search, not working. * Allow smaller images in itemviews. * Fix newlines showing as HTML tags in contextview. * Fix updating now-plying metadata for radio streams that transmit track numbers. * When stopping Cantata controlled MPD instance, wait up to 2 seconds for MPD to gracefully terminate (so config can be saved) before killing process. * Add support for MPD's "Partitions" - implemented by dphoyes. Requires MPD 0.22 or above. * Allow queue to be sorted by path. * Fix some deprecation warnings - thanks to John Regan. * Fix crash when trying to copy songs to MTP device but libMTP has failed to get storage list. * Don't save queue if string entered in dave dialog but cancel button pressed. * Handle case where IceCast list is not GZipped. * Remove SoundCloud support, no longer works due to API changes. * Correctly update play queue time when re-order tracks - thanks to Philip Sequeira. * When searching for lyrics, if fail and artist starts with "The " then try again without "The " * Add "Refresh" action to hover actions for podcasts. * Remove superfluous blank space from the top of the cover tooltip. * Fix looking for cover-art with MPD's new cue track file listing. * Add Grouping tag support to playlists and play queue. * Use QCollator to compare strings. * If using table-style play queue, then only sort one column at a time. * Stop user MPD instance from GUI thread when terminating, to ensure state can be saved. * Don't write empty genres to tags. - Remove fix-translations-with-qt5.diff ++++ rust1.58: - Add recommends for GCC for installs to be able to link. - Add suggests for lld/clang which are faster than gcc for linking to allow users choice on what they use. ++++ kernel-64kb: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-azure: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-default: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-preempt: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - commit 3f54d95 - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - commit a04953d ++++ containerd: - Add patch for CVE-2022-23648. bsc#1196441 + CVE-2022-23648.patch ++++ gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-aarch64-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-arm-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-hppa-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-i386-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-m68k-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-mips-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-nvptx-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-ppc64-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-ppc64le-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-riscv64-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-s390x-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-sparc-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-sparc64-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ cross-x86_64-gcc11: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ python-kiwi: - Stick to pytest v6.x.y Signed-off-by: David Cassany - Don't exit the script on deprecated function use (bsc#1196644) The "exit 0" there stops processing of the calling script with a success exit code, which leads to incomplete and broken images. ++++ dtb-aarch64: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ efl: - Drop python-devel BuildRequires: not needed. ++++ flac: - Fix out of bound write in append_to_verify_fifo_interleaved_ (CVE-2021-0561 bsc#1196660): libFlac-Exit-at-EOS-in-verify-mode.patch ++++ gcc11-testresults: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Add gcc11-D-dependence-fix.patch to fix memory corruption when creating dependences with the D language frontend. - Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap on aarch64 which is unresolvable. ++++ kernel-debug: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-source: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-source-azure: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-docs: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-kvmsmall: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-obs-build: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-obs-qa: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-syms: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-syms-azure: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-vanilla: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - gve: Recording rx queue before sending to napi (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652). - gve: Fix GFP flags when allocing pages (jsc#SLE-23652). - gve: Add consumed counts to ethtool stats (jsc#SLE-23652). - gve: Implement suspend/resume/shutdown (jsc#SLE-23652). - gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652). - gve: remove memory barrier around seqno (jsc#SLE-23652). - gve: Update gve_free_queue_page_list signature (jsc#SLE-23652). - gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652). - gve: Correct order of processing device options (jsc#SLE-23652). - gve: fix for null pointer dereference (jsc#SLE-23652). - gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652). - gve: Add a jumbo-frame device option (jsc#SLE-23652). - gve: Implement packet continuation for RX (jsc#SLE-23652). - gve: Add RX context (jsc#SLE-23652). - gve: Track RX buffer allocation failures (jsc#SLE-23652). - gve: Allow pageflips on larger pages (jsc#SLE-23652). - gve: Add netif_set_xps_queue call (jsc#SLE-23652). - gve: Do lazy cleanup in TX path (jsc#SLE-23652). - gve: Add rx buffer pagecnt bias (jsc#SLE-23652). - gve: Switch to use napi_complete_done (jsc#SLE-23652). - gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652). - gve: DQO: avoid unused variable warnings (jsc#SLE-23652). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (jsc#SLE-23652). - gve: fix gve_get_stats() (jsc#SLE-23652). - gve: Properly handle errors in gve_assign_qpl (jsc#SLE-23652). - gve: Avoid freeing NULL pointer (jsc#SLE-23652). - gve: Correct available tx qpl check (jsc#SLE-23652). - gve: fix the wrong AdminQ buffer overflow check (jsc#SLE-23652). - gve: DQO: Remove incorrect prefetch (jsc#SLE-23652). - gve: Simplify code and axe the use of a deprecated API (jsc#SLE-23652). - gve: Propagate error codes to caller (jsc#SLE-23652). - gve: Fix an error handling path in 'gve_probe()' (jsc#SLE-23652). - gve: Fix swapped vars when fetching max queues (jsc#SLE-23652). - gve: DQO: Fix off by one in gve_rx_dqo() (jsc#SLE-23652). - gve: Fix warnings reported for DQO patchset (jsc#SLE-23652). - gve: DQO: Add RX path (jsc#SLE-23652). - gve: DQO: Add TX path (jsc#SLE-23652). - gve: DQO: Configure interrupts on device up (jsc#SLE-23652). - gve: DQO: Add ring allocation and initialization (jsc#SLE-23652). - gve: DQO: Add core netdev features (jsc#SLE-23652). - gve: Update adminq commands to support DQO queues (jsc#SLE-23652). - gve: Add DQO fields for core data structures (jsc#SLE-23652). - gve: Add dqo descriptors (jsc#SLE-23652). - gve: Add support for DQO RX PTYPE map (jsc#SLE-23652). - gve: adminq: DQO specific device descriptor logic (jsc#SLE-23652). - gve: Introduce per netdev `enum gve_queue_format` (jsc#SLE-23652). - gve: Introduce a new model for device options (jsc#SLE-23652). - gve: Make gve_rx_slot_page_info.page_offset an absolute offset (jsc#SLE-23652). - gve: gve_rx_copy: Move padding to an argument (jsc#SLE-23652). - gve: Move some static functions to a common file (jsc#SLE-23652). - gve: Correct SKB queue index validation (jsc#SLE-23652). - gve: Upgrade memory barrier in poll routine (jsc#SLE-23652). - gve: Add NULL pointer checks when freeing irqs (jsc#SLE-23652). - gve: Update mgmt_msix_idx if num_ntfy changes (jsc#SLE-23652). - gve: Check TX QPL was actually assigned (jsc#SLE-23652). - net: gve: remove duplicated allowed (jsc#SLE-23652). - net: gve: convert strlcpy to strscpy (jsc#SLE-23652). - gve: Add support for raw addressing in the tx path (jsc#SLE-23652). - gve: Rx Buffer Recycling (jsc#SLE-23652). - gve: Add support for raw addressing to the rx path (jsc#SLE-23652). - gve: Add support for raw addressing device option (jsc#SLE-23652). - gve: Replace zero-length array with flexible-array member (jsc#SLE-23652). - gve: Enable Link Speed Reporting in the driver (jsc#SLE-23652). - gve: Use link status register to report link status (jsc#SLE-23652). - gve: Batch AQ commands for creating and destroying queues (jsc#SLE-23652). - gve: NIC stats for report-stats and for ethtool (jsc#SLE-23652). - gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (jsc#SLE-23652). - gve: Use dev_info/err instead of netif_info/err (jsc#SLE-23652). - gve: Add stats for gve (jsc#SLE-23652). - gve: Get and set Rx copybreak via ethtool (jsc#SLE-23652). - net: Google gve: Remove dma_wmb() before ringing doorbell (jsc#SLE-23652). - gve: Fix the queue page list allocated pages count (jsc#SLE-23652). - gve: fix dma sync bug where not all pages synced (jsc#SLE-23652). - commit 11aa9c5 - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kernel-zfcpdump: - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") - commit 68fa069 - Refresh sorted patches. - commit 0c5d65a - Refresh patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch. - commit 783700c - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - commit 88ba5ec ++++ kpmcore: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Do not repeatedly open and close file when reading from it. * Do not repeatedly open and close file when writing to it. * Make sure that path passed to WriteData is block device. * Restrict CopyFileData to writing to already existing files. * Rename CopyBlocks to CopyFileData. * Check for relative paths in ExternalCommandHelper::CopyBlocks. * Restrict QProcess::ProcessChannelMode to two used values. * Be a bit more strict in root helper when checking path to /etc/fstab. - Drop patches, now upstream: * 0001-Do-not-repeatedly-open-and-close-file-when-reading-f.patch * 0001-Do-not-repeatedly-open-and-close-file-when-writing-t.patch * 0001-Make-sure-that-path-passed-to-WriteData-is-block-dev.patch * 0001-Restrict-CopyFileData-to-writing-to-already-existing.patch * 0001-Rename-CopyBlocks-to-CopyFileData.patch * 0001-Check-for-relative-paths-in-ExternalCommandHelper-Co.patch * 0001-Restrict-QProcess-ProcessChannelMode-to-two-used-val.patch * 0001-Be-a-bit-more-strict-in-root-helper-when-checking-pa.patch ++++ tigervnc: - x11vnc: no longer explicitely require python3, since it's already required implicitely via autogenerated RPM requires - x11vnc requires python3 (bsc#1196623) ++++ systemd: - update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) * change scripts-udev-convert-rules.sh ++++ tvm: - Add deps on python3-tvm and python3-setuptools for tvmc - boo#1196646 ++++ mirrorsorcerer: - Update vendored dependencies ++++ multiload-ng: - Converting to producing a 'base' and 'xfce4' package. - Cleaning up .spec file to be more in-line with verbiage found at https://github.com/udda/multiload-ng. ++++ partitionmanager: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ proteus: - Version 6.0.5 - Bugfix Release ++++ psmisc: - Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch * Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Add patch psmisc-22.21-semaphores.patch * Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Add patch psmisc-22.21-statx.patch * Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process at all (bsc#1194172) ++++ python-ipython: - Add ipython-jedi018.patch to make ipython compatible with the jedi version 0.18 (bsc#1195830). ++++ spack: - Remove unneeded build dependency. - Make dependencies of spack and spack-recipes symetrical. ++++ spack: - Remove unneeded build dependency. - Make dependencies of spack and spack-recipes symetrical. ++++ systemd-mini: - update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) * change scripts-udev-convert-rules.sh ++++ trytond: - Version 6.0.16 - Security Bugfix Release * python3-defusedxml added ++++ trytond_account: - Version 6.0.9 - Bugfix Release ++++ trytond_purchase: - Version 6.0.6 - Bugfix Release ++++ trytond_purchase_request: - Version 6.0.1 - Bugfix Release ++++ trytond_stock: - Version 6.0.12 - Bugfix Release ++++ virt-manager: - bsc#1196202 - virt-install crashes on a time-of-check time-of-use (TOCTOU) race condition Resolved by upgrade to version 4.0.0 (jsc#SLE-18261) virt-manager-4.0.0.tar.gz - Other features and bug fixes (bsc#1027942) virt-install –os-variant/–osinfo is now a hard requirement for most cases Add ‘Enable shared memory’ UI checkbox (Lin Ma) add UI preference to default to UEFI for new VMs (Charles Arnold) Add virtiofs filesystem driver UI option Fill in all –cputune, –cpu, –shmem, –input, and –boot suboptions (Hugues Fafard) virt-* mdev improvements (Shalini Chellathurai Saroja) bhyve improvments (Roman Bogorodskiy) Revive network portgroup UI enable a TPM by default when UEFI is used (Daniel P. Berrangé) Use cpu host-passthrough by default on qemu x86 use virtio-gpu video for most modern distros Default to extra pcie root ports for q35 set discard=unmap by default for sparse disks and block devices We now require xorissofs for –location ISO We now use setuptools rather than just plain distutils - Add virtman-revert-use-of-AyatanaAppIndicator3.patch - Drop the following patches 0e15cd51-virt-manager-enable-MDEV-support.patch 143c6bef-virtinst-fix-error-message-format-string.patch 4d0e3232-virtinst-Fix-TOCTOU-in-domain-enumeration.patch 8bb64ad5-console-Dont-block-console-reconnect-for-non-error.patch 9363e1e6-virt-xml-add-support-for-mediated-devices.patch 965480e8-virt-install-add-mediated-device.patch 9d4002ee-tests-verify-MDEV-support.patch cf93e2db-console-fix-error-with-old-pygobject.patch d3c627f1-volumeupload-Use-1MiB-read-size.patch d9b5090e-Fix-forgetting-password-from-keyring.patch e7222b50-addstorage-Dont-pass-None-to-widget.set_active.patch f87e96d3-hostdev-use-method-get_mdev_uuid.patch fe8722e7-createnet-Remove-some-unnecessary-max_length-annotations.patch virtinst-graphics-add-check-for-qemu-modules-in-spice-graphic.patch virtman-add-firmware-preferences.patch virtman-legacy-bios-support.patch virtman-show-no-firmware-for-xenpv.patch ++++ yast2: - New doc: Invoking External Commands in YaST (in doc/) ------------------------------------------------------------------ ------------------ 2022-3-1 - Mar 1 2022 ------------------- ------------------------------------------------------------------ ++++ Mesa: - autoselect libvulkan_intel package via hardware supplements on Intel GPUs - autoselect libvulkan_radeon package via hardware supplements on AMD GPUs - no longer install libvulkan_lvp package (lavapipe=Software Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages by default, i.e. no longer have libvulkan_intel/libvulkan_radeon and libvulkan_lvp packages installed at the same time (boo#1180522) - libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require Mesa-vulkan-device-select package, not the other way round! (baselibs.conf also adjusted) ++++ Mesa-drivers: - autoselect libvulkan_intel package via hardware supplements on Intel GPUs - autoselect libvulkan_radeon package via hardware supplements on AMD GPUs - no longer install libvulkan_lvp package (lavapipe=Software Vulkan driver), libvulkan_broadcom and libvulkan_freedreno packages by default, i.e. no longer have libvulkan_intel/libvulkan_radeon and libvulkan_lvp packages installed at the same time (boo#1180522) - libvulkan_intel/libvulkan_radeon/libvulkan_lvp now require Mesa-vulkan-device-select package, not the other way round! (baselibs.conf also adjusted) ++++ akonadi-calendar: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-calendar-tools: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-contact: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix build on Windows * Make sure helper apps we start are in path ++++ akonadi-import-wizard: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-mime: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-notes: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kalarmcal: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-search: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akonadi-server: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Use exec variable * Check executables exist in PATH before passing them to QProcess ++++ akonadiconsole: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ akregator: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix bug 450650: URL encoded chars in feed-entry-link-href become invalid (kde#450650) ++++ analitza: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ark: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix multivolume archive creation (kde#448065) * zip: Fix setting un-initialized access time (kde#450125) * Fix build when libzip is missing * libzip: Implement proper cancelation, using libzip 1.6 * CreateJob: Clean up temp file after cancellation * libzipplugin: Prevent crash when canceling archive creation (kde#446926) ++++ artikulate: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ baloo5-widgets: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ lapack: - Add Fix-out-of-bounds-read.patch to fix out of bound reads when user input is not validated properly. (bsc#1193562, CVE-2021-4048) ++++ blinken: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ bomber: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ bovo: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ calendarsupport: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ cantor: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * build: Properly pass the parameters to cmake ++++ cervisia: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kernel-64kb: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-azure: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-default: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-preempt: - arm64: Use the clearbhb instruction in mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit b546cd9 - arm64: Mitigate spectre style branch history side channels (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Update config files. - commit d035616 - KVM: arm64: Add templates for BHB mitigation sequences (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. - commit 8c9b0c2 - arm64: Add Cortex-X2 CPU part definition (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit c3c4a06 - arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: Add part number for Arm Cortex-A77 (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add macro for reading symbol addresses from the trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add vectors that have the bhb mitigation sequences (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow the trampoline text to occupy multiple pages (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the kpti trampoline's kpti sequence optional (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move trampoline macros out of ifdef'd section (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Don't assume tramp_vectors is the start of the vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Move the trampoline data page before the text page (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Free up another register on kpti's tramp_exit path (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry: Make the trampoline cleanup optional (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 284cd49 - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - commit 4f3bbf5 - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - Revert "USB: serial: ch341: add new Product ID for CH341A" (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - commit c381750 ++++ dolphin: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2.1: * Fix rating pixmap alignment on high-dpi screens ++++ dolphin-plugins: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ dragonplayer: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ dtb-aarch64: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ elisa: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * SettingsForm: Fill width with long UI controls * ListBrowserDelegate: Remove unnecessary properties (kde#449936) ++++ eventviews: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ffmpegthumbs: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ filelight: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * do not confuse portable seperator with native ones (kde#450863) ++++ kiten: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ granatier: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ grantlee-editor: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ grantleetheme: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ grub2: - Remove obsolete openSUSE 12.2 conditionals in spec file - Clean up powerpc certificate handling. ++++ gwenview5: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Prevent users from "losing" the thumbnail bar ++++ incidenceeditor: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ itinerary: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Format user visible numbers using the current locale ++++ juk: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ k3b: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kaccounts-integration: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kaccounts-providers: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kaddressbook: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kajongg: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kalarm: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Update copyright * Fix failure to create a missing calendar file after enabling a resource ++++ kalgebra: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kalzium: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kamera: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kamoso: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kanagram: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kapman: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kapptemplate: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Use the CDN based endpoint rather than the legacy endpoint ++++ kate: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix stashing not working when Kate is quit using Ctrl+Q (kde#449229) ++++ katomic: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kbackup: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kblackbox: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kblocks: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kbounce: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kbreakout: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kbruch: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Link explicitly to KCoreAddons ++++ kcachegrind: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kcalc: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kcalutils: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kcharselect: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kcolorchooser: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kcron: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Improve temporary file handling * KCronHelper: Return error when things don't work out - Drop patches, now upstream: * 0001-Improve-temporary-file-handling.patch * 0001-KCronHelper-Return-error-when-things-don-t-work-out.patch ++++ poxml: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kde-print-manager: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdebugsettings: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdeconnect-kde: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdeedu-data: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkdegames: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Make the installed files reproducible ++++ kdegraphics-thumbnailers: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdenetwork-filesharing: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdenlive: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Too many changes to list here. ++++ kdepim-addons: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix Bug 434335 Zoom in/out is missing in the context menu (kde#434335) ++++ kdepim-runtime: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Apply patch for disable sync contact as it don't ported yet. (kde#449024) - Drop patch, now upstream: * 0001-Apply-patch-for-disable-sync-contact-as-it-don-t-por.patch ++++ kdesdk-scripts: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdesdk-thumbnailers: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdevelop5: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdevelop5-plugin-php: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdevelop5-plugin-python3: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdf: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdialog: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdiamond: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdnssd: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ keditbookmarks: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kernel-debug: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-source: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-source-azure: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-docs: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-kvmsmall: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-obs-build: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-obs-qa: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-syms: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-syms-azure: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kernel-vanilla: - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 7feede3 - x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch. - commit 37b834c - Documentation/hw-vuln: Update spectre doc (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - commit ae4f20a - x86/speculation: Add eIBRS + Retpoline options (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Refresh patches.suse/IBRS-forbid-shooting-in-foot.patch. - commit d60f0e7 - x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - commit f84ba7f - Refresh patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch. - Delete patches.suse/do-not-default-to-ibrs-on-skl.patch. Remove a statement which cancels itself out with the following patch which removes it anyway. - commit 0b79d59 - lib/iov_iter: initialize "flags" in new pipe_buffer (bsc#1196584). - commit 589ad87 - x86,bugs: Unconditionally allow spectre_v2=retpoline,amd (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 0bae9af - x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 7500cb0 ++++ kernel-zfcpdump: - Update config and supported.conf for intel_vsec (bsc#1196591) intel_pmt driver is renamed to intel_vsec - Update config files - supported.conf - commit 99cb50f - platform/x86/intel: Move intel_pmt from MFD to Auxiliary Bus (bsc#1196591). - driver core: auxiliary bus: Add driver data helpers (bsc#1196591). - PCI: Add #defines for accessing PCIe DVSEC fields (bsc#1196591). - platform/x86: intel_pmt_telemetry: Ignore zero sized entries (bsc#1196591). - platform/x86/intel: pmt: Use y instead of objs in Makefile (bsc#1196591). - commit 731c1ca - platform/x86/intel: Move Intel PMT drivers to new subfolder (bsc#1196591). - Refresh patches.suse/platform-x86-intel_pmc_core-Move-to-intel-sub-direct.patch. - commit e7adc65 ++++ kfind: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kfloppy: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kfourinline: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kgeography: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kget: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kget: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kgoldrunner: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kgpg: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * update list of keyservers ++++ khangman: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ khelpcenter5: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Mark as SingleMainWindow in desktop file ++++ kidentitymanagement: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kig: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Empty Coordinates are Kind of Valid (kde#448700) ++++ kigo: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ killbots: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kimagemapeditor: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kimap: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kio-extras5: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Add missing "truncating" parameter. (kde#450198) ++++ kio-gdrive: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kio_audiocd: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kdesdk-kioslaves: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kipi-plugins: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kirigami-gallery: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kiriki: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kitinerary: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Don't pass PDFDoc arguments that Poppler already has the same defaults for * Ignore more files for cppcheck that hang the latest version on the CI * Add basic Air France PDF ticket extractor * Reduce the lower size threshold for 2D barcodes ++++ kjumpingcube: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kldap: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kleopatra: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ klettres: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ klickety: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ klines: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmag: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmahjongg: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmail: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix order * Avoid to duplicate entries * Make sure helper apps we start are in path ++++ kmail-account-wizard: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmailtransport: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmbox: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmime: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmines: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmix: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmousetool: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmouth: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kmplot: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ knavalbattle: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ knetwalk: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ knights: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ knotes: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kolf: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kollision: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kolourpaint: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kompare: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ konqueror: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ konquest: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ konsole: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kontact: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix Manager Crash when clicking New (kde#424252) * Use KIO/ApplicationLauncherJob * Make sure helper apps we start are in path ++++ kontactinterface: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kontrast: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ konversation: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * KStatusNotifierItem new API need to be guarded with KNotifications version ++++ kopeninghours: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kopete: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ korganizer: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kosmindoormap: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Format user visible numbers using the current locale ++++ kde-dev-utils: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kpat: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kpimtextedit: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kpkpass: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kpublictransport: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kqtquickcharts: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ krdc: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kreversi: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ krfb: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kross-interpreters: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kruler: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kshisen: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksirk: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksmtp: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksnakeduel: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kspaceduel: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksquares: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksudoku: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ksystemlog: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kteatime: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktimer: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktnef: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktorrent: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktorrent: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktouch: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-accounts-kcm: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-approver: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-auth-handler: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-common-internals: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-contact-list: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-contact-runner: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-desktop-applets: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-filetransfer-handler: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-kded-module: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-send-file: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktp-text-ui: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ ktuberling: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kturtle: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kubrick: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kwalletmanager5: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Desktop file: fix to announce taking local files only, not URLs * Fix skipping the first wallet arg name on the commandline * Fix QCommandLineParser setup, wallet names are taken as positional args ++++ kwave: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ kwordquiz: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkeduvocdocument: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkcddb: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkcompactdisc: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libgravatar: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkdcraw: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkexiv2: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkmahjongg: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Make the installed files reproducible ++++ libkipi: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkdepim: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkleo: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ mailcommon: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ mailimporter: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ pimcommon: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libksane: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * fix setting list values ++++ libktorrent: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkgapi: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Make sure utf8 text is displayed as utf8 ++++ marble: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libkomparediff2: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libksieve: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ notmuch: - Version 0.35 * Library - Implement the `date` and `lastmod` fields in the S-expression parser. - Ignore trailing `/` for pathnames in both query parsers. - Rename configuration option `built_with.sexpr_query` to `built_with.sexp_queries`. - Do not assume a default mail root in split (e.g. XDG) configurations. - Fix some small memory leaks in `notmuch_database_open_with_config`. * CLI - Improve handling of leading/trailing punctation and space for configuration lists. - Only ignore `.notmuch` at the top level in `notmuch new`. - Optionally show extra headers in `notmuch show`. See `show.extra_headers` in notmuch-config(1). * Disable tests due to known failures of python-cffi test cases ++++ openssl-1_1: - FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch that were removed in the update to 1.1.1l [bsc#1185313] - FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num * Rebase openssl-DH.patch [bsc#1194327] - Merge openssl-keep_EVP_KDF_functions_version.patch into openssl-1.1.1-evp-kdf.patch - Add function codes for pbkdf2, hkdf, tls and ssh selftests. Rebase patches: * openssl-fips-kdf-hkdf-selftest.patch * openssl-kdf-selftest.patch * openssl-kdf-ssh-selftest.patch * openssl-kdf-tls-selftest.patch ++++ rocs: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ libseccomp: - add python-rpm-macros (bsc#1194758). ++++ suseconnect-ng: - Update to version 0.0.6~git9.33e5847: * Delegate free() calls back to Go (bsc#1195729) * Pass "insecure" to zypper addservice * Workaround system cert reloading after import (bsc#1195220) * Extract setupHTTPClient for easier reuse * Exit with code 64 on connection refused like Ruby ++++ tvm: - Add 'Requires: python-cloudpickle' - boo#1195952#c1 ++++ libxml2: - Security fix: [bsc#1196490, CVE-2022-23308] * Use-after-free of ID and IDREF attributes. - Add libxml2-CVE-2022-23308.patch ++++ lokalize: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Make sure helper apps we start are in path ++++ lskat: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ markdownpart: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ mbox-importer: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ messagelib: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * [messagecomposer] Do not sign long headers. (kde#439958) * Fix Bug 449809 KMail2 does not resize images (kde#449809) ++++ minuet: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ mobipocket: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ multiload-ng: - Initial version: * Started with: https://build.opensuse.org/package/show/home:aggplanta/multiload-ng * Removed patch (was point of latest github commit). * Adjusted to latest (as of this message) git version. * Cleaned up naming convention (since full 'multiload-ng') is provided. * Cleaned up %prep & %files section. ++++ ocaml-pyml: - Fixing python build requirement for SLE 15 SP4 submission of this revision ++++ okular: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix wrong default font string for annotation tools ++++ palapeli: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ parley: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ picmi: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ pim-data-exporter: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ pim-sieve-editor: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - Changes since 21.12.2: * Fix build with GCC 12 (standard attributes in middle of decl-specifiers) ++++ python-libxml2-python: - Security fix: [bsc#1196490, CVE-2022-23308] * Use-after-free of ID and IDREF attributes. - Add libxml2-CVE-2022-23308.patch ++++ python-python-vlc: - Update to version 3.0.16120 (no changelog supplied) ++++ signon-kwallet-extension: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ skanlite: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ spectacle: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ step: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ svgpart: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ sweeper: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ umbrello: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ yakuake: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ zanshin: - Update to 21.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/21.12.3/ - No code change since 21.12.2 ++++ zsh: - Added CVE-2019-20044.patch: fixes insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882) ------------------------------------------------------------------ ------------------ 2022-2-28 - Feb 28 2022 ------------------- ------------------------------------------------------------------ ++++ autoyast2: - add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910) - 4.4.32 ++++ btop: - Update to upstream release 1.2.4: * Optimization: Proc::draw() * Fixed: Ignore duplicate disks with same mountpoint * Changed: Restrict command line for processes to 1000 characters to fix utf8 conversion errors * Added: add "g" and "G" to vim keys, by @mohi001 ++++ kernel-64kb: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-azure: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-default: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-preempt: - x86/speculation: Use generic retpoline by default on AMD (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit bed48b1 - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 1cc99d0 - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - commit 92ab7ec - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - commit a3c85e9 - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: don't return an error from nvme_configure_metadata (git-fixes). - nvme: let namespace probing continue for unsupported features (git-fixes). - commit a5b2a87 - blk-mq: avoid to iterate over stale request (bsc#1193787). - blk-mq: fix is_flush_rq (bsc#1193787 git-fixes). - blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes). - blk-mq: don't grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes). - blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787). - commit cc53802 ++++ dtb-aarch64: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ enlightenment: - Allow Branding >= 0.1 (I made 0.2 the other day) - Fix non wayland build ++++ enlightenment: - Allow Branding >= 0.1 (I made 0.2 the other day) - Fix non wayland build ++++ gstreamer-plugins-rs: - Update to version 0.8.2: * Update Cargo.lock * ci: Use correct gstreamer-rs images template * deny: Remove num-rational override * dav1ddec: - Use `AtomicRefCell` instead of `Mutex` for the state - Fix compilation after some API changes - Release input frames that immediately caused a decoding error ++++ java-1_8_0-openj9: - Update to OpenJDK 8u322 build 04 with OpenJ9 0.30.0 virtual machine * including Oracle January 2022 CPU changes CVE-2022-21248 (bsc#1194926), CVE-2022-21277 (bsc#1194930), CVE-2022-21282 (bsc#1194933), CVE-2022-21291 (bsc#1194925), CVE-2022-21293 (bsc#1194935), CVE-2022-21294 (bsc#1194934), CVE-2022-21296 (bsc#1194932), CVE-2022-21299 (bsc#1194931), CVE-2022-21305 (bsc#1194939), CVE-2022-21340 (bsc#1194940), CVE-2022-21341 (bsc#1194941), CVE-2022-21360 (bsc#1194929), CVE-2022-21365 (bsc#1194928), CVE-2022-21366 (bsc#1194927), * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.30 - Added patch: * libdwarf-fix.patch + fix build with different versions of libdwarf ++++ kernel-debug: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-source: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-source-azure: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-docs: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-firmware: - Yet more updates for Intel BT firmware for 7265, 826x (CVE-2021-33139,CVE-2021-33155,INTEL-SA-00604,bsc#1195786) ++++ kernel-kvmsmall: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-obs-build: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-obs-qa: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-syms: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-syms-azure: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ kernel-vanilla: - cpu/SMT: create and export cpu_smt_possible() (bsc#1191580 CVE-2022-0001 CVE-2022-0002). - commit 4ca375f ++++ kernel-zfcpdump: - ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391). - ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). - ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). - ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391). - ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391). - ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391). - ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391). - ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391). - commit 0236fcc ++++ qt6-base: - Add upstream change (boo#1196501, CVE-2022-25255): * qprocess6-2.diff - Install qt6-core-private-devel when installing qt6-core-devel (boo#1195368) ++++ libreoffice: - Update to 7.2.5.1 (jsc#SLE-18214): * Fix CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children (CVE-2021-25636, bsc#1196456) ++++ python-dmidecode: - Add proper Provides/Obsoletes ++++ salt: - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Fix issues found around pre_flight_script_args - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix salt-call event.send with pillar or grains - Update generated documentation to 3004 - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch * state.orchestrate_single-does-not-pass-pillar-none-4.patch * prevent-shell-injection-via-pre_flight_script_args-4.patch * fix-salt-call-event.send-call-with-grains-and-pillar.patch ++++ python-synr: - Initial specfile for v0.6 - Required by tvm 0.8 ++++ qt6-base-docs: - Add upstream change (boo#1196501, CVE-2022-25255): * qprocess6-2.diff - Install qt6-core-private-devel when installing qt6-core-devel (boo#1195368) ++++ release-notes-openSUSE: - 15.4.20220228 - Initial package for Leap 15.4 (boo#1196553) ++++ sssd: - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte; (bsc#1190775); (gh#SSSD/sssd#4893); Add patch 0052-ldap-ignore-unreadable-references.patch ++++ xscreensaver: - update to 6.03: * New hacks squirtorus, mapscroller * sphereeversion now has corrugation-mode, and can evert the Earth * glplanet is higher resolution, and displays time zones * glslideshow displays relative pathnames again * X11: fixed sonar failing to ping on some Linux systems * X11: Touch-screens work * X11: Hold down Backspace to clear the whole password field (bsc#1196593) - drop xscreensaver-6.02-marbling-std-c.patch ++++ yast2-installation: - Fixed the start of the VNC server during installation. Done by Joan Torres López (bsc#1196201). - 4.4.45 ++++ yast2-registration: - Adapt test code for work with Ruby >= 3 (related to bsc#1193192) - 4.4.17 ++++ yast2-s390: - Fix format of unformatted disks after activation (bsc#1196559). - 4.4.5 ++++ yast2-theme: - Include the light SLE installation theme (jsc#SLE-20547, jsc#SLE-20564) - SLE theme fixes: - Fixed partly hidden push buttons in some popups (bsc#1184778) - Fixed missing logo and "SUSE" label in the header in the non-default installation themes (bsc#1196312) - Fixed CheckBoxFrame indicator size (bsc#1184780) - 4.4.7 ++++ yast2-trans: - Update to version 84.87.20220227.6bd7ce0ef2: * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Slovak) ++++ zsh: - Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which could be exploited through e.g. VCS_Info to execute arbitrary shell commands (CVE-2021-45444 bsc#1196435) ------------------------------------------------------------------ ------------------ 2022-2-27 - Feb 27 2022 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2022-02-28 (bsc#1084929) ++++ deepin-compressor: - Update version to 5.11.8 * Fix bugs * Add UT script ++++ tvm: - Update to v0.8 * PaddlePaddle frontend * TVMScript: round-trippable python-based syntax for TIR * TorchScript integration * TensorIR scheduling language * TensorRT and CUTLASS integration via BYOC * Int4 TensorCore support in AutoTVM * MicroTVM Project API and Zephyr, Arduino support * AOT executor * Robust Windows support * Affine analysis infra: iter-affine-map * Improved Vulkan backend * CUDA graph support in TVM runtime - Hopefully fixes boo#1195952 - Drop Patches merged upstream: * tvm-fix-catch.patch -- gh#apache/tvm#7319 * tvm-fix-llvm12.patch -- gh#apache/tvm#6717, gh#apache/tvm#6738 - Add patches * tvm-fix-relay-test.patch -- gh#apache/tvm#10402 * tvm-disable-vulkan-test-check.patch - Skip Python 3.9+ -- gh#apache/tvm#8577 ++++ trivy: - Update to version 0.24.1: * fix(python): correct handling pip package names with a hyphen (#1771) * doc(docker): fix command to run trivy with docker on linux (#1761) * feat(helm): Add support for custom labels (#1767) * chore(helm): bump chart to trivy 0.24.0 (#1762) * docs: remove erroneous command (#1763) ------------------------------------------------------------------ ------------------ 2022-2-26 - Feb 26 2022 ------------------- ------------------------------------------------------------------ ++++ deepin-kwin: - Fix Leap 15.4 build since Kwin has greater version than 5.21 in Leap 15.4 ++++ libArcus: - Use BuildRequires python3-qt5-sip for Leap 15.4 ++++ libSavitar: - Use BuildRequires python3-qt5-sip for Leap 15.4 ++++ plplot: - BuildRequires python3-sip4 for Leap 15.4 ++++ python-base: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %python2_package_prefix (bsc#1175619). ++++ python3-core: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ python39-core: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ manpages-l10n: - Update to version 4.13+56: * Remove files with non-commercial licenses from sources. * Improve appearance and readability of the addendum. * Updated translations. ++++ python: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). - Recover again proper value of %python2_package_prefix (bsc#1175619). ++++ python3: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ python3-documentation: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ python3-pynest2d: - Use BuildRequires python3-qt5-sip for Leap 15.4 ++++ python39: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ python39-documentation: - Update bundled pip wheel to the latest SLE version patched against bsc#1186819 (CVE-2021-3572). ++++ scidavis: - BuildRequires python3-sip4 for Leap 15.4 ++++ squid: - Update to 5.4.1: * Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening * code clean-ups and developer visible changes ------------------------------------------------------------------ ------------------ 2022-2-25 - Feb 25 2022 ------------------- ------------------------------------------------------------------ ++++ rust: - Update to version 1.59.0 - for details see the rust1.59 package ++++ rust1.59: Version 1.59.0 (2022-02-24) Language -------- - [Stabilize default arguments for const generics][90207] - [Stabilize destructuring assignment][90521] - [Relax private in public lint on generic bounds and where clauses of trait impls][90586] - [Stabilize asm! and global_asm! for x86, x86_64, ARM, Aarch64, and RISC-V][91728] Compiler -------- - [Stabilize new symbol mangling format, leaving it opt-in (-Csymbol-mangling-version=v0)][90128] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Fix sparc64 ABI for aggregates with floating point members][91003] - [Warn when a `#[test]`-like built-in attribute macro is present multiple times.][91172] - [Add support for riscv64gc-unknown-freebsd][91284] - [Stabilize `-Z emit-future-incompat` as `--json future-incompat`][91535] Libraries --------- - [Remove unnecessary bounds for some Hash{Map,Set} methods][91593] Stabilized APIs - [`std::thread::available_parallelism`][available_parallelism] - [`Result::copied`][result-copied] - [`Result::cloned`][result-cloned] - [`arch::asm!`][asm] - [`arch::global_asm!`][global_asm] - [`ops::ControlFlow::is_break`][is_break] - [`ops::ControlFlow::is_continue`][is_continue] - [`TryFrom for u8`][try_from_char_u8] - [`char::TryFromCharError`][try_from_char_err] implementing `Clone`, `Debug`, `Display`, `PartialEq`, `Copy`, `Eq`, `Error` - [`iter::zip`][zip] - [`NonZeroU8::is_power_of_two`][is_power_of_two8] - [`NonZeroU16::is_power_of_two`][is_power_of_two16] - [`NonZeroU32::is_power_of_two`][is_power_of_two32] - [`NonZeroU64::is_power_of_two`][is_power_of_two64] - [`NonZeroU128::is_power_of_two`][is_power_of_two128] - [`DoubleEndedIterator for ToLowercase`][lowercase] - [`DoubleEndedIterator for ToUppercase`][uppercase] - [`TryFrom<&mut [T]> for [T; N]`][tryfrom_ref_arr] - [`UnwindSafe for Once`][unwindsafe_once] - [`RefUnwindSafe for Once`][refunwindsafe_once] - [armv8 neon intrinsics for aarch64][stdarch/1266] Const-stable: - [`mem::MaybeUninit::as_ptr`][muninit_ptr] - [`mem::MaybeUninit::assume_init`][muninit_init] - [`mem::MaybeUninit::assume_init_ref`][muninit_init_ref] - [`ffi::CStr::from_bytes_with_nul_unchecked`][cstr_from_bytes] Cargo ----- - [Stabilize the `strip` profile option][cargo/10088] - [Stabilize future-incompat-report][cargo/10165] - [Support abbreviating `--release` as `-r`][cargo/10133] - [Support `term.quiet` configuration][cargo/10152] - [Remove `--host` from cargo {publish,search,login}][cargo/10145] Compatibility Notes - [Refactor weak symbols in std::sys::unix][90846] This may add new, versioned, symbols when building with a newer glibc, as the standard library uses weak linkage rather than dynamically attempting to load certain symbols at runtime. - [Deprecate crate_type and crate_name nested inside `#![cfg_attr]`][83744] This adds a future compatibility lint to supporting the use of cfg_attr wrapping either crate_type or crate_name specification within Rust files; it is recommended that users migrate to setting the equivalent command line flags. - [Remove effect of `#[no_link]` attribute on name resolution][92034] This may expose new names, leading to conflicts with preexisting names in a given namespace and a compilation failure. - [Cargo will document libraries before binaries.][cargo/10172] - [Respect doc=false in dependencies, not just the root crate][cargo/10201] - [Weaken guarantee around advancing underlying iterators in zip][83791] - [Make split_inclusive() on an empty slice yield an empty output][89825] - [Update std::env::temp_dir to use GetTempPath2 on Windows when available.][89999] ++++ kernel-64kb: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-azure: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-default: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-preempt: - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - commit 209cee8 - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - commit 5d7b5fe ++++ colordiff: - update to 1.0.20: * Some improvements to reading command-line options * Support Octopus git/merge ++++ elfutils-debuginfod: - Add support for zstd, needed to inspect kernel modules (bsc#1196510) ++++ elfutils: - Add support for zstd, needed to inspect kernel modules (bsc#1196510) ++++ dtb-aarch64: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kcron: - Add more upstream changes (boo#1195154, boo#1193945): * 0001-Write-into-crontab-instead-of-replacing-the-file.patch ++++ kernel-debug: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-source: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-source-azure: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-docs: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-kvmsmall: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-obs-build: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-obs-qa: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-syms: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-syms-azure: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ kernel-zfcpdump: - Update kabi files. - commit c453b5c - netfilter: nf_tables_offload: incorrect flow offload action array size (bsc#1196299 CVE-2022-25636). - commit f8ec613 ++++ libcap: - Use "or" in the license tag to avoid confusion (bsc#1180073) ++++ openblas_0_3_20-gnu-hpc: - Update to v0.3.20: * general: some code cleanup, with added casts etc. fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset fixed pivot index calculation by ?LASWP for negative increments other than one fixed input argument check in LAPACK ? GEQRT2 improved the check for a Fortran compiler in CMAKE builds disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, SPR,SYMV,SYR with NO_LAPACK=1 fixed building of LAPACK on certain distributed filesystems with parallel gmake fixed building the shared library on MacOS with classic flang (v0.3.19) reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 fixed a potential thread race in the thread buffer reallocation routines that were introduced in 0.3.18 fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG made automatic library suffix for CMAKE builds with INTERFACE64 available to CBLAS-only builds (v0.3.18) when the build-time number of preconfigured threads is exceeded at runtime (by an external program calling BLAS functions from a larger number of threads), OpenBLAS will now allocate an auxiliary control structure for up to 512 additional threads instead of aborting added support for Loongson's LoongArch64 cpu architecture fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON added support for building OpenBLAS as a CMAKE subproject added support for building for Windows/ARM64 targets with clang improved support for building with the IBM xlf compiler imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) imported Reference-LAPACK PR 597 for testsuite compatibility with LLVM's libomp * x86_64: fixed cross-compilation with CMAKE for CORE2 target fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds added support for the "incidental" AVX512 hardware in Alder Lake when enabled in BIOS (v0.3.19) DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities when an unknown CPUID is encountered, instead of defaulting to Prescott added cpu detection for Intel Alder Lake added cpu detection for Intel Sapphire Rapids added an optimized SBGEMM kernel for Sapphire Rapids fixed DYNAMIC_ARCH builds on OSX with CMAKE worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX fixed missing thread initialization for static builds on Windows/MSVC fixed an excessive read in ZSYMV (v0.3.18) added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) added optimized SBGEMM for Intel Cooper Lake reinstated the performance patch for AVX512 SGEMV_T with a proper fix added a workaround for a gcc11 tree-vectorizer bug that caused spurious failures in the test programs for complex BLAS3 when compiling at -O3 (the default for cmake "release" builds) added support for runtime cpu count detection under Haiku OS worked around a long-standing miscompilation issue of the Haswell DGEMV_T kernel with gcc that could produce NaN output in some corner cases * Power: added support for POWER10 in big-endian mode added support for building with CMAKE added optimized SGEMM and DGEMM kernels for small matrix sizes (v0.3.18) improved performance of DASUM on POWER10 * ARMV8: added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX added support for Neoverse N2 and V1 cpus (v0.3.19) added basic support and cputype detection for Fujitsu A64FX added a generic ARMV8SVE target added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus fixed cpuid detection for Apple M1 and improved performance improved compiler flag setting in CMAKE builds (v0.3.18) fixed crashes (use of reserved register x18) on Apple M1 under OSX fixed building with gcc releases earlier than 5.1 - Fix out of bounds read in ?llarv LAPACK Reference: PR 625 CVE-2021-4048, bsc#1196513 - Limit parallel builds according to available memory. Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS instead and let the build do the work. Also change -flto=auto to -flto=1: spawning even more parallel builds on top of parallel build treads will wreak havok. - Move calls to 'update-alternatives --remove' to %%postun instead of %%preun as suggested by rpmlint. - Since we build with DYNAMIC_ARCH, create separate config files for the different target kernels to help debugging Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch - Remove compiler feature detection when not using auto-detection. Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch - Do not depend in variables which are not available when building DYNAMIC_ARCH. Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch - Do not include symbols defined in driver/others/parameter.c in DYNAMIC_BUILD to generate more conclusive error messages earlier. Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch - Install lapack and blas libraries to an openblas-flavor specific subdirectory of %%_libdir and set up the alternatives to point to this directory. Set the system-wide BLAS/LAPACK default directory to %%_libdir/openblas-default. This way, the blas/lapack libraries will remain consistent and from the same source. The user is able to override this easily by setting the LD_LIBRARY_PATH to include the preferred BLAS/LAPACK implementation (boo#1177260). - Consolidate packages 'openblas-devel' and 'openblas-devel-headers' into 'openblas-common-devel' (these are built for the serial flavor only). 'openblas-common-devel' will provide the removed 'openblas-devel-headers' while the arch specific 'preferred' flavor will provide the removed 'openblas-devel'. - Fix the openblas default flavor selection: [#] /usr/sbin/update-alternatives --config libopenblas.so.0 - Add cmake and pkgconfig files. ++++ openblas-pthreads_0_3_20-gnu-hpc: - Update to v0.3.20: * general: some code cleanup, with added casts etc. fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset fixed pivot index calculation by ?LASWP for negative increments other than one fixed input argument check in LAPACK ? GEQRT2 improved the check for a Fortran compiler in CMAKE builds disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, SPR,SYMV,SYR with NO_LAPACK=1 fixed building of LAPACK on certain distributed filesystems with parallel gmake fixed building the shared library on MacOS with classic flang (v0.3.19) reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 fixed a potential thread race in the thread buffer reallocation routines that were introduced in 0.3.18 fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG made automatic library suffix for CMAKE builds with INTERFACE64 available to CBLAS-only builds (v0.3.18) when the build-time number of preconfigured threads is exceeded at runtime (by an external program calling BLAS functions from a larger number of threads), OpenBLAS will now allocate an auxiliary control structure for up to 512 additional threads instead of aborting added support for Loongson's LoongArch64 cpu architecture fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON added support for building OpenBLAS as a CMAKE subproject added support for building for Windows/ARM64 targets with clang improved support for building with the IBM xlf compiler imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) imported Reference-LAPACK PR 597 for testsuite compatibility with LLVM's libomp * x86_64: fixed cross-compilation with CMAKE for CORE2 target fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds added support for the "incidental" AVX512 hardware in Alder Lake when enabled in BIOS (v0.3.19) DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities when an unknown CPUID is encountered, instead of defaulting to Prescott added cpu detection for Intel Alder Lake added cpu detection for Intel Sapphire Rapids added an optimized SBGEMM kernel for Sapphire Rapids fixed DYNAMIC_ARCH builds on OSX with CMAKE worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX fixed missing thread initialization for static builds on Windows/MSVC fixed an excessive read in ZSYMV (v0.3.18) added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) added optimized SBGEMM for Intel Cooper Lake reinstated the performance patch for AVX512 SGEMV_T with a proper fix added a workaround for a gcc11 tree-vectorizer bug that caused spurious failures in the test programs for complex BLAS3 when compiling at -O3 (the default for cmake "release" builds) added support for runtime cpu count detection under Haiku OS worked around a long-standing miscompilation issue of the Haswell DGEMV_T kernel with gcc that could produce NaN output in some corner cases * Power: added support for POWER10 in big-endian mode added support for building with CMAKE added optimized SGEMM and DGEMM kernels for small matrix sizes (v0.3.18) improved performance of DASUM on POWER10 * ARMV8: added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX added support for Neoverse N2 and V1 cpus (v0.3.19) added basic support and cputype detection for Fujitsu A64FX added a generic ARMV8SVE target added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus fixed cpuid detection for Apple M1 and improved performance improved compiler flag setting in CMAKE builds (v0.3.18) fixed crashes (use of reserved register x18) on Apple M1 under OSX fixed building with gcc releases earlier than 5.1 - Fix out of bounds read in ?llarv LAPACK Reference: PR 625 CVE-2021-4048, bsc#1196513 - Limit parallel builds according to available memory. Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS instead and let the build do the work. Also change -flto=auto to -flto=1: spawning even more parallel builds on top of parallel build treads will wreak havok. - Move calls to 'update-alternatives --remove' to %%postun instead of %%preun as suggested by rpmlint. - Since we build with DYNAMIC_ARCH, create separate config files for the different target kernels to help debugging Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch - Remove compiler feature detection when not using auto-detection. Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch - Do not depend in variables which are not available when building DYNAMIC_ARCH. Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch - Do not include symbols defined in driver/others/parameter.c in DYNAMIC_BUILD to generate more conclusive error messages earlier. Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch - Install lapack and blas libraries to an openblas-flavor specific subdirectory of %%_libdir and set up the alternatives to point to this directory. Set the system-wide BLAS/LAPACK default directory to %%_libdir/openblas-default. This way, the blas/lapack libraries will remain consistent and from the same source. The user is able to override this easily by setting the LD_LIBRARY_PATH to include the preferred BLAS/LAPACK implementation (boo#1177260). - Consolidate packages 'openblas-devel' and 'openblas-devel-headers' into 'openblas-common-devel' (these are built for the serial flavor only). 'openblas-common-devel' will provide the removed 'openblas-devel-headers' while the arch specific 'preferred' flavor will provide the removed 'openblas-devel'. - Fix the openblas default flavor selection: [#] /usr/sbin/update-alternatives --config libopenblas.so.0 - Add cmake and pkgconfig files. ++++ openblas_openmp: - Update to v0.3.20: * general: some code cleanup, with added casts etc. fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset fixed pivot index calculation by ?LASWP for negative increments other than one fixed input argument check in LAPACK ? GEQRT2 improved the check for a Fortran compiler in CMAKE builds disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, SPR,SYMV,SYR with NO_LAPACK=1 fixed building of LAPACK on certain distributed filesystems with parallel gmake fixed building the shared library on MacOS with classic flang (v0.3.19) reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 fixed a potential thread race in the thread buffer reallocation routines that were introduced in 0.3.18 fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG made automatic library suffix for CMAKE builds with INTERFACE64 available to CBLAS-only builds (v0.3.18) when the build-time number of preconfigured threads is exceeded at runtime (by an external program calling BLAS functions from a larger number of threads), OpenBLAS will now allocate an auxiliary control structure for up to 512 additional threads instead of aborting added support for Loongson's LoongArch64 cpu architecture fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON added support for building OpenBLAS as a CMAKE subproject added support for building for Windows/ARM64 targets with clang improved support for building with the IBM xlf compiler imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) imported Reference-LAPACK PR 597 for testsuite compatibility with LLVM's libomp * x86_64: fixed cross-compilation with CMAKE for CORE2 target fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds added support for the "incidental" AVX512 hardware in Alder Lake when enabled in BIOS (v0.3.19) DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities when an unknown CPUID is encountered, instead of defaulting to Prescott added cpu detection for Intel Alder Lake added cpu detection for Intel Sapphire Rapids added an optimized SBGEMM kernel for Sapphire Rapids fixed DYNAMIC_ARCH builds on OSX with CMAKE worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX fixed missing thread initialization for static builds on Windows/MSVC fixed an excessive read in ZSYMV (v0.3.18) added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) added optimized SBGEMM for Intel Cooper Lake reinstated the performance patch for AVX512 SGEMV_T with a proper fix added a workaround for a gcc11 tree-vectorizer bug that caused spurious failures in the test programs for complex BLAS3 when compiling at -O3 (the default for cmake "release" builds) added support for runtime cpu count detection under Haiku OS worked around a long-standing miscompilation issue of the Haswell DGEMV_T kernel with gcc that could produce NaN output in some corner cases * Power: added support for POWER10 in big-endian mode added support for building with CMAKE added optimized SGEMM and DGEMM kernels for small matrix sizes (v0.3.18) improved performance of DASUM on POWER10 * ARMV8: added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX added support for Neoverse N2 and V1 cpus (v0.3.19) added basic support and cputype detection for Fujitsu A64FX added a generic ARMV8SVE target added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus fixed cpuid detection for Apple M1 and improved performance improved compiler flag setting in CMAKE builds (v0.3.18) fixed crashes (use of reserved register x18) on Apple M1 under OSX fixed building with gcc releases earlier than 5.1 - Fix out of bounds read in ?llarv LAPACK Reference: PR 625 CVE-2021-4048, bsc#1196513 - Limit parallel builds according to available memory. Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS instead and let the build do the work. Also change -flto=auto to -flto=1: spawning even more parallel builds on top of parallel build treads will wreak havok. - Move calls to 'update-alternatives --remove' to %%postun instead of %%preun as suggested by rpmlint. - Since we build with DYNAMIC_ARCH, create separate config files for the different target kernels to help debugging Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch - Remove compiler feature detection when not using auto-detection. Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch - Do not depend in variables which are not available when building DYNAMIC_ARCH. Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch - Do not include symbols defined in driver/others/parameter.c in DYNAMIC_BUILD to generate more conclusive error messages earlier. Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch - Install lapack and blas libraries to an openblas-flavor specific subdirectory of %%_libdir and set up the alternatives to point to this directory. Set the system-wide BLAS/LAPACK default directory to %%_libdir/openblas-default. This way, the blas/lapack libraries will remain consistent and from the same source. The user is able to override this easily by setting the LD_LIBRARY_PATH to include the preferred BLAS/LAPACK implementation (boo#1177260). - Consolidate packages 'openblas-devel' and 'openblas-devel-headers' into 'openblas-common-devel' (these are built for the serial flavor only). 'openblas-common-devel' will provide the removed 'openblas-devel-headers' while the arch specific 'preferred' flavor will provide the removed 'openblas-devel'. - Fix the openblas default flavor selection: [#] /usr/sbin/update-alternatives --config libopenblas.so.0 - Add cmake and pkgconfig files. ++++ openblas_pthreads: - Update to v0.3.20: * general: some code cleanup, with added casts etc. fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset fixed pivot index calculation by ?LASWP for negative increments other than one fixed input argument check in LAPACK ? GEQRT2 improved the check for a Fortran compiler in CMAKE builds disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, SPR,SYMV,SYR with NO_LAPACK=1 fixed building of LAPACK on certain distributed filesystems with parallel gmake fixed building the shared library on MacOS with classic flang (v0.3.19) reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 fixed a potential thread race in the thread buffer reallocation routines that were introduced in 0.3.18 fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG made automatic library suffix for CMAKE builds with INTERFACE64 available to CBLAS-only builds (v0.3.18) when the build-time number of preconfigured threads is exceeded at runtime (by an external program calling BLAS functions from a larger number of threads), OpenBLAS will now allocate an auxiliary control structure for up to 512 additional threads instead of aborting added support for Loongson's LoongArch64 cpu architecture fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON added support for building OpenBLAS as a CMAKE subproject added support for building for Windows/ARM64 targets with clang improved support for building with the IBM xlf compiler imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) imported Reference-LAPACK PR 597 for testsuite compatibility with LLVM's libomp * x86_64: fixed cross-compilation with CMAKE for CORE2 target fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds added support for the "incidental" AVX512 hardware in Alder Lake when enabled in BIOS (v0.3.19) DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities when an unknown CPUID is encountered, instead of defaulting to Prescott added cpu detection for Intel Alder Lake added cpu detection for Intel Sapphire Rapids added an optimized SBGEMM kernel for Sapphire Rapids fixed DYNAMIC_ARCH builds on OSX with CMAKE worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX fixed missing thread initialization for static builds on Windows/MSVC fixed an excessive read in ZSYMV (v0.3.18) added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) added optimized SBGEMM for Intel Cooper Lake reinstated the performance patch for AVX512 SGEMV_T with a proper fix added a workaround for a gcc11 tree-vectorizer bug that caused spurious failures in the test programs for complex BLAS3 when compiling at -O3 (the default for cmake "release" builds) added support for runtime cpu count detection under Haiku OS worked around a long-standing miscompilation issue of the Haswell DGEMV_T kernel with gcc that could produce NaN output in some corner cases * Power: added support for POWER10 in big-endian mode added support for building with CMAKE added optimized SGEMM and DGEMM kernels for small matrix sizes (v0.3.18) improved performance of DASUM on POWER10 * ARMV8: added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX added support for Neoverse N2 and V1 cpus (v0.3.19) added basic support and cputype detection for Fujitsu A64FX added a generic ARMV8SVE target added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus fixed cpuid detection for Apple M1 and improved performance improved compiler flag setting in CMAKE builds (v0.3.18) fixed crashes (use of reserved register x18) on Apple M1 under OSX fixed building with gcc releases earlier than 5.1 - Fix out of bounds read in ?llarv LAPACK Reference: PR 625 CVE-2021-4048, bsc#1196513 - Limit parallel builds according to available memory. Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS instead and let the build do the work. Also change -flto=auto to -flto=1: spawning even more parallel builds on top of parallel build treads will wreak havok. - Move calls to 'update-alternatives --remove' to %%postun instead of %%preun as suggested by rpmlint. - Since we build with DYNAMIC_ARCH, create separate config files for the different target kernels to help debugging Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch - Remove compiler feature detection when not using auto-detection. Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch - Do not depend in variables which are not available when building DYNAMIC_ARCH. Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch - Do not include symbols defined in driver/others/parameter.c in DYNAMIC_BUILD to generate more conclusive error messages earlier. Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch - Install lapack and blas libraries to an openblas-flavor specific subdirectory of %%_libdir and set up the alternatives to point to this directory. Set the system-wide BLAS/LAPACK default directory to %%_libdir/openblas-default. This way, the blas/lapack libraries will remain consistent and from the same source. The user is able to override this easily by setting the LD_LIBRARY_PATH to include the preferred BLAS/LAPACK implementation (boo#1177260). - Consolidate packages 'openblas-devel' and 'openblas-devel-headers' into 'openblas-common-devel' (these are built for the serial flavor only). 'openblas-common-devel' will provide the removed 'openblas-devel-headers' while the arch specific 'preferred' flavor will provide the removed 'openblas-devel'. - Fix the openblas default flavor selection: [#] /usr/sbin/update-alternatives --config libopenblas.so.0 - Add cmake and pkgconfig files. ++++ openblas_serial: - Update to v0.3.20: * general: some code cleanup, with added casts etc. fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset fixed pivot index calculation by ?LASWP for negative increments other than one fixed input argument check in LAPACK ? GEQRT2 improved the check for a Fortran compiler in CMAKE builds disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, SPR,SYMV,SYR with NO_LAPACK=1 fixed building of LAPACK on certain distributed filesystems with parallel gmake fixed building the shared library on MacOS with classic flang (v0.3.19) reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 fixed a potential thread race in the thread buffer reallocation routines that were introduced in 0.3.18 fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG made automatic library suffix for CMAKE builds with INTERFACE64 available to CBLAS-only builds (v0.3.18) when the build-time number of preconfigured threads is exceeded at runtime (by an external program calling BLAS functions from a larger number of threads), OpenBLAS will now allocate an auxiliary control structure for up to 512 additional threads instead of aborting added support for Loongson's LoongArch64 cpu architecture fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON added support for building OpenBLAS as a CMAKE subproject added support for building for Windows/ARM64 targets with clang improved support for building with the IBM xlf compiler imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) imported Reference-LAPACK PR 597 for testsuite compatibility with LLVM's libomp * x86_64: fixed cross-compilation with CMAKE for CORE2 target fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds added support for the "incidental" AVX512 hardware in Alder Lake when enabled in BIOS (v0.3.19) DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities when an unknown CPUID is encountered, instead of defaulting to Prescott added cpu detection for Intel Alder Lake added cpu detection for Intel Sapphire Rapids added an optimized SBGEMM kernel for Sapphire Rapids fixed DYNAMIC_ARCH builds on OSX with CMAKE worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX fixed missing thread initialization for static builds on Windows/MSVC fixed an excessive read in ZSYMV (v0.3.18) added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) added optimized SBGEMM for Intel Cooper Lake reinstated the performance patch for AVX512 SGEMV_T with a proper fix added a workaround for a gcc11 tree-vectorizer bug that caused spurious failures in the test programs for complex BLAS3 when compiling at -O3 (the default for cmake "release" builds) added support for runtime cpu count detection under Haiku OS worked around a long-standing miscompilation issue of the Haswell DGEMV_T kernel with gcc that could produce NaN output in some corner cases * Power: added support for POWER10 in big-endian mode added support for building with CMAKE added optimized SGEMM and DGEMM kernels for small matrix sizes (v0.3.18) improved performance of DASUM on POWER10 * ARMV8: added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX added support for Neoverse N2 and V1 cpus (v0.3.19) added basic support and cputype detection for Fujitsu A64FX added a generic ARMV8SVE target added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus fixed cpuid detection for Apple M1 and improved performance improved compiler flag setting in CMAKE builds (v0.3.18) fixed crashes (use of reserved register x18) on Apple M1 under OSX fixed building with gcc releases earlier than 5.1 - Fix out of bounds read in ?llarv LAPACK Reference: PR 625 CVE-2021-4048, bsc#1196513 - Limit parallel builds according to available memory. Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS instead and let the build do the work. Also change -flto=auto to -flto=1: spawning even more parallel builds on top of parallel build treads will wreak havok. - Move calls to 'update-alternatives --remove' to %%postun instead of %%preun as suggested by rpmlint. - Since we build with DYNAMIC_ARCH, create separate config files for the different target kernels to help debugging Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch - Remove compiler feature detection when not using auto-detection. Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch - Do not depend in variables which are not available when building DYNAMIC_ARCH. Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch - Do not include symbols defined in driver/others/parameter.c in DYNAMIC_BUILD to generate more conclusive error messages earlier. Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch - Install lapack and blas libraries to an openblas-flavor specific subdirectory of %%_libdir and set up the alternatives to point to this directory. Set the system-wide BLAS/LAPACK default directory to %%_libdir/openblas-default. This way, the blas/lapack libraries will remain consistent and from the same source. The user is able to override this easily by setting the LD_LIBRARY_PATH to include the preferred BLAS/LAPACK implementation (boo#1177260). - Consolidate packages 'openblas-devel' and 'openblas-devel-headers' into 'openblas-common-devel' (these are built for the serial flavor only). 'openblas-common-devel' will provide the removed 'openblas-devel-headers' while the arch specific 'preferred' flavor will provide the removed 'openblas-devel'. - Fix the openblas default flavor selection: [#] /usr/sbin/update-alternatives --config libopenblas.so.0 - Add cmake and pkgconfig files. ++++ libsolv: - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime - bump version to 0.7.21 ++++ usbguard: - Fix build for Leap and SLE by using newer gcc version ++++ openSUSE-EULAs: - Update to version 84.87.20220225.c939427: * Drop 'EULA' for Mesa-dri-nouveau * make: Translate all the subdirs we have translations for - Update to version 84.87.20220131.e9d0ccd: * Translated using Weblate (Finnish) * Translated using Weblate (Slovak) * Added translation using Weblate (Slovak) * Translated using Weblate (Italian) * Translated using Weblate (Hindi) * Translated using Weblate (Hindi) * Translated using Weblate (Chinese (China) (zh_CN)) * Added translation using Weblate (Sinhala) * Translated using Weblate (Portuguese (Portugal)) * Added translation using Weblate (Portuguese (Portugal)) * Translated using Weblate (Italian) * Added translation using Weblate (Italian) * Translated using Weblate (German) * Add updated translations for Mesa-dri-nouveau * Adjust text to "I Agree/I Disagree" standard buttons for licenses (boo#1105654) ++++ package-translations: - Leap 15.4 Beta poo#99990 bump to version 89.87.20220225.5943e334: * bump for 15.4 * executing extractor for Leap 15.4 Beta poo#99879 * Translated using Weblate (Arabic) * Translated using Weblate (Catalan) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Finnish) * Translated using Weblate (German) * Translated using Weblate (Hungarian) * Translated using Weblate (Indonesian) * Translated using Weblate (Japanese) * Translated using Weblate (Russian) * Translated using Weblate (Slovak) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) ++++ plasma5-desktop: - Add patch to fix the apply button in the touchpad KCM (kde#449843): * 0001-kcms-touchpad-Remove-weird-Q_EMIT-changed-false-in-r.patch ++++ powerpc-utils: - Fix lsslot showing "Unknown slot type" for recent PCIe slot types (bsc#1196411 ltc#196505). - lsslot-Add-new-DRC-type-description-strings.patch - Fix setting HNV primary slave with NM (bsc#1195404 ltc#196259). - 0007-Fix-NM-HNV-setting-primary-slave.patch ++++ pyenv: - Put fish completions in thr right directory. We don't have to worry about conflicting files, because fish has a special directory for vendor completions which have precedence over the fish native ones. ++++ python-Markdown: - Update old_importlib_metadata.patch (we need to modify setup.py as well; jsc#SLE-22830). ++++ python-pip: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. ++++ python-pip-test: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. ++++ python-pip-wheel: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. ++++ ruqola: - Update to version 1.6.3 * Fix double click on user * Fix show roles in groups channel * Disable action when it's not connected * Fix emoji popup pos * Avoid duplicate users when we create channel * Use enum for defining type of createChannel info * Fix delete team * Fix create teams * Use isValid() * Reduce struct * When we create a team member must use userId, but for channels we need userNames * Fix add users when we create new channel ++++ terminology-theme-dark: - Use python3-base instead of python3 ++++ terminology-theme-openSUSE: - BuildRequire python3-base instead of python3: the cheaper build dep is sufficient. ++++ terminology-theme-openSUSE-oliveleaf: - Apparently we lost the changelog, this version works with 1.12 Its our old default because we are changing default again soon. - Use python3-base instead of python3 ++++ yast2-network: - Revert last change going back to skip DHCP setup completely if the network is already configured through iBFT (bsc#1194911) - 4.4.42 ++++ yast2-trans: - Leap 15.4 Beta translations poo#99990 bump to version 84.87.20220224.fc95951c18: * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Dutch) * Translated using Weblate (French) * Translated using Weblate (Catalan) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * New POT for text domain 'registration'. * New POT for text domain 'nis_server'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * New POT for text domain 'installation'. * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Ukrainian) * Translated using Weblate (Spanish) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (German) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (French) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Italian) * Translated using Weblate (German) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Spanish) * Translated using Weblate (Slovak) * Translated using Weblate (Slovak) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * New POT for text domain 'installation'. * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Ukrainian) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (German) * Translated using Weblate (Catalan) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Finnish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Vietnamese) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'autoinst'. * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) ------------------------------------------------------------------ ------------------ 2022-2-24 - Feb 24 2022 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches fix CVE-2021-4219 [bsc#1196337], denial of service in MagicCore/draw.c via crafted SVG file + ImageMagick-CVE-2021-4219.patch ++++ kernel-64kb: - mm/page_alloc: Do not prefetch buddies during bulk free (bnc#1193239,bnc#1193199,bnc#1193329). - commit 40059fa - bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). - bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem (bsc#1196261 CVE-2022-0500). - bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM (bsc#1196261CVE-2022-0500). - bpf: Convert PTR_TO_MEM_OR_NULL to composable types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - Refresh patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. - Refresh patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. - bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - bpf: Introduce composable reg, ret and arg types (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). - commit 4db4b9b - n