Removed rpms ============ - aaa_base-malloccheck - fontconfig-32bit - gnome-keyring-32bit - libcom_err2-32bit - libgmodule-2_0-0-32bit - libgnutls30-32bit - libgpg-error0-32bit - libldb2-32bit - libmount1-32bit - libssh4-32bit - libuuid1-32bit - libzstd1-32bit - qemu-microvm - libavahi-client3-32bit - libbz2-1-32bit - libfontconfig1-32bit - libgcrypt20-32bit - libhogweed4 - libhogweed6-32bit - libldap-2_4-2-32bit - libnettle6 - libnuma1-32bit - libopenssl1_1-32bit - libpulse0-32bit - libselinux1-32bit - libsystemd0-32bit - libtevent0-32bit - nss-mdns-32bit - perl-base-32bit - python-smbios - qemu-sgabios - smbios-utils-bin - smbios-utils-python Added rpms ========== - distribution-logos-openSUSE-icons - fontconfig-32bit - gnome-keyring-32bit - libavahi-client3-32bit - libbz2-1-32bit - libfontconfig1-32bit - libgcrypt20-32bit - libhogweed6-32bit - libldap-2_4-2-32bit - libnuma1-32bit - libopenssl1_1-32bit - libpulse0-32bit - libselinux1-32bit - libsystemd0-32bit - libtevent0-32bit - nss-mdns-32bit - perl-base-32bit - qemu-sgabios - libcom_err2-32bit - libgmodule-2_0-0-32bit - libgnutls30-32bit - libgpg-error0-32bit - libldb2-32bit - libmount1-32bit - libssh4-32bit - liburing2 - libuuid1-32bit - libzstd1-32bit - man-pages-uk - power-profiles-daemon - qemu-microvm - system-user-tftp Package Source Changes ====================== ImageMagick + fix CVE-2022-1114 [bsc#1198700], heap-use-after-free in RelinquishDCMInfo of dcm.c + + ImageMagick-CVE-2022-1114.patch + fix CVE-2022-1115 [bsc#1198701], heap-buffer-overflow in PushShortPixel of quantum-private.h + + ImageMagick-CVE-2022-1115.patch + +- security update +- added patches Mesa +- _constraints: + * raised requirements to 9 GB disk space and added aarch64 + architecture (bsc#1199040) + Mesa-drivers +- _constraints: + * raised requirements to 9 GB disk space and added aarch64 + architecture (bsc#1199040) + apparmor +- add php8-fpm-mr876.patch so that php8 php-fpm can read its config + (boo#1186267#c11) +- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status + file conflict on upgrade (boo#1198958) +- utils: add missing dependency on apparmor-parser (boo#1198958#c4) + +- Enhance zgrep-profile-mr870.diff to also allow/support zstd + (boo#1198922). + +- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) + +- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon + which now will spawn new additional services on demand. We need to + modify the existing smbd/winbind profiles and additionally add a + new set of profiles to cater for the new functionality; + (bnc#1198309); + +- Add samba_deny_net_admin.patch to add new rule to deny + noisy setsockopt calls from systemd; (bnc#1196850). + +- add profile for zgrep and xzgrep to prevent CVE-2022-1271 + (zgrep-profile-mr870.diff) + +- ensure precompiled cache files are newer than (text) profiles +- reload profiles in %posttrans instead of %post to ensure both + - profiles and -abstractons package are updated before the cache + in /var/cache/apparmor/ gets built (boo#1195463 #c20) + +- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on + /proc/{pid}/fd for samba-bgqd (bnc#1196850). +- Add update-usr-sbin-smbd.diff to add new rule to allow reading of + openssl.cnf (bnc#1195463). + audit +- Modernize specfile constructs. + audit-secondary +- Drop buildrequire on C++ compiler. +- Modernize specfile constructs. + +- Fix buildrequire for openldap2-devel - audit doesn't require the + (outdated) C++ binding, but the C headers that happen to be pulled + in by buildrequiring the C++ devel package + +- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645) + * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch +- Fix hang in audisp-remote with disk_low_action=suspend (bsc#1196517) + * add audisp-remote-fix-hang-with-disk_low_action-suspend-.patch + +- add audit-userspace-517-compat.patch + autofs +- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch + Fix problem with quote handling + (bsc#1181715) + +- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch + Fix locking problem that causes deadlock when sss used. + (bsc#1196485) + +- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch + Suppress portmap calls when port explicitly given + (bsc#1195697) + bcm20702a1-firmware +- Drop superfluous dependency on kernel-firmware (bsc#1198795) + binutils +- Add binutils-add-z16-name.diff so that the now official name + z16 for arch14 is recognized. [bsc#1198237] + chromium +- Chromium 101.0.4951.64 (boo#1199409) + * CVE-2022-1633: Use after free in Sharesheet + * CVE-2022-1634: Use after free in Browser UI + * CVE-2022-1635: Use after free in Permission Prompts + * CVE-2022-1636: Use after free in Performance APIs + * CVE-2022-1637: Inappropriate implementation in Web Contents + * CVE-2022-1638: Heap buffer overflow in V8 Internationalization + * CVE-2022-1639: Use after free in ANGLE + * CVE-2022-1640: Use after free in Sharing + * CVE-2022-1641: Use after free in Web UI Diagnostics + +- Chromium 101.0.4951.54 (boo#1199118) +- Chromium 101.0.4951.41 (boo#1198917) + * CVE-2022-1477: Use after free in Vulkan + * CVE-2022-1478: Use after free in SwiftShader + * CVE-2022-1479: Use after free in ANGLE + * CVE-2022-1480: Use after free in Device API + * CVE-2022-1481: Use after free in Sharing + * CVE-2022-1482: Inappropriate implementation in WebGL + * CVE-2022-1483: Heap buffer overflow in WebGPU + * CVE-2022-1484: Heap buffer overflow in Web UI Settings + * CVE-2022-1485: Use after free in File System API + * CVE-2022-1486: Type Confusion in V8 + * CVE-2022-1487: Use after free in Ozone + * CVE-2022-1488: Inappropriate implementation in Extensions API + * CVE-2022-1489: Out of bounds memory access in UI Shelf + * CVE-2022-1490: Use after free in Browser Switcher + * CVE-2022-1491: Use after free in Bookmarks + * CVE-2022-1492: Insufficient data validation in Blink Editing + * CVE-2022-1493: Use after free in Dev Tools + * CVE-2022-1494: Insufficient data validation in Trusted Types + * CVE-2022-1495: Incorrect security UI in Downloads + * CVE-2022-1496: Use after free in File Manager + * CVE-2022-1497: Inappropriate implementation in Input + * CVE-2022-1498: Inappropriate implementation in HTML Parser + * CVE-2022-1499: Inappropriate implementation in WebAuthentication + * CVE-2022-1500: Insufficient data validation in Dev Tools + * CVE-2022-1501: Inappropriate implementation in iframe +- Added patches: + * chromium-101-libxml-unbundle.patch + * chromium-101-segmentation_platform-type.patch +- Removed patches: + * chromium-100-SCTHashdanceMetadata-move.patch + * chromium-100-GLImplementationParts-constexpr.patch + * chromium-100-macro-typo.patch + +- Fixes for go 1.18 + curl +- Securiy fix: [bsc#1199223, CVE-2022-27781] + * CERTINFO never-ending busy-loop + * Add curl-CVE-2022-27781.patch +- Securiy fix: [bsc#1199224, CVE-2022-27782] + * TLS and SSH connection too eager reuse + * Add curl-CVE-2022-27782.patch + +- Security fix: [bsc#1198608, CVE-2022-27774] + * Credential leak on redirect + * Add curl-CVE-2022-27774-2.patch + + openssl: don't leak the SRP credentials in redirects either + + this is a follow up patch after the initial patch. + +- Security fix: [bsc#1198766, CVE-2022-27776] + * Auth/cookie leak on redirect + * Add curl-CVE-2022-27776.patch +- Security fix: [bsc#1198723, CVE-2022-27775] + * Bad local IPv6 connection reuse + * Add curl-CVE-2022-27775.patch +- Security fix: [bsc#1198608, CVE-2022-27774] + * Credential leak on redirect + * Add curl-CVE-2022-27774.patch + * Disable test 1568, which is broken by upstream patch. + - Add curl-CVE-2022-27774-disabletest-1568.patch +- Security fix: [bsc#1198614, CVE-2022-22576] + * OAUTH2 bearer bypass in connection re-use + * Add curl-CVE-2022-22576.patch + desktop-translations +- Update to version 84.87.20220427.80cb897f: + * Translated using Weblate (Slovenian) + * Translated using Weblate (Polish) + * Translated using Weblate (Russian) + * Translated using Weblate (Finnish) + * Translated using Weblate (Czech) + +- Update to version 84.87.20220316.9301f89b: + * Update strings from Leap 15.4. + * Translated using Weblate (Catalan) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Croatian) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Finnish) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (Hindi) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Italian) + * Translated using Weblate (Japanese) + * Translated using Weblate (Kabyle) + * Translated using Weblate (Lithuanian) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Russian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Spanish) + * Translated using Weblate (Turkish) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Vietnamese) + dracut +- Update to version 055+suse.252.g4988b0bf: + * fix(resume): do not add this module if there is no suitable swap (bsc#1198095) + * feat(resume): improve sanity check by verifying volatile swap (bsc#1198095) + * feat(resume): sanity check (bsc#1197192) + dvd+rw-tools +- Add fix-build-with-recent-glibc.patch. +- Refresh dvd+rw-tools-buffer.patch +- Refresh growisofs-dvd-dl-undersized.patch +- Run spec-cleaner + -- fix build with gcc-4.3 - gcc11 +- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from + packages provided by older GCC work. Add a requires from that + package to the corresponding libstc++6 package to keep those + at the same version. [bsc#1196107] +- Add gcc11-D-dependence-fix.patch to fix memory corruption when + creating dependences with the D language frontend. +- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap + on aarch64 which is unresolvable. + +- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] + +- Put libstdc++6-pp Requires on the shared library and drop + to Recommends. + giflib -- Enable Position Independent Code and inherit CFLAGS from the build system. - * Added giflib-PIE.patch (bsc#1184123). +- prep section should just extract and patch, + further modifications have to be done in the build section + +- Added patch: + * PIE.patch + + build path independent objects and inherit CFLAGS from the + build system (bsc#1184123) + +- Update to version 5.2.1 + * In gifbuild.c, avoid a core dump on no color map. + * Restore inadvertently removed library version numbers in Makefile. +- Changes in version 5.2.0 + * The undocumented and deprecated GifQuantizeBuffer() entry point + has been moved to the util library to reduce libgif size and attack + surface. Applications needing this function are couraged to link the + util library or make their own copy. + * The following obsolete utility programs are no longer installed: + gifecho, giffilter, gifinto, gifsponge. These were either installed in + error or have been obsolesced by modern image-transformmation tools + like ImageMagick convert. They may be removed entirely in a future + release. + * Address SourceForge issue #136: Stack-buffer-overflow in gifcolor.c:84 + * Address SF bug #134: Giflib fails to slurp significant number of gifs + * Apply SPDX convention for license tagging. +- Changes in version 5.1.9 + * The documentation directory now includes an HTMlified version of the + GIF89 standard, and a more detailed description of how LZW compression + is applied to GIFs. + * Address SF bug #129: The latest version of giflib cannot be build on windows. + * Address SF bug #126: Cannot compile giflib using c89 +- Changes in version 5.1.8 + * Address SF bug #119: MemorySanitizer: FPE on unknown address (CVE-2019-15133 bsc#1146299) + * Address SF bug #125: 5.1.7: xmlto is still required for tarball + * Address SF bug #124: 5.1.7: ar invocation is not crosscompile compatible + * Address SF bug #122: 5.1.7 installs manpages to wrong directory + * Address SF bug #121: make: getversion: Command not found + * Address SF bug #120: 5.1.7 does not build a proper library - no +- Changes in version 5.1.7 + * Correct a minor packaging error (superfluous symlinks) in the 5.1.6 tarballs. +- Changes in version 5.1.6 + * Fix library installation in the Makefile. +- Changes in version 5.1.5 + * Fix SF bug #114: Null dereferences in main() of gifclrmp + * Fix SF bug #113: Heap Buffer Overflow-2 in function DGifDecompressLine() + in cgif.c. This had been assigned (CVE-2018-11490 bsc#1094832). + * Fix SF bug #111: segmentation fault in PrintCodeBlock + * Fix SF bug #109: Segmentation fault of giftool reading a crafted file + * Fix SF bug #107: Floating point exception in giftext utility + * Fix SF bug #105: heap buffer overflow in DumpScreen2RGB in gif2rgb.c:317 + * Fix SF bug #104: Ineffective bounds check in DGifSlurp + * Fix SF bug #103: GIFLIB 5.1.4: DGifSlurp fails on empty comment + * Fix SF bug #87: Heap buffer overflow in 5.1.2 (gif2rgb). (CVE-2016-3977 bsc#974847) + * The horrible old autoconf build system has been removed with extreme prejudice. + You now build this simply by running "make" from the top-level directory. +- Run spec-cleaner +- Drop patches fixed upstream: + * giflib-visibility.patch + * giflib-automake-1_13.patch + * giflib-CVE-2016-3977.patch + * fix-autoconf11.patch +- Change build system to Make only (upstream not using autoconf) + +- Remove unused build requires on X libraries +- Use %license -- Update to new upstream release 5.1.0 - * Minor API change to assist library wrappers in dynamic languages, - removal of the the gif2raw utility, and various minor fix patches - for unusual edge cases. - * API changes to functions: - GifErrorString returns const char *; - EGifGetGifVersion returns const char *; - EGifCloseFile takes another int *errorcode; - DGifCloseFile takes another int *errorcode; - -- Update to new upstream release 5.0.5 (bugfix release) - * This release sets the error return properly when a screen - descriptor read fails, and fixes minor API documentation bugs. - grub2 +- Fix Power10 LPAR error "The partition fails to activate as partition went + into invalid state" (bsc#1198714) + * 0001-powerpc-do-CAS-in-a-more-compatible-way.patch + hdf5:serial +- Security Fix: + Add configure option --disable-hltools to disable GIF tools as + recommended in the 1.10.8 release: + CVE-2018-17433 (bsc#1109565), + CVE-2018-17436 (bsc#1109568), + CVE-2020-10809 (bsc#1167404). + +- add hdf5-wrappers.patch from Fedora, so strip flags from + wrappers and prefer shared linking +- add missing zlib-devel devel dep + +- Add hdf5-1.10.8-pr1494-fix-release-check-version.patch + * boo#1179521, boo#1196682, gh#HDFGroup/hdf5#1494 + * Avoids package crashes due to an overeager version check. + Packages depending on the shared libraries are not being + rebuilt in Factory after a patchlevel version bump of hdf5 + without SONAME changes. + +- Update to version 1.10.8: + * Added new option to control the build of High-Level tools + * Adds C++ Autotools configuration file for Intel + * Adds C++ Autotools configuration file for PGI + * Updates PGI C options + * CMake will now run the shell script tests in test/ by default + * Removed unused HDF5_ENABLE_HSIZET option from CMake + * CMake no longer builds the C++ library by default + * Removal of pre-VS2015 work-arounds + * Add CMake variable HDF5_LIB_INFIX + * Added a configure-time option to control certain compiler + warnings + * CMake option to build the HDF filter plugins project as an + external project + * Added a configure-time option to consider certain compiler + warnings + * Autotools and CMake target added to produce doxygen generated + documentation + * CMake option to build the HDF filter plugins project as an + external project + * Added CMake option to format source files + * Change how the release part of version, in major.minor.release + is checked + * H5Gcreate1() now rejects size_hint parameters larger than + UINT32_MAX + * H5Pset_fapl_log() no longer crashes when passed an invalid + fapl ID + * Fixes a segfault when H5Pset_mdc_log_options() is called + multiple times + * File locking now works on Windows + * H5Epush_ret() now requires a trailing semicolon + * Improved performance of H5Sget_select_elem_pointlist + * H5Fget_name_f fixed to handle correctly trailing whitespaces + and newly allocated buffers. + * Added new H5S functions. + * Refactored the perform tools and removed dependencies on test + library. + * h5repack added help text for user-defined filters. + * Doxygen documentation is available when configured and + generated. + * Fixed CVE-2018-17432 (bsc#1109564) + * Fixed a segmentation fault + * Detection of simple data transform function "x" + * Fixed CVE-2020-10810 - an invalid read and memory leak when + parsing (bsc#1167401) + * Fixed CVE-2018-14460 (bsc#1102175) + * Fixed CVE-2018-11206 (bsc#1093657) + (same issue as CVE-2018-14032 (bsc#1101474)) + * Fixed CVE-2018-14033 (bsc#1101471) + (same issue as CVE-2020-10811 (bsc#1167405)) + * Remove underscores on header file guards + * H5FArray.java class: + - Convert the entire byte array into a 1-d array of the + desired type, rather than performing 1 conversion per row; + - Use the Java Arrays method copyOfRange to grab the section + of the array from (1) that is desired to be inserted into + the destination array. + * Corrected path searched by CMake find_package command + * Corrected pkg-config compile script + * Fixed CMake C++ compiler flags + * Autotools clang debug optimization level change + * Better support for libaec (open-source Szip library) in CMake + * Refactor CMake configure for Fortran + * Remove arbitrary warning flag groups from CMake builds + * Reclassify CMake messages, to allow new modes and --log-level + option + * Fixes Autotools determination of the stat struct having an + st_blocks field + * Changed how h5dump and h5ls identify long double. + * Fixed tools argument parsing. + * Updated doxygen comments with changes for release +- Minor rebase of patches to apply cleanly. + + (bsc#1109570) - * CVE-2018-17434: Memory leak in the H5O__chunk_deserialize() + * CVE-2018-17234: Memory leak in the H5O__chunk_deserialize() - * CVE-2018-17437: A SIGFPE signal is raised in the function - H5D__chunk_set_info_real. (bsc#1109168) + * CVE-2018-17434: A SIGFPE signal is raised in function apply_filters() + of h5repack_filters.c (bsc#1109566) + * CVE-2018-17437: Memory leak in the H5O_dtype_decode_helper() function + in H5Odtype.c. (bsc#1109569) + * CVE-2018-17237: A SIGFPE signal is raised in the function + H5D__chunk_set_info_real (bsc#1109168) (commit 4e31361d). hugin +- Also set CMAKE_SKIP_INSTALL_RPATH=OFF (boo#1198785) + jasper +- bsc#1184757 CVE-2021-3467: Fix NULL pointer deref in jp2_decode() + Add jasper-CVE-2021-3467.patch +- bsc#1184798 CVE-2021-3443: Fix NULL pointer derefin jp2_decode() + Add jasper-CVE-2021-3443.patch +- bsc#1182104 CVE-2021-26927: Fix NULL pointer deref in jp2_decode() + bsc#1182105 CVE-2021-26926: Fix Out of bounds read in jp2_decode() + Add jasper-CVE-2021-26926-CVE-2021-26927.patch + java-11-openjdk +- Update to upstream tag jdk-11.0.15+10 (April 2022 CPU) + * Security fixes: + + JDK-8284920: Incorrect Token type causes XPath expression to + return empty result + + JDK-8284548: Invalid XPath expression causes + StringIndexOutOfBoundsException + + JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo + + JDK-8282397: createTempFile method of java.io.File is failing + when called with suffix of spaces character + + JDK-8278356: Improve file creation + + JDK-8270504, bsc#1198672, CVE-2022-21426: Better Xpath + expression handling + + JDK-8272594: Better record of recordings + + JDK-8277672, bsc#1198674, CVE-2022-21434: Better invocation + handler handling + + JDK-8282300: Throws NamingException instead of + InvalidNameException after JDK-8278972 + + JDK-8278972, bsc#1198673, CVE-2022-21496: Improve URL supports + + JDK-8272261: Improve JFR recording file processing + + JDK-8269938: Enhance XML processing passes redux + + JDK-8272255: Completely handle MIDI files + + JDK-8278805: Enhance BMP image loading + + JDK-8278449: Improve keychain support + + JDK-8277227: Better identification of OIDs + + JDK-8275151, bsc#1198675, CVE-2022-21443: Improved Object + Identification + + JDK-8274221: More definite BER encodings + + JDK-8278798: Improve supported intrinsic + * Other changes: + + JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names + + JDK-8283018: 11u GHA: Update GCC 9 minor versions + + JDK-8275082, bsc#1198671, CVE-2022-21476: Update XML Security + for Java to 2.3.0 + + JDK-8282761: XPathFactoryImpl remove setProperty and + getProperty methods + + JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport + of JDK-8253795 + + JDK-8275703: System.loadLibrary fails on Big Sur for + libraries hidden from filesystem + + JDK-8277795: ldap connection timeout not honoured under + contention + + JDK-8276141: XPathFactory set/getProperty method + + JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 + provider + + JDK-8211333: AArch64: Fix another build failure after + JDK-8211029 + + JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses + wrong condition + + JDK-8261107: ArrayIndexOutOfBoundsException in the + ICC_Profile.getInstance(InputStream) + + JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using + Xcode 13.1: call to 'log2_intptr' is ambiguous + + JDK-8214004: Missing space between compiler thread name and + task info in hs_err + + JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup + fails with some symbols + + JDK-8277488: Add expiry exception for Digicert + (geotrustglobalca) expiring in May 2022 + + JDK-8247515: OSX pc_to_symbol() lookup does not work with + core files + + JDK-8254085: javax/swing/text/Caret/ + /TestCaretPositionJTextPane.java failed with + "RuntimeException: Wrong caret position" + + JDK-8247272: SA ELF file support has never worked for 64-bit + causing address to symbol name mapping to fail + + JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/ + /8001470/bug8001470.java for windows-x64 + + JDK-8274524: SSLSocket.close() hangs if it is called during + the ssl handshake + + JDK-8255239: The timezone of the hs_err_pid log file is + corrupted in Japanese locale + + JDK-8272541: Incorrect overflow test in Toom-Cook branch of + BigInteger multiplication + + JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors + on Windows+ARM64 build + + JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2 + + JDK-8266889: [macosx-aarch64] Crash with SIGBUS in + MarkActivationClosure::do_code_blob during + vmTestbase/nsk/jvmti/.../bi04t002 test run + + JDK-8241004: NMT tests fail on unaligned thread size with + debug build + + JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port + + JDK-8280414: Memory leak in DefaultProxySelector + + JDK-8280526: x86_32 Math.sqrt performance regression with + - XX:UseSSE={0,1} + + JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0 + + JDK-8281520: JFR: A wrong parameter is passed to the + constructor of LeakKlassWriter + + JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is + redundant since JDK-8268801 + + JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java + and NonGregorianFormatTest fail intermittently + + JDK-8281061: [s390] JFR runs into assertions while validating + interpreter frames + + JDK-8280155: [PPC64, s390] frame size checks are not yet + correct + + JDK-8279924: [PPC64, s390] implement + frame::is_interpreted_frame_valid checks + + JDK-8261205: AssertionError: Cannot add metadata to an + intersection type + + JDK-8277992: Add fast jdk_svc subtests to jdk:tier3 + + JDK-8216969: ParseException thrown for certain months with + russian locale + + JDK-8278381: [GCC 11] Address::make_raw() does not initialize + rspec + + JDK-8264650: Cross-compilation to macos/aarch64 + + JDK-8256321: Some "inactive" color profiles use the wrong + profile class + + JDK-8280999: array_bounds should be array-bounds after 8278507 + + JDK-8177814: jdk/editpad is not in jdk TEST.groups + + JDK-8279702: [macosx] ignore xcodebuild warnings on M1 + + JDK-8280786: Build failure on Solaris after 8262392 + + JDK-8218546: Unable to connect to https://google.com using + java.net.HttpClient + + JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java + fails with release VMs after JDK-8262134 + + JDK-8279833: Loop optimization issue in + String.encodeUTF8_UTF16 + + JDK-8273277: C2: Move conditional negation into rc_predicate + + JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/ + /TestDescription.java fails with "ERROR: + DebuggeeSleepingThread: ThreadDeath lost" + + JDK-8236210: javac generates wrong annotation for fields + generated from record components + + JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful + + JDK-8270874: JFrame paint artifacts when dragged from + standard monitor to HiDPI monitor + + JDK-8271202: C1: assert(false) failed: live_in set of first + block must be empty + + JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend + fun with loop + + JDK-8275610: C2: Object field load floats above its null + check resulting in a segfault + + JDK-8266421: Deadlock in Sound System + + JDK-8274795: AArch64: avoid spilling and restoring r18 in + macro assembler + + JDK-8232533: G1 uses only a single thread for pretouching the + java heap + + JDK-8273933: [TESTBUG] Test must run without preallocated + exceptions + + JDK-8268542: serviceability/logging/TestFullNames.java tests + only 1st test case + + JDK-8251998: remove usage of PropertyResolvingWrapper in + vmTestbase/jit/t + + JDK-8273438: Enable parallelism in + vmTestbase/metaspace/stressHierarchy tests + + JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict + tests + + JDK-8273341: Update Siphash to version 1.0 + + JDK-8278871: [JVMCI] assert((uint)reason < 2* + _trap_hist_limit) failed: oob + + JDK-8275326: C2: assert(no_dead_loop) failed: dead loop + detected + + JDK-8251127: clean up FileInstaller $test.src $cwd in + remaining vmTestbase_vm_compiler tests + + JDK-8252005: narrow disabling of allowSmartActionArgs in + vmTestbase + + JDK-8279998: PPC64 debug builds fail with "untested: + RangeCheckStub: predicate_failed_trap_id" + + JDK-8193277: SimpleFileObject inconsistency between getName + and getShortName + + JDK-8225559: assertion error at TransTypes.visitApply + + JDK-8220634: SymLinkArchiveTest should handle not being able + to create symlinks + + JDK-8214026: Canonicalized archive paths appearing in + diagnostics + + JDK-8251126: nsk.share.GoldChecker should read golden file + from ${test.src} + + JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java + + JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed + with "guarantee(false) failed: wrong number of expression + stack elements during deopt" + + JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing + initializer for member + _jvmtiHeapCallbacks::heap_reference_callback + + JDK-8277441: CompileQueue::add fails with + assert(_last->next() == __null) failed: not last + + JDK-8273704: DrawStringWithInfiniteXform.java failed : + drawString with InfiniteXform transform takes long time + + JDK-8277328: jdk/jshell/CommandCompletionTest.java failures + on Windows + + JDK-8251132: make main classes public in vmTestbase/jit tests + + JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/ + /bug6364882.java failures + + JDK-8273634: [TEST_BUG] Improve javax/swing/text/ + /ParagraphView/6364882/bug6364882.java + + JDK-8249019: clean up FileInstaller $test.src $cwd in + vmTestbase_vm_compiler tests + + JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed + "assert(m != __null) failed: NULL mirror" + + JDK-8279300: [arm32] SIGILL when running + GetObjectSizeIntrinsicsTest + + JDK-8273682: Upgrade Jline to 3.20.0 + + JDK-8256154: Some TestNG tests require default constructors + + JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo* + from shell to java + + JDK-8223142: Clean-up WS and CB. + + JDK-8278384: Bytecodes::result_type() for arraylength returns + T_VOID instead of T_INT + + JDK-8278172: java/nio/channels/FileChannel/ + /BlockDeviceSize.java should only run on Linux + + JDK-8279077: JFR crashes on Linux ppc due to missing crash + protector in signal handler + + JDK-8279225: [arm32] C1 longs comparison operation destroys + argument registers + + JDK-8276623: JDK-8275650 accidentally pushed "out" file + + JDK-8279379: GHA: Print tests that are in error + + JDK-8275536: Add test to check that File::lastModified + returns same time stamp as Files.getLastModifiedTime + + JDK-8274658: ISO 4217 Amendment 170 Update + + JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/ + /6318524/bug6318524.java never fails + + JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java + fails with SIGSEGV in InstanceKlass::jni_id_for + + JDK-8275650: Problemlist java/io/File/createTempFile/ + /SpecialTempFile.java for Windows 11 + + JDK-8268014: Build failure on SUSE Linux Enterprise Server + 11.4 (s390x) due to 'SYS_get_mempolicy' was not declared + + JDK-8241423: NUMA APIs fail to work in dockers due to + dependent syscalls are disabled by default + + JDK-8065704: Set LC_ALL=C for all relevant commands in the + build system + + JDK-8254827: JVMCI: Enable it for Windows+AArch64 + + JDK-8276314: [JVMCI] check alignment of call displacement + during code installation + + JDK-8265150: AsyncGetCallTrace crashes on ResourceMark + + JDK-8276177: nsk/jvmti/RedefineClasses/ + /StressRedefineWithoutBytecodeCorruption failed with + "assert(def_ik->is_being_redefined()) failed: should be + being redefined to get here" + + JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails + in GTK L&F + + JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails + in GTK L&F + + JDK-8277385: Zero: Enable CompactStrings support + + JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has + duplicate -Xmx + + JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java + has duplicate -Xmx + + JDK-8274736: Concurrent read/close of SSLSockets causes + SSLSessions to be invalidated unnecessarily + + JDK-8278309: [windows] use of uninitialized OSThread::_state + + JDK-8202142: jfr/event/io/TestInstrumentation is unstable + + JDK-8207793: [TESTBUG] runtime/Metaspace/ + /FragmentMetaspace.java fails: heap needs to be increased + + JDK-8211170: AArch64: Warnings in C1 and template interpreter + + JDK-8273575: memory leak in appendBootClassPath(), paths must + be deallocated + + JDK-8266187: Memory leak in appendBootClassPath() + + JDK-8240904: Screen flashes on test failures when running + tests from make + + JDK-8234930: Use MAP_JIT when allocating pages for code cache + on macOS + + JDK-8275811: Incorrect instance to dispose + + JDK-8186780: clang fastdebug assertion failure in + os_linux_x86:os::verify_stack_alignment() + + JDK-8266171: -Warray-bounds happens in imageioJPEG.c + + JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp + + JDK-8207011: Remove uses of the register storage class + specifier + + JDK-8266172: -Wstringop-overflow happens in vmError.cpp + + JDK-8274714: Incorrect verifier protected access error message + + JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java + failure + + JDK-8214761: Bug in parallel Kahan summation implementation + + JDK-8272473: Parsing epoch seconds at a DST transition with a + non-UTC parser is wrong + + JDK-8255035: Update BCEL to Version 6.5.0 + + JDK-8257769: Cipher.getParameters() throws NPE for + ChaCha20-Poly1305 + + JDK-8233827: Enable screenshots in the enhanced failure + handler on Linux/macOS + + JDK-8210236: Prepare + ciReceiverTypeData::translate_receiver_data_from for + concurrent class unloading + + JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/ + /bug6302464.java fails on macOS12 + + JDK-8199079: Test javax/swing/UIDefaults/6302464/ + /bug6302464.java is unstable + + JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not + work in a minimized state + + JDK-8274523: java/lang/management/MemoryMXBean/ + /MemoryTest.java test should handle Shenandoah + + JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/ + /StressRedefineWithoutBytecodeCorruption/TestDescription.java + failed with NullPointerException + + JDK-8266168: -Wmaybe-uninitialized happens in check_code.c + + JDK-8266174: -Wmisleading-indentation happens in + libmlib_image sources + + JDK-8251558: J2DBench should support shaped and translucent + windows + + JDK-8254940: AArch64: Cleanup non-product thread members + + JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c + + JDK-8263185: Mallinfo deprecated in glibc 2.33 + + JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported + at sigset() in exesigtest.c + + JDK-8266176: -Wmaybe-uninitialized happens in + libArrayIndexOutOfBoundsExceptionTest.c + + JDK-8274265: Suspicious string concatenation in + logTestUtils.inline.hpp + + JDK-8222825: ARM32 SIGILL issue on single core CPU (not + supported PLDW instruction) + + JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle + rounding correctly + + JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || + n->is_Proj()) failed: No dead instructions after post-alloc + + JDK-8272345: macos doesn't check `os::set_boot_path()` result + + JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15 +- Modified patch: + * fips.patch + + rediff to changed context + +- Stop adding the JavaEE modules when building for Factory + kdump +- kdumptool calibrate: add more margin to reservation calculations + (bsc#1196728) +- remount target filesystem r/w for fadump (bsc1197125) +- stop reloading FADump on CPU hot-add event (jsc#IBM-768) +- mkdumprd: add option to run dracut in debug mode + kernel-default +- PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable + MSI-X remapping if interrupt remapping is enabled by + IOMMU.") (bsc#1199405). +- PCI: vmd: Assign VMD IRQ domain before enumeration + (bsc#1199405). +- commit 93b2923 + +- Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) +- commit 49db222 + +- btrfs: qgroup: fix deadlock between rescan worker and remove + qgroup (bsc#1199295). +- btrfs: fix deadlock between quota disable and qgroup rescan + worker (bsc#1199295). +- commit 0d6264b + +- xen/x86: obtain full video frame buffer address for Dom0 also + under EFI (bsc#1193556). +- xen/x86: obtain upper 32 bits of video frame buffer address + for Dom0 (bsc#1193556). +- commit d8dc579 + +- Correct a typo in the patch reference for hisilicon fix (bsc#1198240) +- commit 358b264 + +- cifs: fix NULL ptr dereference in smb2_ioctl_query_info() + (CVE-2022-0168 bsc#1197472). +- commit e7a2e2d + +- cifs: prevent bad output lengths in smb2_ioctl_query_info() + (CVE-2022-0168 bsc#1197472). +- commit 3a95308 + +- Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch + (bsc#1189999 (Scheduler functional and performance backports) + stable-5.14.4 bsc#1197446 ltc#183000). +- commit 65227e4 + +- Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch + (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). +- commit 0d949cf + +- Update + patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch + (stable-5.14.12 CVE-2021-20321 bsc#1191647). +- commit babea76 + +- iova: Export alloc_iova_fast() and free_iova_fast() + (bsc#1199124). +- commit 281942e + +- scsi: hisi_sas: Limit users changing debugfs BIST count value + (bsc#1198803). +- scsi: hisi_sas: Increase debugfs_dump_index after dump is + completed (bsc#1198806). +- commit 4ed546a + +- netfilter: nf_tables: validate registers coming from userspace + (CVE-2022-1015 bsc#1197227). +- commit 0aabb62 + +- mm: vmalloc: introduce array allocation functions (bsc#1198110). +- commit dbcab11 + +- mm: use vmalloc_array and vcalloc for array allocations + (bsc#1198110). +- commit 4993f07 + +- KVM: use __vcalloc for very large allocations (bsc#1198110). +- commit 525fc7a + +- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). +- commit c813453 + +- crypto: hisilicon/sec - fix the aead software fallback for + engine (bsc#1198240). +- commit 7a54f7c + +- powerpc/64: Move paca allocation later in boot (bsc#1190812). +- commit a185abb + kernel-kvmsmall +- PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable + MSI-X remapping if interrupt remapping is enabled by + IOMMU.") (bsc#1199405). +- PCI: vmd: Assign VMD IRQ domain before enumeration + (bsc#1199405). +- commit 93b2923 + +- Revert "btrfs: props: change how empty value is interpreted" (bsc#1195224) +- commit 49db222 + +- btrfs: qgroup: fix deadlock between rescan worker and remove + qgroup (bsc#1199295). +- btrfs: fix deadlock between quota disable and qgroup rescan + worker (bsc#1199295). +- commit 0d6264b + +- xen/x86: obtain full video frame buffer address for Dom0 also + under EFI (bsc#1193556). +- xen/x86: obtain upper 32 bits of video frame buffer address + for Dom0 (bsc#1193556). +- commit d8dc579 + +- Correct a typo in the patch reference for hisilicon fix (bsc#1198240) +- commit 358b264 + +- cifs: fix NULL ptr dereference in smb2_ioctl_query_info() + (CVE-2022-0168 bsc#1197472). +- commit e7a2e2d + +- cifs: prevent bad output lengths in smb2_ioctl_query_info() + (CVE-2022-0168 bsc#1197472). +- commit 3a95308 + +- Update patches.suse/sched-topology-Skip-updating-masks-for-non-online-nodes.patch + (bsc#1189999 (Scheduler functional and performance backports) + stable-5.14.4 bsc#1197446 ltc#183000). +- commit 65227e4 + +- Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch + (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000). +- commit 0d949cf + +- Update + patches.suse/ovl-fix-missing-negative-dentry-check-in-ovl_rename.patch + (stable-5.14.12 CVE-2021-20321 bsc#1191647). +- commit babea76 + +- iova: Export alloc_iova_fast() and free_iova_fast() + (bsc#1199124). +- commit 281942e + +- scsi: hisi_sas: Limit users changing debugfs BIST count value + (bsc#1198803). +- scsi: hisi_sas: Increase debugfs_dump_index after dump is + completed (bsc#1198806). +- commit 4ed546a + +- netfilter: nf_tables: validate registers coming from userspace + (CVE-2022-1015 bsc#1197227). +- commit 0aabb62 + +- mm: vmalloc: introduce array allocation functions (bsc#1198110). +- commit dbcab11 + +- mm: use vmalloc_array and vcalloc for array allocations + (bsc#1198110). +- commit 4993f07 + +- KVM: use __vcalloc for very large allocations (bsc#1198110). +- commit 525fc7a + +- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660). +- commit c813453 + +- crypto: hisilicon/sec - fix the aead software fallback for + engine (bsc#1198240). +- commit 7a54f7c + +- powerpc/64: Move paca allocation later in boot (bsc#1190812). +- commit a185abb + libapparmor +- add php8-fpm-mr876.patch so that php8 php-fpm can read its config + (boo#1186267#c11) +- parser: add conflict with apparmor-utils < 3.0 to avoid aa-status + file conflict on upgrade (boo#1198958) +- utils: add missing dependency on apparmor-parser (boo#1198958#c4) + +- Enhance zgrep-profile-mr870.diff to also allow/support zstd + (boo#1198922). + +- update zgrep-profile-mr870.diff to allow executing 'expr' (boo#1198531) + +- Add samba-new-dcerpcd.patch, samba-4.16 has a new dcerpcd daemon + which now will spawn new additional services on demand. We need to + modify the existing smbd/winbind profiles and additionally add a + new set of profiles to cater for the new functionality; + (bnc#1198309); + +- Add samba_deny_net_admin.patch to add new rule to deny + noisy setsockopt calls from systemd; (bnc#1196850). + +- add profile for zgrep and xzgrep to prevent CVE-2022-1271 + (zgrep-profile-mr870.diff) + +- ensure precompiled cache files are newer than (text) profiles +- reload profiles in %posttrans instead of %post to ensure both + - profiles and -abstractons package are updated before the cache + in /var/cache/apparmor/ gets built (boo#1195463 #c20) + +- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on + /proc/{pid}/fd for samba-bgqd (bnc#1196850). +- Add update-usr-sbin-smbd.diff to add new rule to allow reading of + openssl.cnf (bnc#1195463). + libcaca +- When a zero-width or zero-height image is given, a divide-by-zero + occurs. This patch checks for this and produces a zero-sized + output. + [bsc1197028-correctly-handle-zero-width-or-height-images.patch, + CVE-2022-0856, bsc#1197028] + libdvdread -- Added baselibs.conf. Removed licenses link from spec. - -- Added Requires: pkg-config to get the .pc file to build. - libinput +- Update to version 1.19.4 (boo#1198111): + * This release includes a fix for CVE-2022-1215, a format string + vulnerability in the evdev device handling. + liblangtag +- allow to build for later service packs of SLE 15 [bsc#1197767] + (-Wno-error=format-extra-args) + -- Version bump to 0.5 - * Enhancements: - * Iterator support - * Add lt_tag_convert_from_locale_string() - * Bug Fixes: - * Fix wrong traversal on keys - * Fix xml parser for tags in range - * Improve portability - * Fix broken lt_tag_transform() - * Fix the build issue when builddir != srcdir - * Fix broken lt_tag_convert_from_locale() - * Fix memory leaks - * Fix linker issue - * Use secure_getenv if available - * more -- Remove upstreamed patches. - -- Use full download url. -- Apply patches from git to fix few build issues. - -- Fix Requires to demand glib2-devel not gtk1 variant - (thanks coolo) - * Fix copy&pasto in one summary. - -- Use both lpgl and mpl licenses. - * thanks to babelworx for the hint (merge request fails to - complete so doing it myself). - -- Fix desc not to contain mention of libexttextcat. - -- Add missing directory to the list. - -- Initial package. Version 0.4.0. - libslirp +- Fix a dhcp regression [bsc#1198773] + +libslirp-fix-dhcp-1.patch + +libslirp-fix-dhcp-2.patch + libwmf +- Define conditionally make_build to fix build on systems that do + not have that macro + +- update to 0.2.12: + * upstream changed to fork from Fedora: https://github.com/caolanm/libwmf + * fix abi + * merge in fixes for libgd CVE-2019-6978 + * release with coverity, clang and shellcheck fixes + * Seeing as wvware.sourceforge.net seems to be dead, but libwmf is still in + use and has had a bunch of security bugs reported against, and I've a + history with libwmf, I'll call this libwmf 0.2.9 and merge in my (Red Hat) + fixes. +- drop libwmf-0.2.8.4-ia64.patch, libwmf-0.2.8.4-config.patch: obsolete +- drop libwmf-0.2.8.4-overflow-CVE-2006-3376.patch: upstream via + https://github.com/caolanm/libwmf/commit/b9cc022c8d7dd8c557e2dae5681c2d344237b4f9 +- drop libwmf-0.2.8.4-CVE-2015-0848.patch: part of + https://github.com/caolanm/libwmf/commit/879d6bffa6dd21b8c0e9ec3b5aa31b6ae090ef83 +- drop libwmf-0.2.8.4-badrle.patch: part of + https://github.com/caolanm/libwmf/commit/879d6bffa6dd21b8c0e9ec3b5aa31b6ae090ef83 +- drop libwmf-0.2.8.4-CVE-2015-4696.patch: upstream via + https://github.com/caolanm/libwmf/commit/f47cbdf96838c2daa7b8e489f59e62371d33352a +- drop libwmf-0.2.8.4-CVE-2015-4695.patch: upstream via + https://github.com/caolanm/libwmf/commit/b5ae5d1f3bbddf051a5c9dd01897bd835817f013 +- drop reproducible.patch: differently done upstream +- drop use-pkg-config-for-freetype.patch: obsolete + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) + +- Add use-pkg-config-for-freetype.patch to use pkgconfig to detect + Freetype libraries. Add BR autoconf, automake, libtool due to + above. + +- libwmf-0.2.8.4-config.patch: update so -config --libs + do not inject bogus dependencies to other packages. +- build with disable-static too. + +- Fix -devel package Requires not to still include xorg-x11-devel + -- dropped libwmf-devel -> libwmf-tools dependency (bnc#892356) - -- Clean spec file with spec-cleaner -- Do not distribute *.la files - -- Add libwmf-0.2.8.4-bnc495842.patch to fix realloc return value - usage (bnc#495842, bnc#831299) - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -- Add libwmf-0_2-7 to baselibs.conf. - -- Add libjpeg-devel as BuildRequires, needed to resolve build error -- Add selected Xorg packages to BR to have wmf2x be built again - -- Remove further redundant sections - -- Actually use "libwmf-tools" instead of wmf-utils, this goes much - more in line with the preexisting libwpd-tools and libwps-tools. - -- Remove redundant/unwanted tags/section (cf. specfile guidelines) -- Apply shlib packaging (-> new libwmf-0_2-7 subpackage), - create "wmf-utils" subpackage as suggested by namtrac - -- fix file list - -- fix build of in-tree copy of gd to build with new libpng14 - (long deprecated function has been removed) - -- package baselibs.conf -- enable parallel build - -- rediff another patch - -- rediffed without fuzz, some spec cleanups - manpages-l10n +- Update to version 4.14.0: + * New language: Ukrainian. + * Updated many translations. +- Remove unused argument in %man_lang_package macro definition. + mdadm +- skip RAID assembly if DM_UDEV_DISABLE_OTHER_RULES_FLAG (bsc#1196054) + * Add 0121-udev-md-raid-assembly.rules-skip-if-DM_UDEV_DISABLE_.patch + mokutil +- Update to 0.5.0 + + mokutil: delete key/hash from the reverse request + + efi_x509: fix an error handling in is_immediate_ca() + + efi_x509: fix certificates fingerprint calculation + + efi_x509: use EVP_Digest()* functions instead of the deprecated + SHA1_*() + + src/util.c: fix NULL pointer dereference in mok_get_variable + + mokutil: Read the SbatLevelRT variable to get the SBAT entries + + mokutil: add mok-variables parsing support + + mokutil: Add option to print the UEFI SBAT variable content + + mokutil: only check for Secure Boot support in options that + need it + + efi_x509: add the function to fetch SKID + + keyring: add the function to check kernel keyring + + mokutil: initialize data for efi_get_variable() + + mokutil: correct the data for efi_set_variable() in + set_password() + + mokutil: improve the readability of issue_mok_request() + + mokutil: drop the checks for PK and KEK + + mokutil: check the blocklists before enrolling a key + + mokutil: adjust the command bits + + mokutil: remove "--simple-hash" + + make CA check non-fatal + + mokutil: close file in the error path + + mokutil: do the CA check + + efi_x509: add the function to check immediate CA + + efi_x509: use d2i_X509() to create X509 handling + + mokutil: rename hash_file as pw_hash_file + + password-crypt: update the function names + + password-crypt: fix the types of several functions + + mokutil: fix the error message in sb_state() + + mokutil: move x509 functions to efi_x509.c + + mokutil: move the hash functions to efi_hash.c + + util: add functions for db_var_name and db_friendly_name + + Remove the SHA1 code from identify_hash_type() + + Map the UEFI variable names with a function + + Fix -Wcast-align warnings + + Fix 32 bit build + + Add --timeout to manpage and other corrections. + + mokutil.c: fix typo enrollement -> enrollment + + Avoid taking pointer to packed struct + + Fix name of --enable-validation in the description + + Remove shebang from bash-completion/mokutil +- Add mokutil-fix-missing-header.patch to fix the compilation error + due to the missing header +- Refresh mokutil-remove-libkeyutils-check.patch and only apply + it to openSUSE Leap 15.* +- Drop upstreamed patches: + + mokutil-remove-shebang-from-bash-completion-file.patch + + mokutil-bsc1173115-add-ca-and-keyring-checks.patch +- Drop mokutil-support-revoke-builtin-cert.patch since we don't use + the builtin cert prompt patch in shim anymore. + +- spec file cleanup + +- Update mokutil-support-revoke-builtin-cert.patch + + Add "--revoke-cert" to the man page + -- Add mokutil-fix-hash-file-read.patch to fix the error handling of - reading a hash file - multipath-tools +- If multipath-tools is newly installed, load dm-multipath + (bsc#1196898) + openblas:pthreads +- For non-HPC builds create links (bsc#1198885): + %_lib/libopenblas_.so[.0] -> + %_lib/openblas-/libopenblas.so[.0] + openldap2 +- bsc#1191157 - Correct version specification in ppolicy to allow + submission to SP3 for TLS1.3 + +- bsc#1191157 - allow specification of max/min TLS version with TLS1.3 + * 0239-ITS-9422-Update-for-TLS-v1.3.patch + * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch + * 0241-TLS-set-protocol-version.patch + +- bsc#1197004 - libldap was able to be out of step with openldap in + some cases which could cause incorrect installations and symbol + resolution failures. openldap2 and libldap now are locked to their + related release versions. + +- jsc#PM-3288 - restore CLDAP functionality in CLI tools + openssl-1_1 +- FIPS: add bsc1185319-FIPS-KAT-for-ECDSA.patch + * Known answer test for ECDSA + * bsc#1185319 +- FIPS: add bsc1198207-FIPS-add-hash_hmac-drbg-kat.patch + * Enable tests for Deterministic Random Bit Generator + * bsc#1198207 +- Bypass a regression test that fails in FIPS mode. + * [openssl-1_1-shortcut-test_afalg_aes_cbc.patch] + ovmf +- Respin amd-sev and amd-sev-es features + After more testing, we found that not all descriptors can support + both amd-sev with amd-sev-es. So we removed all amd-sev and amd-sev-es + feature tags but only keep them in ovmf-x86_64-2m.json and + 60-ovmf-x86_64.json. (bsc#1198246#c75) + patterns-gnome +- Enable bijiben for default installation on SLE as well + (bsc#1192326). + +- Recommend systemd-icon-branding by gnome_x11: try to get the + correct branding installed, allowing to show the correct icon in + gnome-control-center. + pcre2 +- do not enable jit-sealloc [bsc#1182864] [bsc#1199208] + +- enable jit for s390x [bsc#1199196] + perl +- Stabilize Socket::VERSION comparisons [bnc#1193489] + new patch: perl-Stabilize-Socket-VERSION-comparisons.patch + permissions + * backport of apptainer whitelisting (bsc#1196145, bsc#1198720) + +- Update to version 20201225: polkit-default-privs +- Update to version 13.2+20220422.7977f05: + * Backport of power-profiles-daemon (bsc#1198693) + postgresql14 +- bsc#1195680: Upgrade to 14.2: + * https://www.postgresql.org/docs/14/release-14-1.html + * Reindexing might be needed after applying this upgrade, so + please read the release notes carefully. + +- boo#1190740: Add constraints file with 12GB of memory for s390x + as a workaround + +- Add a llvmjit-devel subpackage to pull in the right versions + of clang and llvm for building extensions. +- Fix some mistakes in the interdependencies between the + implementation packages and their noarch counterpart. +- Update the BuildIgnore section. + ppp +- bsc#1197799: Add ppp-2.4.7-DES-openssl.patch to fix build on + SLE-15-SP3 and SP4. + -- Update to 2.4.7: - * Fixed a potential security issue in parsing option files - (CVE-2014-3158, bnc#891489). - * There is a new "stop-bits" option, which takes an argument of - 1 or 2, indicating the number of stop bits to use for async serial - ports. - * Various bug fixes. - psmisc + * Add a fallback if the system call name_to_handle_at() is + not supported by the used file system. +- Add patch psmisc-22.21-semaphores.patch + * Replace the synchronizing over pipes of the sub process for the + stat(2) system call with mutex and conditions from pthreads(7) + (bsc#1194172) +- Add patch psmisc-22.21-statx.patch + * Use statx(2) or SYS_statx system call to replace the stat(2) + system call and avoid the sub process at all (bsc#1194172) + +- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch qemu +- enable aio=io_uring on all kvm architectures (bsc#1197699) + re2 +- Use Release config so O3 is used + +- Avoid sporadic failures by setting until-pass on CTest + +- Disable tests on ARMv6 + +- Disable tests on ZSystems and RISCV + +- Switch build to CMake, otherwise CMake config is not installed. + Required for Apache ORC and arrow, and google-or-tools. + (https://github.com/google/re2/issues/304) +- Run some real tests via CTest + rsyslog +- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP + syslog reception (bsc#1199061) + * add CVE-2022-24903.patch + +- add service dependencies for remote logging (bsc#1194669) +- update config example in remote.conf to match upstream documentation + ruby2 +- Update suse.patch: + - backport fix for CVE-2022-28739: ruby: Buffer overrun in + String-to-Float conversion (boo#1198441) + - back port date 2.0.3 CVE-2021-41817 (boo#1193035) + - merge the previous bug fixes into suse.patch + - CVE-2021-32066.patch + - CVE-2021-31810.patch + - CVE-2021-31799.patch + +- Add Requires to make and gcc to ruby-devel to make the default + extconf.rb work + stoken -- Change gtk and libtomcrypt build requirements. -- Remove useless "--with-libtomcrypt" parameter from %%configure. - -- Add patch to avoid static CFLAGS. -- Require proper libtomcrypt version. - -- First build. - systemd +- Call pam_loginuid when creating user@.service (bsc#1198507) + It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d. + systemd-presets-branding-openSUSE +- Enable acpid (boo#1196609), its not installed by default on most + systems anymore but the enlightenment desktop still uses its + events to trigger various bindings and shows an error dialog + when acpid is not running. + +- Enable storeBackup (bsc#1115457). + systemd-presets-common-SUSE +- enable vgauthd service for VMWare by default (bsc#1195251) + texlive-specs-n +- Add a _constraints file to increase required disk size (boo#1198793) +- Avoid doubled luatex/texlua shebangs (boo#1198790) +- Do not bail out if local ls-R is not writable (boo#1194496) + webkit2gtk3:gtk3 +- Disable gold linker. It is unmaintained and now disabled on + factory. +- Switch to gcc 11. +- Increase mem_per_process. Attempt to fix sporadic bild failure + (bsc#1198743). + webkit2gtk3:gtk3-soup2 +- Disable gold linker. It is unmaintained and now disabled on + factory. +- Switch to gcc 11. +- Increase mem_per_process. Attempt to fix sporadic bild failure + (bsc#1198743). + webkit2gtk3:gtk4 +- Disable gold linker. It is unmaintained and now disabled on + factory. +- Switch to gcc 11. +- Increase mem_per_process. Attempt to fix sporadic bild failure + (bsc#1198743). + xkeyboard-config +- U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch + * Backport French standardized AZERTY layout (AFNOR: NF Z71-300) + (bsc#1188867) + yast2-bootloader +- AutoYaST: do not clone device for hibernation and also check + during autoinstallation if device for hibernation exists and if + not then use proposed one. (bsc#1187690 and bsc#1197192) +- 4.4.17 + yast2-installation +- Revert changes introduced in v4.3.50 as it produces some ordering + cycle issues (bsc#1198294) +- 4.4.52 + yast2-packager +- Run the package solver after selecting additional system + packages, fixes possible broken package dependencies after system + upgrade (bsc#1195828) +- 4.4.31 + +- Don't rely on install.inf availability #(bsc#1198560) +- 4.4.30 + +- Fixed migration summary in Leap -> SLES migration (bsc#1198562) +- 4.4.29 + +- Show package downloads in the global progress bar during package + installation (bsc#1195608) + PR: https://github.com/yast/yast-packager/pull/609 +- 4.4.28 + yast2-trans +- Update to version 84.87.20220422.7945491fb3: + * Translated using Weblate (Russian) + * Translated using Weblate (Korean) + * New POT for text domain 'storage'. + * Translated using Weblate (Russian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Japanese) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + +- Update to version 84.87.20220419.0c85b52778: + * New POT for text domain 'migration_sle'. + * New POT for text domain 'hana-update'. + * New POT for text domain 'firstboot'. + * New POT for text domain 'control'. + * New POT for text domain 'cc-control'. + * Fixed control.xml translations + * Fixed control.xml translations + * Fixed control.xml translations + * Translated using Weblate (Finnish) + +- Update to version 84.87.20220415.000649bca9: + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Russian) + * Fixed messages extracted from XML files + * Fixed messages extracted from XML files + * Translated using Weblate (Slovak) + * Fixed messages extracted from XML files + * Fixed messages extracted from XML files + * Fixed messages extracted from XML files + * Fixed translations + * Fixed translations + * Fixed messages extracted from XML files + * Fixed firstboot translations + * New POT for text domain 'iscsi-client'. + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * Translated using Weblate (Catalan) + * New POT for text domain 'firstboot'. + +- Update to version 84.87.20220410.9099c51b0c: + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * New POT for text domain 'users'. + * Translated using Weblate (Ukrainian) + * Translated using Weblate (German) + * Translated using Weblate (Slovak) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * Translated using Weblate (Catalan) + * New POT for text domain 'packager'. + * New POT for text domain 'iscsi-client'. + * New POT for text domain 'base'. + +- Update to version 84.87.20220406.6a9f225e0e: + * Translated using Weblate (Turkish) + * Translated using Weblate (Turkish) + * Translated using Weblate (Turkish) + * New POT for text domain 'autoinst'. + * Translated using Weblate (Turkish) + * Translated using Weblate (Turkish) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Russian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Vietnamese) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Catalan) + * New POT for text domain 'network'. + * New POT for text domain 'country'. + - * New POT for text domain 'add-on'. - * New POT for text domain 'base'. - * New POT for text domain 'bootloader'. - * New POT for text domain 'country'. - * New POT for text domain 'installation'. + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Italian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) - * New POT for text domain 'packager'. - * New POT for text domain 'storage'. - * Added translation using Weblate (Portuguese (Portugal)) - * Added translation using Weblate (Sinhala) + * New POT for text domain 'add-on'. + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) - * Translated using Weblate (Chinese (China)) - * Translated using Weblate (Chinese (Taiwan)) - * Translated using Weblate (Croatian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'packager'. + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) - * Translated using Weblate (Finnish) + * Translated using Weblate (Dutch) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * New POT for text domain 'storage'. + * New POT for text domain 'country'. + * New POT for text domain 'bootloader'. + * Translated using Weblate (Spanish) + * Translated using Weblate (Japanese) - * Translated using Weblate (Galician) - * Translated using Weblate (German) + * Translated using Weblate (Finnish) + * Translated using Weblate (Croatian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * New POT for text domain 'packager'. + * New POT for text domain 'base'. + * New POT for text domain 'packager'. + * New POT for text domain 'base'. + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (German) + * Translated using Weblate (German) - * Translated using Weblate (Japanese) - * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (French) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Finnish) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (Galician) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) - * Translated using Weblate (Russian) - * Translated using Weblate (Slovak) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (French) + * Translated using Weblate (Spanish) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (Chinese (Taiwan)) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (French) + * Translated using Weblate (Chinese (Taiwan)) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Added translation using Weblate (Sinhala) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Chinese (China)) + * Translated using Weblate (Italian) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Russian) + * Translated using Weblate (Portuguese) + * Translated using Weblate (Finnish) + * Translated using Weblate (Italian) + * Added translation using Weblate (Portuguese (Portugal))