Removed rpms ============ - libicu69 - libicu69-ledata - qemu-img - qemu-pr-helper - virtiofsd Added rpms ========== - qemu-sgabios Package Source Changes ====================== LibVNCServer +- version update to 0.9.14 + [#]# Overall changes: + * Added more documentation (build system integration, repeater setup) and a legal FAQ. + * Added [contribution guidelines](CONTRIBUTING.md). + * Ported the TravisCI continous integration machinery to GitHub workflows. + [#]# LibVNCServer/LibVNCClient: + * Added [qemu extended key event]. + * Fixed several potential multiplication overflows. + [#]# LibVNCClient: + * Fixes of several memory leaks and buffer overflows. + * Added UltraVNC's MSLogonII authentication scheme. + * Fixed TLS interoperability with GnuTLS servers. + * Fixed detection of newer UltraVNC and TightVNC servers. + * Added support for [SetDesktopSize]. + * Added SSH tunneling example using libssh2. + * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. + [#]# LibVNCServer: + * Fixes to the multi-threaded server implementation which should be a lot more sound now. + * Fixed TightVNC-filetransfer file upload for 64-bit systems. + * Fixes of crashes in the zlib compression. + * Added support for [UTF8 clipboard data]. + * Fixed visual artifacts in framebuffer on ARM platforms. + * Fixed several WebSockets bugs. + * Fixed the UltraVNC-style repeater example. + * Added support for larger framebuffers (two 4k screens possible now). + * Added support for timeouts for outbound connections (to repeaters for instance). + * Fixed out-of-bounds memory access in Tight encoding. +- modified patches + % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) + % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed) +- deleted patches + - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed) + - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed) + - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed) + - LibVNCServer-CVE-2020-29260.patch (upstreamed) + MozillaFirefox +- Mozilla Firefox ESR 115.3.1 ESR + MFSA 2023-44 (bsc#1215814) + * CVE-2023-5217: Heap buffer overflow in libvpx + +- Firefox Extended Support Release 115.3.0 ESR + Placeholder changelog-entry +- Mozilla Firefox ESR 115.3 + MFSA 2023-42 (bsc#1215575) + * CVE-2023-5168: (bmo#1846683) + Out-of-bounds write in FilterNodeD2D1 + * CVE-2023-5169: (bmo#1846685) + Out-of-bounds write in PathOps + * CVE-2023-5171: (bmo#1851599) + Use-after-free in Ion Compiler + * CVE-2023-5174: (bmo#1848454) + Double-free in process spawning on Windows + * CVE-2023-5176: (bmo#1836353, bmo#1842674, bmo#1843824, + bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, + bmo#1851195) + Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, + and Thunderbird 115.3 +- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build + with newer binutils (bsc#1215309) + alsa +- More upstream fix for incosistent compile conditions: + 0004-reshuffle-included-files-to-include-config.h-as-firs.patch + +- Upstream fix backport: + 0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch +- Upstream fix for PCM segfault regression (bsc#1215167): + 0003-pcm-Fix-segfault-with-32bit-libs.patch + +- Update to version 1.2.10 (jsc#PED-6566): + * MIDI 2.0 feature support + * build fixes for various platforms + * various documentation fixes + * misc topology fixes + * ucm fixes and cleanups + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-lib +- Took upstream fix for possible build errors: + 0001-control.h-Fix-ump-header-file-detection.patch + +- Update to version 1.2.9: + * Versioned symbol updates + * Various fixes for building on *BSD and Android + * Fixes and enhancements of auto silencing and playback drain + * Add SND_CTL_EINTR open mode at PCM + * Avoid endless loop in snd_pcm_sw_params_default() + * Fixes in PCM rate, route/softvol plugins + * Fixes in topology API parser, cleanups + * Enhancements in latency test program + * Minor code cleanup and memory leak fixes in UCM API + * emu10k1 config cleanup + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-lib + alsa-ucm-conf +- Update to version 1.2.10 (jsc#PED-6566): + * updates / fixes for various devices: mtk-rt5650, usb-audio, tegra + es8316, sof-essx8336, pinephone, Steinberg UR44C, AMD ACP RPL, + ACP63, sof-hda-dsp, etc + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-ucm-conf +- Upstream regression fix: + 0001-SplitPCM-Device-argument-may-not-be-set.patch + +- Update to version 1.2.9: + various profile updates for USB-audio, SOF and others. + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-ucm-conf + alsa-utils +- Update to alsa-utils 1.2.10 (jsc#PED-6566): + * MIDI 2.0 / UMP support for sequencer programs + * nhlt: add nhlt-dmic-info utility + * Build fixes and cleanups + * speaker-test: allow large buffer and period time setup - up to 100 seconds + * various topology fixes + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-utils +- Fix the builds with old gcc: + 0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch + 0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch + 0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch + 0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch + 0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch + 0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch + 0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch + +- Update to alsa-utils 1.2.9: + BSD build fix, and various updates for alsactl, amidi, axfer, + alsa-info.sh, alsaloop, alsatplg, alsaucm, aplay, abat. + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-utils + apparmor +- Fix pam_apparmor %post and %postun scripts to handle pam-config errors + (bsc#1215596) + apparmor:libapparmor +- Fix pam_apparmor %post and %postun scripts to handle pam-config errors + (bsc#1215596) + attica-qt5 +- Update to 5.110.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.110.0 +- No code change since 5.109.0 + +- Update to 5.109.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.109.0 +- Changes since 5.108.0: + * Add explicit moc includes to sources for moc-covered headers + +- Update to 5.108.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.108.0 +- Changes since 5.107.0: + * Remove qt6 CI builds + +- Update to 5.107.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.107.0 +- No code change since 5.106.0 + +- Update to 5.106.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.106.0 +- No code change since 5.105.0 + +- Update to 5.105.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.105.0 +- No code change since 5.104.0 + +- Update to 5.104.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.104.0 +- No code change since 5.103.0 + bind +- Update to release 9.16.44 + Bug Fixes: + * Processing already-queued queries received over TCP could cause + an assertion failure, when the server was reconfigured at the + same time or the cache was being flushed. This has been fixed. + Security Fixes: + * Previously, sending a specially crafted message over the + control channel could cause the packet-parsing code to run out + of available stack memory, causing named to terminate + unexpectedly. This has been fixed. (CVE-2023-3341) + [bsc#1215472] +- Switch to pkgconfig(libprotobuf-c) since this now contains the + required protobuf-c binary + binutils +- Update to version 2.41 [PED-5778]: + * The MIPS port now supports the Sony Interactive Entertainment Allegrex + processor, used with the PlayStation Portable, which implements the MIPS + II ISA along with a single-precision FPU and a few implementation-specific + integer instructions. + * Objdump's --private option can now be used on PE format files to display the + fields in the file header and section headers. + * New versioned release of libsframe: libsframe.so.1. This release introduces + versioned symbols with version node name LIBSFRAME_1.0. This release also + updates the ABI in an incompatible way: this includes removal of + sframe_get_funcdesc_with_addr API, change in the behavior of + sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. + * SFrame Version 2 is now the default (and only) format version supported by + gas, ld, readelf and objdump. + * Add command-line option, --strip-section-headers, to objcopy and strip to + remove ELF section header from ELF file. + * The RISC-V port now supports the following new standard extensions: + - Zicond (conditional zero instructions) + - Zfa (additional floating-point instructions) + - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, + Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) + * The RISC-V port now supports the following vendor-defined extensions: + - XVentanaCondOps + * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. + * A new .insn directive is recognized by x86 gas. + * Add SME2 support to the AArch64 port. + * The linker now accepts a command line option of --remap-inputs + <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with + <FILE>. In addition the option --remap-inputs-file=<FILE> can be used to + specify a file containing any number of these remapping directives. + * The linker command line option --print-map-locals can be used to include + local symbols in a linker map. (ELF targets only). + * For most ELF based targets, if the --enable-linker-version option is used + then the version of the linker will be inserted as a string into the .comment + section. + * The linker script syntax has a new command for output sections: ASCIZ "string" + This will insert a zero-terminated string at the current location. + * Add command-line option, -z nosectionheader, to omit ELF section + header. +- Removed obsolete patches: binutils-2.40-branch.diff.gz, + riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch, + extensa-gcc-4_3-fix.diff . +- Add binutils-2.41-branch.diff.gz . +- Add binutils-old-makeinfo.diff for SLE-12 and older. +- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff . +- Contains fixes for these non-CVEs (not security bugs per upstreams + SECURITY.md): + * bsc#1209642 aka CVE-2023-1579 aka PR29988 + * bsc#1210297 aka CVE-2023-1972 aka PR30285 + * bsc#1210733 aka CVE-2023-2222 aka PR29936 + * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) + * bsc#1214565 aka CVE-2020-19726 aka PR26240 + * bsc#1214567 aka CVE-2022-35206 aka PR29290 + * bsc#1214579 aka CVE-2022-35205 aka PR29289 + * bsc#1214580 aka CVE-2022-44840 aka PR29732 + * bsc#1214604 aka CVE-2022-45703 aka PR29799 + * bsc#1214611 aka CVE-2022-48065 aka PR29925 + * bsc#1214619 aka CVE-2022-48064 aka PR29922 + * bsc#1214620 aka CVE-2022-48063 aka PR29924 + * bsc#1214623 aka CVE-2022-47696 aka PR29677 + * bsc#1214624 aka CVE-2022-47695 aka PR29846 + * bsc#1214625 aka CVE-2022-47673 aka PR29876 + +- This only existed only for a very short while in SLE-15, as the main + variant in devel:gcc subsumed this in binutils-revert-rela.diff. + Hence: +- Remove binutils-disable-dt-relr.sh as subsumed. + +- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR + ld/25694 +- riscv-pr22263-1.patch: Backport for PR ld/22263 + +- Rebase branch patch (includes fix for PR30281). + +- Document fixed CVEs: + * bnc#1208037 aka CVE-2023-25588 aka PR29677 + * bnc#1208038 aka CVE-2023-25587 aka PR29846 + * bnc#1208040 aka CVE-2023-25585 aka PR29892 + * bnc#1208409 aka CVE-2023-0687 aka PR29444 + +- Enable bpf-none cross target and add bpf-none to the multitarget + set of supported targets. + +- Disable packed-relative-relocs for old codestreams. They generate + buggy relocations when binutils-revert-rela.diff is active. + [bsc#1206556] + +- Disable ZSTD debug section compress by default. + +- Enable zstd compression algorithm (instead of zlib) + for debug info sections by default. + +- Pack libgprofng only for supported platforms. + +- Remove upstreamed patch binutils-maxpagesize.diff. + +- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043. +- Move libgprofng-related libraries to the proper locations (packages). +- Add --without=bootstrap for skipping of bootstrap (faster testing + of the package). + +- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] + +- Update to version 2.40: + * Objdump has a new command line option --show-all-symbols which will make it + display all symbols that match a given address when disassembling. (Normally + only the first symbol that matches an address is shown). + * Add --enable-colored-disassembly configure time option to enable colored + disassembly output by default, if the output device is a terminal. Note, + this configure option is disabled by default. + * DCO signed contributions are now accepted. + * objcopy --decompress-debug-sections now supports zstd compressed debug + sections. The new option --compress-debug-sections=zstd compresses debug + sections with zstd. + * addr2line and objdump --dwarf now support zstd compressed debug sections. + * The dlltool program now accepts --deterministic-libraries and + - -non-deterministic-libraries as command line options to control whether or + not it generates deterministic output libraries. If neither of these options + are used the default is whatever was set when the binutils were configured. + * readelf and objdump now have a newly added option --sframe which dumps the + SFrame section. + * Add support for Intel RAO-INT instructions. + * Add support for Intel AVX-NE-CONVERT instructions. + * Add support for Intel MSRLIST instructions. + * Add support for Intel WRMSRNS instructions. + * Add support for Intel CMPccXADD instructions. + * Add support for Intel AVX-VNNI-INT8 instructions. + * Add support for Intel AVX-IFMA instructions. + * Add support for Intel PREFETCHI instructions. + * Add support for Intel AMX-FP16 instructions. + * gas now supports --compress-debug-sections=zstd to compress + debug sections with zstd. + * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} + that selects the default compression algorithm + for --enable-compressed-debug-sections. + * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, + XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, + XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head + ISA manual, which are implemented in the Allwinner D1. + * Add support for the RISC-V Zawrs extension, version 1.0-rc4. + * Add support for Cortex-X1C for Arm. + * New command line option --gsframe to generate SFrame unwind information + on x86_64 and aarch64 targets. + * The linker has a new command line option to suppress the generation of any + warning or error messages. This can be useful when there is a need to create + a known non-working binary. The option is -w or --no-warnings. + * ld now supports zstd compressed debug sections. The new option + - -compress-debug-sections=zstd compresses debug sections with zstd. + * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} + that selects the default compression algorithm + for --enable-compressed-debug-sections. + * Remove support for -z bndplt (MPX prefix instructions). +- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff, + cross-avr-size.patch. +- Removed patch: binutils-pr29482.diff. +- New patch: extensa-gcc-4_3-fix.diff. +- Includes fixes for these CVEs: + * bnc#1206080 aka CVE-2022-4285 aka PR29699 +- Enable by default: --enable-colored-disassembly. + +- fix build on x86_64_vX platforms +- add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962) + busybox +- Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability + in ash (CVE-2022-48174, bsc#1214538) + cracklib +- version update to 2.9.11 + * Merge fedora patches and man pages + * Fix missing files in dist tarball, other automake fixes (Leandro Nini) + * Fix error handling during build of dictionary (yixiangzhike) + * Fix to localization support (A. Wilcox, nekopsykose) + * Fix to test utilities (Alexander Kanavin) + * Translation updates from weblate + * python: adjust include path for builddir by @thesamesam in #61 + * Make buffer static and avoid returning stack-allocated memory by @drfiemost in #63 +- modified patches + % 0002-cracklib-2.9.2-visibility.patch (refreshed) + +- update to 2.9.8: + * rules: Drop using register keyword + * add exec perms + * translation updates + * Use what's in the build environment and use a current autoconf + * util/Makefile.am: fix link with lintl + * Force grep to treat the input as text when formatting word files + +- Drop --with-pic, as it has no effect with --disable-static. + curl +- Security fix: [bsc#1215026, CVE-2023-38039] + * http: return error when receiving too large header + * Add curl-CVE-2023-38039.patch + double-conversion +- update to 3.3.0: + * Fix some compile warnings in Visual Studio + * Set permissions for github workflows + * Add flags to control trailing decimal and zero in exponent + form when input has one significant digit + +- update to 3.2.1 + * Disable quiet nan test on windows + * Test on all platforms. + * Fix warnings on Windows + * Run ctests first. + * Give shared-lib option and test install + * Install Windows debbuger (pdb) files. + * Add a cast to silence a signedness conversion warning. + * Issue #184 : Fixed all -Wzero-as-null-pointer-constant warnings + +- update to 3.2.0: + * Fix quiet NANs on MIPS* and PA-RISC architectures. + +- update to 3.1.7: + * Reintroduce macros, if DOUBLE_CONVERSION_NON_PREFIXED_MACROS is set + * Also add support for Synopsys ARC64 architecture + +- update to 3.1.6: + * Features some code cleanups. + * Adds the following new architectures: loongarch, xtensa, nios2, e2k. + -- Initial package, version 2.0.1 - evolution +- Add evolution-height-miscalculation.patch: fix rendering of + calendar changes with WebKitGTK 2.40+ (boo#1213858 + glgo#GNOME/evolution#2204). + +- Add evolution-frame-flattening.patch: handle frame flattening + change in WebKitGTK 2.40 (boo#1213858). + exempi +- Add CVE-2020-18651.patch: fix a buffer overflow in ID3 support + (boo#1214486 CVE-2020-18651). + -- Update to version 2.2.0: - + New 'exempi' command line tool. - + Upgrade XMPCore to Adobe XMP 5.1.2 - - Quicktime support now works without Quicktime. - - Reconciliation with ID3v2. - - "Blessed" 64-bits support (we already had it in exempi). - - Slight change in the way XMP are written for MWG compliance. - - Fixed a serious bug with RIFF. - - Change in the way local text encoding is dealt with. - - Alternative languages behave slightly differently by changing - how the default language property is managed. - - Probably a bunch of bugs fixed that I don't know about. - + Update unit tests. - - Refactor the fixtures. - + Use automake silent rules instead of shave. (build only) - + "make dist" generate a bzip2 archive as well. (build only) - + Remove some obsolete warning flags. (build only) - + Build xmpcommandtool - + Several new APIs. - + Bug fixes: fdo#37747. -- Drop exempi-no-shave.patch: shave is not used upstream anymore. -- Drop libtool BuildRequires, autoreconf call and - - -disable-silent-rules that were used because of patch above. -- Create a tools subpackage for new exempi command line tool. -- Change group of libexempi3 from "Development/Libraries/C and C++" - to System/Libraries. -- Use V=1 during the build to get a verbose build. - ffmpeg +- Add ffmpeg-CVE-2021-28429.patch: Fix Integer overflow + vulnerability in av_timecode_make_string in libavutil/timecode.c + (bsc#1214246, CVE-2021-28429). + ghostscript +- CVE-2023-43115.patch is derived for Ghostscript-9.52 from + https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + that fixes CVE-2023-43115 "remote code execution + via crafted PostScript documents in gdevijs.c" + see https://bugs.ghostscript.com/show_bug.cgi?id=707051 + (bsc#1215466) + glibc +- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) + +- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache + invalidation if epoll is used (bsc#1212910, BZ #29415) + +- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses + in files database (bsc#1212819, BZ #25457) + +- remove-excessive-p-align-check.patch: elf: Remove excessive p_align + check on PT_LOAD segments (bsc#1211829, BZ #28688) +- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829, + BZ #28676) +- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the + first segment (BZ #30452) + icu -- Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update - (jsc#SLE-17893) - -- nan-undefined-conversion.patch: ICU-21613 Fix undefined behaviour in - ComplexUnitsConverter::applyRounder - -- Update to release 69.1 - * CLDR 39 - * For Norwegian, "no" is back to being the canonical code, with - "nb" treated as equivalent. This aligns handling of Norwegian - with other macro language codes. - * Binary prefixes in measurement units (KiB, MiB, etc.) - * Time zone offsets from local time: New APIs - BasicTimeZone::getOffsetFromLocal() (C++) and - ucal_getTimeZoneOffsetFromLocal() -- Drop icu-1618.patch (merged), - icu-fix-testTemperature.patch (merged) - -- icu-drop-testTemperature.patch: Remove -- icu-fix-testTemperature.patch: Backport ICU-21366 (bsc#1182645) -- Don't disable testsuite under qemu-linux-user - -- Add icu-drop-testTemperature.patch to fix boo#1182645 - The test has been dropped in master branch - -- Added icu-1618.patch to fix 2 tests on aarch64 [boo#1182645] - -- Drop SUSE_ASNEEDED as the issue was in binutils (boo#1182252). - -- Fix pthread dependency issue (boo#1182252). - -- Update to release 68.2 - * Fix memory problem in FormattedStringBuilder - * Fix assertion when setKeywordValue w/ long value. - * Fix UBSan breakage on 8bit of rbbi - * fix int32_t overflow in listFormat - * Fix memory handling in MemoryPool::operator=() - * Fix memory leak in AliasReplacer - -- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361 - -- Update to release 68.1 - * CLDR 38 - * Measurement unit preferences - * PluralRules selection for ranges of numbers - * Locale ID canonicalization now conforms to the CLDR spec - including edge cases - * DateIntervalFormat supports output options such as capitalization - * Measurement units are normalized in skeleton string output - * Time zone data (tzdata) version 2020d +- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd + from upstream, use LocalMemory for cmd to prevent use after free + (bsc#1193951 CVE-2020-21913). -- Update to version 67.1 - * Unicode 13 (ICU-20893, same as in ICU 66) - + Total of 5930 new characters - + 4 new scripts - + 55 new emoji characters, plus additional new sequences - + New CJK extension, first characters in plane 3: U+30000..U+3134A - * CLDR 37 - + New language at Modern coverage: Nigerian Pidgin - + New languages at Basic coverage: Fulah (Adlam), Maithili, - Manipuri, Santali, Sindhi (Devanagari), Sundanese - + Region containment: EU no longer includes GB - + Unicode 13 root collation data and Chinese data for collation and transliteration - * DateTimePatternGenerator now obeys the "hc" preference in the locale identifier (ICU-20442) - * Various other improvements for ECMA-402 conformance - * Number skeletons have a new "concise" form that can be used in MessageFormat strings (ICU-20418) - * Currency formatting options for formal and other currency display name variants (ICU-20854) - * ListFormatter: new public API to select the style & type (ICU-12863) - * ListFormatter now selects the proper “andâ€/“or†form for Spanish & Hebrew (ICU-21016) - * Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272) - * LocaleMatcher: New option to ignore one-way matches (ICU-20936), - and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR) - * acceptLanguage() reimplemented via LocaleMatcher (ICU-20700) - * Data build tool: tzdbNames.res moved from the "zone_tree" category to the "zone_supplemental" category (ICU-21073) - * Fixed uses of u8"literals" broken by the C++20 introduction of the incompatible char8_t type (ICU-20972), - * and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984). - * Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - -- Drop icu-versioning.diff, icu-susevers.diff [boo#1159131] - -- Update to version 66.1 - * Unicode 13 support - * Fix uses of u8"literals" broken by C++20 introduction of - incompatible char8_t type. (ICU-20972) - -- Add locale.diff [boo#1162882] - -- Remove /usr/lib(64)/icu/current [boo#1158955]. - - FATE#325570) + FATE#325570, bnc#1103893, fate#325570, fate#325419) kernel-default +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-kvmsmall +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + libX11 +- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch + U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch + U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch + U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch + U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch + * CVE-2023-43785 libX11: out-of-bounds memory access in + _XkbReadKeySyms() (boo#1215683) + * CVE-2023-43786 libX11: stack exhaustion from infinite recursion + in PutSubImage() (boo#1215684) + * CVE-2023-43787 libX11: integer overflow in XCreateImage() + leading to a heap overflow (boo#1215685) + libXpm +- U_0000-test-Add-unit-tests-using-glib-framework.patch + U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch + U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch + U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch + * fixes CVE-2023-43788 libXpm: out of bounds read in + XpmCreateXpmImageFromBuffer() (boo#1215686) + * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with + corrupted colormap (boo#1215687) +- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch + U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch + U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch + U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch + * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684, + boo#1215685); see changelog in libX11 update ... + -- bumped version number to 7.6 - libcacard +- Update to version 2.8.1 + * Unbreak RAW deciphering emulation using RSA-PKCS1 method + * Use g_memdup2 to avoid deprecation warnings with new glib2 + +- Update to v2.8.0. Changes include: + * Improve project documentation + * Bump minimal glib version to 2.32 and remove old compatibility functions + * Introduce meson build system in addition to existing autotools + * Create and run fuzzer drivers to improve stability + * Introduce a new API vcard_emul_finalize() to clean up allocated resources + * Remove key caching to avoid issues with some PKCS #11 modules + * Prevent logging critical errors on unknown instruction +- Remove empty libcacard package, and also drop the rpm provided + symbol qemu-tools:/usr/bin/vscclient, both assumed unused by now + +- Update to v2.7.0. Changes include: + * Improve compatibility with Windows guests, particularly with + ActivClient Windows drivers. + * Implement Microsoft PnP applet used by Windows for card detection + * Fill several structures returned by Global Platform applet to + mimic behavior of real cards. + * Implement API for creation of serial number used to uniquely + identify a emulated card. + * More verbose debug logs + * Fix the VERIFY semantics, which can be used for login status + check + * Add clang and csbuild CI targets + * Use ATR from official CAC card to improve card detection under + Windows + +- Update to v2.6.1 + * various bug fixes (memory corruption issues which would cause + crashes in spice-gtk) + +- Update to v2.6.0 + * provides implementation of GSC-IS 2.1 (aka CAC version 2) to improve + interoperability with guest software using the emulated or shared + smart cards. The previously implemented CACv1 specification is no + longer supported by any other application so the old code is gone + and any application depending on this old standard will not work + anymore. + * vscclient is no longer installed, as it is not an end-user supported + solution + * various bug & leak fixes + libeconf +- Additional info for version 0.5.2: + * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" + function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078) + * Fixed a stack-buffer-overflow vulnerability in "read_file" + function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078) + +- Update to version 0.5.2: + * Fixed build for aarch64 and gcc13. + * Making the output verbose when a test fails. + * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" + function. + * Fixed a stack-buffer-overflow vulnerability in "read_file" + function. + * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list) + Sets a list of directory structures (with order) which describes + the directories in which the files have to be parsed. + E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following + directories will be parsed: + "<default_dirs>/<project_name>.<suffix>.d/" + "<default_dirs>/<project_name>/conf.d/" + "<default_dirs>/<project_name>.d/" + "<default_dirs>/<project_name>/" + The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added + automatically. + * General code cleanup. + +- Update to version 0.5.1: + * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless + there is a /etc/_example_._suffix_ file. (#175) + +- Update to version 0.5.0: + * API calls econf_read*WithCallback supporting a general (void *) + argument for user defined data with which the callback function is + called. + * Tagged following functions deprecated: + econf_requireOwner, econf_requireGroup, econf_requirePermissions, + econf_followSymlinks, econf_reset_security_settings + Use one of the econf_read*WithCallback functions instead. + +- Update to version 0.4.9: + * libeconf.h: added missing sys/types.h header (#171) + * new API calls: econf_readFileWithCallback, + econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172) + * Checking NULL comment parameter in the parsing functions. + +- Update to version 0.4.8+git20221114.7ff7704: + * Parsing files which are containing keys only (#170) + All delimiters are allowed now : "", " =", " ", "=". But the + user should use "" in order to be distinct. + * /usr/etc/shells.d/<file_name> will not be parsed if + /etc/shells.d/<file_name> is defined too. + * Lto build fixed (#168) + * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag, + econf_set_delimiter_tag + * Checking UID,GroupID, permissions,... of the parsed files (#165) + New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions, + econf_followSymlinks + * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164) + * Error handling improved for nums and booleans (#163) + libjpeg-turbo +- merge two spec files into one + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +- Build AVX2 enabled hwcaps library for x86_64-v3 + +- update to 2.1.5.1: + * Fixed a regression introduced by 2.0 beta1[15] that caused a buffer + overrun in the progressive Huffman encoder when attempting to transform + a specially-crafted malformed 12-bit-per-component JPEG image into a + progressive 12-bit-per-component JPEG image using a 12-bit-per-component + build of libjpeg-turbo. + * Fixed an issue whereby, when using a 12-bit-per-component build of + libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095 + or less than 0 to jpeg_write_scanlines() caused a buffer overrun or + underrun in the RGB-to-YCbCr color converter. + * Fixed a floating point exception that occurred when attempting to use + the jpegtran -drop and -trim options to losslessly transform a + specially-crafted malformed JPEG image. + * Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result, + rather than throwing an error, if the align parameter was not a power of 2. + * Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt + JPEG image in certain cases, rather than throwing an error, + if the align parameter was not a power of 2. + * Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for + tjDecompressToYUVPlanes(), used the desired YUV image dimensions + rather than the actual scaled image dimensions when computing the plane + pointers and strides to pass to tjDecompressToYUVPlanes(). + This caused a buffer overrun and subsequent segfault if the desired + image dimensions exceeded the scaled image dimensions. + * Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG + image (-DWITH_12BIT=1) using an alpha-enabled output color space such as + JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095. + * Fixed an issue whereby the Java version of TJBench did not accept a range + of quality values. + * Fixed an issue whereby, when -progressive was passed to TJBench, + the JPEG input image was not transformed into a progressive JPEG image + prior to decompression. + +- Add explicit provides for jpegtran, so it can be installed easier + +- update to 2.1.4: + * Fixed a regression introduced in 2.1.3 that caused build failures with + Visual Studio 2010. + * The tjDecompressHeader3() function in the TurboJPEG C API and the + TJDecompressor.setSourceImage() method in the TurboJPEG Java API now + accept "abbreviated table specification" (AKA "tables-only") datastreams, + which can be used to prime the decompressor with quantization and Huffman + tables that can be used when decompressing subsequent "abbreviated image" + datastreams. + * libjpeg-turbo now performs run-time detection of AltiVec instructions on + OS X/PowerPC systems if AltiVec instructions are not enabled at compile + time. This allows both AltiVec-equipped (PowerPC G4 and G5) and + non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same + build of libjpeg-turbo. + * Fixed an error ("Bogus virtual array access") that occurred when + attempting to decompress a progressive JPEG image with a height less than + or equal to one iMCU (8 * the vertical sampling factor) using + buffered-image mode with interblock smoothing enabled. This was a + regression introduced by 2.1 beta1[6(b)]. + * Fixed two issues that prevented partial image decompression from working + properly with buffered-image mode: + * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() + but before jpeg_start_output() resulted in an error ("Improper call to + JPEG library in state 207".) + * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus + virtual array access") under certain circumstances. + +- Add requires between baselibs + +- Use nasm instead of yasm, the latter has not released any update + in 7 years. + +- update to 2.1.3: + * Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM + input files into full-color JPEG images unless the `-grayscale` option was + used. + * cjpeg now automatically compresses GIF and 8-bit BMP input files into + grayscale JPEG images if the input files contain only shades of gray. + * The build system now enables the intrinsics implementation of the AArch64 + (Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later. + * Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using + the merged (non-fancy) upsampling algorithms (that is, with + `cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`. + Specifically, the segfault occurred if the number of bytes remaining in the + output buffer was less than the number of bytes required to represent one + uncropped scanline of the output image. For that reason, the issue could only + be reproduced using the libjpeg API, not using djpeg. + +- update to 2.1.2: + * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining + GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used + by default with GCC for performance reasons) to be placed in the `.rodata` + section rather than in the `.text` section. This caused the GNU linker to + automatically place the `.rodata` section in an executable segment, which + prevented libjpeg-turbo from working properly with other linkers and also + represented a potential security risk. + * Fixed an issue whereby the `tjTransform()` function incorrectly computed the + MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus + unduly rejected some cropping regions, even though those regions aligned with + 8x8 MCU block boundaries. + * Fixed a regression introduced by 2.1 beta1[13] that caused the build system + to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy + architectures that do not support Neon instructions. + * libjpeg-turbo now performs run-time detection of AltiVec instructions on + FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile + time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be + supported using the same build of libjpeg-turbo. + * cjpeg now accepts a `-strict` argument similar to that of djpeg and + jpegtran, which causes the compressor to abort if an LZW-compressed GIF input + image contains incomplete or corrupt image data. + libostree +- Add patch from upstream to fix corrupted files when using a large + fs with 64-bit inodes (boo#1214708): + * 0001-commit-fix-ostree-deployment-on-64-bit-inode-fs.patch + libraw + fix CVE-2020-22628 [bsc#1215308], stretch() function in libraw/src/postprocessing/aspect_ratio.cpp + + libraw-CVE-2020-22628.patch + +- security update +- added patches libvpx +- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778) + added CVE-2023-5217.patch + libzip +- version update to 1.10.1 + * Add `ZIP_LENGTH_TO_END` and `ZIP_LENGTH_UNCHECKED`. Unless + `ZIP_LENGTH_UNCHECKED` is used as `length`, it is an error + for a file to shrink between the time when the source is + created and when its data is read. + +- version update to 1.10.0 + * Make support for layered sources public. + * Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`. + * Allow reading changed file data. + * Fix handling of files of size 4294967295. + * `zipmerge`: copy extra fields. + * `zipmerge`: add option to keep files uncompressed. + * Switch test framework to use nihtest instead of Perl. + * Fix reading/writing compressed data with buffers > 4GiB. + * Restore support for torrentzip. + * Add warnings when using deprecated functions. + * Allow keeping files for empty archives. + * Support mbedTLS>=3.3.0. + * Support OpenSSL 3. + * Use ISO C secure library functions, if available. + +- libzip 1.9.2: + * Fix version number in header file. + * Fix zip_file_is_seekable(). + * Add zip_file_is_seekable(). + * Improve compatibility with WinAES. + * Fix encoding handling in zip_name_locate(). + * Add option to zipcmp to output summary of changes. + * Various bug fixes and documentation improvements. + lz4 +- Build AVX2 enabled hwcaps library for x86_64-v3 + +- Update to release 1.9.4 + * Decompression speed on high-end ARM64 platform is improved, + by ~+20%. + * For the specific scenario of data compressed with -BD4 + setting (small blocks, <= 64 KB, linked) decompressed + block-by-block into a flush buffer (like lz4 CLI does), + decompression speed is improved ~+70%. + * For compressed data employing the lz4frame format (native + format of lz4 CLI), it's possible to ignore checksum + validation during decompression, resulting in speed + improvements of ~+40% . This capability is exposed at both + CLI (see --no-crc) and library levels. + man-pages -- install kernel_lockdown.7 man page [bsc#1185534] -- added sources - + kernel_lockdown.7 +- update to 6.04: + * Newly documented interfaces in existing pages + * proc.5 + KPF_PGTABLE (Linux 4.18) + * landlock.7 + LANDLOCK_ACCESS_FS_REFER (Linux 5.19) + * udp.7 + UDP_GRO (Linux 5.0) + UDP_SEGMENT (Linux 4.18) + * Changes to individual pages + +- Update to version 6.00 + * Updated manual pages and interface documentation + * Move definitions of types to separate pages in man2type/ and + man3type/. Previously, they were spread (and duplicated) in other + pages, or in system_data_types.7 (with links in man3/). + * Add man3head/ for pages that document header files. + * Add man3const/ for pages that document constants. + * Improve consistency of man(7) source + * Manual pages sections: + * Title (.TH): + * Remove 5th argument to TH (middle-header). + * Specify "Linux man-pages" and the version in the 4th argument + (left-footer). + * Add the LIBRARY section. This section standardizes a way to + document the library that provides a given interface. + * Add the CAVEATS section. BUGS and NOTES were serving that purpose + before, but CAVEATS is more appropriate. + * Rename the CONFORMING TO section to STANDARDS for consistency with + other projects, such as the BSDs. + * SYNOPSIS: Add the ISO C2X [[deprecated]] attribute for functions + that have been deprecated or removed. + * EXAMPLES: Improve consistency of C source code. Also, reduce the + number of warnings that several linting tools emit. + * COLOPHON: Remove section (its purpose is now served by the title). +- Update to version 6.01 + * Updated interface documentation + * Manual pages' sections: + * Title (.TH): + * Remove the hardcoded date (TH 3rd argument), and replace it by a + placeholder that should be changed when creating the tarball. + This removes the need for a tstamp commit before each release. +- Update to version 6.02 + * Updated manual pages and interface documentation, noteable: + * copy_file_range.2: Fix wrong kernel version information + * process_madvise.2: Fix capability and ptrace requirements + * madvise.2: Update Transparent Huge Pages file/shmem documentation + for Linux 5.4+. + * Use correct letter case in manual page titles, instead of uppercase. + * Use \" t comments when appropriate (Lintian needs this). + * SYNOPSIS: + * Add _Nullable for functions that receive NULL as a meaningful + input. + * Use VLA syntax to clarify the meaning of size parameters, rather + than hiding it in possibly-confusing text. + * Use [[noreturn]] instead of noreturn, which will be deprecated + soon. +- Rebased man-pages-tcp_fack.patch +- Added keyring and signed source + +- version update to 5.13 [bsc#1189908] + http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html + +- do not package man5/motd.5, it is provided by pam package + [bsc#1188724] + +- version update to 5.12 + http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html +- deleted patches + - man-pages-tty_ioctl.patch (upstreamed) + +- version update to 5.11 + http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html +- modified patches + % man-pages-tty_ioctl.patch (refreshed) + +- version update to 5.10 + * added documentation of the faccessat2() system call + * added a new subsection to the signal(7) manual page that provides + a "big picture" of what happens when a signal handler is executed +- deleted patches + - man-pages-openat2.h-location.patch (upstreamed) + +- version update to 5.09 + http://linux-man-pages.blogspot.com/2020/11/man-pages-509-is-released.html +- modified patches + % man-pages-openat2.h-location.patch (refreshed) +- [bsc#1185534] + +- version update to 5.08 + Newly documented interfaces in existing pages + - -------------------------------------------- + prctl.2 + Dave Martin + Add SVE prctls (arm64) + Add documentation for the the PR_SVE_SET_VL and PR_SVE_GET_VL + prctls added in Linux 4.15 for arm64. + Dave Martin [Catalin Marinas] + Add tagged address ABI control prctls (arm64) + Add documentation for the the PR_SET_TAGGED_ADDR_CTRL and + PR_GET_TAGGED_ADDR_CTRL prctls added in Linux 5.4 for arm64. + setns.2 + Michael Kerrisk + Document the use of PID file descriptors with setns() + Starting with Linux 5.8, setns() can take a PID file descriptor as + an argument, and move the caller into or more of the namespaces of + the thread referred to by that descriptor. + capabilities.7 + Michael Kerrisk + Document CAP_BPF + Michael Kerrisk + Add CAP_PERFMON + symlink.7 + Aleksa Sarai + Document magic links more completely + etc. see Changes +- modified patches + % man-pages-openat2.h-location.patch (refreshed) + +- added patches + fix [bsc#1173382] + + man-pages-openat2.h-location.patch + +- version update to 5.07 + New and rewritten pages + - ---------------------- + ioctl_fslabel.2 + New page documenting filesystem get/set label ioctl(2) operations + Removed pages + - ------------ + ioctl_list.2 + This page was first added more than 20 years ago. Since + that time it has seen hardly any update, and is by now + very much out of date, as reported by Heinrich Schuchardt + and confirmed by Eugene Syromyatnikov. + Newly documented interfaces in existing pages + - -------------------------------------------- + adjtimex.2 + Document clock_adjtime(2) + clock_getres.2 + Explain dynamic clocks + clone.2 + Document the clone3() CLONE_INTO_CGROUP flag + mremap.2 + Document MREMAP_DONTUNMAP + open.2 + Document fs.protected_fifos and fs.protected_regular + prctl.2 + Add PR_SPEC_INDIRECT_BRANCH for SPECULATION_CTRL prctls + Add PR_SPEC_DISABLE_NOEXEC for SPECULATION_CTRL prctls + Add PR_PAC_RESET_KEYS (arm64) + ptrace.2 + Document PTRACE_SET_SYSCALL + proc.5 + Document /proc/sys/fs/protected_regular + Document /proc/sys/fs/protected_fifos + Document /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr +- deleted patches + - man-pages-remove-ioctl_list-reference.patch (upstreamed) +- jsc#SLE-16566 jsc#SLE-15188 + +- version update to 5.06 + New and rewritten pages + - ---------------------- + * openat2.2 + * pidfd_getfd.2 + * select.2 + * select_tut.2 + * sysvipc.7 + * time_namespaces.7 + Newly documented interfaces in existing pages + - -------------------------------------------- + arch_prctl.2 + Add ARCH_SET_CPUID subcommand + clock_getres.2 + Document CLOCK_TAI + Add CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM + prctl.2 + Document PR_SETIO_FLUSHER/GET_IO_FLUSHER + setns.2 + Document CLONE_NEWTIME + statx.2 + Document STATX_ATTR_VERITY + unshare.2 + Document CLONE_NEWTIME + socket.7 + Add description of SO_SELECT_ERR_QUEUE + Document SO_TIMESTAMPNS + etc., see Changes + +- version update to 5.05 + * Newly documented interfaces in existing pages + clone.2 + Add clone3() set_tid information + Document CLONE_CLEAR_SIGHAND + fcntl.2 + Update manpage with new memfd F_SEAL_FUTURE_WRITE seal + memfd_create.2 + Update manpage with new memfd F_SEAL_FUTURE_WRITE seal + loop.4 + Document LOOP_SET_BLOCK_SIZE + Document LOOP_SET_DIRECT_IO + proc.5 + Document /proc/sys/vm/unprivileged_userfaultfd +- deleted patches + - man-pages-somaxconn-default-value.patch (upstreamed) -- Add PR_PAC_RESET_KEYS for arm64 (jsc#SLE-16566 jsc#SLE-15188). - + prctl.2-Add-PR_PAC_RESET_KEYS-arm64.patch - + prctl.2-Fixes-to-Dave-Martin-s-patch.patch + [bsc#1162464] + + man-pages-somaxconn-default-value.patch + +- do not install man7/bpf-helpers.7 as it is already part of + bpftool package + +- don't use alternatives for man.7, just move it to a different directory + (boo#1160568) +- use packageand to supplement the documentation pattern instead of + unconditionally hooking on man. -- move man.7 man mdoc.7 to a separate directory to avoid conflicts - with mandoc which is a light-weight man alternative for small - systems (boo#1160568). +- Set up %{_mandir}/man7/man.7%{?ext_man} as an alternative for + the man-page specific document. The other package providing + this man page is mandoc, which is meant as an alternative + lightweight faster replacement for man-pages package. It does + not have that many dependencies, it is written in C, see + http://mandoc.bsd.lv/ for more. -- correct documentation of tcp_fack, document tcp_recovery +- version update to 5.04 + * clone.2 + Document clone3() + * wait.2 + Add P_PIDFD for waiting on a child referred to by a PID file descriptor + * bpf-helpers.7 + Refresh against kernel v5.4-rc7 + * see Changes for other changes + +- tcp.7: correct documentation of tcp_fack, document tcp_recovery +- version update to 5.03 + * New and rewritten pages + pidfd_open.2 + pidfd_send_signal.2 + pivot_root.2 + ipc_namespaces.7 + uts_namespaces.7 + * Newly documented interfaces in existing pages + clone.2 + Document CLONE_PIDFD + fanotify_mark.2 + Document FAN_MOVE_SELF + ptrace.2 + Document PTRACE_GET_SYSCALL_INFO + regex.3 + Document REG_STARTEND + * see Changes for other changes + +- version update to 5.02 + * Newly documented interfaces in existing pages + fanotify.7 + fanotify_init.2 + fanotify_mark.2 + Matthew Bobrowski [Amir Goldstein, Jan Kara] + Document FAN_REPORT_FID and directory modification events + vdso.7 + Tobias Klauser [Palmer Dabbelt] + Document vDSO for RISCV + * see Changes for more details + +- version update to 5.01 + * Newly documented interfaces in existing pages + tsearch.3 + Document the twalk_r() function added in glibc 2.30 + * see Changes for more details + +- update to 5.00: + * new or rewritten pages: + s390_guarded_storage.2 + address_families.7 + bpf-helpers.7 + * newly documented interfaces: + fanotify_init.2 + fanotify.7 + Document FAN_REPORT_TID + fanotify_init.2: add new flag FAN_REPORT_TID + fanotify.7: update description of member pid in + struct fanotify_event_metadata + Document FAN_MARK_FILESYSTEM + Monitor fanotify events on the entire filesystem. + Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM + io_submit.2 + Document IOCB_FLAG_IOPRIO + msgctl.2 + semctl.2 + shmctl.2 + Document STAT_ANY commands + prctl.2 + Document PR_SET_SPECULATION_CTRL and PR_GET_SPECULATION_CTRL + sched_setattr.2 + Document SCHED_FLAG_DL_OVERRUN and SCHED_FLAG_RECLAIM + socket.2 + Document AF_XDP + Document AF_XDP added in Linux 4.18. + inotify.7 + Document IN_MASK_CREATE + unix.7 + Document SO_PASSSEC + Document SCM_SECURITY ancillary data + mcelog +- This contains following features: + PED-6122 + [GNR] RAS: mcelog Add support for Granite Rapids (ALP) + PED-6102 + [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6) + PED-6021 + [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6) + PED-6050 + [SRF] RAS: mcelog support for Sierra Forest (ALP) +- Change git repo in _service file from git to https url +- Update to version 195: + * mcelog: Wire up model-specific decoding for Sierra Forest + * mcelog: Add model-specific decoding for Granite Rapids + * client.c: fix build w/ musl libc + * mcelog: New model number for Arrowlake + * mcelog: Don't overwrite model number when lookup fails + * mcelog: Add Graniterapids, Grandridge and Sierraforest + * mcelog: New model number for Lunarlake + * mcelog: Add Emerald Rapids + * Update PFA_test_howto +- Adopt to mainline: + M email.patch + mtools +- update to 4.0.43: + * Fix root directory test in mattrib + * -b BiosDisk flag for mformat to allow setting physdrive to + a user-specified value + * Clearer error message in mformat when trying to mformat a + disk whose total size is not known + * Make recursive copy more consistent + * Trailing slash now always implies target should be a directory + +- update to 4.0.42: + * Added postcmd attribute in drive description to allow to + execute "device release" code automatically at end of + command + * Code cleanup, signedness cleanup about directory entries + +- update to 4.0.41: + * Support FAT32 with less than 0xfff5 clusters + * Make FAT32 entries 0 and 1 match what what Windows 10 does + +- fix build +- deleted patches + - mtools-prototypes.diff (not needed) + +- update to 4.0.40: + * Better compatibility with legacy platforms + +- update to 4.0.39: + * Rename strtoi to strosi (string to signed int). The strtoi + function on BSD does something else (returns an intmax, not + an int) + +- update to 4.0.38: + * Make sure case byte is cleared when making the special + directory entries "." and ".." + * In mattrib man page, replace "attribute flags" with "attribute + bits" + +- update to 4.0.37: + * Removed mclasserase commands, which doesn't fit the coding + structure of the rest of mtools + * Add support to -i option to mcd + * Document -i in mtools.1 + * Fix a missing commad error in floppyd_io.c + +- update to 4.0.36: + * Fix error status of recursive listing of empty root directory + * If recursive listing, also show matched files at level one + * Use "seekless" reads & write internally, where possible + * Text mode conversion refactoring + * Misc refactoring +- remove mtools-aliasing.diff (obsolete) + nfs-utils +- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch + Inconsistencies in /etc/exports shouldn't be fatal. + (bsc#1212594) + +- Add 0030-systemd-use-correct-modprobe-d-directory + SLE15-SP5 an earlier don't use /usr/lib/modprobe.d + (bsc#1200710) +- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch + Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed + +- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch + boo#1157881 +- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch + bsc#1209859 +- Allow scope to be set in sysconfig: NFSD_SCOPE + nghttp2 +- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be + sent, and nghttp2_on_stream_close_callback fails with a fatal error. + [CVE-2023-35945 bsc#1215713] + + nghttp2-CVE-2023-35945.patch + open-vm-tools +- Update to 12.3.0 (build 22234872) (boo#1214850) + - There are no new features in the open-vm-tools 12.3.0 release. This is + primarily a maintenance release that addresses a few critical problems, + including: + - This release integrates CVE-2023-20900 without the need for a patch. + For more information on this vulnerability and its impact on VMware + products, see + https://www.vmware.com/security/advisories/VMSA-2023-0019.html. + - A tools.conf configuration setting is available to temporaily direct + Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior + of ignoring file systems already frozen. + - Building of the VMware Guest Authentication Service (VGAuth) using + "xml-security-c" and "xerces-c" is being deprecated. + - A number of Coverity reported issues have been addressed. + - A number of GitHub issues and pull requests have been handled. + Please see the Resolves Issues section of the Release Notes. + - For issues resolved in this release, see the Resolved Issues section + of the Release Notes. + - For complete details, see: + https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 + - Release Notes are available at + https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md + - The granular changes that have gone into the 12.3.0 release are in the + ChangeLog at + https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog +- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests +- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. +- Drop patch now contained in 12.3.0: + + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch + + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch + + 2023-20867-Remove-some-dead-code.patch + + CVE-20230-20900.patch + +- limit to protobuf < 22 for now until build failures have been fixed + postfix +- postfix: config.postfix causes too tight permission on main.cf + (bsc#1215372) + python-brotlipy +- Fix CVE-2020-8927, integer overflow when input chunk is larger than 2GiB, + bsc#1175825 + * CVE-2020-8927.patch + python-linux-procfs +- update to 0.7.1: + * Correct VERSION number in procfs.py + * Use f-strings + * Add missing open in with statement + * Use sys.exit and add some docstrings + * Add tar.xz and asc files to gitignore + * Fix traceback with non-utf8 chars in the /proc/PID/cmdline + * Propagate error to user if a pid is completed + * pflags: Handle pids that completed + * Makefile: Add ctags + * Remove procfs/sysctl.py + * Various clean-ups + * Fix UnicodeDecodeError + * Fix more spacing problems with procfs.py + * procfs.py: Simplify is_s390 + * procfs.py: Fix a few more style problems + * clean-ups for recent python formating regarding spacing, tabs, etc + * Fix to parse the number of cpus correctly on s390(x) + +- %python3_only -> %python_alternative + python3 +- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing + gh#python/cpython#108310, backport from upstream patch + gh#python/cpython#108315 + (bsc#1214692, CVE-2023-40217) + qemu -- Fix bsc#1215311: - * roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311) - -- Fix the build for SLE/Leap: - * [openSUSE][RPM] Make the package buildable on SLE/Leap 15.x - -- Fix bsc#1211000: - * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000) - * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000) - * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000) - * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000) - * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000) - * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000) - * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000) - * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000) - * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000) - * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000) -- Fix bsc#1213210: - * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) - -- Update to version 8.1.0. Full list of changes are available at: - https://wiki.qemu.org/ChangeLog/8.1 - Highlights: - * VFIO: improved live migration support, no longer an experimental feature - * GTK GUI now supports multi-touch events - * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor - * PCIe: new QMP commands to inject CXL General Media events, DRAM - events and Memory Module events - * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension) - can now use MTE in the guest - * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and - neoverse-v1 (Cortex Neoverse-V1) CPU - * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN), - FEAT_LSE2 (Large System Extensions v2), and experimental support for - FEAT_RME (Realm Management Extensions) - * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX - * Hexagon: gdbstub support for HVX - * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU - instructions - * PowerPC: TCG SMT support, allowing pseries and powernv to run with up - to 8 threads per core - * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf - sampling support for POWER CPUs - * RISC-V: ISA extension support for BF16/Zfa, and disassembly support - for Zcm*/Z*inx/XVentanaCondOps/Xthead - * RISC-V: CPU emulation support for Veyron V1 - * RISC-V: numerous KVM/emulation fixes and enhancements - * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR, - EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and - CLGEBR(A) - * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for - improved performance - * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2 - instructions - * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B, - SHUFFLE, SYSCALL, and DISABLE - * x86: CPU model support for GraniteRapids - * and lots more... -- This also (automatically) fixes: - * bsc#1212850 (CVE-2023-3354) - * bsc#1213001 (CVE-2023-3255) - * bsc#1213925 (CVE-2023-3180) - * bsc#1213414 (CVE-2023-3301) - * bsc#1207205 (CVE-2023-0330) - * bsc#1212968 (CVE-2023-2861) - * bsc#1179993, bsc#1181740, bsc#1211697 - -- perl-Text-Markdown is not available in all distros and for all - arch-es. Use discount instead -- Patches added: - * [openSUSE][spec] Use discount instead of perl-Text-Markdown - -- Update to version 8.0.4: - * Official changelog not released on the mailing list yet - * Security issues fixed: - - bsc#1212850 (CVE-2023-3354) - - bsc#1213001 (CVE-2023-3255) - - bsc#1213925 (CVE-2023-3180) - - bsc#1207205 (CVE-2023-0330) - -- Fix bsc#1179993, bsc#1181740, bsc#1213001 -- Patches added: +- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993, + bsc#1181740, bsc#1213001 + * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301) + * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) + * 9pfs: prevent opening special files (CVE-2023-2861) + * [openSUSE][OBS] Refine the OBS workflow for 15-SP5 -- Update to version 8.0.3: - * See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html - * Security issues fixed: - - 9pfs: prevent opening special files (CVE-2023-2861) - - vhost-vdpa (CVE-2023-3301) - * Use the official xkb name for Arabic layout, not the - legacy synonym (bsc#1212966) - * [openSUSE][RPM] Update to version 8.0.3 - -- Patches added (first one is relevant for boo#1197298 and bsc#1212768): - * [openSUSE][RPM] Use --preserve-argv0 in qemu-linux-user (#32) - * [openSUSE][RPM] Split qemu-tools package (#31) - -- Update to version 8.0.2: - * Stability, security and bug fixes -- Patch added: - * [openSUSE][RPM] Update to version 8.0.2 - -- Patch added: - [openSUSE][RPM] Fix deps for virtiofsd and improve spec files - -- Update the _constraints file: - * the qemu-testsuite package does not exist any longer, but some - of the tests are done in the qemu package (so "transfer" some of - the constraints to that one) - - some of the builds are failing with OOM, happening while the RPM - is actually put together, at the end of the process. Try to give - them more RAM - -- Patch added: - [openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27) - -- Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0) - * Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html - * Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html - * Some notable changes: - - ARM: - - New emulated CPU types: - - Cortex-A55 CPU - - Cortex-R52 CPU - - x86 - - Add support for Xen guests under KVM with Linux v5.12+ - - New CPU model "SapphireRapids" - - VFIO - - Experimental migration support has been updated to the v2 VFIO migration protocol - - virtio - - virtio-mem now fully supports combining preallocation with migration - - vDPA - - Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq - - virtiofs - - The old C virtiofsd has been removed, use the new Rust implementation instead. - * Patches added: - [openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680) - [openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629) - roms: add back edk2-basetools target - async: Suppress GCC13 false positive in aio_bh_poll() - [openSUSE][OBS] Limit the workflow runs to the factory branch (#25) - [openSUSE][RPM] Spec file adjustments for 8.0.0 +- Fix bsc#1211000 +- Patches added: + * Run fstat asynchronously inside coroutines (bsc#1211000) + * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000) + * Convert query-named-block-nodes to coroutine (bsc#1211000) + * Convert query-block/info_block to coroutine (bsc#1211000) + * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000) + * block-coroutine-wrapper.py: support also basic return types (bsc#1211000) + * [openSUSE][RPM] Backport some spec-file improvements from Factory -- (Radical!) Change of packaging workflow. Now pretty much everything - happens via git, and interacting with https://github.com/openSUSE/qemu.git. - See README.PACKAGING for details +- Fix bsc#bsc#1211697 - linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls + smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697) + hw/smbios: fix field corruption in type 4 table (bsc#1211697) - linux-user: Emulate CLONE_PIDFD flag in clone() - * Patches transformed in git commits: + test-vmstate: fix bad GTree usage, use-after-free + qemu/osdep: Switch position of "extern" and "G_NORETURN" + +- Switch the packaging workflow to git, like the one we have in place + already for Factory. + * Patches no longer present as patch files, but applied as commits: - acpi-cpuhp-fix-guest-visible-maximum-acc.patch - qemu-osdep-Switch-position-of-extern-and.patch - test-vmstate-fix-bad-GTree-usage-use-aft.patch -- Enable again LTO for x86_64 target (boo#1133281). - -- Further fixes for bsc#1209546 - * Patches added: - test-vmstate-fix-bad-GTree-usage-use-aft.patch - -- Fix bsc#1209546 - * Patches added: - qemu-osdep-Switch-position-of-extern-and.patch - -- Backport the "acpi: cpuhp: fix guest-visible maximum access size - to the legacy reg block" patch, as it makes developing and - testing OVMF/EDK2 easier - acpi-cpuhp-fix-guest-visible-maximum-acc.patch -- Disable -Werror as it is very sensitive when one - updates a new compiler. -Werror is fine for upstream development, - but not when it comes to stability of a package build. - xen +- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional + execution leak via division by zero (XSA-439) + xsa439-00.patch + xsa439-01.patch + xsa439-02.patch + xsa439-03.patch + xsa439-04.patch + xsa439-05.patch + xsa439-06.patch + xsa439-07.patch + xsa439-08.patch + xsa439-09.patch + +- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow + reference dropped too early for 64-bit PV guests (XSA-438) + xsa438.patch + +- Handle potential unaligned access to bitmap in + libxc-sr-restore-hvm-legacy-superpage.patch + If setting BITS_PER_LONG at once, the initial bit must be aligned + zypper -- Changed location of bash-complication (bsc#1213854). +- Fix name of the bash completion script (bsc#1215007) + In 1.14.63 the location of the bash completion script was changed + to /usr/share/bash-completion/completions/. But the patch failed + to also rename the completion script. The original script name + zypper.sh is not recognized at the new location. +- Update notes about failing signature checks (bsc#1214395) + It might be a transient issue if the server is in the midst of + receiving new data. Retry after a few minutes might work. +- Improve the SIGINT handler to be signal safe (bsc#1214292) + This patch updates the SIGINT handling strategy to be signal + safe. Meaning the signal handler will do not much more than + setting a flag, which we are going to check in the normal program + flow as much as possible. +- version 1.14.64 + +- Changed location of bash completion script (bsc#1213854).