------------------------------------------------------------------ --- Changelog.all ----------- Wed May 24 10:00:20 UTC 2023 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2023-5-23 - May 23 2023 ------------------- ------------------------------------------------------------------ ++++ grantlee5: - Add patch to fix test failures on Leap 15: * 0001-Add-a-call-to-registerComparators-in-testbuiltins.patch ------------------------------------------------------------------ ------------------ 2023-5-18 - May 18 2023 ------------------- ------------------------------------------------------------------ ++++ guile1: - Add service file to download release from git excluding the directory with commercial non free files. ------------------------------------------------------------------ ------------------ 2023-5-17 - May 17 2023 ------------------- ------------------------------------------------------------------ ++++ lilypond: - Update to Factory version lilypond-2.24.1 to fix boo#1210502 - CVE-2020-17354: lilypond: Lilypond allows attackers to bypass the -dsafe protection mechanism. - Added lilypond-missing-lgc.patch and removed obsolete Issue-5243-1-editor-scm-Add-shell-quote-argument-function.diff ++++ radare2: - Update to 5.8.6 For details, check full release notes: https://github.com/radareorg/radare2/releases/tag/5.8.6 - Remove radare2-CVE-2023-1605.patch (boo#1209686). ++++ rmw: - rmw 0.9.1: * bugfix: In some cases, trashinfo file doesn't get removed ------------------------------------------------------------------ ------------------ 2023-5-16 - May 16 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 113.0.5672.126 (boo#1211442): * CVE-2023-2721: Use after free in Navigation * CVE-2023-2722: Use after free in Autofill UI * CVE-2023-2723: Use after free in DevTools * CVE-2023-2724: Type Confusion in V8 * CVE-2023-2725: Use after free in Guest View * CVE-2023-2726: Inappropriate implementation in WebApp Installs * Various fixes from internal audits, fuzzing and other initiatives ++++ keepassxc: - update to 2.7.5: - Changes - Add menu option to allow screenshots [#8841] - Add support for Botan 3 [#9388] - Increase max TOTP step to 24 hours [#9149] - Improve HTML export layout [#8987] - Turn search reset off by default [#9153] - Use QClipboard::clear() instead of setting blank text [#9148] - Hide group column header choice when not in search [#9171] - Improve look of KeePassXC logo and icons [#9355] - Add keyboard shortcuts for app and database settings [#9007] - Hide rename button from attachments preview panel [#8842] - Linux: Set SingleMainWindow in .desktop file [#7430] - Fixes - Fix crash when search clears while creating new entry [#9230] - Fix crash when using Windows Hello in a Remote Desktop session [#9006] - Fix crash in Group Edit after enabling Browser Integration [#8778] - Fix canceling quick unlock when it is unavailable [#9034] - Set password input field font correctly [#8732] - Greatly improve performance when rendering entry view [#9398] - Fix various accessibility issues [#9138] - Fix arrows size when expand/collapse a group [#9096] - Select the clone instead of the original after cloning an entry [#9070] - Fix bugs with preview widget [#9170] - Fix status bar update when switching to other DB [#9073] - Fix database settings spin box bug [#9101] - Fix Ctrl+Tab shortcut to cycle databases in unlock dialog [#8839] - Fix TOTP QR code maintaining square ratio [#9027] - Fix Auto-Type configuration page on custom sequence selection [#8752] - Fix unexpected behavior of --lock when KeePassXC is not running [#8889] - Make open folder icon exempt from "Apply group icon to entry" [#9205] - Allow setting default file open directory with env var [#9192] - SSH Agent: Fix support for AES-256/GCM openssh keys [#8968] - Browser: Fix Native Messaging script path with BSD OS's [#8835] - MacOS: Fix text selection for Auto-Type clear field [#9066] - MacOS: Don't rely on AppleInterfaceStyle for theme switching [#8615] - Windows: Remove registry detection of desktop shortcut [#9380] ------------------------------------------------------------------ ------------------ 2023-5-15 - May 15 2023 ------------------- ------------------------------------------------------------------ ++++ guile1: - Update to version 2.2.6 to enable lilypond to be updated to 2.24.1 to fix boo#1210502 and CVE-2020-17354. - Removed the following obsolete patches: guile-1.6.10-mktemp.patch, guile1-CVE-2016-8605.patch, guile1-fix-texinfo-default-utf8.patch, guile-64bit.patch, guile-automake-1.13.patch, guile-gcc.patch,guile-popen-test.patch, guile-socket-test.patch, guile-texinfo.patch and reproducible.patch - Added disable-test-out-of-memory.patch and guile-2.2-gc_pkgconfig_private.patch ------------------------------------------------------------------ ------------------ 2023-5-12 - May 12 2023 ------------------- ------------------------------------------------------------------ ++++ highway: - Add memory-constraints to build ------------------------------------------------------------------ ------------------ 2023-5-11 - May 11 2023 ------------------- ------------------------------------------------------------------ ++++ crmsh: - Update to version 4.5.0+20230510.847a251: * Fix: bootstrap: `init --qnetd-hostname` fails when username is not specified (bsc#1211200) ++++ dcmtk: - Add upstream change (boo#1206070, CVE-2022-43272): * dcmtk-CVE-2022-43272.patch ++++ qt6-svg: - Add upstream change (boo#1211298, CVE-2023-32573): * CVE-2023-32573-qtsvg-6.5.diff ++++ postgresql12-orafce: - relax hard version require to be equal greater or equal ++++ postgresql13-orafce: - relax hard version require to be equal greater or equal ++++ postgresql14-orafce: - relax hard version require to be equal greater or equal ++++ postgresql15-orafce: - relax hard version require to be equal greater or equal ++++ qt6-svg-docs: - Add upstream change (boo#1211298, CVE-2023-32573): * CVE-2023-32573-qtsvg-6.5.diff ------------------------------------------------------------------ ------------------ 2023-5-10 - May 10 2023 ------------------- ------------------------------------------------------------------ ++++ highway: - Add no-forced-inline.diff [boo#1211093] ++++ openSUSE-build-key: - Added 2023 openSUSE backports key gpg-pubkey-25db7ae0-645bae34.asc ++++ installation-images-openSUSE: - merge gh#openSUSE/installation-images#645 - add qrtr* kernel modules (bsc#1209965) - allow firmware file names with spaces - 16.58.6 ++++ yast2-network: - Do not write the EAP auth attribute when writing a wireless wicked configuration using the EAP mode as TLS (bsc#1211026) - 4.5.20 ------------------------------------------------------------------ ------------------ 2023-5-9 - May 9 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 113.0.5672.92 (boo#1211211) - Multiple security fixes (boo#1211036): * CVE-2023-2459: Inappropriate implementation in Prompts * CVE-2023-2460: Insufficient validation of untrusted input in Extensions * CVE-2023-2461: Use after free in OS Inputs * CVE-2023-2462: Inappropriate implementation in Prompts * CVE-2023-2463: Inappropriate implementation in Full Screen Mode * CVE-2023-2464: Inappropriate implementation in PictureInPicture * CVE-2023-2465: Inappropriate implementation in CORS * CVE-2023-2466: Inappropriate implementation in Prompts * CVE-2023-2467: Inappropriate implementation in Prompts * CVE-2023-2468: Inappropriate implementation in PictureInPicture - drop chromium-94-sql-no-assert.patch - drop no-location-leap151.patch - add chromium-113-webview-namespace.patch - add chromium-113-webauth-include-variant.patch - add chromium-113-typename.patch - add chromium-113-workaround_clang_bug-structured_binding.patch ++++ fence-agents: - Include IBM Cloud VPC fence agent (jsc#PED-3626) Adapt agent_list in spec ++++ vim: - Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim * Revert the creation standalone xxd packages ++++ kernel-firmware-nvidia-gsp-G06: - update firmware to version 525.116.04 ++++ libqt5-qtbase: - Amend patch to fix mouse grabbing as well (bsc#1211024): * big-endian-scroll.patch ++++ nvidia-open-driver-G06-signed: - Update to version 525.116.04 ------------------------------------------------------------------ ------------------ 2023-5-8 - May 8 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 102.11.0 ESR Placeholder changelog-entry (bsc#1211175) ++++ kernel-64kb: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-default: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-rt: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ dtb-aarch64: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ john: - Add john-1.9-python3.patch to not require python2 anymore (boo#1210583) - Use %autopatch ++++ kernel-debug: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-source: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-source-rt: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-docs: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-kvmsmall: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-obs-build: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-obs-qa: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-rt_debug: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-syms: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-syms-rt: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kernel-zfcpdump: - x86: don't use REP_GOOD or ERMS for small memory clearing (bsc#1211140). - x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140). - commit ff3ce03 ++++ kitty: - Use the proper way to handle python3 version in the Leap build ++++ yast2-network: - Fix summary crash when there is no interface available (bsc#1209589, bsc#1211161). - 4.5.19 ++++ yt-dlp: - Use python3.11 for Leap 15.5 * python3.11 is the only python3 version to be released ------------------------------------------------------------------ ------------------ 2023-5-7 - May 7 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-05-08 (bsc#1084929) ------------------------------------------------------------------ ------------------ 2023-5-5 - May 5 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-default: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-rt: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ dtb-aarch64: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-debug: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-source: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-source-rt: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-docs: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-kvmsmall: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-obs-build: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-obs-qa: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-rt_debug: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-syms: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-syms-rt: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ kernel-zfcpdump: - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - commit 39854dd ++++ ntp: - bsc#1210386: out-of-bounds writes in mstolfp() * CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554 * Add ntp-CVE-2023-26551.patch ------------------------------------------------------------------ ------------------ 2023-5-4 - May 4 2023 ------------------- ------------------------------------------------------------------ ++++ s390-tools: - Applied patches for ziomon: fix for SCSI devices of type disk without block dev (bsc#1211008) * s390-tools-sles15sp5-01-ziomon-ziorep_config-fix-missing-SG-major-minor-for-.patch * s390-tools-sles15sp5-02-ziomon-ziorep_config-fix-for-SCSI-devices-of-type-di.patch ++++ libfastjson: - fix CVE-2020-12762 integer overflow and out-of-bounds write via a large JSON file (bsc#1171479) add 0001-Fix-CVE-2020-12762.patch ++++ zlib: - Fix deflateBound() before deflateInit(), bsc#1210593, bsc#1211005 bsc1210593.patch ++++ python3-pip: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ python3-pip-test: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ python3-pip-wheel: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ python3-setuptools: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ python3-setuptools-test: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ python3-setuptools-wheel: - Rename package sources from python- to python3 for PSP (jsc#PED-68, jsc#PED-2217) ++++ virtualbox: - add python311.patch to make it detect Python 3.11 as well - spec file cleanups - VirtualBox 7.0.8 (released April 18 2023) This is a maintenance release. The following items were fixed and/or added: VMM: Introduced general improvements in nested visualization area GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491) GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored GUI: Fixes for VM name and OS type embedded editors of Details pane GUI: Cloud related wizards should now propose enabled profiles before disabled Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption E1000: Fixed possible guru meditation when changing network attachments (bug #21488) virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201) 3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521) Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key) VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key Guest Control/Main: Fixed deleting files via built-in toolbox Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3 Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450) Fixes for (boo#1210616) CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Prior to 6.1.44, Prior to 7.0.8 Removed file fixes_for_kernel_6.3.patch - removed upstream. Removed file fix_kmp_build.patch. Thanks to Javier de San Pedro for the simplfication of the KMP build. ++++ virtualbox-kmp: - add python311.patch to make it detect Python 3.11 as well - spec file cleanups - VirtualBox 7.0.8 (released April 18 2023) This is a maintenance release. The following items were fixed and/or added: VMM: Introduced general improvements in nested visualization area GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491) GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored GUI: Fixes for VM name and OS type embedded editors of Details pane GUI: Cloud related wizards should now propose enabled profiles before disabled Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption E1000: Fixed possible guru meditation when changing network attachments (bug #21488) virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201) 3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521) Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key) VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key Guest Control/Main: Fixed deleting files via built-in toolbox Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3 Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450) Fixes for (boo#1210616) CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8 CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Prior to 6.1.44, Prior to 7.0.8 Removed file fixes_for_kernel_6.3.patch - removed upstream. Removed file fix_kmp_build.patch. Thanks to Javier de San Pedro for the simplfication of the KMP build. ++++ yast2-network: - Display information about firmware configured interfaces and forbid editing them (bsc#1209589) - 4.5.18 ------------------------------------------------------------------ ------------------ 2023-5-3 - May 3 2023 ------------------- ------------------------------------------------------------------ ++++ bzip3: - Cleanup spec file for factory submission - Build AVX2 enabled hwcaps library for x86_64-v3 ++++ dolphin: - Have dolphin-part-lang supplement dolphin-part on pre-TW (boo#1210984) ++++ go1.19: - Revert re-enable binary stripping and debuginfo boo#1210938. go1.19 and earlier store pre-compiled packages in $GOROOT/pkg as Go .a files which are not ar archives. These .a are incorrectly passed to strip by brp-15-strip-debug. strip incorrectly modifies Go .a files rendering them invalid. Some Go applications fail to build with "reference to nonexistent package" errors. Refs boo#1210938 boo#1211073 * go1.19 and earlier store pre-compiled packages for the standard library as .a files under pkg/GOARCH[_{dynlink,race}]. * Go emitted .a files are a Go specific format, not ar archives. * go1.10+ stores recently built packages in build cache GOCACHE. These are separate from the installed packages in $GOROOT/pkg. * Go build cache objects use a different file format than Go .a. * go1.20+ switches to the GOCACHE for both recently built packages and the installed packages in $GOROOT/pkg. * Current versions of readelf detect Go .a files correctly, e.g.: readelf -d /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a File: /usr/lib64/go/1.19/pkg/linux_amd64/bytes.a(__.PKGDEF ) readelf: Error: This is a GO binary file - try using 'go tool objdump' or 'go tool nm' * binutils strip as of 2.40 detects Go .a files correctly, but incorrectly modifies the .a files altering path resulting in "reference to nonexistent package" errors. * brp_check_suse/brp-15-strip-debug passes files to strip based primarily on the file extension including .a. ++++ instlux: - upgraded to 15.5.1. * Set Leap 15.5 as default (latest stable) ++++ kiwi-templates-Minimal: - Enable Cloud image for aarch64 ++++ ldb: - Update to version 2.6.2 + CVE-2023-0614: Not-secret but access controlled LDAP attributes can be discovered; (bso#15270); (bsc#1209485). ++++ python-setuptools: - Update to 67.7.2: * #3902: Fixed wrong URLs used in warnings and logs. * #3898: Fixes setuptools.dist:invalid_unless_false when value is false don’t raise error * #3849: Overhaul warning system for better visibility. * #3884: Add a stacklevel parameter to warnings.warn() to provide more information to the user. - Add patch use-tarfile-extraction_filter.patch: * Set an extraction_filter to avoid a warning. ++++ release-notes-openSUSE: - Change set_version service to localonly - Change recompress service to localonly - Add tar file manually - Set tar_scm service to localonly - Rename package to release-notes-openSUSE ------------------------------------------------------------------ ------------------ 2023-5-2 - May 2 2023 ------------------- ------------------------------------------------------------------ ++++ bzip3: - Initial package (1.3.0) ++++ editorconfig-core-c: - editorconfig-core-c 0.12.6: * CVE-2023-0341: A buffer overflow in ec_blob (boo#1211032) * Update property key, value length limits per spec change ++++ go1.19: - go1.19.9 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/tls and syscall packages. Refs boo#1200441 go1.19 release tracking CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 * go#59811 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template: improper sanitization of CSS values * go#59813 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template: improper handling of JavaScript whitespace * go#59815 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template: improper handling of empty HTML attributes * go#59063 runtime: automatically bump RLIMIT_NOFILE on Unix * go#59158 cmd/compile: inlining function that references function literals generates bad code * go#59373 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write * go#59539 crypto/tls: TLSv1.3 connection fails with invalid PSK binder * go#59579 cmd/compile: incorrect inline function variable - Packaging revert go1.x Suggests go1.x-race boo#1210963 * Upstream go binary distributions do include race detector .syso * Default Recommends for subpackages is best suited in this case ++++ go1.20: - go1.20.4 (released 2023-05-02) includes three security fixes to the html/template package, as well as bug fixes to the compiler, the runtime, and the crypto/subtle, crypto/tls, net/http, and syscall packages. Refs boo#1206346 go1.20 release tracking CVE-2023-29400 CVE-2023-24540 CVE-2023-24539 * go#59812 go#59720 boo#1211029 security: fix CVE-2023-24539 html/template: improper sanitization of CSS values * go#59814 go#59721 boo#1211030 security: fix CVE-2023-24540 html/template: improper handling of JavaScript whitespace * go#59816 go#59722 boo#1211031 security: fix CVE-2023-29400 html/template: improper handling of empty HTML attributes * go#59064 runtime: automatically bump RLIMIT_NOFILE on Unix * go#59336 crypto/subtle: xor fails when run with race+purego * go#59374 cmd/compile: encoding/binary.PutUint16 sometimes doesn't write * go#59450 cmd/compile: internal compiler error: cannot call SetType(go.shape.int) on v (type int) * go#59468 cmd/compile: miscompilation in star-tex.org/x/cmd/star-tex * go#59469 net/http: FileServer no longer serves content for POST * go#59540 crypto/tls: TLSv1.3 connection fails with invalid PSK binder * go#59580 cmd/compile: incorrect inline function variable * go#59585 cmd/compile: Unified IR exports table is binary unstable in presence of generics * go#59637 go/internal/gcimporter: lookupGorootExport should use the go command from build.Default.GOROOT - Packaging revert go1.x Suggests go1.x-race boo#1210963 * Upstream go binary distributions do include race detector .syso * Default Recommends for subpackages is best suited in this case ++++ kubevirt: - TSC frequencies: add 250PPM tolerance (bsc#1210906) 0004-TSC-frequencies-add-250PPM-tolerance.patch ++++ resource-agents: - Update to version 4.12.0+git30.7fd7c8fa: * Filesystem: fail if AWS efs-utils not installed when fstype=efs * azure-events*: Use -LS instead of -Ls as parameter to get the Transition Summary (#1864) (bsc#1210433) azure-events-az errors with newer pacemaker with azure events active * spec: remove JFLAGS logic and use %{_smp_mflags} like we do in other projects * exportfs: make the "fsid=" parameter optional * nfsserver: prepare the layout for the default /var/lib/nfs * IPv6addr: expect ping/pong delay * azure-events*: fix for no "Transition Summary" for Pacemaker 2.1+ (bsc#1210433) azure-events-az errors with newer pacemaker with azure events active * ZFS: add non-blocking check if pool was imported (#1853) * ethmonitor: dont log "Interface does not exist" for monitor-action * mysql: promotable fixes to avoid nodes getting bounced around by setting -v 1/-v 2, and added OCF_CHECK_LEVEL=10 for promotable resources to be able to distinguish between promoted and not * LVM-activate: failover with missing PVs * Mid: ocf-shellfuncs: Explicitly specify $OCF_RESOURCE_INSTANCE in the p parameter for compatibility. * nfsserver: fix "server scope" functionality to live with additional drop-in files * pgsql: dont run promotable and file checks that could be on shared storage during validate-all action * exportfs: move testdir() to start-action to avoid failing during resource creation (validate-all) and make it create the directory if it doesnt exist ++++ s390-tools: - Applies a fix, splitting of rd.zdev-parameters, in * s390-tools-ALP-zdev-live.patch ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#928 - add color attribute to Action class - 4.5.101 ++++ openssl-ibmca: - Updated the .spec file * uses a flag openssl3 (1 or 0) to include or not the openssl3 libraries ++++ prometheus-hanadb_exporter: - Release 0.8.0 Addresses bsc#1210869 [#]# What's Changed * Use systemd notify to set correctly the READY state by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/86 * Fix daemon flag usage by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/87 * Implement the version flag by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/89 * Update db_manager.py by @karolyczovek in https://github.com/SUSE/hanadb_exporter/pull/90 * Fixing empty system replication panel 91#issue-918975015 by @pirat013 in https://github.com/SUSE/hanadb_exporter/pull/92 * Add AWS Secrets Manager support by @elturkym in https://github.com/SUSE/hanadb_exporter/pull/97 * Fix Boto3 dependency introduced by PR#97 by @diegoakechi in https://github.com/SUSE/hanadb_exporter/pull/98 * Add config option 'listen_address' by @fjnalta in https://github.com/SUSE/hanadb_exporter/pull/99 * update spec file to python packaging best practices by @yeoldegrove in https://github.com/SUSE/hanadb_exporter/pull/101 * Enable ssl connection by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/96 * Fix the unittest fixing pytest to version 6 by now by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/103 * Remove invalid trailing comma from example file by @arbulu89 in https://github.com/SUSE/hanadb_exporter/pull/108 * IMDSv1 and IMDSv2 abstraction for the retrieval of HANA DB Credentials from AWS Secrets Manager by @schniber in https://github.com/SUSE/hanadb_exporter/pull/112 [#]# New Contributors * @karolyczovek made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/90 * @pirat013 made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/92 * @elturkym made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/97 * @fjnalta made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/99 * @yeoldegrove made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/101 * @schniber made their first contribution in https://github.com/SUSE/hanadb_exporter/pull/112 * *Full Changelog**: https://github.com/SUSE/hanadb_exporter/compare/0.7.3...0.8.0 ++++ python-ujson: - Add CVE-2021-45958-fix-buffer-overflows.patch (bsc#1194261) ++++ python-yattag: - Update to 1.15.1: * remove deprecated escape sequences in tests_indentation.py - fixup spec and warnings for Factory submission ++++ release-notes-openSUSE: - update to Leap 15.5 - Fix build issue by pulling latest updates for 15.4 ++++ swtpm: - remove python3 dependency, no longer needed after rewrite (bsc#1211010) ------------------------------------------------------------------ ------------------ 2023-4-30 - Apr 30 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-05-01 (bsc#1084929) ------------------------------------------------------------------ ------------------ 2023-4-28 - Apr 28 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-default: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-rt: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ crmsh: - Update to version 4.5.0+20230427.11d11104: * Fix: bootstrap: crm cluster join default behavior change in ssh key handling (bsc#1210693) * Fix: help: Long time to load and parse crm.8.adoc (bsc#1210198) * Fix: cibconfig: use any existing rsc_defaults set rather than create another one (bsc#1210614) * Fix: lock: Join node failed to wait init node finished (bsc#1210332) ++++ dtb-aarch64: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ go1.19: - Packaging improvements: * Re-enable binary stripping and debuginfo boo#1210938 * go1.x Suggests go1.x-race do not install by default boo#1210963 * Use Group: Development/Languages/Go instead of Other ++++ go1.20: - Packaging improvements: * Re-enable binary stripping and debuginfo boo#1210938 * go1.x Suggests go1.x-race do not install by default boo#1210963 * Use Group: Development/Languages/Go instead of Other ++++ kernel-debug: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-source: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-source-rt: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-docs: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-kvmsmall: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-obs-build: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-obs-qa: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-rt_debug: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-syms: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-syms-rt: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ kernel-zfcpdump: - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196). - commit 6ec5f5b ++++ strongswan: - Fix crash when swanctl command gets stuck intermittently (bsc#1207489) [+ 0055-vici-dont-lock-connection-in-write-mode-when-enabling-on_write-callback.patch] - Modified README file to reflect rcipsec usage ------------------------------------------------------------------ ------------------ 2023-4-27 - Apr 27 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-rt: - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. Refresh patches.rt/jump-label-disable-if-stop_machine-is-used.patch to fix the error. Update arm64 config to reflect the change. - commit abe91c0 - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - commit 664595d ++++ dpdk22: - raise constraints to 8GB to cover SLE15 builds as well ++++ dpdk22-thunderx: - raise constraints to 8GB to cover SLE15 builds as well ++++ ffmpeg: - Add ffmpeg-CVE-2022-48434.patch: Backport from upstream to fix use after free in libavcodec/pthread_frame.c (bsc#1209934). ++++ ffmpeg-4: - Add ffmpeg-CVE-2022-48434.patch: Backport from upstream to fix use after free in libavcodec/pthread_frame.c (bsc#1209934). ++++ vim: - Updated to version 9.0 with patch level 1443, fixes the following security problems * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392 * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402. * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we remove during %prep anyway. And this breaks quilt setup. - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443 ++++ kernel-source-rt: - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. Refresh patches.rt/jump-label-disable-if-stop_machine-is-used.patch to fix the error. Update arm64 config to reflect the change. - commit abe91c0 - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - commit 664595d ++++ kernel-rt_debug: - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. Refresh patches.rt/jump-label-disable-if-stop_machine-is-used.patch to fix the error. Update arm64 config to reflect the change. - commit abe91c0 - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - commit 664595d ++++ kernel-syms-rt: - arm64: enable jump-label jump-label was disabled on arm64 by a backport error. Refresh patches.rt/jump-label-disable-if-stop_machine-is-used.patch to fix the error. Update arm64 config to reflect the change. - commit abe91c0 - config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script - commit 664595d ++++ kubernetes1.24: - Update `Requires` in the "kubernetes1.24-client" pkg to: * Requires: kubernetes%{baseversion}-client-common - Remove following `Obsoletes` from the "kubernetes1.24-client-common" pkg: * Obsoletes: kubernetes%{baseversionminus1}-client-common ++++ ncurses: - Modify patch ncurses-6.1.dif * Secure writing terminfo entries by setfs[gu]id in s[gu]id (boo#1210434, CVE-2023-29491) * Reading is done since 2000/01/17 ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#927 - fixed set_lockfile_root function - 4.5.100 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.99 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.98 ++++ openssl-ibmca: - Updated the .spec file as follow: * BuildRequires: libica-devel >= 4.0.0 * BuildRequires: libica-tools >= 4.0.0 ++++ prometheus-blackbox_exporter: - Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208062) - Add `min_version` parameter of `tls_config` to allow enabling TLS 1.0 and 1.1 (bsc#1209113) - Add: * 0001-Update-go-modules.patch ++++ python3-sip6: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ trento-server-installer: - Release 2.0.0 [#] Changelog [#]# [2.0.0](https://github.com/trento-project/helm-charts/tree/2.0.0) (2023-04-26) [Full Changelog](https://github.com/trento-project/helm-charts/compare/1.2.0...2.0.0) [#]## Added - Disable cors usage for wanda [\#69](https://github.com/trento-project/helm-charts/pull/69) (@arbulu89) - Add a temporary fix to wanda ingress path value to use versioning [\#65](https://github.com/trento-project/helm-charts/pull/65) (@arbulu89) - Add new name flag to supportconfig script [\#64](https://github.com/trento-project/helm-charts/pull/64) (@arbulu89) - Update support script with wanda [\#63](https://github.com/trento-project/helm-charts/pull/63) (@fabriziosestito) - Update installation script for wanda [\#61](https://github.com/trento-project/helm-charts/pull/61) (@arbulu89) - Replace legacy runner by wanda [\#58](https://github.com/trento-project/helm-charts/pull/58) (@fabriziosestito) - Add the env variables for new authentication system of trento-web project [\#57](https://github.com/trento-project/helm-charts/pull/57) (@CDimonaco) - Include postgresql chart [\#55](https://github.com/trento-project/helm-charts/pull/55) (@fabriziosestito) [#]## Fixed - Fix shared access token key usage [\#67](https://github.com/trento-project/helm-charts/pull/67) (@arbulu89) - Provision postgresql data folder permissions [\#59](https://github.com/trento-project/helm-charts/pull/59) (@arbulu89) - Fix wrong -dev suffix in trento-server BuildTag [\#50](https://github.com/trento-project/helm-charts/pull/50) (@rtorrero) [#]## Removed - Remove runner references from docs [\#62](https://github.com/trento-project/helm-charts/pull/62) (@fabriziosestito) [#]## Other Changes - Bump actions/checkout from 2 to 3 [\#68](https://github.com/trento-project/helm-charts/pull/68) (@dependabot[bot]) - Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 [\#56](https://github.com/trento-project/helm-charts/pull/56) (@dependabot[bot]) - Bump postgresql chart version to 12.1.6 [\#53](https://github.com/trento-project/helm-charts/pull/53) (@fabriziosestito) - Bump azure/setup-helm from 3.3 to 3.5 [\#52](https://github.com/trento-project/helm-charts/pull/52) (@dependabot[bot]) - Switch + sign for - in build metadata [\#51](https://github.com/trento-project/helm-charts/pull/51) (@rtorrero) - Bump helm/chart-testing-action from 2.3.0 to 2.3.1 [\#41](https://github.com/trento-project/helm-charts/pull/41) (@dependabot[bot]) - Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 [\#40](https://github.com/trento-project/helm-charts/pull/40) (@dependabot[bot]) ++++ trento-supportconfig-plugin: - Release 2.0.0 [#] Changelog [#]# [2.0.0](https://github.com/trento-project/helm-charts/tree/2.0.0) (2023-04-26) [Full Changelog](https://github.com/trento-project/helm-charts/compare/1.2.0...2.0.0) [#]## Added - Disable cors usage for wanda [\#69](https://github.com/trento-project/helm-charts/pull/69) (@arbulu89) - Add a temporary fix to wanda ingress path value to use versioning [\#65](https://github.com/trento-project/helm-charts/pull/65) (@arbulu89) - Add new name flag to supportconfig script [\#64](https://github.com/trento-project/helm-charts/pull/64) (@arbulu89) - Update support script with wanda [\#63](https://github.com/trento-project/helm-charts/pull/63) (@fabriziosestito) - Update installation script for wanda [\#61](https://github.com/trento-project/helm-charts/pull/61) (@arbulu89) - Replace legacy runner by wanda [\#58](https://github.com/trento-project/helm-charts/pull/58) (@fabriziosestito) - Add the env variables for new authentication system of trento-web project [\#57](https://github.com/trento-project/helm-charts/pull/57) (@CDimonaco) - Include postgresql chart [\#55](https://github.com/trento-project/helm-charts/pull/55) (@fabriziosestito) [#]## Fixed - Fix shared access token key usage [\#67](https://github.com/trento-project/helm-charts/pull/67) (@arbulu89) - Provision postgresql data folder permissions [\#59](https://github.com/trento-project/helm-charts/pull/59) (@arbulu89) - Fix wrong -dev suffix in trento-server BuildTag [\#50](https://github.com/trento-project/helm-charts/pull/50) (@rtorrero) [#]## Removed - Remove runner references from docs [\#62](https://github.com/trento-project/helm-charts/pull/62) (@fabriziosestito) [#]## Other Changes - Bump actions/checkout from 2 to 3 [\#68](https://github.com/trento-project/helm-charts/pull/68) (@dependabot[bot]) - Bump helm/chart-releaser-action from 1.4.1 to 1.5.0 [\#56](https://github.com/trento-project/helm-charts/pull/56) (@dependabot[bot]) - Bump postgresql chart version to 12.1.6 [\#53](https://github.com/trento-project/helm-charts/pull/53) (@fabriziosestito) - Bump azure/setup-helm from 3.3 to 3.5 [\#52](https://github.com/trento-project/helm-charts/pull/52) (@dependabot[bot]) - Switch + sign for - in build metadata [\#51](https://github.com/trento-project/helm-charts/pull/51) (@rtorrero) - Bump helm/chart-testing-action from 2.3.0 to 2.3.1 [\#41](https://github.com/trento-project/helm-charts/pull/41) (@dependabot[bot]) - Bump helm/chart-releaser-action from 1.4.0 to 1.4.1 [\#40](https://github.com/trento-project/helm-charts/pull/40) (@dependabot[bot]) ------------------------------------------------------------------ ------------------ 2023-4-26 - Apr 26 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 102.10.1 * fixed: Messages with missing or corrupt "From:" header did not display message header buttons (bmo#1793918) * fixed: Composer repeatedly prompted for S/MIME smartcard signing/encryption password (bmo#1828366) * fixed: Address Book integration did not work with macOS 11.4 Bug Sur (bmo#1720257) * fixed: Mexico City DST fix in Thunderbird 102.10.0 (bug 1826146) was incomplete (bmo#1827503) - Mozilla Thunderbird 102.10 * changed: New messages will automatically select S/MIME if configured and OpenPGP is not (bmo#1793278) * fixed: Calendar events with timezone America/Mexico_City incorrectly applied Daylight Savings Time (bmo#1826146) * fixed: Security fixes MFSA 2023-15 (bsc#1210212) * CVE-2023-29531 (bmo#1794292) Out-of-bound memory access in WebGL on macOS * CVE-2023-29532 (bmo#1806394) Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533 (bmo#1798219, bmo#1814597) Fullscreen notification obscured * CVE-2023-1999 (bmo#1819244) Double-free in libwebp * CVE-2023-29535 (bmo#1820543) Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536 (bmo#1821959) Invalid free from JavaScript code * CVE-2023-0547 (bmo#1811298) Revocation status of S/Mime recipient certificates was not checked * CVE-2023-29479 (bmo#1824978) Hang when processing certain OpenPGP messages * CVE-2023-29539 (bmo#1784348) Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541 (bmo#1810191) Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542 (bmo#1810793, bmo#1815062) Bypass of file download extension restrictions * CVE-2023-29545 (bmo#1823077) Windows Save As dialog resolved environment variables * CVE-2023-1945 (bmo#1777588) Memory Corruption in Safe Browsing Code * CVE-2023-29548 (bmo#1822754) Incorrect optimization result on ARM64 * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, bmo#1824828) Memory safety bugs fixed in Thunderbird 102.10 ++++ rust1.68: - Disable fdupes on SLE/Leap due to incorrect debuginfo extraction ++++ rust1.69: - Disable fdupes on SLE/Leap due to incorrect debuginfo extraction ++++ kernel-64kb: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-default: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-rt: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ crash: - On ppc64 handle a CPU that is in an emergency stack when running in real mode or other special scenarios, including dedicated emergency stacks such as machine check and system reset interrupt. Added crash-ppc64-handle-backtrace-in-emergency-stack.patch Obtained by porting crash-utility/crash github commit: cdd57e8b16aba2f5714673368d6dbc7565d59841 A requested update via bsc#1210396 ++++ distribution: - refresh 0001-Fix-runaway-allocation-on-v2-_catalog.patch to be more compatible with invalid pagination requests (CVE-2023-2253, bsc#1207705) ++++ dracut: - Update to version 055+suse.360.g076f1113: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot ++++ dtb-aarch64: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ java-17-openjdk: - Update to upstrem tag jdk-17.0.7+7 (April 2023 CPU) * Security fixes: + JDK-8287404: Improve ping times + JDK-8288436: Improve Xalan supports + JDK-8294474, CVE-2023-21930, bsc#1210628: Better AES support + JDK-8295304, CVE-2023-21938, bsc#1210632: Runtime support improvements + JDK-8296676, CVE-2023-21937, bsc#1210631: Improve String platform support + JDK-8296684, CVE-2023-21937, bsc#1210631: Improve String platform support + JDK-8296692, CVE-2023-21937, bsc#1210631: Improve String platform support + JDK-8296832, CVE-2023-21939, bsc#1210634: Improve Swing platform support + JDK-8297371: Improve UTF8 representation redux + JDK-8298191, CVE-2023-21954, bsc#1210635: Enhance object reclamation process + JDK-8298310, CVE-2023-21967, bsc#1210636: Enhance TLS session negotiation + JDK-8298667, CVE-2023-21968, bsc#1210637: Improved path handling + JDK-8299129: Enhance NameService lookups * Fixes: + JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion + JDK-6779701: Wrong defect ID in the code of test LocalRMIServerSocketFactoryTest.java + JDK-8008243: Zero: Implement fast bytecodes + JDK-8048190: NoClassDefFoundError omits original ExceptionInInitializerError + JDK-8065097: [macosx] javax/swing/Popup/ /TaskbarPositionTest.java fails because Popup is one pixel off + JDK-8144030: [macosx] test java/awt/Frame/ /ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again) + JDK-8155246: Throw error if default java.security file is missing + JDK-8186765: Speed up test sun/net/www/protocol/https/ /HttpsClient/ProxyAuthTest.java + JDK-8192931: Regression test java/awt/font/TextLayout/ /CombiningPerf.java fails + JDK-8195809: [TESTBUG] jps and jcmd -l support for containers is not tested + JDK-8208077: File.listRoots performance degradation + JDK-8209935: Test to cover CodeSource.getCodeSigners() + JDK-8210927: JDB tests do not update source path after doing a redefine class + JDK-8212961: [TESTBUG] vmTestbase/nsk/stress/jni/ native code cleanup + JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java fails + JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections + JDK-8230374: maxOutputSize, instead of javatest.maxOutputSize, should be used in TEST.properties + JDK-8231491: JDI tc02x004 failed again due to wrong # of breakpoints + JDK-8235297: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java fails intermittent + JDK-8242115: C2 SATB barriers are not safepoint-safe + JDK-8244669: convert clhsdb "mem" command from javascript to java + JDK-8245654: Add Certigna Root CA + JDK-8251177: [macosx] The text "big" is truncated in JTabbedPane + JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed with "RuntimeException: Unexpected log output:" + JDK-8258512: serviceability/sa/TestJmapCore.java timed out on macOS 10.13.6 + JDK-8262386: resourcehogs/serviceability/sa/ /TestHeapDumpForLargeArray.java timed out + JDK-8266974: duplicate property key in java.sql.rowset resource bundle + JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02 + JDK-8270156: Add "randomness" and "stress" keys to JTreg tests which use StressGCM, StressLCM and/or StressIGVN + JDK-8270476: Make floating-point test infrastructure more lambda and method reference friendly + JDK-8271471: [IR Framework] Rare occurrence of "" in PrintIdeal/PrintOptoAssembly can let tests fail + JDK-8271838: AmazonCA.java interop test fails + JDK-8272702: Resolving URI relative path with no / may lead to incorrect toString + JDK-8272985: Reference discovery is confused about atomicity and degree of parallelism + JDK-8273154: Provide a JavadocTester method for non-overlapping, unordered output matching + JDK-8273410: IR verification framework fails with "Should find method name in validIrRulesMap" + JDK-8274911: testlibrary_tests/ir_framework/tests/ /TestIRMatching.java fails with "java.lang.RuntimeException: Should have thrown exception" + JDK-8275173: testlibrary_tests/ir_framework/tests/ /TestCheckedTests.java fails after JDK-8274911 + JDK-8275320: NMT should perform buffer overrun checks + JDK-8275301: Unify C-heap buffer overrun checks into NMT + JDK-8275582: Don't purge metaspace mapping lists + JDK-8275704: Metaspace::contains() should be threadsafe + JDK-8275843: Random crashes while the UI code is executed + JDK-8276064: CheckCastPP with raw oop input floats below a safepoint + JDK-8276086: Increase size of metaspace mappings + JDK-8277485: Zero: Fix _fast_{i,f}access_0 bytecodes handling + JDK-8277822: Remove debug-only heap overrun checks in os::malloc and friends + JDK-8277946: NMT: Remove VM.native_memory shutdown jcmd command option + JDK-8277990: NMT: Remove NMT shutdown capability + JDK-8278961: Enable debug logging in java/net/ /DatagramSocket/SendDatagramToBadAddress.java + JDK-8279024: Remove javascript references from clhsdb.html + JDK-8279119: src/jdk.hotspot.agent/doc/index.html file contains references to scripts that no longer exist + JDK-8279351: [TESTBUG] SADebugDTest.java does not handle "Address already in use" error + JDK-8279614: The left line of the TitledBorder is not painted on 150 scale factor + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8280048: Missing comma in copyright header + JDK-8280132: Incorrect comparator com.sun.beans.introspect .MethodInfo.MethodOrder + JDK-8280166: Extend java/lang/instrument/ /GetObjectSizeIntrinsicsTest.java test cases + JDK-8280553: resourcehogs/serviceability/sa/ /TestHeapDumpForLargeArray.java can fail if GC occurs + JDK-8280703: CipherCore.doFinal(...) causes potentially massive byte[] allocations during decryption + JDK-8280784: VM_Cleanup unnecessarily processes all thread oops + JDK-8280868: LineBodyHandlerTest.java creates and discards too many clients + JDK-8280889: java/lang/instrument/ /GetObjectSizeIntrinsicsTest.java fails with - XX:-UseCompressedOops + JDK-8280896: java/nio/file/Files/probeContentType/ /Basic.java fails on Windows 11 + JDK-8281122: [IR Framework] Cleanup IR matching code in preparation for JDK-8280378 + JDK-8281170: Test jdk/tools/jpackage/windows/ /WinInstallerIconTest always fails on Windows 11 + JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java to stop HttpServer cleanly in case of exceptions + JDK-8282143: Objects.requireNonNull should be ForceInline + JDK-8282577: ICC_Profile.setData(int, byte[]) invalidates the profile + JDK-8282771: Create test case for JDK-8262981 + JDK-8282958: Rendering Issues with Borders on Windows High-DPI systems + JDK-8283606: Tests may fail with zh locale on MacOS + JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/ /thread001 failed due to SocketTimeoutException + JDK-8283719: java/util/logging/CheckZombieLockTest.java failing intermittently + JDK-8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de + JDK-8284115: [IR Framework] Compilation is not found due to rare safepoint while dumping PrintIdeal/PrintOptoAssembly + JDK-8284165: Add pid to process reaper thread name + JDK-8284524: Create an automated test for JDK-4422362 + JDK-8284726: Print active locale settings in hs_err reports and in VM.info + JDK-8284767: Create an automated test for JDK-4422535 + JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432 + JDK-8285690: CloneableReference subtest should not throw CloneNotSupportedException + JDK-8285755: JDK-8285093 changed the default for - -with-output-sync + JDK-8285835: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work + JDK-8285919: Remove debug printout from JDK-8285093 + JDK-8285965: TestScenarios.java does not check for "" correctly + JDK-8286030: Avoid JVM crash when containers share the same /tmp dir + JDK-8286154: Fix 3rd party notices in test files + JDK-8286562: GCC 12 reports some compiler warnings + JDK-8286694: Incorrect argument processing in java launcher + JDK-8286705: GCC 12 reports use-after-free potential bugs + JDK-8286707: JFR: Don't commit JFR internal jdk.JavaMonitorWait events + JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too strong + JDK-8286844: com/sun/jdi/RedefineCrossEvent.java failed with 1 threads completed while VM suspended + JDK-8286873: Improve websocket test execution time + JDK-8286962: java/net/httpclient/ServerCloseTest.java failed once with ConnectException + JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08 + JDK-8287217: C2: PhaseCCP: remove not visited nodes, prevent type inconsistency + JDK-8287491: compiler/jvmci/errors/TestInvalidDebugInfo.java fails new assert: assert((uint)t < T_CONFLICT + 1) failed: invalid type # + JDK-8287593: ShortResponseBody could be made more resilient to rogue connections + JDK-8287754: Update jib GNU make dependency on Windows to latest cygwin build + JDK-8288005: HotSpot build with disabled PCH fails for Windows AArch64 + JDK-8288130: compiler error with AP and explicit record accessor + JDK-8288332: Tier1 validate-source fails after 8279614 + JDK-8288415: java/awt/PopupMenu/PopupMenuLocation.java is unstable in MacOS machines + JDK-8288854: getLocalGraphicsEnvironment() on for multi-screen setups throws exception NPE + JDK-8289400: Improve com/sun/jdi/TestScaffold error reporting + JDK-8289440: Remove vmTestbase/nsk/monitoring/MemoryPoolMBean/ /isCollectionUsageThresholdExceeded/isexceeded003 from ProblemList.txt + JDK-8289508: Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289647: AssertionError during annotation processing of record related tests + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290067: Show stack dimensions in UL logging when attaching threads + JDK-8290083: ResponseBodyBeforeError: AssertionError or SSLException: Unsupported or unrecognized SSL message + JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/ /Basic.java fails on some systems for the ".rar" extension + JDK-8290322: Optimize Vector.rearrange over byte vectors for AVX512BW targets. + JDK-8290836: Improve test coverage for XPath functions: String Functions + JDK-8290837: Improve test coverage for XPath functions: Boolean Functions + JDK-8290838: Improve test coverage for XPath functions: Number Functions + JDK-8290850: C2: create_new_if_for_predicate() does not clone pinned phi input nodes resulting in a broken graph + JDK-8290899: java/lang/String/StringRepeat.java test requests too much heap on windows x86 + JDK-8290964: C2 compilation fails with assert "non-reduction loop contains reduction nodes" + JDK-8291825: java/time/nontestng/java/time/zone/ /CustomZoneNameTest.java fails if defaultLocale and defaultFormatLocale are different + JDK-8292033: Move jdk.X509Certificate event logic to JCA layer + JDK-8292066: Convert TestInputArgument.sh and TestSystemLoadAvg.sh to java version + JDK-8292159: TYPE_USE annotations on generic type arguments of record components discarded + JDK-8292177: InitialSecurityProperty JFR event + JDK-8292285: C2: remove unreachable block after NeverBranch-to-Goto conversion + JDK-8292297: Fix up loading of override java.security properties file + JDK-8292328: AccessibleActionsTest.java test instruction for show popup on JLabel did not specify shift key + JDK-8292443: Weak CAS VarHandle/Unsafe tests should test always-failing cases + JDK-8292602: ZGC: C2 late barrier analysis uses invalid dominator information + JDK-8292660: C2: blocks made unreachable by NeverBranch-to-Goto conversion are removed incorrectly + JDK-8292780: misc tests failed "assert(false) failed: graph should be schedulable" + JDK-8292877: java/util/concurrent/atomic/Serial.java uses {Double,Long}Accumulator incorrectly + JDK-8293000: Review running times of jshell regression tests + JDK-8293326: jdk/sun/security/tools/jarsigner/compatibility/ /SignTwice.java slow on Windows + JDK-8293466: libjsig should ignore non-modifying sigaction calls + JDK-8293493: Signal Handlers printout should show signal block state + JDK-8293531: C2: some vectorapi tests fail assert "Not monotonic" with flag -XX:TypeProfileLevel=222 + JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + JDK-8293691: converting a defined BasicType value to a string should not crash the VM + JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" + JDK-8293965: Code signing warnings after JDK-8293550 + JDK-8293996: C2: fix and simplify IdealLoopTree::do_remove_empty_loop + JDK-8294160: misc crash dump improvements + JDK-8294217: Assertion failure: parsing found no loops but there are some + JDK-8294310: compare.sh fails on macos after JDK-8293550 + JDK-8294378: URLPermission constructor exception when using tr locale + JDK-8294538: missing is_unloading() check in SharedRuntime::fixup_callers_callsite() + JDK-8294548: Problem list SA core file tests on macosx-x64 due to JDK-8294316 + JDK-8294580: frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame + JDK-8294677: chunklevel::MAX_CHUNK_WORD_SIZE too small for some applications + JDK-8294705: Disable an assertion in test/jdk/java/util/ /DoubleStreamSums/CompensatedSums.java + JDK-8294902: Undefined Behavior in C2 regalloc with null references + JDK-8294947: Use 64bit atomics in patch_verified_entry on x86_64 + JDK-8294958: java/net/httpclient/ConnectTimeout tests are slow + JDK-8295000: java/util/Formatter/Basic test cleanup + JDK-8295066: Folding of loads is broken in C2 after JDK-8242115 + JDK-8295116: C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead + JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals" + JDK-8295413: com/sun/jdi/EATests.java fails with compiler flag -XX:+StressReflectiveCode + JDK-8295414: [Aarch64] C2: assert(false) failed: bad AD file + JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13 + JDK-8295685: Update Libpng to 1.6.38 + JDK-8295724: VirtualMachineError: Out of space in CodeCache for method handle intrinsic + JDK-8298947: compiler/codecache/ /MHIntrinsicAllocFailureTest.java fails intermittently + JDK-8295774: Write a test to verify List sends ItemEvent/ActionEvent + JDK-8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver + JDK-8295788: C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" + JDK-8296136: Use correct register in aarch64_enc_fast_unlock() + JDK-8296239: ISO 4217 Amendment 174 Update + JDK-8296329: jar validator doesn't account for minor class file version + JDK-8296389: C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors 8298568: Fastdebug build fails after JDK-8296389 + JDK-8296548: Improve MD5 intrinsic for x86_64 + JDK-8296611: Problemlist several sun/security tests until JDK-8295343 is resolved + JDK-8296619: Upgrade jQuery to 3.6.1 + JDK-8296675: Exclude linux-aarch64 in NSS tests + JDK-8296878: Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters + JDK-8296904: Improve handling of macos xcode toolchain + JDK-8296912: C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 + JDK-8296924: C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address + JDK-8297088: Update LCMS to 2.14 + JDK-8297211: Expensive fillInStackTrace operation in HttpURLConnection.getOutputStream0 when no content-length in response + JDK-8297259: Bump update version for OpenJDK: jdk-17.0.7 + JDK-8297264: C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top + JDK-8297431: [JVMCI] HotSpotJVMCIRuntime.encodeThrowable should not throw an exception + JDK-8297437: javadoc cannot link to old docs (with old style anchors) + JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses result - NULL check + JDK-8297489: Modify TextAreaTextEventTest.java as to verify the content change of TextComponent sends TextEvent + JDK-8297523: Various GetPrimitiveArrayCritical miss result - NULL check + JDK-8297569: URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 + JDK-8297642: PhaseIdealLoop::only_has_infinite_loops must detect all loops that never lead to termination + JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8297959: Provide better descriptions for some Operating System JFR events + JDK-8297963: Partially fix string expansion issues in UTIL_DEFUN_NAMED and related macros + JDK-8298027: Remove SCCS id's from awt jtreg tests + JDK-8298035: Provide better descriptions for JIT compiler JFR events + JDK-8298073: gc/metaspace/ /CompressedClassSpaceSizeInJmapHeap.java causes test task timeout on macosx + JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out after 8 minutes + JDK-8298093: improve cleanup and error handling of awt_parseColorModel in awt_parseImage.c + JDK-8298108: Add a regression test for JDK-8297684 + JDK-8298129: Let checkpoint event sizes grow beyond u4 limit + JDK-8298271: java/security/SignedJar/spi-calendar-provider/ /TestSPISigned.java failing on Windows + JDK-8298459: Fix msys2 linking and handling out of tree build directory for source zip creation + JDK-8298472: AArch64: Detect Ampere-1 and Ampere-1A CPUs and set default options + JDK-8298527: Cygwin's uname -m returns different string than before + JDK-8298588: WebSockets: HandshakeUrlEncodingTest unnecessarily depends on a response body + JDK-8298649: JFR: RemoteRecordingStream support for checkpoint event sizes beyond u4 + JDK-8298726: (fs) Change PollingWatchService to record last modified time as FileTime rather than milliseconds + JDK-8299015: Ensure that HttpResponse.BodySubscribers.ofFile writes all bytes + JDK-8299018: java/net/httpclient/HttpsTunnelAuthTest.java fails with java.io.IOException: HTTP/1.1 header parser received no bytes + JDK-8299194: CustomTzIDCheckDST.java may fail at future date + JDK-8299296: Write a test to verify the components selection sends ItemEvent + JDK-8299388: java/util/regex/NegativeArraySize.java fails on Alpine and sometimes Windows + JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit + JDK-8299439: java/text/Format/NumberFormat/ /CurrencyFormat.java fails for hr_HR + JDK-8299483: ProblemList java/text/Format/NumberFormat/ /CurrencyFormat.java + JDK-8299470: sun/jvm/hotspot/SALauncher.java handling of negative rmiport args + JDK-8299497: Usage of constructors of primitive wrapper classes should be avoided in java.desktop API docs + JDK-8299520: TestPrintXML.java output error messages in case compare fails + JDK-8299597: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.7 + JDK-8299657: sun/tools/jhsdb/SAGetoptTest.java fails after 8299470 + JDK-8299671: Speed up compiler/intrinsics/string/ /TestStringLatin1IndexOfChar.java + JDK-8299789: Compilation of gtest causes build to fail if runtime libraries are in different dirs + JDK-8299957: Enhance error logging in instrument coding with additional jplis_assert_msg + JDK-8299970: Speed up compiler/arraycopy/ /TestArrayCopyConjoint.java + JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems + JDK-8300205: Swing test bug8078268 make latch timeout configurable + JDK-8300266: Detect Virtualization on Linux aarch64 + JDK-8300490: Spaces in name of MacOS Code Signing Identity are not correctly handled after JDK-8293550 + JDK-8300590: [JVMCI] BytecodeFrame.equals is broken + JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev + JDK-8300692: GCC 12 reports some compiler warnings in bundled freetype + JDK-8300751: [17u] Remove duplicate entry in javac.properties + JDK-8300773: Address the inconsistency between the constant array and pool size + JDK-8301170: perfMemory_windows.cpp add free_security_attr to early returns + JDK-8301342: Prefer ArrayList to LinkedList in LayoutComparator + JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build JDK 11.0.18 + JDK-8301760: Fix possible leak in SpNegoContext dispose + JDK-8301842: JFR: increase checkpoint event size for stacktrace and string pool + JDK-8302152: Speed up tests with infinite loops, sleep less + JDK-8302692: [17u] Update GHA Boot JDK to 17.0.6 + JDK-8302879: doc/building.md update link to jtreg builds + JDK-8304871: Use default visibility for static library builds - Modified patch: * fips.patch + refetch from git repository with our changes merged in - Added patch: * JDK-8303509.patch + upstream fix for JDK-8303509, bsc#1209333: Socket setTrafficClass does not work for IPv4 connections when IPv6 is enabled ++++ kernel-debug: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-source: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-source-rt: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-docs: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-kvmsmall: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-obs-build: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-obs-qa: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-rt_debug: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-syms: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-syms-rt: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ kernel-zfcpdump: - s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947). - commit 6baf829 ++++ ledmon: - Don't use ProtectKernelTunables, can break some use cases (bsc#1210656) ++++ trento-agent: - Release 2.0.0 [#] Changelog [#]# [2.0.0](https://github.com/trento-project/agent/tree/2.0.0) (2023-04-26) [Full Changelog](https://github.com/trento-project/agent/compare/1.2.0...2.0.0) [#]## Added - Parse durations in cibadmin gatherer [\#204](https://github.com/trento-project/agent/pull/204) (@fabriziosestito) - Add ability to detect if running on `VMware` system [\#193](https://github.com/trento-project/agent/pull/193) (@jamie-suse) - Pin web api version to v1 [\#186](https://github.com/trento-project/agent/pull/186) (@CDimonaco) - Multiversion package support [\#181](https://github.com/trento-project/agent/pull/181) (@nelsonkopliku) - Pretty print fact values [\#176](https://github.com/trento-project/agent/pull/176) (@dottorblaster) - Unhide facts service url flag [\#172](https://github.com/trento-project/agent/pull/172) (@arbulu89) - Add version comparison functionality for package\_version [\#169](https://github.com/trento-project/agent/pull/169) (@rtorrero) - Make `corosynccmapctl` gatherer output a map structure [\#168](https://github.com/trento-project/agent/pull/168) (@jamie-suse) - Add initial support to verify the password for the hacluster user [\#164](https://github.com/trento-project/agent/pull/164) (@rtorrero) - Add argument validation for gatherers that require it [\#162](https://github.com/trento-project/agent/pull/162) (@rtorrero) - Hidden agent id flag [\#160](https://github.com/trento-project/agent/pull/160) (@arbulu89) - Sbd dump gatherer [\#156](https://github.com/trento-project/agent/pull/156) (@nelsonkopliku) - Retrieve agent id command [\#154](https://github.com/trento-project/agent/pull/154) (@nelsonkopliku) - Port cibadmin gatherer [\#149](https://github.com/trento-project/agent/pull/149) (@arbulu89) - Restructure project folders structure [\#147](https://github.com/trento-project/agent/pull/147) (@arbulu89) - Generic get value [\#146](https://github.com/trento-project/agent/pull/146) (@arbulu89) - Refactor sbd loading [\#145](https://github.com/trento-project/agent/pull/145) (@nelsonkopliku) - Corosynccmap ctl gatherer port [\#144](https://github.com/trento-project/agent/pull/144) (@rtorrero) - Refactor sbd gatherer [\#141](https://github.com/trento-project/agent/pull/141) (@nelsonkopliku) - Packageversion gatherer [\#140](https://github.com/trento-project/agent/pull/140) (@rtorrero) - Port systemd gatherer [\#139](https://github.com/trento-project/agent/pull/139) (@arbulu89) - Gather all hosts entries when no arg is provided [\#137](https://github.com/trento-project/agent/pull/137) (@rtorrero) - Add FactValue type [\#133](https://github.com/trento-project/agent/pull/133) (@fabriziosestito) - Implement /etc/hosts file gatherer [\#78](https://github.com/trento-project/agent/pull/78) (@rtorrero) - Implement saphostctrl gatherer [\#71](https://github.com/trento-project/agent/pull/71) (@arbulu89) [#]## Fixed - Fix getValue function when map is empty [\#218](https://github.com/trento-project/agent/pull/218) (@arbulu89) - Cibadmin meta attributes to list [\#211](https://github.com/trento-project/agent/pull/211) (@arbulu89) - Fix broken zypper output parsing in package\_version due to `\n` [\#173](https://github.com/trento-project/agent/pull/173) (@rtorrero) - Handle `CorosyncCmapctlGatherer` receiving empty lines [\#171](https://github.com/trento-project/agent/pull/171) (@jamie-suse) - Fix cluster\_property\_set parsing [\#170](https://github.com/trento-project/agent/pull/170) (@fabriziosestito) - Fix list conversion issues in the xml gatherer [\#157](https://github.com/trento-project/agent/pull/157) (@arbulu89) - Fix special lists usage in corosyncconf gatherer [\#155](https://github.com/trento-project/agent/pull/155) (@arbulu89) [#]## Removed - Remove ssh address references [\#174](https://github.com/trento-project/agent/pull/174) (@arbulu89) [#]## Other Changes - Bump github.com/vektra/mockery/v2 from 2.22.1 to 2.24.0 [\#213](https://github.com/trento-project/agent/pull/213) (@dependabot[bot]) - Bump github.com/hashicorp/go-hclog from 1.3.1 to 1.5.0 [\#209](https://github.com/trento-project/agent/pull/209) (@dependabot[bot]) - Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 [\#206](https://github.com/trento-project/agent/pull/206) (@dependabot[bot]) - Bump google.golang.org/protobuf from 1.28.1 to 1.29.1 [\#203](https://github.com/trento-project/agent/pull/203) (@dependabot[bot]) - update spec file [\#202](https://github.com/trento-project/agent/pull/202) (@stefanotorresi) - Bump actions/cache from 3.2.6 to 3.3.1 [\#201](https://github.com/trento-project/agent/pull/201) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.21.3 to 2.22.1 [\#200](https://github.com/trento-project/agent/pull/200) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.20.2 to 2.21.3 [\#197](https://github.com/trento-project/agent/pull/197) (@dependabot[bot]) - Bump github.com/spf13/afero from 1.9.4 to 1.9.5 [\#196](https://github.com/trento-project/agent/pull/196) (@dependabot[bot]) - Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 [\#192](https://github.com/trento-project/agent/pull/192) (@dependabot[bot]) - Bump github.com/spf13/afero from 1.9.3 to 1.9.4 [\#191](https://github.com/trento-project/agent/pull/191) (@dependabot[bot]) - Add reviewers to dependabot [\#190](https://github.com/trento-project/agent/pull/190) (@fabriziosestito) - Bump github.com/vektra/mockery/v2 from 2.20.0 to 2.20.2 [\#189](https://github.com/trento-project/agent/pull/189) (@dependabot[bot]) - Bump actions/cache from 3.2.5 to 3.2.6 [\#188](https://github.com/trento-project/agent/pull/188) (@dependabot[bot]) - Trigger golang docs update in ci [\#187](https://github.com/trento-project/agent/pull/187) (@arbulu89) - Bump github.com/vektra/mockery/v2 from 2.19.0 to 2.20.0 [\#185](https://github.com/trento-project/agent/pull/185) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.18.0 to 2.19.0 [\#183](https://github.com/trento-project/agent/pull/183) (@dependabot[bot]) - Bump actions/cache from 3.2.3 to 3.2.5 [\#182](https://github.com/trento-project/agent/pull/182) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.16.0 to 2.18.0 [\#179](https://github.com/trento-project/agent/pull/179) (@dependabot[bot]) - Disable lll linter rule for test files [\#177](https://github.com/trento-project/agent/pull/177) (@dottorblaster) - Bump github.com/spf13/viper from 1.14.0 to 1.15.0 [\#175](https://github.com/trento-project/agent/pull/175) (@dependabot[bot]) - Bump actions/cache from 3.2.2 to 3.2.3 [\#166](https://github.com/trento-project/agent/pull/166) (@dependabot[bot]) - Bump actions/cache from 3.0.11 to 3.2.2 [\#163](https://github.com/trento-project/agent/pull/163) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.15.0 to 2.16.0 [\#158](https://github.com/trento-project/agent/pull/158) (@dependabot[bot]) - Bump github.com/hashicorp/go-plugin from 1.4.7 to 1.4.8 [\#153](https://github.com/trento-project/agent/pull/153) (@dependabot[bot]) - Bump github.com/hashicorp/go-plugin from 1.4.5 to 1.4.7 [\#151](https://github.com/trento-project/agent/pull/151) (@dependabot[bot]) - Change compose & test rabbitmq port [\#148](https://github.com/trento-project/agent/pull/148) (@fabriziosestito) - Update CONTRIBUTING.md [\#143](https://github.com/trento-project/agent/pull/143) (@fabriziosestito) - Coveralls [\#142](https://github.com/trento-project/agent/pull/142) (@arbulu89) - Bump github.com/vektra/mockery/v2 from 2.14.1 to 2.15.0 [\#138](https://github.com/trento-project/agent/pull/138) (@dependabot[bot]) - Bump github.com/spf13/afero from 1.9.2 to 1.9.3 [\#136](https://github.com/trento-project/agent/pull/136) (@dependabot[bot]) - Bump github.com/spf13/cobra from 1.5.0 to 1.6.1 [\#135](https://github.com/trento-project/agent/pull/135) (@dependabot[bot]) - Bump github.com/coreos/go-systemd/v22 from 22.3.2 to 22.5.0 [\#132](https://github.com/trento-project/agent/pull/132) (@dependabot[bot]) - Bump github.com/spf13/viper from 1.12.0 to 1.14.0 [\#131](https://github.com/trento-project/agent/pull/131) (@dependabot[bot]) - Bump github.com/vektra/mockery/v2 from 2.12.3 to 2.14.1 [\#128](https://github.com/trento-project/agent/pull/128) (@dependabot[bot]) - Bump actions/cache from 3.0.6 to 3.0.11 [\#119](https://github.com/trento-project/agent/pull/119) (@dependabot[bot]) - Bump github.com/hashicorp/go-hclog from 1.2.2 to 1.3.1 [\#109](https://github.com/trento-project/agent/pull/109) (@dependabot[bot]) ------------------------------------------------------------------ ------------------ 2023-4-25 - Apr 25 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-azure: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-default: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-rt: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ dtb-aarch64: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-debug: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-source: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-source-azure: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-source-rt: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-docs: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-firmware-nvidia-gsp-G06: - update firmware to version 525.116.03 ++++ kernel-kvmsmall: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-obs-build: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-obs-qa: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-rt_debug: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-syms: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-syms-azure: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-syms-rt: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ kernel-zfcpdump: - block: do not reverse request order when flushing plug list (bsc#1208081 bsc#1208588 bsc#1208076). - commit 13ff241 ++++ libtpms: - 0001-tpm2-Check-size-of-buffer-before-accessing-it-CVE-20.patch: Fixes CVE-2023-1017 & CVE-2023-1018: fixed memory corruptions in CryptParameterDecryption (bsc#1206022 bsc#1206023) ++++ libyui: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-ncurses: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-ncurses-pkg: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-ncurses-rest-api: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-qt: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-qt-graph: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-qt-pkg: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-qt-rest-api: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ libyui-rest-api: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ nvidia-open-driver-G06-signed: - Update to version 525.116.03 ++++ openssl-ibmca: - Added dependency on libica4 (bsc#1209038) * BuildRequires and Requires statements in .spec file for libica4 ++++ libyui-bindings: - Qt UI: Fixed regression for icon loading (bsc#1210712) https://github.com/libyui/libyui/pull/100 - 4.5.2 ++++ targetcli-fb: - Added one upstream commit for CVE-2020-13867 (bsc#1172743), part 2. This time, only modify permisssions on directory where config is stored if it is /etc/target, adding patch: * Fix-changing-savedir-directory-mode.patch ------------------------------------------------------------------ ------------------ 2023-4-24 - Apr 24 2023 ------------------- ------------------------------------------------------------------ ++++ git: - Apply "CVE-2023-25652.patch" to fix a security vulnerability where by feeding a specially crafted input to `git apply - -reject`, a path outside the working tree could be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). [CVE-2023-25652, bsc#1210686] - Apply "CVE-2023-25815.patch" to fix a security vulnerability that exists when Git is compiled with runtime prefix support and runs without translated messages, then it still used the gettext machinery to display messages, which subsequently potentially looked for translated messages in unexpected places. This allowed for malicious placement of crafted messages. [CVE-2023-25815, bsc#1210686] - Apply "CVE-2023-29007-0.patch", "CVE-2023-29007-1.patch", "CVE-2023-29007-2.patch", and "CVE-2023-29007-3.patch" to fix a security vulnerability that occurred when renaming or deleting a section from a configuration file, then certain malicious configuration values might have been misinterpreted as the beginning of a new configuration section, leading to arbitrary configuration injection. [CVE-2023-29007, bsc#1210686] ++++ kernel-default-base: - Do not build on s390 (bsc#1210729) ++++ mdadm: - Fixes for mdmon to ensure it run at the right time in the fight mount namespace. This fixes various problems with IMSM raid arrays in 15-SP4 (bsc#1205493, bsc#1205830) - mdmon: fix segfault 0052-mdmon-fix-segfault.patch - util: remove obsolete code from get_md_name 0053-util-remove-obsolete-code-from-get_md_name.patch - mdmon: don't test both 'all' and 'container_name'. 0054-mdmon-don-t-test-both-all-and-container_name.patch - mdmon: change systemd unit file to use --foreground 0055-mdmon-change-systemd-unit-file-to-use-foreground.patch - mdmon: Remove need for KillMode=none 0056-mdmon-Remove-need-for-KillMode-none.patch - mdmon: Improve switchroot interactions. 0057-mdmon-Improve-switchroot-interactions.patch - mdopen: always try create_named_array() 0058-mdopen-always-try-create_named_array.patch - Improvements for IMSM_NO_PLATFORM testing 0059-Improvements-for-IMSM_NO_PLATFORM-testing.patch ++++ prometheus-blackbox_exporter: - On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599) ++++ python3-rtslib-fb: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-sip: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-apipkg: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-edk2toolext: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-flit-core: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-libvirt-python: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-lxml: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-pefile: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-pyelftools: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-pyotherside: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-pyqt-builder: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-qt5: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-qt5: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-qt5-sip: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ python3-tomli: - Rename package to avoid conflicts with the new Python Stack Proposal (jsc#PED-68) ++++ yast2-storage-ng: - Guided Setup: display a hint for disks with sensible data transports like FCoE or NVMe/oF (bsc#1209588). - 4.5.22 ------------------------------------------------------------------ ------------------ 2023-4-23 - Apr 23 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-04-24 (bsc#1084929) ------------------------------------------------------------------ ------------------ 2023-4-22 - Apr 22 2023 ------------------- ------------------------------------------------------------------ ++++ autofs: - autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch Fix off-by-one error in recursive map handling. (bsc#1209653) ------------------------------------------------------------------ ------------------ 2023-4-21 - Apr 21 2023 ------------------- ------------------------------------------------------------------ ++++ 389-ds: - bsc#1210462 - OpenLDAP to 389-ds migration - exclude some unsupported attributes. - Update to version 2.2.6~git40.002a0ca: * Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735) * Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727) * Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations * Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711) * Issue 1081 - Stop schema replication from overwriting x-origin * Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699) * Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692) * Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691) * Issue 5687 - UI - sensitive information disclosure * Issue 4583 - Update specfile to skip checks of ASAN builds * Issue 5550 - dsconf monitor crashes with Error math domain error (#5553) * Issue 3604 - UI - Add support for Subject Alternative Names in CSR * Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled * Fix build break * Issue 5640 - Update logconv for new logging format * Issue 5545 - A random crash in import over lmdb (#5546) * Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498) * Issue 5408: lmdb import is slow (#5481) * Issue 5162 - CI - fix error message for invalid pem file * Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604) * Issue 5671 - covscan - clang warning (#5672) * Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn * Issue 5666 - CLI - Add timeout parameter for tasks * Issue 5567 - CLI - make ldifgen use the same default ldif name for all options * Issue 5162 - Lib389 - verify certificate type before adding * Issue 5630 - CLI - need to add logging filter for stdout * Issue 5646 - CLI/UI - do not hardcode password storage schemes * Issue 5640 - Update logconv for new logging format * Issue 5652 - Libasan crash in replication/cascading_test (#5659) * Issue 5658 - CLI - unable to add attribute with matching rule * Issue 5653 - covscan - fix invalid dereference * Issue 5648 - Covscan - Compiler warnings (#5651) * Issue 5630 - CLI - error messages should goto stderr * Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639) * Issue 5632 - CLI - improve error handling with db2ldif * Issue 5578 - dscreate ds-root does not normaile paths (#5613) * Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579) * Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates * Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees * Issue 5497 - boolean attributes should be case insensitive * Bump version to 2.2.6 * Issue 5607, 5351, 5611 - UI/CLI - fix various issues * Issue 5608 - UI - need to replace some "const" with "let" * Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584) * Issue 5602 - UI - browser crash when trying to modify read-only variable * Issue 5581 - UI - Support cockpit dark theme ++++ webkit2gtk3-soup2: - Update to version 2.38.6 (boo#1210295 boo#1210731): + Enable the Asynchronous Clipboard API to make certain pages work (e.g. GithHub started recently requiring it). + Support :has() CSS selectors in content filters. + Apply basic font properties as font variation settings. + The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. + Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. + Fix the build with journald support enabled when using elogind instead of the systemd libraries. + Fix the build with Link-Time Optimization enabled (-flto=auto). + Fix context menus not working in the remote Web Inspector. + Fix usage of the remote Web Inspector over HTTP. + Fix debug logs not being emitted in release builds. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-0108, CVE-2023-28205, CVE-2022-32885, CVE-2023-27932, CVE-2023-27954. ++++ webkit2gtk3: - Update to version 2.38.6 (boo#1210295 boo#1210731): + Enable the Asynchronous Clipboard API to make certain pages work (e.g. GithHub started recently requiring it). + Support :has() CSS selectors in content filters. + Apply basic font properties as font variation settings. + The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. + Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. + Fix the build with journald support enabled when using elogind instead of the systemd libraries. + Fix the build with Link-Time Optimization enabled (-flto=auto). + Fix context menus not working in the remote Web Inspector. + Fix usage of the remote Web Inspector over HTTP. + Fix debug logs not being emitted in release builds. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-0108, CVE-2023-28205, CVE-2022-32885, CVE-2023-27932, CVE-2023-27954. ++++ webkit2gtk4: - Update to version 2.38.6 (boo#1210295 boo#1210731): + Enable the Asynchronous Clipboard API to make certain pages work (e.g. GithHub started recently requiring it). + Support :has() CSS selectors in content filters. + Apply basic font properties as font variation settings. + The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly. Using GApplication is still recommended, but optional. + Improvements to the GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. + Fix the build with journald support enabled when using elogind instead of the systemd libraries. + Fix the build with Link-Time Optimization enabled (-flto=auto). + Fix context menus not working in the remote Web Inspector. + Fix usage of the remote Web Inspector over HTTP. + Fix debug logs not being emitted in release builds. + Fix several crashes and rendering issues. + Security fixes: CVE-2022-0108, CVE-2023-28205, CVE-2022-32885, CVE-2023-27932, CVE-2023-27954. ++++ rust: - Update to version 1.69.0 - for details see the rust1.69 package ++++ rust1.69: Version 1.69.0 (2023-04-20) Language -------- - [Deriving built-in traits on packed structs works with `Copy` fields.](https://github.com/rust-lang/rust/pull/104429/) - [Stabilize the `cmpxchg16b` target feature on x86 and x86_64.](https://github.com/rust-lang/rust/pull/106774/) - [Improve analysis of trait bounds for associated types.](https://github.com/rust-lang/rust/pull/103695/) - [Allow associated types to be used as union fields.](https://github.com/rust-lang/rust/pull/106938/) - [Allow `Self: Autotrait` bounds on dyn-safe trait methods.](https://github.com/rust-lang/rust/pull/107082/) - [Treat `str` as containing `[u8]` for auto trait purposes.](https://github.com/rust-lang/rust/pull/107941/) Compiler -------- - [Upgrade `*-pc-windows-gnu` on CI to mingw-w64 v10 and GCC 12.2.](https://github.com/rust-lang/rust/pull/100178/) - [Rework min_choice algorithm of member constraints.](https://github.com/rust-lang/rust/pull/105300/) - [Support `true` and `false` as boolean flags in compiler arguments.](https://github.com/rust-lang/rust/pull/107043/) - [Default `repr(C)` enums to `c_int` size.](https://github.com/rust-lang/rust/pull/107592/) Libraries --------- - [Implement the unstable `DispatchFromDyn` for cell types, allowing downstream experimentation with custom method receivers.](https://github.com/rust-lang/rust/pull/97373/) - [Document that `fmt::Arguments::as_str()` may return `Some(_)` in more cases after optimization, subject to change.](https://github.com/rust-lang/rust/pull/106823/) - [Implement `AsFd` and `AsRawFd` for `Rc`.](https://github.com/rust-lang/rust/pull/107317/) Stabilized APIs - [`CStr::from_bytes_until_nul`](https://doc.rust-lang.org/stable/core/ffi/struct.CStr.html#method.from_bytes_until_nul) - [`core::ffi::FromBytesUntilNulError`](https://doc.rust-lang.org/stable/core/ffi/struct.FromBytesUntilNulError.html) These APIs are now stable in const contexts: - [`SocketAddr::new`](https://doc.rust-lang.org/stable/std/net/enum.SocketAddr.html#method.new) - [`SocketAddr::ip`](https://doc.rust-lang.org/stable/std/net/enum.SocketAddr.html#method.ip) - [`SocketAddr::port`](https://doc.rust-lang.org/stable/std/net/enum.SocketAddr.html#method.port) - [`SocketAddr::is_ipv4`](https://doc.rust-lang.org/stable/std/net/enum.SocketAddr.html#method.is_ipv4) - [`SocketAddr::is_ipv6`](https://doc.rust-lang.org/stable/std/net/enum.SocketAddr.html#method.is_ipv6) - [`SocketAddrV4::new`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV4.html#method.new) - [`SocketAddrV4::ip`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV4.html#method.ip) - [`SocketAddrV4::port`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV4.html#method.port) - [`SocketAddrV6::new`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV6.html#method.new) - [`SocketAddrV6::ip`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV6.html#method.ip) - [`SocketAddrV6::port`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV6.html#method.port) - [`SocketAddrV6::flowinfo`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV6.html#method.flowinfo) - [`SocketAddrV6::scope_id`](https://doc.rust-lang.org/stable/std/net/struct.SocketAddrV6.html#method.scope_id) Cargo ----- - [Cargo now suggests `cargo fix` or `cargo clippy --fix` when compilation warnings are auto-fixable.](https://github.com/rust-lang/cargo/pull/11558/) - [Cargo now suggests `cargo add` if you try to install a library crate.](https://github.com/rust-lang/cargo/pull/11410/) - [Cargo now sets the `CARGO_BIN_NAME` environment variable also for binary examples.](https://github.com/rust-lang/cargo/pull/11705/) Rustdoc ----- - [Vertically compact trait bound formatting.](https://github.com/rust-lang/rust/pull/102842/) - [Only include stable lints in `rustdoc::all` group.](https://github.com/rust-lang/rust/pull/106316/) - [Compute maximum Levenshtein distance based on the query.](https://github.com/rust-lang/rust/pull/107141/) - [Remove inconsistently-present sidebar tooltips.](https://github.com/rust-lang/rust/pull/107490/) - [Search by macro when query ends with `!`.](https://github.com/rust-lang/rust/pull/108143/) Compatibility Notes - [The `rust-analysis` component from `rustup` now only contains a warning placeholder.](https://github.com/rust-lang/rust/pull/101841/) This was primarily intended for RLS, and the corresponding `-Zsave-analysis` flag has been removed from the compiler as well. - [Unaligned references to packed fields are now a hard error.](https://github.com/rust-lang/rust/pull/102513/) This has been a warning since 1.53, and denied by default with a future-compatibility warning since 1.62. - [Update the minimum external LLVM to 14.](https://github.com/rust-lang/rust/pull/107573/) - [Cargo now emits errors on invalid characters in a registry token.](https://github.com/rust-lang/cargo/pull/11600/) - [When `default-features` is set to false of a workspace dependency, and an inherited dependency of a member has `default-features = true`, Cargo will enable default features of that dependency.](https://github.com/rust-lang/cargo/pull/11409/) - [Cargo denies `CARGO_HOME` in the `[env]` configuration table. Cargo itself doesn't pick up this value, but recursive calls to cargo would, which was not intended.](https://github.com/rust-lang/cargo/pull/11644/) - [Debuginfo for build dependencies is now off if not explicitly set. This is expected to improve the overall build time.](https://github.com/rust-lang/cargo/pull/11252/) ++++ grub2: - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch ++++ kafka-kit: - Port runant.py to python3 * Add kafka-kit-port-py3-runant.patch ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#926 - reimplemented transport detection for NVMe (bsc#1210144) - added tests for nvme parsers - 4.5.97 ++++ libxml2: - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch - Remove unneeded dependency (bsc#1209918). ++++ munin: - Use python3 as the interpreter in ipmi_sensor_ and smart_, boo#1210588 ++++ libxml2-python: - Security update: * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings isn't deterministic - Added patch libxml2-CVE-2023-29469.patch * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in xmlSchemaFixupComplexType - Added patch libxml2-CVE-2023-28484-1.patch - Added patch libxml2-CVE-2023-28484-2.patch - Remove unneeded dependency (bsc#1209918). ++++ python-urlgrabber: - Raise proper exception from urlgrab() when local file is not found (bsc#1208288) - Added: * fix-urlgrab-file-schema-comparison.patch ++++ python-pip: - add sle15_python_module_pythons (jsc#PED-68) ++++ python-setuptools: - add sle15_python_module_pythons (jsc#PED-68) ++++ shim: - Updated shim.changes to add CVE-2022-28737 number for bsc#1198458. The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737) ------------------------------------------------------------------ ------------------ 2023-4-20 - Apr 20 2023 ------------------- ------------------------------------------------------------------ ++++ enlightenment: - Comment out disable wayland, its not required. ++++ libgarcon: - Correction of license should be LGPL-2.0-only and GFDL-1.1-only * confirmed with suse legal ++++ vtk: - Disable pegtl in Leap 15.5 * Leap 15.5 do have pegtl 3.x series ++++ vtk-openmpi2: - Disable pegtl in Leap 15.5 * Leap 15.5 do have pegtl 3.x series ++++ vtk-openmpi3: - Disable pegtl in Leap 15.5 * Leap 15.5 do have pegtl 3.x series ++++ vtk-openmpi4: - Disable pegtl in Leap 15.5 * Leap 15.5 do have pegtl 3.x series ++++ openssl-ibmca: - Applies a patch (bsc#1210359) * openssl-ibmca-engine-noregister.patch - Updated the '#dynamic_path' line, as it was before, with the comment '#'. ++++ package-translations: - Update to version 89.87.20230417.43910d3: * Translated using Weblate (Czech) * Added translation using Weblate (Georgian) * Translated using Weblate (Finnish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * Added translation using Weblate (Georgian) ++++ parsec: - Update to 1.2.0: * Closed issue since 1.2.0-rc1: - Parsec 1.1 fails to build with meta-security master branch ++++ parsec-tool: - Update to 0.6.0: * Update (embedded) changelog ++++ prometheus-postgres_exporter: - Adapt the systemd service security configuration to be able to start it on RHEL systems and clones - Create the prometheus user for RHEL systems and clones ++++ redis: - Fix CVE-2023-28856, HINCRBYFLOAT invalid key crash (bsc#1210548 CVE-2023-28856) * redis-CVE-2023-28856.patch - Fix CVE-2022-36021 Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow (bsc#1208790 CVE-2022-36021) * redis-CVE-2022-36021.patch - Fix CVE-2023-25155 Integer Overflow in RAND commands can lead to assertion (bsc#1208793 CVE-2023-25155) * redis-CVE-2023-25155.patch ++++ vhba-kmp: - Add vhba-sle-kernel.diff [boo#1206169] ++++ yast2-trans: - Update to version 84.87.20230420.b54e9530: * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * Translated using Weblate (Catalan) * New POT for text domain 'storage'. * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2023-4-19 - Apr 19 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite - drop chromium-112-feed_protos.patch ++++ chromium: - Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite - drop chromium-112-feed_protos.patch ++++ dmidecode: - use-read_file-to-read-from-dump.patch: Fix an old harmless bug which would prevent root from using the --from-dump option since the latest security fixes (bsc#1210418). ++++ elfutils: - 0001-libelf-Fixup-SHF_COMPRESSED-sh_addralign-in-elf_upda.patch: make debuginfo extraction from go1.19 built binaries work again. (bsc#1203599) ++++ s390-tools: - Tailored the .spec, added a patch * s390-tools-ALP-zdev-live.patch ++++ tilix: - Leap 15.5 need appstream patch * Re-enabled 0001-Don-t-generate-appstream-meta-data-on-older-versions.patch on Leap 15.5 ++++ prometheus-postgres_exporter: - Add 0001-Update-prometheus-exporter-toolkit-to-0.7.3.patch * Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208060) - Fix _service to pull correct version ++++ sddm: - Add patch to fix delays on shutdown (boo#1210391): * 0001-Avoid-starting-a-new-session-on-exit.patch ------------------------------------------------------------------ ------------------ 2023-4-18 - Apr 18 2023 ------------------- ------------------------------------------------------------------ ++++ bugzilla: - Port jb2bz.py to python3 * Add bugzilla-py3-jb2bz.patch ++++ kernel-64kb: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-azure: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-default: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-rt: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ dtb-aarch64: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ exim: - Port eximstats-html-update.py to python3 ++++ glib2: - Update glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix regression on s390x. (bsc#1210135, glgo#GNOME/glib!2978) ++++ glib2-doc: - Update glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix regression on s390x. (bsc#1210135, glgo#GNOME/glib!2978) ++++ grub2: - Fix no prep partition error on non-PReP architectures by making the prep_loadenv module exclusive to powerpc_ieee1275 platform (bsc#1210489) * 0004-Introduce-prep_load_env-command.patch - Fix the issue of freeing an uninitialized pointer * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Rediff * 0005-export-environment-at-start-up.patch ++++ include-what-you-use: - Change fix-shebang.patch to write python3 shebangs. (boo#1210578) ++++ jack-rack: - Porting ecarack to python3 (boo#1210581) * Add jack-rack-python3-ecarack.patch ++++ jettison: - Upgrade to version 1.5.4 * Fixes: + Fixing issue 60: Infinite recursion triggered when constructing a JSONArray from a Collection (bsc#1209605, CVE-2023-1436) ++++ kernel-debug: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-source: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-source-azure: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-source-rt: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-docs: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-kvmsmall: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-obs-build: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-obs-qa: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-rt_debug: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-syms: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-syms-azure: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-syms-rt: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ kernel-zfcpdump: - ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615). - commit 92426ca - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). - commit 507557e ++++ libstorage-ng: - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.96 ++++ libyui: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-ncurses: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-ncurses-pkg: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-ncurses-rest-api: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-qt: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-qt-graph: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-qt-pkg: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-qt-rest-api: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ libyui-rest-api: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ shadow: - bsc#1210507 (CVE-2023-29383): Check for control characters - Add shadow-CVE-2023-29383.patch ++++ octave-forge-miscellaneous: - Use python3 as the script interpreter, boo#1210590 ++++ libyui-bindings: - Qt UI: Fixed loading icons from an absolute path (bsc#1210591) https://github.com/libyui/libyui/pull/94 - 4.5.1 ++++ rosegarden: - Do not change the interpreter back to /usr/bin/python in sf2rg.py since scripts-sf2rg-python3.patch changed it to /usr/bin/python3 ++++ rpmlint: - backport of usbguard dbus whitelisting (bsc#1206414) ++++ semantik: - Use python3 as the script interpreter in wscript file ++++ yast2-storage-ng: - AutoYaST: correctly import legacy values for parity_algorithm. - Partitioner: when creating an MD RAID, do not ask for the chunk side when it makes no sense. Eg. RAID1 (bsc#1205172). - 4.5.21 ------------------------------------------------------------------ ------------------ 2023-4-17 - Apr 17 2023 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Remove "--strip" in SPEC file for meson build, so that debuginfo is generated. (from mwilck) (bsc#1210536) ++++ libjxl: - Refresh 0001-Remove-LCMS-mutex.patch ++++ openSUSE-build-key: - Added 2023 opensuse container key 4096bit RSA key. - Added 2023 opensuse container key in PEM format to /usr/share/pki/containers/ for use by podman or sigstore - Remove SLE11 1024bit RSA key , and obsolete it to remove it. ++++ yast2-trans: - Update to version 84.87.20230416.972001c66e: * Translated using Weblate (Slovak) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Dutch) * Translated using Weblate (Catalan) * Translated using Weblate (Japanese) * New POT for text domain 'drbd'. * New POT for text domain 'update'. * New POT for text domain 'pkg-bindings'. * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) ------------------------------------------------------------------ ------------------ 2023-4-16 - Apr 16 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Fix Leap 15.4 build failures from default comparison operators defined outside of the class definition, a C++20 feature adding chromium-112-default-comparison-operators.patch ++++ chromium: - Fix Leap 15.4 build failures from default comparison operators defined outside of the class definition, a C++20 feature adding chromium-112-default-comparison-operators.patch ++++ clamav-database: - database refresh on 2023-04-17 (bsc#1084929) ++++ orthanc: - version 1.12.0 * Support for labels associated with patients, studies, series, and instances * Added a sample plugin bringing multitenant DICOM support through labels * Many other fixes and improvements, see NEWS ++++ python-setuptools: - update to 67.6.1: * #3865: Fixed ``_WouldIgnoreField`` warnings for ``scripts`` and ``gui_scripts``, when ``entry-points`` is not listed in dynamic. * #3875: Update code generated by ``validate-pyproject`` to use v0.12.2. * This should fix default license patterns when ``pyproject.toml`` is used. ------------------------------------------------------------------ ------------------ 2023-4-15 - Apr 15 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478) ++++ chromium: - Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478) ++++ llvm14: - Ignore test failures on Leap 15.x ppc64le. ++++ openhantek: - update to 3.3.2.2: * Various warning and other bugfixes * Full Changelog: https://github.com/OpenHantek/OpenHantek6022/compare/3.3.2.1...3.3.2.2 ++++ orthanc-dicomweb: - version 1.13 * Use Orthanc SDK 1.11.3 to avoid a crash in Stow-RS jobs. * Stow-RS now calls to the plugin flavored /instances route and now also forwards the HTTP headers from the Incoming Stow-RS request. * Added a list of "Resources" in the DicomWebStowClient Job "Content" ------------------------------------------------------------------ ------------------ 2023-4-14 - Apr 14 2023 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches fix CVE-2023-1906 [bsc#1210308], heap-based buffer overflow in ImportMultiSpectralQuantum() in MagickCore/quantum-import.c + ImageMagick-CVE-2023-1906.patch ++++ kernel-64kb: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-azure: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-default: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-rt: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ dmidecode: Security fixes (CVE-2023-30630) - dmidecode-split-table-fetching-from-decoding.patch: dmidecode: Clean up function dmi_table so that it does only one thing (bsc#1210418). - dmidecode-write-the-whole-dump-file-at-once.patch: When option - -dump-bin is used, write the whole dump file at once, instead of opening and closing the file separately for the table and then for the entry point (bsc#1210418). - dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch: Make sure that the file passed to option --dump-bin does not already exist (bsc#1210418). - ensure-dev-mem-is-a-character-device-file.patch: Add a safety check on the type of the mem device file we are asked to read from, if we are root (bsc#1210418). 3 recommended fixes from upstream: - dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a user-visible string. - dmidecode-fortify-entry-point-length-checks.patch: Ensure that the SMBIOS entry point is long enough to include all the fields we need. - dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode the last field of HPE OEM record type 237. ++++ dtb-aarch64: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ go1.19: - Build subpackage go1.1x-libstd compiled shared object libstd.so only on Tumbleweed at this time. Refs jsc#PED-1962 - Add subpackage go1.x-libstd for compiled shared object libstd.so. Refs jsc#PED-1962 * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared - Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline ++++ kernel-debug: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-source: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-source-azure: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-source-rt: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-docs: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-kvmsmall: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-obs-build: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-obs-qa: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-rt_debug: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-syms: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-syms-azure: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-syms-rt: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ kernel-zfcpdump: - Update CVE reference to patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch (git-fixes bsc#1210454 CVE-2023-2019). - commit 75fc91b - Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218 jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453 CVE-2023-2008). - commit 342d08e - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - commit 12594bd ++++ orthanc: - version 1.11.3 * cmake.diff removed (included in source) * install_cmd.diff removed (included in source) * Many improvements, for detailed log see NEWS ++++ ovmf: - Add ovmf-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch to check result of GetEfiGlobalVariable2 (CVE-2019-14560, bsc#1174246) - Add ovmf-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch for MdeModulePkg/PiSmmCore: SmmEntryPoint underflow (CVE-2021-38578) (bsc#1196741) ++++ spotify-easyrpm: - Snap package no longer includes share/doc directory. Thanks @LeoniePhiline ++++ telegram-desktop: - Commit 0d37d47eca896005eb0a645e0db461f4dafb317b breaks building with glibmm < 2.76; use DESKTOP_APP_DISABLE_DBUS_INTEGRATION on Leap 15.4 and 15.5 to work around it. ------------------------------------------------------------------ ------------------ 2023-4-13 - Apr 13 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-azure: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-default: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-rt: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ dtb-aarch64: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ go1.19: - Use gcc13 compiler for Tumbleweed. ++++ kernel-debug: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-source: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-source-azure: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-source-rt: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-docs: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-kvmsmall: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-obs-build: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-obs-qa: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-rt_debug: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-syms: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-syms-azure: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-syms-rt: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kernel-zfcpdump: - ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158). - commit bca1250 ++++ kubernetes1.24: - Update to version 1.24.13: * Release commit for Kubernetes v1.24.13 * releng/go: Update images, dependencies and version to Go 1.19.8 * wait again on pending state * cacher allow context cancellation if not ready * Drop development dependencies from test targets * apiserver cacher: don't accept requests if stopped * Clear front proxy headers after authentication is complete * Make prerelease tag optional in CI versions * Annotate CI version regexes * Drop unused regex grouping * Delete unused version regex function * kubelet: Fix fs quota monitoring on volumes * fsquota: only generate pod uuid is nil * Change where transformers are called. * Route controller should update routes with NodeIP changed When a node reboots or kubelet restarts, it is possible that its IP is changed. In this case, node route should be updated with the correct IP. In this PR, it checks if the IP in an existing route is the same as the actual one. If not, it marks it as "update" so the old route will be deleted and a new one will be created. There's a new field EnableNodeAddresses, which is a feature gate for specific cloud providers to enable after they update their cloud provider code for CreateRoute(). * client-go/cache: update Replace comment to be more clear * client-go/cache: rewrite Replace to check queue first * client-go/cache: merge ReplaceMakesDeletionsForObjectsInQueue tests * client-go/cache: fix missing delete event on replace without knownObjects * client-go/cache: fix missing delete event on replace * Bump konnectivity-client to v0.0.36 * test: demote service ClientIP affinity timeout tests from conformance ++++ snapper: - avoid stale btrfs qgroups on transactional systems (bsc#1210151) * added pr805.patch - wait for existing btrfs quota rescans to finish (bsc#1210150) * added pr790.patch ++++ wireshark: - Wireshark 3.6.13: * CVE-2023-1992: RPCoRDMA dissector crash (bsc#1210405). * CVE-2023-1993: LISP dissector large loop (bsc#1210404). * CVE-2023-1994: GQUIC dissector crash (bsc#1210403). - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.13.html ++++ python-pip: - Make calling of %{sle15modernpython} optional. ++++ shim: - Sometimes SLE shim signature be Microsoft updated before openSUSE shim signature. When submit request on IBS for updating SLE shim, the submitreq project be generated, but it always be blocked by checking the signature of openSUSE shim. It doesn't make sense checking openSUSE shim signature when building SLE shim on SLE platform, and vice versa. So the following change adds the logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse). When and only when hash mismatch and distro_id match with suffix, stop building. [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse) [#] when hash mismatch and distro_id match with suffix, stop building - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. The 86b73d1 patch added the logic that using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. - https://github.com/SUSE/shim-resources (git log --oneline) 86b73d1 Fix that bootx64.efi is not updated on Leap f2e8143 Use the long name to specify the grub2 key protector 7283012 cryptodisk: support TPM authorized policies 49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst 26c6bd5 Have grub take a snapshot of "relevant" TPM PCRs 5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot a5c5734 Introduce --no-grub-install option ------------------------------------------------------------------ ------------------ 2023-4-12 - Apr 12 2023 ------------------- ------------------------------------------------------------------ ++++ autoyast2: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) - 4.5.13 ++++ samba: - Update to 4.17.7 * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext; (bso#15315); (bsc#1209481). * CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users; (bso#15276); (bsc#1209483). * CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered; (bso#15270); (bsc#1209485). * large_ldap test is inefficient; (bso#15332). * CVE-2020-25720 [SECURITY] Create Child permission should not allow full write to all attributes (additional changes); (bso#14810). - Update to 4.17.6 * streams_xattr is creating unexpected locks on folders; (bso#15314). * Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment; (bso#10635). * Spotlight doesn't work with latest macOS Ventura; (bso#15299). * New samba-dcerpc architecture does not scale gracefully; (bso#15310). * vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat; (bso#15307). * With clustering enabled samba-bgqd can core dump due to use after free; (bso#15293). * fd_load() function implicitly closes the fd where it should not; (bso#15311). - Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808). * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172). * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210). * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226). * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236). * DFS links don't work anymore on Mac clients since 4.17; (bso#15277). * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283). * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240). * %U for include directive doesn't work for share listing (netshareenum); (bso#15243). * Shares missing from netshareenum response in samba 4.17.4; (bso#15266). * ctdb: use-after-free in run_proc; (bso#15269). * irpc_destructor may crash during shutdown; (bso#15280). * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286). * smbclient segfaults with use after free on an optimized build; (bso#15268). * smbstatus leaking files in msg.sock and msg.lock; (bso#15282). * Leak in wbcCtxPingDc2; (bso#15164). * Access based share enum does not work in Samba 4.16+; (bso#15265). * Crash during share enumeration; (bso#15267). * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271). * Avoid relying on C89 features in a few places; (bso#15281). ++++ kimageformats: - Add support for RAW image formats ++++ kubernetes1.23: - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion ++++ kubernetes1.24: - add kubernetes1.18-client-common as conflicts with kubernetes-client-bash-completion ++++ lucene++: - Add explicit build dependency on libboost_atomic-devel: Fix build with older boost version (Leap 15.5). ++++ mame: - Disabled gold and enabled 32bit and aarch64 archs with null optflags. ++++ yast2-pkg-bindings: - Pkg.TargetInitializeOptions() - added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - 4.5.2 ++++ yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) - 4.5.3 ------------------------------------------------------------------ ------------------ 2023-4-11 - Apr 11 2023 ------------------- ------------------------------------------------------------------ ++++ ComputeLibrary: - More fixes to use python3 as the python script interpreter ++++ avahi: - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ++++ avahi-glib2: - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ++++ kernel-64kb: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-azure: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-default: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-rt: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ dtb-aarch64: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ plasma5-workspace: - Recommend filelight (boo#1210331) ++++ gradle: - Added patch: * use-nio-files-createTempFile-rather-than-File-createTempFile.patch + bsc#1184807 cve-2021-29428 ++++ grub2: - Resolve some issues with OS boot failure on PPC NVMe-oF disks and made enhancements to PPC secure boot's root device discovery config (bsc#1207230) - Ensure get_devargs and get_devname functions are consistent * 0001-openfw-Ensure-get_devargs-and-get_devname-functions-.patch - Fix regex for Open Firmware device specifier with encoded commas * 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings. - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution. * 0004-Introduce-prep_load_env-command.patch - Refreshed * 0005-export-environment-at-start-up.patch ++++ haproxy: - ECO: Maint: Update haproxy to latest maintenance release for all SLE15 (jsc#PED-3821) - rebase and rename haproxy-1.6.0-sec-options.patch -> haproxy-2.4.22-sec-options.patch - remove patches covered by new release: lua54.patch 0001-BUG-MAJOR-http-htx-prevent-unbounded-loop-in-http_ma.patch 0001-BUG-MEDIUM-mux-h2-Refuse-interim-responses-with-end-.patch 0001-output-buffer-is-not-zero-initialized.path 2.0-2.5-BUG-CRITICAL-http-properly-reject-empty-http-header-.patch - Update to version 2.4.22+git0.f8e3218e2: * [RELEASE] Released version 2.4.22 * BUG/CRITICAL: http: properly reject empty http header field names * CI: github: don't warn on deprecated openssl functions on windows * BUG/MEDIUM: stconn: Schedule a shutw on shutr if data must be sent first * DOC: proxy-protocol: fix wrong byte in provided example * DOC: config: 'http-send-name-header' option may be used in default section * DOC: config: fix option spop-check proxy compatibility * BUG/MEDIUM: cache: use the correct time reference when comparing dates * BUG/MEDIUM: stick-table: do not leave entries in end of window during purge * BUG/MINOR: ssl/crt-list: warn when a line is malformated * BUG/MEDIUM: ssl: wrong eviction from the session cache tree * BUG/MINOR: fcgi-app: prevent 'use-fcgi-app' in default section * [RELEASE] Released version 2.4.21 * BUG/MINOR: sink: free the forwarding task on exit * BUILD: hpack: include global.h for the trash that is needed in debug mode * BUG/MINOR: mux-h2: add missing traces on failed headers decoding * BUG/MINOR: listener: close tiny race between resume_listener() and stopping * DOC: config: fix "Address formats" chapter syntax * BUG/MINOR: mux-fcgi: Correctly set pathinfo * DOC: config: fix aliases for protocol prefixes "udp4@" and "udp6@" * DOC: config: fix wrong section number for "protocol prefixes" * BUG/MINOR: listeners: fix suspend/resume of inherited FDs * BUG/MINOR: http-ana: make set-status also update txn->status * BUG/MINOR: http-fetch: Don't block HTTP sample fetch eval in HTTP_MSG_ERROR state * BUG/MINOR: http-ana: Report SF_FINST_R flag on error waiting the request body * BUG/MINOR: promex: Don't forget to consume the request on error * BUG/MINOR: resolvers: Wait the resolution execution for a do_resolv action * BUG/MINOR: h1-htx: Remove flags about protocol upgrade on non-101 responses * CLEANUP: htx: fix a typo in an error message of http_str_to_htx * BUG/MINOR: http: Memory leak of http redirect rules' format string * REGTEST: fix the race conditions in hmac.vtc * REGTEST: fix the race conditions in digest.vtc * REGTEST: fix the race conditions in json_query.vtc * BUG/MAJOR: buf: Fix copy of wrapping output data when a buffer is realigned * BUG/MINOR: http-fetch: Only fill txn status during prefetch if not already set * BUILD: makefile: sort the features list * BUILD: makefile: build the features list dynamically * BUG/MINOR: pool/stats: Use ullong to report total pool usage in bytes in stats * BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream flag set * BUG/MINOR: ssl: Fix memory leak of find_chain in ssl_sock_load_cert_chain * LICENSE: wurfl: clarify the dummy library license. * BUG/MEDIUM: resolvers: Use tick_first() to update the resolvers task timeout * REGTESTS: startup: check maxconn computation * REGTESTS: fix the race conditions in iff.vtc * BUG/MAJOR: fcgi: Fix uninitialized reserved bytes * DOC: promex: Add missing backend metrics * MINOR: promex: introduce haproxy_backend_agg_check_status * BUG/MINOR: promex: create haproxy_backend_agg_server_status * BUG/MEDIUM: mworker: fix segv in early failure of mworker mode with peers * BUG/MINOR: ssl: Fix potential overflow * BUG/MEDIUM: ssl: Verify error codes can exceed 63 * BUG/MINOR: resolvers: Don't wait periodic resolution on healthcheck failure * BUILD: peers: peers-t.h depends on stick-table-t.h * CI: github: change "ubuntu-latest" to "ubuntu-20.04" * BUG/MEDIIM: stconn: Flush output data before forwarding close to write side * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * [RELEASE] Released version 2.4.20 * Revert "CI: determine actual OpenSSL version dynamically" * Revert "CI: switch to the "latest" LibreSSL" * SCRIPTS: announce-release: add a link to the data plane API * DOC: config: clarify the -m dir and -m dom pattern matching methods * DOC: config: clarify the fact that "retries" is not just for connections * DOC: config: explain how default matching method for ACL works * DOC: config: mention that a single monitor-uri rule is supported * DOC: config: clarify the fact that SNI should not be used in HTTP scenarios * DOC: config: provide some configuration hints for "http-reuse" * Revert "BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action" * BUG/MINOR: mux-h1: Fix handling of 408-Request-Time-Out * BUILD: http-htx: Silent build error about a possible NULL start-line * BUG/MINOR: http-htx: Don't consider an URI as normalized after a set-uri action * BUG/MINOR: log: fix parse_log_message rfc5424 size check * BUG/MINOR: cfgparse-listen: fix ebpt_next_dup pointer dereference on proxy "from" inheritance * BUILD: listener: fix build warning on global_listener_rwlock without threads * BUG/MINOR: server/idle: at least use atomic stores when updating max_used_conns * BUILD: peers: Remove unused variables * BUG/MEDIUM: peers: messages about unkown tables not correctly ignored * BUG/MINOR: ssl: don't initialize the keylog callback when not required * BUG/MINOR: http_ana/txn: don't re-initialize txn and req var lists * BUG/MEDIUM: listener: Fix race condition when updating the global mngmt task * BUG/MINOR: pool/cli: use ullong to report total pool usage in bytes * BUG/MEDIUM: ring: fix creation of server in uninitialized ring * DOC: config: fix alphabetical ordering of global section * REG-TESTS: cache: Remove T-E header for 304-Not-Modified responses * BUG/MINOR: mux-h1: Do not send a last null chunk on body-less answers * BUG/MEDIUM: mux-fcgi: Avoid value length overflow when it doesn't fit at once * BUG/MINOR: mux-fcgi: Be sure to send empty STDING record in case of zero-copy * BUG/MINOR: resolvers: Set port before IP address when processing SRV records * BUG/MINOR: http-htx: Fix error handling during parsing http replies * BUG/MEDIUM: wdt/clock: properly handle early task hangs * CI: emit the compiler's version in the build reports * CI: switch to the "latest" LibreSSL * BUG/MINOR: ssl: ocsp structure not freed properly in case of error * BUG/MINOR: ssl: Memory leak of AUTHORITY_KEYID struct when loading issuer * CI: add monthly gcc cross compile jobs * BUG/MINOR: log: fixing bug in tcp syslog_io_handler Octet-Counting * BUG/MEDIUM: stick-table: fix a race condition when updating the expiration task * BUG/MAJOR: stick-table: don't process store-response rules for applets * DOC: management: add forgotten "show startup-logs" * BUG/MINOR: stick-table: Use server_id instead of std_t_sint in process_store_rules() * CI: SSL: temporarily stick to LibreSSL=3.5.3 * CI: SSL: use proper version generating when "latest" semantic is used * BUG/MINOR: sink: Set default connect/server timeout for implicit ring buffers * BUG/MINOR: sink: Only use backend capability for the sink proxies * BUG/MEDIUM: compression: handle rewrite errors when updating response headers * BUG/MINOR: ring: Properly parse connect timeout * BUG/MINOR: log: Preserve message facility when the log target is a ring buffer * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in workflow definition * CI: Replace the deprecated `::set-output` command by writing to $GITHUB_OUTPUT in matrix.py * BUG/MINOR: server: make sure "show servers state" hides private bits * BUG/MAJOR: stick-tables: do not try to index a server name for applets * DOC: configuration: missing 'if' in tcp-request content example * BUG/MINOR: backend: only enforce turn-around state when not redispatching * BUG/MINOR: smtpchk: SMTP Service check should gracefully close SMTP transaction * MINOR: smtpchk: Update expect rule to fully match replies to EHLO commands * BUG/MINOR: mux-h1: Account consumed output data on synchronous connection error * BUILD: http_fetch: silence an uninitiialized warning with gcc-4/5/6 at -Os * BUG/MINOR: http-fetch: Update method after a prefetch in smp_fetch_meth() * BUILD: h1: silence an initiialized warning with gcc-4.7 and -Os * BUG/MEDIUM: lua: handle stick table implicit arguments right. * BUG/MEDIUM: lua: Don't crash in hlua_lua2arg_check on failure * DOC: config: Fix pgsql-check documentation to make user param mandatory * BUG/MINOR: checks: update pgsql regex on auth packet * [RELEASE] Released version 2.4.19 * BUG/MEDIUM: resolvers: Remove aborted resolutions from query_ids tree * REGTESTS: 4be_1srv_smtpchk_httpchk_layer47errors: Return valid SMTP replies * BUG/MINOR: log: improper behavior when escaping log data * SCRIPTS: announce-release: update some URLs to https * BUILD: fd: fix a build warning on the DWCAS * BUG/MEDIUM: captures: free() an error capture out of the proxy lock * DOC: fix TOC in starter guide for subsection 3.3.8. Statistics * REGTESTS: ssl/log: test the log-forward with SSL * BUG/MEDIUM: sink: bad init sequence on tcp sink from a ring. * REGTESTS: log: test the log-forward feature * REGTESTS: healthcheckmail: Relax matching on the healthcheck log message * BUG/MINOR: stats: fixing stat shows disabled frontend status as 'OPEN' * MINOR: listener: small API change * BUG/MEDIUM: proxy: ensure pause_proxy() and resume_proxy() own PROXY_LOCK * CI: cirrus-ci: bump FreeBSD image to 13-1 * BUG/MINOR: signals/poller: ensure wakeup from signals * BUG/MINOR: signals/poller: set the poller timeout to 0 when there are signals * BUG/MINOR: task: always reset a new tasklet's call date * BUG/MINOR: h1: Support headers case adjustment for TCP proxies * BUILD: makefile: enable crypt(3) for NetBSD * BUG/MINOR: regex: Properly handle PCRE2 lib compiled without JIT support * BUG/MINOR: mux-fcgi: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h1: fix the "show fd" dest buffer for the subscriber * BUG/MINOR: mux-h2: fix the "show fd" dest buffer for the subscriber * BUG/MEDIUM: mux-h1: always use RST to kill idle connections in pools * REGTESTS: http_request_buffer: Add a barrier to not mix up log messages * BUG/MEDIUM: mux-h1: do not refrain from signaling errors after end of input * BUG/MINOR: tcpcheck: Disable QUICKACK for default tcp-check (with no rule) * BUG/MINOR: hlua: Rely on CF_EOI to detect end of message in HTTP applets * BUG/MEDIUM: peers: Don't start resync on reload if local peer is not up-to-date * BUG/MEDIUM: peers: Don't use resync timer when local resync is in progress * BUG/MEDIUM: peers: Add connect and server timeut to peers proxy * BUG/MEDIUM: spoe: Properly update streams waiting for a ACK in async mode * DOC: configuration: do-resolve doesn't work with a port in the string * REGTESTS: Fix prometheus script to perform HTTP health-checks * BUG/MINOR: tcpcheck: Disable QUICKACK only if data should be sent after connect * BUG/MINOR: resolvers: return the correct value in resolvers_finalize_config() * BUG/MAJOR: mworker: fix infinite loop on master with no proxies. * BUG/MAJOR: log-forward: Fix log-forward proxies not fully initialized * BUG/MEDIUM: mux-h2: do not fiddle with ->dsi to indicate demux is idle * BUG/MEDIUM: http-ana: fix crash or wrong header deletion by http-restrict-req-hdr-names * BUILD: http: silence an uninitialized warning affecting gcc-5 * BUG/MEDIUM: ring: fix too lax 'size' parser * BUILD: debug: silence warning on gcc-5 * BUG/MEDIUM: task: relax one thread consistency check in task_unlink_wq() * BUG/MEDIUM: poller: use fd_delete() to release the poller pipes * BUILD: cfgparse: always defined _GNU_SOURCE for sched.h and crypt.h * BUG/MINOR: sink: fix a race condition between the writer and the reader * BUG/MINOR: ring/cli: fix a race condition between the writer and the reader * BUG/MEDIUM: proxy: Perform a custom copy for default server settings * REORG: server: Export srv_settings_cpy() function * MINOR: server: Constify source server to copy its settings * BUG/MEDIUM: dns: Properly initialize new DNS session * BUG/MINOR: peers: Use right channel flag to consider the peer as connected * BUG/MEDIUM: peers: limit reconnect attempts of the old process on reload * MINOR: peers: Use a dedicated reconnect timeout when stopping the local peer * BUG/MEDIUM: pattern: only visit equivalent nodes when skipping versions * MINOR: ebtree: add ebmb_lookup_shorter() to pursue lookups * MINOR: http-htx: Use new HTTP functions for the scheme based normalization * BUG/MEDIUM: h1: Improve authority validation for CONNCET request * MINOR: http: Add function to detect default port * MINOR: http: Add function to get port part of a host * BUG/MEDIUM: mworker: use default maxconn in wait mode * [RELEASE] Released version 2.4.18 * BUG/MINOR: sockpair: wrong return value for fd_send_uxst() * BUG/MINOR: backend: Fallback on RR algo if balance on source is impossible * BUILD: add detection for unsupported compiler models * BUG/MEDIUM: mworker: proc_self incorrectly set crashes upon reload * REGTESTS: Fix some scripts to be compatible with 2.4 and prior * BUG/MINOR: tools: fix statistical_prng_range()'s output range * BUG/MEDIUM: tools: avoid calling dlsym() in static builds (try 2) * BUILD: makefile: Fix install(1) handling for OpenBSD/NetBSD/Solaris/AIX * BUG/MEDIUM: tools: avoid calling dlsym() in static builds * MEDIUM: mworker: set the iocb of the socketpair without using fd_insert() * BUG/MEDIUM: mux-h1: Handle connection error after a synchronous send * BUG/MEDIUM: http-ana: Don't wait to have an empty buf to switch in TUNNEL state * BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer * REGTEESTS: filters: Fix CONNECT request in random-forwarding script * BUG/MEDIUM: http-fetch: Don't fetch the method if there is no stream * BUG/MINOR: http-htx: Fix scheme based normalization for URIs wih userinfo * BUG/MINOR: peers: fix possible NULL dereferences at config parsing * BUG/MINOR: http-act: Properly generate 103 responses when several rules are used * BUG/MINOR: http-check: Preserve headers if not redefined by an implicit rule * BUG/MINOR: peers/config: always fill the bind_conf's argument * MINOR: fd: Add BUG_ON checks on fd_insert() * CI: re-enable gcc asan builds * BUILD: Makefile: Add Lua 5.4 autodetect * BUG/MEDIUM: ssl/fd: unexpected fd close using async engine * MINOR: fd: add a new FD_DISOWN flag to prevent from closing a deleted FD * BUG/MINOR: http-fetch: Use integer value when possible in "method" sample fetch * BUG/MINOR: http-ana: Set method to HTTP_METH_OTHER when an HTTP txn is created * BUG/MINOR: ssl: Do not look for key in extra files if already in pem * MEDIUM: mux-h2: try to coalesce outgoing WINDOW_UPDATE frames * BUG/MEDIUM: ssl/cli: crash when crt inserted into a crt-list * BUG/MINOR: tcp-rules: Make action call final on read error and delay expiration * BUG/MINOR: cli/stats: add missing trailing LF after "show info json" * BUG/MINOR: server: do not enable DNS resolution on disabled proxies * BUG/MINOR: cli/stats: add missing trailing LF after JSON outputs * REGTESTS: healthcheckmail: Relax health-check failure condition * REGTESTS: healthcheckmail: Update the test to be functionnal again * BUG/MINOR: checks: Properly handle email alerts in trace messages * BUG/MINOR: trace: Test server existence for health-checks to get proxy * BUG/MEDIUM: mailers: Set the object type for check attached to an email alert * BUILD: compiler: implement unreachable for older compilers too * REGTESTS: restrict_req_hdr_names: Extend supported versions * REGTESTS: http_abortonclose: Extend supported versions * BUG/MINOR: ssl_ckch: Fix possible uninitialized value in show_cert I/O handler * BUG/MINOR: ssl_ckch: Dump cert transaction only once if show command yield * REGTESTS: http_request_buffer: Increase client timeout to wait "slow" clients * REGTESTS: abortonclose: Add a barrier to not mix up log messages * MEDIUM: http-ana: Always report rewrite failures as PRXCOND in logs * BUG/MEDIUM: ssl/crt-list: Rework 'add ssl crt-list' to handle full buffer cases * BUG/MEDIUM: ssl_ckch: Rework 'commit ssl cert' to handle full buffer cases * BUG/MINOR: ssl_ckch: Don't duplicate path when replacing a cert entry * BUG/MEDIUM: ssl_ckch: Don't delete a cert entry if it is being modified * BUG/MINOR: ssl_ckch: Free error msg if commit changes on a cert entry fails * DOC: intro: adjust the numbering of paragrams to keep the output ordered * DOC: peers: fix port number and addresses on new peers section format * DOC: peers: clarify when entry expiration date is renewed. * DOC: peers: indicate that some server settings are not usable * SCRIPTS: make publish-release try to launch make-releases-json * SCRIPTS: add make-releases-json to recreate a releases.json file in download dirs * REGTESTS: Do not use REQUIRE_VERSION for HAProxy 2.5+ (2) * BUG/MEDIUM: sample: Fix adjusting size in word converter * BUG/MEDIUM: peers: prevent unitialized multiple listeners on peers section * BUG/MEDIUM: peers: fix segfault using multiple bind on peers sections * BUG/MEDIUM: resolvers: Don't defer resolutions release in deinit function * BUG/MEDIUM: http: Properly reject non-HTTP/1.x protocols * BUG/MEDIUM: tools: Fix `inet_ntop` usage in sa2str * CI: determine actual OpenSSL version dynamically * BUILD/MINOR: cpuset fix build for FreeBSD 13.1 * BUG/MINOR: peers: fix error reporting of "bind" lines * BUG/MINOR: cfgparse: abort earlier in case of allocation error * BUG/MINOR: check: Reinit the buffer wait list at the end of a check * BUG/MEDIUM: config: Reset outline buffer size on realloc error in readcfgfile() * REGTESTS: abortonclose: Fix some race conditions * BUG/MINOR: ssl: Fix crash when no private key is found in pem * MINOR: tools: add get_exec_path implementation for solaris based systems. * BUILD: fix build warning on solaris based systems with __maybe_unused. * MEDIUM: http-ana: Add a proxy option to restrict chars in request header names * CI: determine actual LibreSSL version dynamically * [RELEASE] Released version 2.4.17 * CLEANUP: mux-h1: Fix comments and error messages for global options * BUG/MEDIUM: wdt: don't trigger the watchdog when p is unitialized * BUG/MINOR: conn_stream: do not confirm a connection from the frontend path * BUG/MINOR: server: Make SRV_STATE_LINE_MAXLEN value from 512 to 2kB (2000 bytes). * DOC: install: update gcc version requirements * BUG/MEDIUM: ssl: fix the gcc-12 broken fix :-( * BUILD: listener: shut report of possible null-deref in listener_accept() * BUILD: debug: work around gcc-12 excessive -Warray-bounds warnings * BUILD: ssl: work around bogus warning in gcc 12's -Wformat-truncation * CI: dynamically determine actual version of h2spec * DOC: fix typo "ant" for "and" in INSTALL * BUG/MINOR: map/cli: make sure patterns don't vanish under "show map"'s init * BUG/MINOR: map/cli: protect the backref list during "show map" errors * BUG/MEDIUM: cli: make "show cli sockets" really yield * BUG/MEDIUM: resolvers: make "show resolvers" properly yield * BUG/MINOR: tcp/http: release the expr of set-{src,dst}[-port] * DOC: config: Update doc for PR/PH session states to warn about rewrite failures * MINOR: mux-h2: report a trace event when failing to create a new stream * BUG/MINOR: mux-h2: mark the stream as open before processing it not after * BUG/MAJOR: dns: multi-thread concurrency issue on UDP socket * BUG/MEDIUM: mux-h1: Be able to handle trailers when C-L header was specified * BUG/MEDIUM: mux-fcgi: Be sure to never set EOM flag on an empty HTX message * SCRIPTS: announce-release: add URL of dev packages * CI: github actions: update LibreSSL to 3.5.2 * [RELEASE] Released version 2.4.16 * BUILD: opentracing: Fix OT build due to misuse of var_clear() * BUILD: proto_uxst: do not set unused flag * BUILD: sockpair: do not set unused flag * BUILD: fd: remove unused variable totlen in fd_write_frag_line() * CLEANUP: acl: Remove unused variable when releasing an acl expression * BUG/MINOR: pools: make sure to also destroy shared pools in pool_destroy_all() * BUG/MINOR: resolvers: Fix memory leak in resolvers_deinit() * BUILD: compiler: properly distinguish weak and global symbols * REGTESTS: fix the race conditions in be2dec.vtc ad field.vtc * MEDIUM: queue: use tasklet_instant_wakeup() to wake tasks * MINOR: task: add a new task_instant_wakeup() function * BUG/MINOR: rules: Fix check_capture() function to use the right rule arguments * DOC: remove my name from the config doc * BUG/MAJOR: connection: Never remove connection from idle lists outside the lock * BUG/MINOR: cache: Disable cache if applet creation fails * SCRIPTS: announce-release: add shortened links to pending issues * DOC: lua: update a few doc URLs * SCRIPTS: announce-release: update the doc's URL * BUG/MEDIUM: compression: Don't forget to update htx_sl and http_msg flags * BUG/MEDIUM: fcgi-app: Use http_msg flags to know if C-L header can be added * BUG/MEDIUM: stream: do not abort connection setup too early * BUILD: compiler: use a more portable set of asm(".weak") statements * BUILD: sched: workaround crazy and dangerous warning in Clang 14 * BUG/MEDIUM: mux-h1: Don't request more room on partial trailers * BUG/MINOR: mux-h2: use timeout http-request as a fallback for http-keep-alive * BUG/MINOR: mux-h2: do not use timeout http-keep-alive on backend side * BUILD: debug: mark the __start_mem_stats/__stop_mem_stats symbols as weak * BUG/MINOR: cache: do not display expired entries in "show cache" * BUG/MINOR: mux-h2: do not send GOAWAY if SETTINGS were not sent * CI: cirrus: switch to FreeBSD-13.0 * CI: Update to actions/cache@v3 * CI: Update to actions/checkout@v3 * DEBUG: opentracing: show return values of all functions in the debug output * CLEANUP: opentracing: added variable to store variable length * CLEANUP: opentracing: added flt_ot_smp_init() function * CLEANUP: opentracing: removed unused function flt_ot_var_get() * CLEANUP: opentracing: removed unused function flt_ot_var_unset() * DOC: opentracing: corrected comments in function descriptions * EXAMPLES: opentracing: refined shell scripts for testing filter performance * BUG/MINOR: opentracing: setting the return value in function flt_ot_var_set() * BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid * BUG/MEDIUM: http-conv: Fix url_enc() to not crush const samples * BUG/MEDIUM: mux-h1: Set outgoing message to DONE when payload length is reached * BUG/MEDIUM: promex: Be sure to never set EOM flag on an empty HTX message * BUG/MEDIUM: hlua: Don't set EOM flag on an empty HTX message in HTTP applet * BUG/MEDIUM: stats: Be sure to never set EOM flag on an empty HTX message * BUG/MINOR: fcgi-app: Don't add C-L header on response to HEAD requests * CI: github actions: update OpenSSL to 3.0.2 * BUG/MAJOR: mux_pt: always report the connection error to the conn_stream * BUG/MINOR: cli/stream: fix "shutdown session" to iterate over all threads * BUG/MINOR: samples: add missing context names for sample fetch functions * DOC: reflect H2 timeout changes * BUG/MEDIUM: mux-h2: make use of http-request and keep-alive timeouts * MEDIUM: mux-h2: slightly relax timeout management rules * BUG/MEDIUM: stream-int: do not rely on the connection error once established * BUG/MEDIUM: mux-h1: Properly detect full buffer cases during message parsing * BUG/MEDIUM: mux-fcgi: Properly handle return value of headers/trailers parsing * BUG/MINOR: tools: url2sa reads too far when no port nor path * DOC: config: Explictly add supported MQTT versions * MEDIUM: mqtt: support mqtt_is_valid and mqtt_field_value converters for MQTTv3.1 * BUG/MEDIUM: trace: avoid race condition when retrieving session from conn->owner * BUG/MEDIUM: mux-h1: only turn CO_FL_ERROR to CS_FL_ERROR with empty ibuf * CI: github actions: switch to LibreSSL-3.5.1 * BUG/MINOR: server/ssl: free the SNI sample expression * BUG/MINOR: tools: fix url2sa return value with IPv4 * [RELEASE] Released version 2.4.15 * BUILD: tree-wide: mark a few numeric constants as explicitly long long * DOC: Fix usage/examples of deprecated ACLs * BUG/MINOR: stream: make the call_rate only count the no-progress calls * BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd() * BUG/MAJOR: mux-pt: Always destroy the backend connection on detach * DEBUG: stream: Fix stream trace message to print response buffer state * DEBUG: stream: Add the missing descriptions for stream trace events * BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse processing * DEBUG: cache: Update underlying buffer when loading HTX message in cache applet * BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request * BUG/MINOR: cli: shows correct mode in "show sess" * BUG/MINOR: add missing modes in proxy_mode_str() * BUILD: pools: fix backport of no-memory-trimming on non-linux OS * MINOR: pools: add a new global option "no-memory-trimming" * BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed * BUG/MINOR: pool: always align pool_heads to 64 bytes * REGTESTS: fix the race conditions in secure_memcmp.vtc * REGTESTS: fix the race conditions in normalize_uri.vtc * BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks() * CI: github actions: use cache for SSL libs * CI: github actions: use cache for OpenTracing * CI: github actions: add OpenTracing builds * CI: github actions: add the output of $CC -dM -E- * [RELEASE] Released version 2.4.14 * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails * CI: github: enable pool debugging by default * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy() * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message * BUG/MINOR: tools: url2sa reads ipv4 too far * BUG/MINOR: mailers: negotiate SMTP, not ESMTP * CI: github actions: update OpenSSL to 3.0.1 * CI: github: switch to OpenSSL 3.0.0 * CI: github actions: relax OpenSSL-3.0.0 version comparision * CI: github actions: -Wno-deprecated-declarations with OpenSSL 3.0.0 * CI: github actions: add OpenSSL-3.0.0 builds * BUILD: adopt script/build-ssl.sh for OpenSSL-3.0.0beta2 * BUILD: fix compilation for OpenSSL-3.0.0-alpha17 * CI: ssl: keep the old method for ancient OpenSSL versions * CI: ssl: do not needlessly build the OpenSSL docs * CI: ssl: enable parallel builds for OpenSSL on Linux * BUG/MAJOR: compiler: relax alignment constraints on certain structures * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names * BUG/MINOR: sink: Use the right field in appctx context in release callback * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload * BUG/MEDIUM: mworker: close unused transferred FDs on load failure * MINOR: sock: move the unused socket cleaning code into its own function * [RELEASE] Released version 2.4.13 * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change * REGTESTS: peers: leave a bit more time to peers to synchronize * BUG/MAJOR: spoe: properly detach all agents when releasing the applet * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies * BUG/MEDIUM: listener: read-lock the listener during accept() * MINOR: listener: replace the listener's spinlock with an rwlock * BUG/MINOR: mworker: does not erase the pidfile upon reload * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks * DEBUG: pools: replace the link pointer with the caller's address on pool_free() * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool * DEBUG: pools: add extra sanity checks when picking objects from a local cache * BUG/MINOR: pools: always flush pools about to be destroyed * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY * BUILD: debug/cli: condition test of O_ASYNC to its existence * DEBUG: cli: add a new "debug dev fd" expert command * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them * BUG/MEDIUM: mcli: do not try to parse empty buffers * BUG/MEDIUM: cli: Never wait for more data on client shutdown * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands * MINOR: channel: add new function co_getdelim() to support multiple delimiters * MEDIUM: cli: yield between each pipelined command * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl * BUILD/MINOR: fix solaris build with clang. * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer * BUG/MEDIUM: connection: properly leave stopping list on error * [RELEASE] Released version 2.4.12 * BUG/MAJOR: mux-h1: Don't decrement .curr_len for unsent data * BUG/MEDIUM: mworker: don't use _getsocks in wait mode * [RELEASE] Released version 2.4.11 * BUG/MEDIUM: http-ana: Preserve response's FLT_END analyser on L7 retry * BUG/MINOR: cli: fix _getsocks with musl libc * BUILD/MINOR: tools: solaris build fix on dladdr. * BUILD/MINOR: cpuset FreeBSD 14 build fix. * BUG/MEDIUM: ssl: free the ckch instance linked to a server * BUG/MINOR: ssl: free the fields in srv->ssl_ctx * MINOR: debug: add support for -dL to dump library names at boot * MINOR: debug: add ability to dump loaded shared libraries * MINOR: compat: detect support for dl_iterate_phdr() * BUG/MINOR: mux-h1: Fix splicing for messages with unknown length * BUG/MEDIUM: mux-h1: Fix splicing by properly detecting end of message * BUILD: makefile: add -Wno-atomic-alignment to work around clang abusive warning * MINOR: proxy: add option idle-close-on-response * REGTESTS: ssl: fix ssl_default_server.vtc * BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server * DOC: fix misspelled keyword "resolve_retries" in resolvers * BUILD: ssl: unbreak the build with newer libressl * BUILD: cli: clear a maybe-unused warning on some older compilers * BUG/MINOR: pools: don't mark ourselves as harmless in DEBUG_UAF mode * BUG/MEDIUM: backend: fix possible sockaddr leak on redispatch * [RELEASE] Released version 2.4.10 * BUG/MINOR: backend: restore the SF_SRV_REUSED flag original purpose * BUG/MINOR: backend: do not set sni on connection reuse * MINOR: pools: work around possibly slow malloc_trim() during gc * BUG/MEDIUM: mworker/cli: crash when trying to access an old PID in prompt mode * DOC: config: retry-on list is space-delimited * DOC: config: Specify %Ta is only available in HTTP mode * DOC: spoe: Clarify use of the event directive in spoe-message section * BUG/MINOR: cli/server: Don't crash when a server is added with a custom id * IMPORT: slz: use the correct CRC32 instruction when running in 32-bit mode * BUILD: tree-wide: avoid warnings caused by redundant checks of obj_types * MINOR: cli: "show version" displays the current process version * CI: Github Actions: temporarily disable BoringSSL builds * BUILD: bug: Fix error when compiling with -DDEBUG_STRICT_NOCRASH * MINOR: mux-h1: Improve H1 traces by adding info about http parsers * BUG/MAJOR: segfault using multiple log forward sections. * BUG/MEDIUM: resolvers: Detach query item on response error * BUG/MINOR: server: Don't rely on last default-server to init server SSL context * BUG/MEDIUM: cli: Properly set stream analyzers to process one command at a time * BUILD/MINOR: server: fix compilation without SSL * [RELEASE] Released version 2.4.9 * BUG/MINOR: cache: Fix loop on cache entries in "show cache" * MINOR: promex: backend aggregated server check status * MINOR: server: add ws keyword * MEDIUM: server/backend: implement websocket protocol selection * MINOR: connection: add alternative mux_ops param for conn_install_mux_be * MINOR: connection: implement function to update ALPN * MINOR: stream/mux: implement websocket stream flag * BUG/MINOR: ssl: make SSL counters atomic * MINOR: shctx: add a few BUG_ON() for consistency checks * BUG/MINOR: shctx: do not look for available blocks when the first one is enough * BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found * BUG/MEDIUM: cache/cli: make "show cache" thread-safe * BUG/MEDIUM: mux-h2: always process a pending shut read * BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found * CLEANUP: ssl: fix wrong #else commentary * BUG/MINOR: ssl: free correctly the sni in the backend SSL cache * BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3 * BUILD: makefile: simplify detection of libatomic * BUG/MEDIUM: mux-h1: Handle delayed silent shut in h1_process() to release H1C * BUG/MINOR: stick-table/cli: Check for invalid ipv6 key * BUG/MEDIUM: connection: make cs_shutr/cs_shutw//cs_close() idempotent * BUG/MINOR: mux-h2: Fix H2_CF_DEM_SHORT_READ value * BUG/MINOR: mworker: doesn't launch the program postparser * BUG/MEDIUM: conn-stream: Don't reset CS flags on close * MINOR: mux-h1: Slightly Improve H1 traces * DOC: lua: Be explicit with the Reply object limits * Revert "BUG/MINOR: http-ana: Don't eval front after-response rules if stopped on back" * BUG/MINOR: http-ana: Apply stop to the current section for http-response rules * DOC: config: Fix typo in ssl_fc_unique_id description * BUG/MINOR: cache: properly ignore unparsable max-age in quotes * BUG/MINOR: resolvers: throw log message if trash not large enough for query * BUG/MINOR: resolvers: fix sent messages were counted twice * BUG/MEDIUM: mux-h2: reject upgrade if no RFC8441 support * MINOR: mux-h2: add trace on extended connect usage * MINOR: mux-h2: perform a full cycle shutdown+drain on close * MINOR: connection: add a new CO_FL_WANT_DRAIN flag to force drain on close ++++ hwloc: - Backported patch to fix crash of slurmctld when using pmix: core-levelzero-Set-ZES_ENABLE_SYSMAN-via-setenv-instead-of-putenv.patch Crash occurs when reading environment. See also: https://bugs.schedmd.com/show_bug.cgi?id=14276. (bsc#1210227). ++++ kernel-debug: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-source: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-source-azure: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-source-rt: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-docs: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-kvmsmall: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-obs-build: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-obs-qa: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-rt_debug: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-syms: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-syms-azure: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-syms-rt: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kernel-zfcpdump: - Fix a compile warning in the previous nouveau patch (bsc#1208209) Refreshed: patches.suse/drm-nouveau-blacklist-Turing-and-Ampere-models-as-default.patch - commit b2a56d6 - tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes, bsc#1209841). - commit b44ae5f ++++ kwin5: - Add patch to fix monitor settings issue on amdgpu (kde#468235): * 0001-backends-drm-set-the-scaling-mode-to-none.patch ++++ avahi-qt5: - Add avahi-CVE-2023-1981.patch: emit error if requested service is not found (boo#1210328 CVE-2023-1981). ++++ protobuf-c: - ec3d9000.patch: fixes unsigned integer overflow (bsc#1210323, CVE-2022-48468) ++++ python-mailman: - Add fix-tests.patch to skip test_as_string_python_bug_27321, the bug is fixed now in the current SUSE python3 package. boo#1210180 gh#python/cpython@72ce82abcf90 ++++ yast2-storage-ng: - Adjusted detection of Dell BOSS devices (bsc#1200975). - Partitioner: improved column Type for disks (bsc#1200975). - 4.5.20 ------------------------------------------------------------------ ------------------ 2023-4-10 - Apr 10 2023 ------------------- ------------------------------------------------------------------ ++++ ckb-next: - Add fix_buffer_overflow_FORTIFY_SOURCE.patch (see gh#ckb-next/ckb-next/issues#940) ++++ dpdk22: - Rename name_tag to package_name_tag to avoid conflict with name_tag used multibuild ++++ dpdk22-thunderx: - Rename name_tag to package_name_tag to avoid conflict with name_tag used multibuild ++++ ghc-bootstrap: - Use llvm13 instead of llvm(15) which is not supported - boo#1210245 ++++ ghc-bootstrap: - Use llvm13 instead of llvm(15) which is not supported - boo#1210245 ++++ guake: - Add Requires: python3-importlib-metadata [boo#1206349]. - Add guake-arbitrary-execution-via-dbus.patch: Fix arbitrary execution via dbus security flaw (boo#1197256). ++++ mame: - Dropped files mame-rpmlintrc mame.png mess.png mame-mess.appdata.xml mame.appdata.xml. - Added files mame.svg and mame-ppc64le.patch (fix build ppc, ppc64 and ppc64le archs). - Changed optflags macro flag -g to -g1 for all archs (boo#1210115). - Fixed build on Leap 15.4 and Leap 15.5 via gcc11 (boo#1210115). - Fixed incorrect cfg diroctory path (boo#1184490). - Updated to 0.253 * Dropped file _multibuild, mess subpackage and 32bit archs (ld oom with optflags). * Changed files _constraints mame-bgfx.patch. * Switched to built-in lua (requires Lua compiled as C++). * https://mametesters.org/changelog_page.php ++++ python-Mathics: - Use %python_version instead of %py_ver [boo#1210181]. ++++ python-statsmodels: - Disable slow tests and broken tests gh#statsmodels/statsmodels#7911, boo#1210183 ++++ telegram-desktop: - Upgrade to 4.7.1: * Fix calls on Linux - Upgrade from 4.6.5 to 4.7.0: * You can disable all resource-intensive animations and animated stickers and emoji. * Fully flexible playback speed settings for videos, voice and video messages. * Fix several possible crashes. - Update tg_owt-master.zip ++++ yast2-trans: - Update to version 84.87.20230408.14f26575c7: * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Georgian) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Slovak) * Translated using Weblate (Catalan) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'snapper'. * Translated using Weblate (Czech) * Translated using Weblate (Dutch) * Translated using Weblate (Japanese) * New POT for text domain 'storage'. * New POT for text domain 'country'. * New POT for text domain 'cluster'. * New POT for text domain 'base'. ------------------------------------------------------------------ ------------------ 2023-4-9 - Apr 9 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-04-10 (bsc#1084929) ++++ rosegarden: - Remove broken service and build Leap the same way as Tumbleweed. - Download from chief developer's git hub site. - Update to version 22.12.1: * The Rosegarden team is proud to announce the release of version 22.12 of Rosegarden, a MIDI sequencer that features a rich understanding of music notation along with basic support for digital audio. * Fix a crash caused by static initialization/link order. Bug #1647. [fa6eea8] ------------------------------------------------------------------ ------------------ 2023-4-8 - Apr 8 2023 ------------------- ------------------------------------------------------------------ ++++ breeze-gtk: - Add patch to fix oversized titlebuttons in GTK3 apps (kde#468203) * 0001-gtk3-restore-old-icon-size-for-titlebutton.patch ++++ manpages-l10n: - Update to version 4.18.1: Updated and added many translations. ------------------------------------------------------------------ ------------------ 2023-4-7 - Apr 7 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Revert a breaking change with chromium-112-feed_protos.patch ++++ chromium: - Revert a breaking change with chromium-112-feed_protos.patch ++++ gnuhealth: - version 4.2.1 * Fix bug TypeError: unsupported operand type(s) for &=: 'bool' and 'GreaterEqual' * Fix bug #63871: Imaging Result Report: genshitemplateevalUndefinedError: None has no member named 'rec_name' * Fix bug #64009: Include signing health professional and avoid scrolling in patient evaluation * Fix bug #64014: Update gender identity in patient evaluations and reports ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with fixes to PBKDF2 parameter validation. ++++ qt5platform-plugins: - Fix build with Qt 5.15.8+kde185 ++++ tomcat: - Fixed CVEs: * CVE-2022-45143: JsonErrorReportValve: add escape for type, message or description (bsc#1206840) - Added patches: * tomcat-9.0.43-CVE-2022-45143.patch ++++ trytond: - Version 6.0.30 - Bugfix Release ++++ trytond_account_invoice: - Version 6.0.10 - Bugfix Release ++++ trytond_product: - Version 6.0.4 - Bugfix Release ------------------------------------------------------------------ ------------------ 2023-4-6 - Apr 6 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 102.10.0 ESR * Fixed: Various security fixes. MFSA 2023-14 (bsc#1210212) * CVE-2023-29531 (bmo#1794292) Out-of-bound memory access in WebGL on macOS * CVE-2023-29532 (bmo#1806394) Mozilla Maintenance Service Write-lock bypass * CVE-2023-29533 (bmo#1798219, bmo#1814597) Fullscreen notification obscured * CVE-2023-1999 (bmo#1819244) Double-free in libwebp * CVE-2023-29535 (bmo#1820543) Potential Memory Corruption following Garbage Collector compaction * CVE-2023-29536 (bmo#1821959) Invalid free from JavaScript code * CVE-2023-29539 (bmo#1784348) Content-Disposition filename truncation leads to Reflected File Download * CVE-2023-29541 (bmo#1810191) Files with malicious extensions could have been downloaded unsafely on Linux * CVE-2023-29542 (bmo#1810793, bmo#1815062) Bypass of file download extension restrictions * CVE-2023-29545 (bmo#1823077) Windows Save As dialog resolved environment variables * CVE-2023-1945 (bmo#1777588) Memory Corruption in Safe Browsing Code * CVE-2023-29548 (bmo#1822754) Incorrect optimization result on ARM64 * CVE-2023-29550 (bmo#1720594, bmo#1751945, bmo#1812498, bmo#1814217, bmo#1818357, bmo#1818762, bmo#1819493, bmo#1820389, bmo#1820602, bmo#1821448, bmo#1822413, bmo#1824828) Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 ++++ kernel-64kb: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-azure: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-default: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-rt: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ dtb-aarch64: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ grub2: - Fix installation over serial console ends up in infinite boot loop (bsc#1187810) (bsc#1209667) (bsc#1209372) * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch ++++ helix: - Remove HELIX_DISABLE_AUTO_GRAMMAR_BUILD. - Remove sed command to modify HELIX_RUNTIME - Update to version 22.03 * Breaking changes: - Select diagnostic range in goto_*_diag commands - Remove jump behavior from increment/decrement - Select change range in goto_*_change commands - Split file modification indicator from filename statusline elements - Jump to symbol ranges in LSP goto commands - Workspace detection now stops at the first .helix/ directory (merging multiple .helix/languages.toml configurations is no longer supported) * Features: - Dynamic workspace symbol picker - Soft-wrap - Initial support for LSP snippet completions - Add a statusline element for showing the current version control HEAD - Display LSP type hints - Enable the Kitty keyboard protocol on terminals with support - Add a statusline element for the basename of the current file - Add substring matching syntax for the picker - Support LSP textDocument/prepareRename - Allow multiple runtime directories with priorities - Allow configuring whether to insert or replace completions - Allow per-workspace config file .helix/config.toml - Add workspace-lsp-roots config option to support multiple LSP roots for use with monorepos * Commands: - :pipe-to which pipes selections into a shell command and ignores output - merge_consecutive_selections (A-_) combines all consecutive selections - rotate_view_reverse which focuses the previous view - goto_declaration (gD, requires LSP) which jumps to a symbol's declaration - file_picker_in_current_buffer_directory - :character-info which shows information about the character under the cursor - :toggle-option for toggling config options at runtime - dap_restart for restarting a debug session in DAP - :lsp-stop to stop the language server of the current buffer - :reset-diff-change for resetting a diff hunk to its original text - :config-open-workspace for opening the config file local to the current workspace * Fixes: - Fix behavior of auto-completion flag for completion-on-trigger - Reset editor mode when changing buffers - Respect scrolloff settings in mouse movements - Avoid trailing s when only one file is opened - Fix erroneous indent between closers of auto-pairs - Expand ~ when parsing file paths in :open - Fix theme inheritance for default themes - Fix extend_line with a count when the current line(s) are selected - Prompt: Fix autocompletion for paths containing periods - Skip serializing JSONRPC params if params is null - Fix interaction with the xclip clipboard provider - Fix undo/redo execution from the command palette - Fix highlighting of non-block cursors - Fix panic when nooping in join_selections and join_selections_space - Fix selecting a changed file in global search - Fix initial syntax highlight layer sort order - Fix UTF-8 length handling for shellwords - Remove C-j and C-k bindings from the completion menu - Always commit to history when pasting - Properly handle LSP position encoding - Fix infinite loop in copy_selection_on_prev_line - Fix completion popup positioning - Fix a panic when uncommenting a line with only a comment token - Fix panic in goto_window_center at EOF - Ignore invalid file URIs sent by a language server - Decode LSP URIs for the workspace diagnostics picker - Fix incorrect usages of tab_width with indent_width - DAP: Send Disconnect if the Terminated event is received - DAP: Validate key and index exist when requesting variables - Check LSP renaming support before prompting for rename text - Fix indent guide rendering - Fix division by zero panic - Fix lacking space panic - Send error replies for malformed and unhandled LSP requests - Fix table column calculations for dynamic pickers - Skip adding jumplist entries for : line number previews - Fix completion race conditions - Fix shrink_selection with multiple cursors - Fix indentation calculation for lines with mixed tabs/spaces - No-op client/registerCapability LSP requests - Send the STOP signal to all processes in the process group - Fix workspace edit client capabilities declaration (7bf168d) - Fix highlighting in picker results with multiple columns - Canonicalize paths before stripping the current dir as a prefix - Fix truncation behavior for long path names in the file picker - Fix theme reloading behavior in :config-reload (ab819d8) * More information at https://github.com/helix-editor/helix/blob/master/CHANGELOG.md#2303-2023-03-31 - Remove helix-runtime-path.patch - Fix SPDX license names ++++ kernel-debug: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-source: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-source-azure: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-source-rt: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-docs: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-kvmsmall: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-obs-build: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-obs-qa: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-rt_debug: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-syms: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-syms-azure: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-syms-rt: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ kernel-zfcpdump: - supported.conf: Move ns to kernel-*-extra (bsc#1209965) - commit 54d8531 ++++ python-social-auth-core: - Update to 4.0.3: * Updated PyJWT version to 2.0.0 (bsc#1210182) * Remove six dependency * PayPal backend * Fence OIDC-based backend * Dropped Python 2 support from testing stack * Remove discontinued Google OpenId backend * Remove discontinued Yahoo OpenId backend * Fix jwt.decode() passed algorithm * Update Facebook Graph API to 8.0 * Update Amazon fetch-profile URL * Fix Azure AD Tenant, unable to load certificate * Fix Okta well-known URL * Updated Discord's API hostname from discordapp.com to discor - Refresh patch remove-unittest2.patch - Stop shipping saml_config.json, it's now included upstream. ------------------------------------------------------------------ ------------------ 2023-4-5 - Apr 5 2023 ------------------- ------------------------------------------------------------------ ++++ ComputeLibrary: - Update fix-gcc13-fallout.patch with upstream version ++++ aws-cli: - Update in SLE-15 (bsc#1209255, jsc#PED-3780) ++++ kernel-64kb: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-azure: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-default: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-rt: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ dtb-aarch64: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ harfbuzz: - Add CVE-2023-25193.patch: limit how far we skip when looking back (bsc#1207922 CVE-2023-25193). ++++ kernel-debug: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-source: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-source-azure: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-source-rt: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-docs: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-kvmsmall: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-obs-build: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-obs-qa: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-rt_debug: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-syms: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-syms-azure: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-syms-rt: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ kernel-zfcpdump: - s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209858). - commit 7e310c6 - supported.conf: Move qrtr and qrtr-mhi to kernel-*-extra (bsc#1209965) - commit 90db4f1 ++++ xfce4-branding-openSUSE: - Update to version 4.18.0+git0.9a2f754: * Include all the wallpaper sizes and use better resolution for the default (bsc#1209970) ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#925 - disable NVMe detection since it is not correct - 4.5.95 - merge gh#openSUSE/libstorage-ng#924 - added GitHub Action using Fedora - 4.5.94 - merge gh#openSUSE/libstorage-ng#923 - detect transport for NVMe disks (bsc#1210144) - cleanup - 4.5.93 ++++ openssl-ibmca: - Upgraded openssl-ibmca to version 2.4.0 (bsc#1210059) * openssl-ibmca 2.4.0 - Provider: Adjustments for OpenSSL versions 3.1 and 3.2 - Provider: Support RSA blinding - Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding - Provider: Support "implicit rejection" option for RSA PKCS#1 v1.5 padding - Provider: Adjustments in OpenSSL config generator and example configs - Engine: EC: Cache ICA key in EC_KEY object (performance improvement) - Engine: Enable RSA blinding ++++ python-astor: - Skip test_huge_int gh#berkerpeksag/astor#212 bsc#1210118 ++++ python-boto3: - Update in SLE-15 (bsc#1209255, jsc#PED-3780) - Add python-python-dateutil and python-jmespath to BuildRequires ++++ python-botocore: - Update in SLE-15 (bsc#1209255, jsc#PED-3780) - Add python-python-dateutil and python-jmespath to BuildRequires - Remove version constraint on python-pytest in BuildRequires - Revert changes to Requires that introduced new incompatible syntax ++++ python-s3transfer: - Update in SLE-15 (bsc#1209255, jsc#PED-3780) - Add python-python-dateutil and python-jmespath to BuildRequires ------------------------------------------------------------------ ------------------ 2023-4-4 - Apr 4 2023 ------------------- ------------------------------------------------------------------ ++++ apache2-mod_auth_openidc: - Fix CVE-2023-28625, NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied, bsc#1210073 * fix-CVE-2023-28625.patch ++++ bluedevil5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ breeze: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * CheckBox,RadioButton: Fix RTL icon alignment * CheckBox,RadioButton: Fix RTL focus frame positioning * CheckBox,RadioButton: Extend focus line to cover an icon too (kde#467824) * Fix RTL for SP_ToolBarHorizontalExtensionButton * KStyle: make painted arrows more scalable, fix RTL delay menu arrows ++++ chromium: - Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM ++++ chromium: - Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM ++++ kernel-64kb: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-azure: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit f4371ff - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-default: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-rt: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit 5a4cd48 - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ discover: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * rpm-ostree: Improve handling of externally started transactions * rpm-ostree: Correctly set fetching and transaction state * rpm-ostree: Unify transaction setup in a single function * pk: Clear the offline state before starting a new one (kde#467638) * notifier: Don't show updates notification if Discover is running * pk: Do not create a QSet unnecessarily for isPackageNameUpgradeable * pk: Group getUpdateDetail calls into one * pk: Group offline updates resource size notifications * PackageKitNotifier: Do not refresh database if an offline update is pending ++++ drkonqi5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ dtb-aarch64: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ plasma5-workspace: - Update to 5.27.4.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * applets/systemtray: press and hold to open context menu for plasmoids * applets/digital-clock: reload timezone after saving in Datetime KCM (kde#467494) * components/keyboardlayout: Fix forced activation of vkbd * Create directory before installing session-local * applets/systemtray: fix menu key not working in SNI * Find PkgConfig before first call to pkg_check_modules * sddm-theme: Populate keyboard layouts menu only on first show * [dashboard] Skip task switcher * klipper: test bug 465225 * systemtraytest: take screenshot only when test fails * kcms/nightcolor: fix timing strings with narrow window widths * libtaskmanager: simplify `test_openCloseWindow` ++++ go1.19: - go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the linker, the runtime, and the time package. Refs boo#1200441 go1.19 release tracking CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 * go#59267 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http, net/textproto: denial of service from excessive memory allocation * go#59269 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption * go#59273 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser: infinite loop in parsing * go#59271 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template: backticks not treated as string delimiters * go#58937 cmd/go: timeout on darwin-amd64-race builder * go#58939 runtime/pprof: TestLabelSystemstack due to sample with no location * go#58941 internal/testpty: fails on some Linux machines due to incorrect error handling * go#59050 cmd/link: linker fails on linux/amd64 when gcc's lto options are used * go#59058 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * go#59074 time: time zone lookup using extend string makes wrong start time for non-DST zones * go#59219 runtime: crash on linux-ppc64le ++++ go1.20: - go1.20.3 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the compiler, the linker, the runtime, and the time package. Refs boo#1206346 go1.20 release tracking CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 * go#59268 go#58975 boo#1210127 security: fix CVE-2023-24534 net/http, net/textproto: denial of service from excessive memory allocation * go#59270 go#59153 boo#1210128 security: fix CVE-2023-24536 net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption * go#59274 go#59180 boo#1210129 security: fix CVE-2023-24537 go/parser: infinite loop in parsing * go#59272 go#59234 boo#1210130 security: fix CVE-2023-24538 html/template: backticks not treated as string delimiters * go#58920 x/text: building as a plugin failure on darwin/arm64 * go#58938 cmd/go: timeout on darwin-amd64-race builder * go#58942 internal/testpty: fails on some Linux machines due to incorrect error handling * go#58954 cmd/link: Incorrect symbol linked in darwin/arm64 * go#59051 cmd/link: linker fails on linux/amd64 when gcc's lto options are used * go#59059 cmd/link/internal/arm: off-by-one error in trampoline phase call reachability calculation * go#59075 time: time zone lookup using extend string makes wrong start time for non-DST zones * go#59220 runtime: crash on linux-ppc64le * go#59236 cmd/compile: crypto/elliptic build error under -linkshared mode * go#59296 cmd/compile: unsafe.SliceData incoherent resuilt with nil argument - Build subpackage go1.x-libstd compiled shared object libstd.so only on Tumbleweed at this time. Refs jsc#PED-1962 ++++ grub2-theme-breeze: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ breeze-gtk: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * gtk4/windowcontrols: reduce right margin of close button * gtk3/titlebutton: extend control area to window borders * gtk4/windowcontrols: extend control area to window borders (kde#414777) * iconhelper: Query size via CSS * gtk4/aboutdialog: set icon size for large icons * gtk4/theme: Use 0.5 opacity for disabled pictures * menus: make size react to fractional scaling ++++ kactivitymanagerd: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kcm_flatpak: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Too many changes to list here ++++ kcm_sddm: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kde-cli-tools5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kde-gtk-config5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * kded: provide `org.gtk.Settings` when `GTK_USE_PORTAL` is not set on Wayland (kde#421745) * gtkconfig: set `color-scheme` when current color scheme changes * gsettings: check param exists before setting value * Beside monitor scaling factors, a user may specify a preferred text DPI size from the system configuration utility (KCM fonts) That setting is stored inside the kcmfonts configuration file; one entry is kept for Plasma/X11 sessions, "forceFontDPI", and another for Plasma/Wayland sessions, "forceFontDPIWayland". (kde#466463,kde#461106) ++++ kernel-debug: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-source: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-source-azure: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit f4371ff - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-source-rt: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit 5a4cd48 - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-docs: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-kvmsmall: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-obs-build: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-obs-qa: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-rt_debug: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit 5a4cd48 - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-syms: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-syms-azure: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit f4371ff - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-syms-rt: - rpm/config.sh: Disable DT build. This setting has been ignored for non-default variants so far. - commit 5a4cd48 - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kernel-zfcpdump: - bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes, bsc#1205493). - bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes, bsc#1205493). - bcache: Revert "bcache: use bvec_virt" (git-fixes, bsc#1205493). - commit 7971642 ++++ kgamma5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ khotkeys5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kinfocenter5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * energy: Use text colour for the grid lines ++++ kmenuedit5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kpipewire: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * source: Handle BGRA buffers gracefully * record: Only create the sws_context when necessary * record: Use a good amount of threads as recommended by QThread * record: Make sure we process all the frames before leaving * record: Improve packet fetching * Use a different API call to make importing DmaBufs work on Nvidia (kde#448839) * options to disable motion estimation and in-loop filtering * record: Refactor thread distribution * record: Allocate SwsContext only when necessary * recording: Allocate frames when we render * recording: Extend the encoders API ++++ kscreen5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * OSD: Do not connect to member QObject's destroyed signal (kde#466914) * Display connector name instead of type name when serial number is identical (kde#466046) ++++ kscreenlocker: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ ksshaskpass5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ libksysguard5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Add translation domain before diving in subdirectories ++++ ksystemstats5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ kwayland-integration: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Implement SkipSwitcher state for plasma surfaces ++++ kwin5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Revert "backends/libinput: don't multiply v120 value by scroll speed" (kde#464592) * Improve Workspace::outputAt() * workspace: prevent dangling pointers in output order list * dpms: Make sure we are not calling the interface after the output is gone (kde#466346) * backends/drm: restrict common mode generation to drivers that support scaling * kcms/rules: Make Comboboxes bordered again * backends/drm: consider color property changes as failed when the output is off * wayland: Handle xdg_wm_base being destroyed before surface role * Avoid accidental creation of backing stores for offscreen surfaces (kde#465790) * inputmethod: Properly report that it's not visible * wayland: Truncate strings sent via plasmawindowmanager interface (kde#465775) * Simplify tile dismissal (kde#465740) * Fix picking drag target * Screencast: avoid using DMABufs exclusively to allow renegotiation ++++ kwrited5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ layer-shell-qt: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ libkscreen2: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ libkdecoration2: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ open-vm-tools: - As per jsc-PED-1344, update spec file to only build the containerinfo plugin for TW/SLES 15 SP5 and newer. ++++ libyang: - update to v2.1.55: * type compilation fixes * multi-error validation support * JSON parser fixes * portability improvements * schema-mount support improvements * minor optimizations * other minor fixes - fixed bsc#1210072, CVE-2023-26916 ++++ milou5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ oxygen5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ oxygen5-sounds: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ pam_kwallet: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Exit early if the target user is root * Don't do anything if the password is empty * Verify that XDG_RUNTIME_DIR is usable - Drop patches, now upstream: * 0001-Verify-that-XDG_RUNTIME_DIR-is-usable.patch * 0002-Don-t-do-anything-if-the-password-is-empty.patch * 0003-Exit-early-if-the-target-user-is-root.patch ++++ plasma-browser-integration: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma-nm5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma-vault: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-addons: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * wallpapers/potd: replace `anchor.{left,right}` with `Layout.fillWidth` * ProfilesModel: Add placeholder for option "Start Kate (no arguments)" (kde#464724) ++++ plasma5-openSUSE: - Update to 5.27.4 ++++ plasma5-desktop: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * applets/taskmanager: don't refresh virtual desktop info when menu item is not enabled * applets/taskmanager: skip updating tooltip when it's disabled (kde#467709) * Divide minimum panel size by two when not floating (kde#466098) * applets/taskmanager: press menu key to open task menu * applets/kicker: Hide separators when sorted alphabetically (kde#465865) * Activate Emoji Selector using emoji key ++++ plasma5-disks: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-firewall: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-integration: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-mobile: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * actiondrawer: Smoothen the brightness slider so that it doesn't jump when sending events ++++ plasma5-nano: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-pa: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * kcm: stop setting sourceSize in avatar * kcm/DeviceListItem: Set width for comboboxes, with correctly sized popup * applet: add missing function for "Show virtual devices" menu item (kde#465996) ++++ plasma5-sdk: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-systemmonitor: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-thunderbolt: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-welcome: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ plasma5-workspace-wallpapers: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ polkit-kde-agent-5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ powerdevil5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ qqc2-breeze-style: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Fix font rendering on android ++++ sddm: - Replace proper_pam.diff with installation of source files: * sddm.pam, sddm-autologin.pam, sddm-greeter.pam - PAM services: * Make use of substack for common-* * Include postlogin-* * Run pam_keyinit before common-session * Deny password in sddm-greeter - /run/sddm is owned by root:root - Add patch to fix possible deadlock: * 0001-Process-all-available-auth-messages-in-a-loop.patch - Add missing dependencies on update-alternatives - Migration of PAM settings to /usr/lib/pam.d. ++++ systemsettings5: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - Changes since 5.27.3: * Cancel pending resolveChanges dialog when a new one is started (kde#465510) * Include version number in bug report URL (kde#466881) ++++ xdg-desktop-portal-kde: - Update to 5.27.4 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.4 - No code changes since 5.27.3 ++++ yast2-drbd: - Validate DRBD Device name (bsc#1207952) - 4.5.1 ++++ yast2-snapper: - Fixed translations: Moved variable message part out of _(...) (bsc#1209956) - 4.5.1 ------------------------------------------------------------------ ------------------ 2023-4-3 - Apr 3 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-azure: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-default: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-rt: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ dtb-aarch64: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ frr: - Enable pim6d providing PIMv6 support (bsc#1206234) ++++ ghostscript: - CVE-2023-28879.patch fixes CVE-2023-28879 Buffer Overflow in s_xBCPE_process cf. https://bugs.ghostscript.com/show_bug.cgi?id=706494 (bsc#1210062) - 41ef9a0bc36b9db7115fbe9623f989bfb47bbade.patch fixes compilation with FreeType 2.10.3+ cf. https://bugs.ghostscript.com/show_bug.cgi?id=702985 ++++ kernel-debug: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-source: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-source-azure: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-source-rt: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-docs: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-kvmsmall: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-obs-build: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-obs-qa: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-rt_debug: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-syms: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-syms-azure: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-syms-rt: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ kernel-zfcpdump: - drm/nouveau: blacklist Turing and Ampere models as default (bsc#1208209). - commit b751cb8 - rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5. - commit 8ba35ca ++++ libqt5-qtbase: - Update to version 5.15.8+kde185: * QFSFileEngine: fix overflow bug when using lseek64 * Add QImage null check when QOpenGLTexture converts - Add patch to fix return key handling in QGroupBox on GNOME (bsc#1209364): * 0001-Revert-QGnomeTheme-Allow-Space-Return-Enter-and-Sele.patch - Add patch to fix XInput2 events in big-endian X11 clients (bsc#1204883, QTBUG-105157): * big-endian-scroll.patch ++++ tigervnc: - Fixes for bsc#1209283 * Drop chown vnc:vnc calls in with-vnc-key.sh * Add TLSNone to -securitytypes to increase security in xvnc@.service ++++ openssl-1_0_0: - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch ++++ openssl-1_1: - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch ++++ openssl-3: - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch ++++ opi: - Version 2.17.0 - Codecs: Don't force ffmpeg>=5 on leap 15.5 - Use new checkout version in ci.yaml - Version 2.16.0 - dotnet: Install dotnet-sdk-7.0 (#124) - Add jami p2p messenger plugin (#121) ++++ yast2-trans: - Update to version 84.87.20230401.d443fd75ae: * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) ------------------------------------------------------------------ ------------------ 2023-4-2 - Apr 2 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-04-03 (bsc#1084929) ++++ ugrep: - update to 3.11.1: * Smarter interactive navigation in the TUI when option --tree is used with option -l or -c ------------------------------------------------------------------ ------------------ 2023-4-1 - Apr 1 2023 ------------------- ------------------------------------------------------------------ ++++ liblouis: - Add liblouis-CVE-2023-26768.patch: Check filename before copying to initialLogFileName(CVE-2023-26768 bsc#1209431 bsc#1209855). ++++ mdadm: - sysconfig.mdadm: Remove ServiceRestart line to mdadm since there is not such systemd service. (bsc#1203491) ++++ thunar-plugin-archive: - Update to version 0.5.1 * Fix use-after-free crash in "tap_provider_child_watch_destroy" * build: Add GLib requirement * build: Fix autotools warnings * Use generic package icon name in dialog header * Translation Updates ++++ xfce4-pulseaudio-plugin: - Update to version 0.4.6 * Fix changing default sink and source devices * Fix flickering mic icon when recording application is connected * Avoid critical from xfce4-notifyd if gauge_value > 100 * Display maximum volume of all channels instead of volume of left channel * Add recording base volume indicator * Control mic volume/mute when mouse cursor is over the mic icon * Lower warning level * Improve volume notifications settings * Show volume notifications from hotkeys according to comment * Don't set negative volume from hotkeys * Use correct variable for "volume-mic-changed" signal ID * Don't force set the default device * Set recording icon according to recording volume level * Show source monitor if it is a default source * Check for recording state on context ready * Allow volume step configuration in dialog (gxo#panel-plugins/xfce4-pulseaudio-plugin#28) * wnck: Add missing LIBS/CFLAGS in Makefile * wnck: Use Libxfce4windowing when available * wnck: Guard X11 code path to prevent crash on Wayland * wnck: Improve RaiseWnck a bit * Fix memory leak * cleanup: Fix formatting * Fix blurry media player icon from file when UI scale > 1 * Fix blurry icons in prefs dialog when UI scale factor > 1 * Use "logo-icon-name" instead of "logo" in about dialog * Do not override fatal log level * build: Bump GLib minimum required to 2.44 * Translation Updates ------------------------------------------------------------------ ------------------ 2023-3-31 - Mar 31 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-azure: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-default: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-rt: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ dtb-aarch64: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ glib2: - Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix normal form handling in GVariant. (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713, glgo#GNOME/glib!3125) ++++ glib2-doc: - Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported from upstream to fix normal form handling in GVariant. (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713, glgo#GNOME/glib!3125) ++++ golang-github-prometheus-prometheus: - Fix authentication bypass by updating Prometheus Exporter Toolkit to version 0.7.3 (CVE-2022-46146, bsc#1208049) - Restructure the spec to build web assets online - Add: * Makefile * web-ui-2.32.1.tar.gz * 0003-Update-Go-modules.patch - Drop: * 0003-Bump-client_golang-to-1.12.1.patch ++++ irssi: - update to 1.4.4 * Expose location of signals.txt via pkg-config + Levels can now be inverted using `^' prefix in the /WINDOW (HIDE)LEVEL commands + Support receiving monospace - Fix config broken by /WINDOW LOGFILE without parameter - Fix broken /LASTLOG -window switch - Fix logic in how actions are printed for other protocols - Fix stale special collector use after free CVE-2023-29132 boo#1210077 - Help and message fixes ++++ kernel-debug: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-source: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-source-azure: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-source-rt: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-docs: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-kvmsmall: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-obs-build: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-obs-qa: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-rt_debug: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-syms: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-syms-azure: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-syms-rt: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ kernel-zfcpdump: - ath11k: pci: Add more MODULE_FIRMWARE() entries (bsc#1209965). - commit 54b5b79 ++++ libpulp-load-default: - Initial package. - Enable libpulp on all processes (jsc#PED-3867). ++++ libstorage-ng: - Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) - 4.5.92 ++++ openssh: - Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: This caused invalid and irrelevant environment assignments (bsc#1207014). ++++ virtualbox: - Fix some memory leaks in file "fix_7.0.6_locking_problems.patch" Fix bug in /usr/bin/VirtualBox, aka "virtualbox-wrapper.sh". The wrapper failed whenever the user declined USB passthru. boo#1208941. ++++ strongswan: - Allow to use stroke aka ipsec interface by default instead of vici aka swanctl interface which is current upstream's default. strongswan.service which enables swanctl interface is masked to stop interfering with the ipsec interface (bsc#1184144) - Removes deprecated SysV support ++++ timezone: - timezone update 2023c: * Revert changes made in 2023b - timezone update 2023b: * Lebanon delays the start of DST this year. - timezone update 2023a: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. - Refresh tzdata-china.diff ++++ timezone-java: - timezone update 2023c: * Revert changes made in 2023b - timezone update 2023b: * Lebanon delays the start of DST this year. - timezone update 2023a: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. - Refresh tzdata-china.diff ++++ virtualbox-kmp: - Fix some memory leaks in file "fix_7.0.6_locking_problems.patch" Fix bug in /usr/bin/VirtualBox, aka "virtualbox-wrapper.sh". The wrapper failed whenever the user declined USB passthru. boo#1208941. ++++ yast2-storage-ng: - Fix the translation of widgets titles in the dialog to select a partitioning scheme (bsc#1209697). - 4.5.19 ------------------------------------------------------------------ ------------------ 2023-3-30 - Mar 30 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 102.9.1 * fixed: Thunderbird was unable to open file URLs from command line (URLs beginning with "file://") (bmo#1816343) * fixed: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086) * fixed: Visual and theme improvements (bmo#1821358,bmo#1822286) * fixed: Security fixes MFSA 2023-12 (bsc#1209953) * CVE-2023-28427 (bmo#1822595) Matrix SDK bundled with Thunderbird vulnerable to denial-of- service attack ++++ kernel-64kb: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-azure: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-default: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-rt: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ crmsh: - Update to version 4.5.0+20230329.6d95249b: * Fix: utils: qdevice initialization should user_pair_for_ssh() to get appreciated users * Fix: crm report: sustain if there are offline nodes (bsc#1209480) * Fix: validate ssh session when the users is determined by guessing (bsc#1209193) * Fix: parallax: Use 'sudo bash -c' when executing commands via sudoer (bsc#1209192) ++++ dtb-aarch64: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-debug: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-source: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-source-azure: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-source-rt: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-docs: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-firmware-nvidia-gsp-G06: - update firmware to version 525.105.17 ++++ kernel-kvmsmall: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-obs-build: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-obs-qa: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-rt_debug: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-syms: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-syms-azure: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-syms-rt: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ kernel-zfcpdump: - scsi_disk kABI: add back members (bsc#1209092). - scsi: sd: Revert "Rework asynchronous resume support" (bsc#1209092). - commit 15e2238 - Refresh patches.suse/arm64-Discard-.note.GNU-stack-section.patch. Add corresponding upstream commit metadata and sort. - commit ac8f8e6 ++++ liblouis: - Add liblouis-CVE-2023-26769.patch: Check the path length before copying into tableFile(CVE-2023-26769 bsc#1209432 bsc#1209855). - Add liblouis-CVE-2023-26767.patch: Check the length of path before copying into dataPath(CVE-2023-26767 bsc#1209429 bsc#1209855). ++++ procps: - Add patch bsc1209122-a6c0795d.patch * Fix for bsc#1209122 to allow `-´ as leading character to ignore possible errors on systctl entries ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#922 - add PCIe as disk transport - 4.5.91 - merge gh#openSUSE/libstorage-ng#921 - fixed setting sysfs-name for partitions on nvme disks - 4.5.90 - Translated using Weblate (Georgian) (bsc#1149754) - 4.5.89 ++++ mame: - Updated to 0.252 * Refreshed spec-file via spec-cleaner and manual optimizations. * Changed file use_thin_archives.patch. * Added files: mame-fortify.patch and mame-bgfx.patch. * Disabled LTO for all archs. * https://mametesters.org/changelog_page.php ++++ netty: - Upgrade to upstreeam version 4.1.90 * Fixes of 4.1.90: + Adding header name of the header which failed validation + Fix HttpHeaders.names for non-String headers + Save expensive volatile operations in the common hot http decoder path + Avoid slow type checks against promises on outbound buffer's progress + Implement NonStickyEventExecutorGroup.inEventLoop + Native image: add support for unix domain sockets + Use MacOS SDK 10.9 to prevent apple notarization failures + Increase errno cache and guard against IOOBE + Don't reset BCSSLParameters when setting application protocols + WebSocketClientProtocolHandler: add option to disable UTF8 validation + Chunked HTTP length decoding should account for whitespaces/ctrl chars + Handle NullPointerException thrown from NetworkInterface.getNetworkInterfaces() * Fixes of 4.1.89: + Don't fail on HttpObjectDecoder's maxHeaderSize greater then (Integer.MAX_VALUE - 2) + dyld: Symbol not found: _netty_jni_util_JNI_OnLoad when upgrading from 4.1.87.Final to 4.1.88.Final * Fixes of 4.1.88: + Speed-up HTTP 1.1 header and line parsing + Add StacklessSSLHandshakeException for ClosedChannelException + Modify changed CloseWebSocketFrame#statusCode() to change the fetch code to unsigned + Check if CommandLineTools are installed before trying to execute install_name_tool + Allow to adjust the GlobalEventExecutor quietPeriod via a system property + Add SslProvider.isOptionSupported(...) + Fix FlowControlHandler's behaviour to pass read events when auto-reading is turned off + Ensure Http2StreamFrameToHttpObjectCodec#decode doesn't add transfer-encoding for 204/304 response + Only do extra CNAME query if we couldnt follow the whole CNAME chain in the response + Include query id when a query failed + DnsResolveContext: include expected record types in exception message + Add necessary native-image configuration files for epoll + Create a deep-copy of the Throwable before returning it from the cache to prevent possible leaks + Always respect completeOncePreferredResolved in DnsNameResolver + fix brotli compression + Optionally depend on bctls-jdk15on + Make releasing objects back to Recycler faster + Correctly keep track of validExtensions per request / response + Add handling of inflight lookups to reduce real queries when lookup same hostname + DnsQueryContext: include query id and question info in exception message + AsciiStrings can be batch-encoded * Fixes of 4.1.87: + Upgrade to latest netty-tcnative release which doesnt link libcrypt + Add recvmmsg & sendmmsg syscall number for loongarch64 + Return correct value from SSLSession.getPacketSize() when using native SSL implementation + Explicit disable TLSv1.3 in the OpenSSL options if not supported + Support handshake timeout in SniHandler. + Extend DNS address supplier interface to provide feedback * Fixes of 4.1.86: + HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360, CVE-2022-41881) + HTTP Response splitting from assigning header value iterator (bsc#1206379, CVE-2022-41915) + Revert #12888 for potential task scheduling problems in HashedWheelTimer + Deprecate ObjectEncoder/ObjectDecoder + HPACK dynamic table size update must happen at the beginning of the header block * Fixes of 4.1.85: + A bug in FlowControlHandler that broke auto-read has been fixed + The HTTP/2 HPACK encoder is now faster at encoding headers that have many values + A potential memory leak bug has been fixed in the pooled allocator + Fix an issue with the Blockhound integration, which could cause the MacOSDnsServerAddressStreamProvider to be flagged as making blocking calls + Inconsitencies in how epoll, kqueue, and NIO handle RDHUP have been fixed + ByteToMessageDecoder now handle situations where the same ByteBuf instance is read multiple times + The check that ensures the HTTP/1 Content-Length header is unique, now no longer causes headers to be rearranged (change their order) + Fix a NullPointerException bug with class initialisation order between InternalLogger and InternalThreadLocalMap + When the netty-resolver-dns-native-macos classes can't load their native bindings, they now only print a short error message instead of the huge stack trace it printed previously. The stack trace is still included if DEBUG logging is enabled + The Graal native-image meta-data is now placed in the recommended location, and no longer causes warnings to be printed + The HTTP/1 and HTTP/2 codecs now properly support RFC 8297 Early Hints + Subclasses of FastThreadLocalThread can now tell the Netty Blockhound integration that they should be allowed to make blocking calls + Validation of HTTP/2 connection headers have been moved from Http2Headers to HpackDecoder, so that outgoing headers are not validated * Fixes of 4.1.84: + HTTP/2 header values with invalid characters are now rejected in header validation + We now automatically generate conditional meta-data for native-image use, making GraalVM support more reliable + Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the Klass::secondary_super_cache field in the JVM (See JDK-8180450) + Made the HTTP/2 HPACK static table implementation faster by using a perfect hash function + Fixed a bug in our PEMParser when PEM files have multiple objects, and BouncyCastle is on the classpath * Fixes of 4.1.82: + Fix a NullPointerException bug when calling forEachByte on nested CompositeByteBufs + Relax an overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox + The OpenSSL and BoringSSL implementations now respect the jdk.tls.client.protocols and jdk.tls.server.protocols system properties, making them react to these in the same way the JDK SSL provider does * Fixes of 4.1.81: + Fix a regression SslContext private key loading + Fix a bug in SslContext private key reading fall-back path + Fix a buffer leak regression in HttpClientCodec + Fix a bug where some HttpMessage implementations, that also implement HttpContent, were not handled correctly + The MessageFormatter and FormattingTuple classes are now usable in the public API + Connection related headers in HTTP/2 frames are now rejected, in compliance with the specification * Fixes of 4.1.80: + HttpObjectEncoder scalability issue due to instanceof checks + Improve logging when MacOSDnsServerAddressStreamProvider cannot be found/loaded + Replace stdlib write/read with send/recv + Support for pkcs1 + Add Blockhound exceptions for the PooledByteBufAllocator + Fix epoll bug when receiving zero-sized datagrams + Avoid including header values in header validation failure exceptions + Avoid allocating large buffers in JdkZlibEncoder + Native Image Support: Set IS_EXPLICIT_TRY_REFLECTION_SET_ACCESSIBLE to true by default for native images + We need to use disconnectx(...) on macOS + Replace synchronized with Java Locks on the allocator + Don't use static instances of FixedRecvByteBufAllocator + Add escaping for stomp headers * Fixes of 4.1.79: + The PEM certificate parser is no longer susceptible to exponential back-off + Non-standard extra ampersands in HTTP POST bodies are no longer rejected + An io.netty.osClassifiers system property has been added to avoid reading os-release files + Fix a bug in SslHandler so handlerRemoved works properly even if handlerAdded throws an exception + Use the correct OSGi processor directive on aarch64, making it possible to use OSGi on ARM + HTTP paths that begin with a double-slash are now parsed the same way browsers do + The isCompleted flag is now correctly preserved on objects from HttpData.retainedDuplicate() + The HttpUtil.isOriginForm() and isAsteriskForm() methods now correctly conform with RFC 7230 + Fix an issue that allowed the multicast methods on EpollDatagramChannel to be called outside of an event-loop thread + Support for the LoongArch64 processor architecture has been added * Fixes of 4.1.78: + Fix a bug where an OPT record was added to DNS queries that already had such a record + Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name + Fix an issue in the BlockHound integration that could occasionally cause NetUtil to be reported as performing blocking operations + A similar BlockHound issue was fixed for the JdkSslContext + Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge + Fixes a rare NullPointerException that could occur when a ReferenceCountedOpenSslEngine threw an OutOfMemoryError from its constructor, and was then later finalized + The SslHandler now adds the socket file descriptor to the BIOs, when the SslEngine supports this (boringssl and libressl), which allow tracing and observability tools to monitor encryption traffic on a per-connection basis. + It is now possible to explicitly step the scheduling clock in EmbeddedEventLoop, which is useful for making automated tests with deterministic scheduling * Fixes of 4.1.77: + Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for Java 6 and lower in io.netty:netty-codec-http (bsc#1199338, CVE-2022-24823) + Upgraded the optional netty-tcnative dependency to version 2.0.52.Final + Fix a bug where Netty fails to load a shaded native library + Include classifier in Automatic-Module-Name + Check if epoll_pwait2 is implemented + Don't call strdup on packagePrefix + Enable debugging of asynchronous tasks in Intellij + Throwing an exception in case glibc is missing instead of segfaulting the JVM * Fixes of 4.1.76: + Upgraded the optional netty-tcnative dependency to version 2.0.51.Final + Upgraded the optional log4j dependency to version 2.17.2 + The netty-all module now declare an automatic module name, making it useable with Java Modules. + It is now possible to configure arbitrary socket options for the native epoll and kqueue transports. Refer to your operating system documentation for what options are available. + It is now possible to explicitly bind channels to either IPv4 or IPv6. + The HTTP/2 header validation that rejects duplicate pseudo-headers, which was added in 4.1.75.Final, has been changed so it no longer breaks older versions of gRPC. " Fix a NullPointerException that was hiding the real cause of certain HTTP/2 header decoding errors. - Modified patches: * 0001-Remove-optional-dep-Blockhound.patch * 0002-Remove-optional-dep-conscrypt.patch * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch * no-brotli-zstd.patch - > 0004-Disable-Brotli-and-ZStd-compression.patch * no-werror.patch + rebase - Removed patches: * 0004-Remove-optional-dep-tcnative.patch * 0005-Remove-optional-dep-log4j.patch + we have the dependencies, so no need to disable them * 0006-revert-Fix-native-image-build.patch * 0007-Revert-Support-session-cache-for-client-and-server-w.patch + solve the build breakages differently - Added patches: * 0005-Do-not-use-the-Graal-annotations.patch * 0006-Do-not-use-the-Jetbrains-annotations.patch + do not use annotations for which we don't have dependencies * 0007-Do-not-require-the-tcnative-native-library.patch + our tcnative library is installed system-wide ++++ netty-tcnative: - Upgrade to version 2.0.59 Final * new artifact name netty-tcnative-classes, provided by this version is required by netty 4.1.90 which contains important security updates * No formal changelog present. This artifact is closely bound to the netty releases ++++ nvidia-open-driver-G06-signed: - Update to version 525.105.17 ------------------------------------------------------------------ ------------------ 2023-3-29 - Mar 29 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-azure: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-default: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-rt: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ containerd: - Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes: Includes fixes for: - CVE-2023-25153 bsc#1208423 - CVE-2023-25173 bsc#1208426 ++++ drkonqi5: - Replace '%service_del_postun -n' with '%service_del_postun_without_restart' ++++ dtb-aarch64: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-debug: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-source: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-source-azure: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-source-rt: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-docs: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-kvmsmall: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-obs-build: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-obs-qa: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-rt_debug: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-syms: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-syms-azure: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-syms-rt: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ kernel-zfcpdump: - sbitmap: Avoid lockups when waker gets preempted (bsc#1209118). - commit 2ee3a6c ++++ mediainfo: - Update to version 23.03 Added features: * DTS: Detection of IMAX Enhanced * MOV/MP4: Add HDR Vivid format support * HEVC: Add HDR Vivid format support * MXF/PCM: detect silent tracks (full parsing only) * Monkey's Audio: support of 32-bit files, show version * MP4 audioProfileLevelIndication: add Low Delay AAC v2 Profile * MP4/MOV: support of FLAC * MOV/MP4: support of TTML with images * MPEG-7: 3 modes (strict, relaxed, extended) * MPEG-7: more sub-termIDs (AudioPresentationCS) * MPEG-7: Add more PublicIdentifiers * MPEG-7: more sub-termIDs (MP4, WAV, AVC, ProRes) * AVI/WAV: display of the kind of fmt chunk * AVC: detection of more profiles * ChannelLayout: difference between M (Mono) and C (Center, part of multichannel content) * AC-3: detection of channel layout also for encrypted content * AC-4 and MPEG-H 3D Audio: Merged channel layout (all sub-streams together) * DTS: Detection of real bit depth e.g. 20 instead of only byte aligned bit depth (16 or 24) * FLAC: support of BWF in Vorbis comments * N19/STL: codepage, subtitle count, max line per subtitle, more metadata * ISAN: detection of descriptions referencing an ISAN * AAC: detection of eSBR (and fix of random wrong PS detection) * Extract of time codes, XML format, currently only for for MXF Fixed bugs: * MP4/MOV: fix freezes with some unknown udta atoms * FLV: fix duration of 0 with some buggy files * AVC: fix PTS of last frame * FFV1: fix potential crash with malformed files * AV1: add HDR format line and fix HDR values * AAC and WAV: fix of channel layout display for 5 front channels * AC-4: Tl/Tr mapped to to Tsl/Tsr * FLAC: fix sampling count * ID3v2: fix Genre not showing ID 0 (Blues) * MPEG-7: VBR fix * JSON/XML: Remove minus sign from element names * Normalization of date/time in report ++++ libmediainfo: - Update to version 23.03 Added features: * DTS: Detection of IMAX Enhanced * MOV/MP4: Add HDR Vivid format support * HEVC: Add HDR Vivid format support * MXF/PCM: detect silent tracks (full parsing only) * Monkey's Audio: support of 32-bit files, show version * MP4 audioProfileLevelIndication: add Low Delay AAC v2 Profile * MP4/MOV: support of FLAC * MOV/MP4: support of TTML with images * MPEG-7: 3 modes (strict, relaxed, extended) * MPEG-7: more sub-termIDs (AudioPresentationCS) * MPEG-7: Add more PublicIdentifiers * MPEG-7: more sub-termIDs (MP4, WAV, AVC, ProRes) * AVI/WAV: display of the kind of fmt chunk * AVC: detection of more profiles * ChannelLayout: difference between M (Mono) and C (Center, part of multichannel content) * AC-3: detection of channel layout also for encrypted content * AC-4 and MPEG-H 3D Audio: Merged channel layout (all sub-streams together) * DTS: Detection of real bit depth e.g. 20 instead of only byte aligned bit depth (16 or 24) * FLAC: support of BWF in Vorbis comments * N19/STL: codepage, subtitle count, max line per subtitle, more metadata * ISAN: detection of descriptions referencing an ISAN * AAC: detection of eSBR (and fix of random wrong PS detection) * Extract of time codes, XML format, currently only for for MXF Fixed bugs: * MP4/MOV: fix freezes with some unknown udta atoms * FLV: fix duration of 0 with some buggy files * AVC: fix PTS of last frame * FFV1: fix potential crash with malformed files * AV1: add HDR format line and fix HDR values * AAC and WAV: fix of channel layout display for 5 front channels * AC-4: Tl/Tr mapped to to Tsl/Tsr * FLAC: fix sampling count * ID3v2: fix Genre not showing ID 0 (Blues) * MPEG-7: VBR fix * JSON/XML: Remove minus sign from element names * Normalization of date/time in report ++++ python-rpm-macros: - Update to version 20230304.050c1a4 (bsc#1209881, bsc#1209353): * Add %#FLAVOR#_fix_shebang macro, call in %#FLAVOR#_pyproject_install * Strip buildroot from pyc files (#151) * Create python312 macros * fix double expanded compileall in %{$python_pyproject_install} * forgotten '%' * fix gh#openSUSE/python-rpm-macros#141: allow parameters in sections * more compact alternative scriptlets without newline * Update flavor sets in README * Document flavored PEP517 macros * flavorize pyproject macros * Avoid to install incorrect PEP610 metadata ++++ runc: - Update to runc v1.1.5. Upstream changelog is available from . Includes fixes for the following CVEs: - CVE-2023-25809 bsc#1209884 - CVE-2023-27561 bsc#1208962 - CVE-2023-28642 bsc#1209888 * Fix the inability to use `/dev/null` when inside a container. * Fix changing the ownership of host's `/dev/null` caused by fd redirection (a regression in 1.1.1). bsc#1168481 * Fix rare runc exec/enter unshare error on older kernels. * nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ++++ strawberry: - Update to version 1.0.17 + Fixed over-sized context album cover with device pixel ratio higher than 1.0 (#1166). + Fixed playing widget fading from a blurry previous cover with device pixel ratio higher than 1.0. + Made playlist source icon, album cover manager and OSD pretty cover respect device pixel ratio. ++++ valgrind: - Build without -z now (bsc#1208407) ++++ valgrind-client-headers-source: - Build without -z now (bsc#1208407) ------------------------------------------------------------------ ------------------ 2023-3-28 - Mar 28 2023 ------------------- ------------------------------------------------------------------ ++++ rust1.68: - bsc#1209839 - replace leaked github keys in rust/cargo Version 1.68.2 (2023-03-28) - [Update the GitHub RSA host key bundled within Cargo](https://github.com/rust-lang/cargo/pull/11883). The key was [rotated by GitHub](https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/) on 2023-03-24 after the old one leaked. - [Mark the old GitHub RSA host key as revoked](https://github.com/rust-lang/cargo/pull/11889). This will prevent Cargo from accepting the leaked key even when trusted by the system. - [Add support for `@revoked` and a better error message for `@cert-authority` in Cargo's SSH host key verification](https://github.com/rust-lang/cargo/pull/11635) - [Fix miscompilation in produced Windows MSVC artifacts](https://github.com/rust-lang/rust/pull/109094) This was introduced by enabling ThinLTO for the distributed rustc which led to miscompilations in the resulting binary. Currently this is believed to be limited to the -Zdylib-lto flag used for rustc compilation, rather than a general bug in ThinLTO, so only rustc artifacts should be affected. - [Fix --enable-local-rust builds](https://github.com/rust-lang/rust/pull/109111/) - [Treat `$prefix-clang` as `clang` in linker detection code](https://github.com/rust-lang/rust/pull/109156) - [Fix panic in compiler code](https://github.com/rust-lang/rust/pull/108162) ++++ kernel-64kb: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-azure: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-default: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-rt: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ dtb-aarch64: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ helm: - add fix-plugin-32bit.patch ++++ kernel-debug: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-default-base: - Add exfat (boo#1208822) ++++ kernel-source: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-source-azure: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-source-rt: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-docs: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-kvmsmall: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-obs-build: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-obs-qa: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-rt_debug: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-syms: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-syms-azure: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-syms-rt: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ kernel-zfcpdump: - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466). - commit 3a1702c ++++ libgarcon: - Update to version 4.18.1 * garcon-gtk: Add missing lock when filling the GtkMenu * Wait for any async operation to finish before releasing locks * Use GIcons for menu icons instead of loading surfaces * Revert "garcon-gtk: Fix menu icon blurriness when UI scale factor != 1" * Revert "Load icons using icon theme scaling functions correctly" * garcon-gtk: Properly update GtkMenu is_populated state * Load icons using icon theme scaling functions correctly * Translation Updates ++++ usbguard: - Fix build failure with gcc13, add build_gcc13.patch. ++++ open-vm-tools: - Update to 12.2.0 (build 21223074) (boo#1209128) - There are no new features in the open-vm-tools 12.2.0 release. This is primarily a maintenance release that addresses a few critical problems, including: - Linux quiesced snapshots have been updated to avoid intermittent hangs of the vmtoolsd process. - Updated the guestOps to handle some edge cases when File_GetSize() fails or returns -1. - A number of Coverity reported issues have been addressed. - Detect the proto files for the containerd grpc client in alternate locations. Pull request #626 - FreeBSD: Support newer releases and code clean-up for earlier versions. Pull request #584 - Please refer to the release notes at https://github.com/vmware/open-vm-tools/blob/stable-12.2.0/ReleaseNotes.md - The granular changes that have gone into the 12.2.0 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-12.2.0/ open-vm-tools/ChangeLog - Update detect-suse-location.patch to remove upstream accepted portion of the patch (jsc-PED-1344). ++++ libxfce4ui: - Update to version 4.18.3 * Add comment about the need for gtk_widget_destroy() * Fix memory management in Vala generated code * Add annotation "(nullable)" where appropriate * Replace deprecated annotation: "(allow-none)" * Harden xfce_gtk_handle_tab_accels (thunar#1067) * screensaver: Avoid Xfconf warning * shortcuts-grabber: Ignore keyboard layout change * screensaver: Fix Xfconf memory management ++++ xfce4-panel: - Update to version 4.18.3 * launcher: Show action menu also when there are several items * Fix memory management of vala generated plugins * panel: Rephrase "Don't reserve space on borders" (V2) * panel: Make property migration generic * launcher: Avoid "no trigger event" warning when showing the menu * launcher: Guard access to the plugin menu GdkWindow * libxfce4panel: Unregister menu also on GtkWidget::hide * panel: Do not reset output name if a monitor does not have a model name * libxfce4panel: Fix memory management of source for menu positioning * panel: Delay removal of ExternalPlugin to prevent use-after-free * systray: Cancel any async D-Bus operation in finalize() * tasklist: Do not try to resolve /proc/pid/exe to launch new instance * Translation Updates ++++ parsec-tool: - Update to 0.6.0-rc2: * Align crates version with parsec-service ++++ podman: - Update to version 4.4.4: * Bump to v4.4.4 * Release notes for v4.4.4 * libpod: always use direct mapping * macos pkginstaller: do not fail when podman-mac-helper fails * podman-mac-helper: install: do not error if already installed * Bump to v4.4.4-dev - spec: Bump required version for libcontainers-common (bsc#1209495) ++++ xfce4-session: - Update to version 4.18.2 * manager: Fix GQueue memory management * Fix Xfconf memory management * Update bug report address * Fix suspend/hibernation bug on ConsoleKit2 (Fixes #164) ------------------------------------------------------------------ ------------------ 2023-3-27 - Mar 27 2023 ------------------- ------------------------------------------------------------------ ++++ ComputeLibrary: - Apply fix-gcc13-fallout.patch to fix the gcc 13 fallout - Use python3 as the python script interpreter ++++ FreeCAD: - Fix build with gcc 13 0001-Fix-build-with-gcc13.patch ++++ chromium: - Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps ++++ chromium: - Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps ++++ kernel-64kb: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-azure: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-default: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-rt: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ dtb-aarch64: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ helm: - build against go 1.19 (bsc#1209670) - include K8s tags - run tests ++++ indent: - Fix memory safety issues, bsc#1209718 * fix-buffer-overflow-print_comment.patch * fix-buffer-overread-found_keyword.patch * fix-use-after-free.patch ++++ kernel-debug: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-source: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-source-azure: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-source-rt: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-docs: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-kvmsmall: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-obs-build: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-obs-qa: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-rt_debug: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-syms: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-syms-azure: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-syms-rt: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kernel-zfcpdump: - mm: memcontrol: deprecate charge moving (bsc#1209801). - commit a953603 - netdevice: add the case if dev is NULL (bsc#1208628). - Refresh patches.suse/net-add-net-device-refcount-tracker-infrastructure.patch. - commit 726a950 ++++ kubernetes1.23: - Stronger conflicts for completion packages - Split individual completions into separate packages ++++ kubernetes1.24: - Stronger conflicts for completion packages - Add proper obsoletes for completion packages ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to validate extra PBKDF2 parameters according to FIPS 140-3. ++++ python311-core: - Switch off obsoleting previous interpreters. ++++ parsec: - Disable jwt-svid-authenticator (SPIFFE) until fixed upstream with gcc13 - https://github.com/parallaxsecond/parsec/issues/672 ++++ python311: - Switch off obsoleting previous interpreters. ++++ python311-documentation: - Switch off obsoleting previous interpreters. ++++ strawberry: - Update to version 1.0.16 + Bugfixes: + Fixed lyrics from Musixmatch. + Fixed possible file corruption when saving both tags and embedded cover using the tag editor (#1158). + Fixed compile without GStreamer. + Fixed context and playing now album art rendering on High DPI displays (#1161). + Fixed setting source properties (device, user-agent, ssl-strict) with GStreamer 1.22 (playbin3) and higher (#1148). + Fixed rescan songs feature not ignoring mtime. + Search lyrics by artist instead of album artist by default. + Code improvements: + Replace use of deprecated QSqlDatabase::exec(). + Added features: + Added backend setting for strict SSL mode. + Read AcoustID and MusicBrainz tags. + Submit MusicBrainz tags with ListenBrainz. - Remove Qt 5 dependencies - Remove VLC support - Update list of lyric providers in features ++++ xfce4-screensaver: - Update to version 4.18.1 * Refactor spawn_make_environment_for_display() ++++ yast2-trans: - Update to version 84.87.20230324.a3dfeee0c1: * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Turkish) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Lithuanian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) * Translated using Weblate (Javanese) ------------------------------------------------------------------ ------------------ 2023-3-26 - Mar 26 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-03-27 (bsc#1084929) ++++ openvswitch3: - Fixed the install check error by adding provides for python3-openvswitch - Added provides for OVN as it may be required for any dependent packages. ++++ libstorage-ng: - Translated using Weblate (Polish) (bsc#1149754) - 4.5.88 ++++ mkvtoolnix: - Update to version 75.0.0 New features and enhancements: * mkvmerge: MP4 reader: mkvmerge will now read Timed Text (FourCC `tx3g`) subtitle tracks & convert them on the fly to Matroska's simple text subtitle format (`S_TEXT/UTF8`; text only, no styles). Bug fixes: * all: switched back to using `boost::filesystem` functions for creating directories instead of the ones introduced to work around bugs in `std::filesystem`. The latter didn't work correctly with UNC paths after the switch to `boost::filesystem::path` in v74. * mkvmerge: VobSub reader: mkvmerge will now probe the `.idx` file during VobSub identification even if the `.sub` file is passed as the source. Avoids mis-detection of the `.sub` as MPEG program streams. * MKVToolNix GUI: the GUI could abort with an exception on startup while looking for the `mkvmerge` or `mediainfo` executables due to inaccessible folders. * MKVToolNix GUI: preferences: when opening the preferences the first time the UI might pre-select the first entry in the list of interface languages if the operating system's language is not available for MKVToolNix. This might also happen on Linux if e.g. `en_GB` is set, even though `en_US` is available. Now English (`en_US`) will be selected instead. * MKVToolNix GUI: multiplexer: when adding files the GUI has special handling for chapter/tags/segment info files. This is done by comparing their content to certain patterns. This recognition could wrongfully be triggered if any such file was embedded in another file verbatim, e.g. with a chapter XML file attachment in a Matroska file. When trying to add that Matroska file, the GUI would treat it as a chapter file instead of a regular one. This content-based detection was fixed. Other changes: * mkvpropedit, GUI's header editor: removed support for the deprecated "minimum cache" & "maximum cache" track header elements. ++++ python-setuptools: - Refresh sort-for-reproducibility.patch ++++ rubygem-loofah: - Added patch CVE-2022-23516.patch to fix CVE-2022-23516 (bsc#1206416) - Added patch CVE-2022-23514.patch to fix CVE-2022-23514 (bsc#1206415) - Added patch CVE-2022-23515.patch to fix CVE-2022-23515 (bsc#1206417) ------------------------------------------------------------------ ------------------ 2023-3-25 - Mar 25 2023 ------------------- ------------------------------------------------------------------ ++++ alacritty: - Disable source services again - Update to version 0.12.0: * Added + Uppercase -T short form for --title + Support for horizontal scrolling in mouse mode and alternative scrolling modes + Support for fractional scaling on Wayland with wp-fractional-scale protocol + Support for running on GLES context + Touchscreen input for click/scroll/select/zoom + window.resize_increments config option, disabled by default * Changed + Erase in line after the last column will no longer clear the last column + Open new windows by default with macOS Cmd+N binding + The hint about window transparency is now properly issued on Wayland and macOS + The IME purpose is now set to Terminal which could help with OSK + window.decorations_theme_variant is now using Dark, Light, and None values + Resize increments are now set on macOS and X11 to resize by cell sizes * Fixed + --help output for --class does not match man pages + Cursor and underlines always being black on very old hardware + Crash when using very low negative font.offset + Artifacts in corners for maximized window with CSD on Wayland + Dotted underline not shown on macOS + Crash with OT-SVG fonts on Linux/BSD + Crash during text compose on old GNOME under Wayland + Blurry fonts when changing padding size at runtime + Crash while typing on Wayland + Multi-line semantic bracket selection + Reduced GPU memory usage + Low frame rate when multiple windows render at the same time + Redraw hanging until a keypress on X11 in rare cases + Quadrants not aligned with half blocks with built-in font + EOT (\x03) escaping bracketed paste mode + Drag & Drop not working for the search bar * Removed + window.gtk_theme_variant config field; use window.decorations_theme_variant instead + alt_send_esc is now always set to true - Enable source services ++++ samba: - Make (32bit) samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck. ++++ telegram-desktop: - The new default compiler gcc13 on Tumbleweed is too new for compiling tg_owt-master.zip; e.g. "uint8_t" is now defined in which almost all source files don't include. Stick with gcc12 on Tumbleweed for now and wait for an update of tg_owt-master.zip ------------------------------------------------------------------ ------------------ 2023-3-24 - Mar 24 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-azure: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-default: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-rt: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ containerized-data-importer: - Use recent golang compiler (bsc#1208916) ++++ dtb-aarch64: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-debug: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-source: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-source-azure: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-source-rt: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-docs: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-firmware: - Revive the old iwlwifi-*-71 ucode for compatibility with SLE15-SP4 kernel (bsc#1209681): WHENCE updated by iwlwifi-WHENCE-fix.patch - Update to version 20230320 (git commit bcdcfbcf0a8f): * linux-firmware: Update firmware file for Intel Bluetooth AX101 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9462 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth AX203 * linux-firmware: Update firmware file for Intel Bluetooth AX203 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: add firmware files for NXP BT chipsets * rtw89: 8852b: update format-1 fw to v0.29.29.0 * rtw89: 8852b: add format-1 fw v0.29.26.0 * rtw89: 8852b: rollback firmware to v0.27.32.1 * i915: Update MTL DMC to v2.12 * i915: Update ADLP DMC to v2.19 * mediatek: Update mt8192/mt8195 SCP firmware to support MM21 and MT21 - Update topics list - Drop the manual revert of 8852b firmware file, as it's merged into the upstream ++++ kernel-kvmsmall: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-obs-build: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-obs-qa: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-rt_debug: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-syms: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-syms-azure: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-syms-rt: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ kernel-zfcpdump: - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_write-a.patch. - commit 37a8307 - Rename patches.suse/locking-rwsem-Disable-preemption-in-all-down_read-an.patch. - commit f080340 - Refresh patches.suse/locking-rwsem-Prevent-non-first-waiter-from-spinning.patch. - commit af52be6 - Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681) linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly, they dropped *-71.ucode, hence the workaround leads to the firmware load failure. Drop the old workaround now. - commit dc4368f - net/sched: tcindex: update imperfect hash filters respecting rcu (CVE-2023-1281 bsc#1209634). - commit aced962 ++++ openssl-1_0_0: - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch ++++ openssl-1_1: - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch ++++ openssl-3: - Security Fix: [CVE-2023-0464, bsc#1209624] * Excessive Resource Usage Verifying X.509 Policy Constraints * Add openssl-CVE-2023-0464.patch ++++ openvswitch3: - Added versioning changes for OVN and LDFLAGS to fix compilation error ++++ qt5platform-plugins: - Fix build with Qt 5.15.8+kde183 ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#920 - propagate failure of snapper installation-helper (bsc#1089823) - cleanup - 4.5.87 ++++ podman: - Update to version 4.4.3: * Bump to v4.4.3 * Release notes for v4.4.3 * compat: /auth: parse server address correctly * vendor github.com/containers/common@v0.51.1 * pkginstaller: bump Qemu to version 7.2.0 * podman machine: Adjust Chrony makestep config * [v4.4] fix --health-on-failure=restart in transient unit * podman logs passthrough driver support --cgroups=split * journald logs: simplify entry parsing * podman logs: read journald with passthrough * journald: remove initializeJournal() * netavark: only use aardvark ip as nameserver * compat API: network create return 409 for duplicate * fix "podman logs --since --follow" flake * system service --log-level=trace: support hijack * podman-mac-helper: exit 1 on error * bump golang.org/x/net to v0.8.0 * Fix package restore * Quadlet - use the default runtime * Bump to v4.4.3-dev - Remove patch (merged upstream): * Quadlet-use-the-default-runtime.patch (https://github.com/containers/podman/pull/17601) ++++ python-Werkzeug: - Add 0001-limit-the-maximum-number-of-multipart-form-parts.patch (bsc#1208283, CVE-2023-25577) - specfile: * stop pytest collecting test_serving.py to avoid python2 import cryptography error (bsc#1208283 comment 10) ++++ radare2: - Fix a denial of service vulnerability via misparses symbol information in COFF files (boo#1209686, CVE-2023-1605). + Add radare2-CVE-2023-1605.patch ------------------------------------------------------------------ ------------------ 2023-3-23 - Mar 23 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Update gcc13-fix.patch with few fixes required for aarch64, borrowed from Fedora's gcc13 patch ++++ chromium: - Update gcc13-fix.patch with few fixes required for aarch64, borrowed from Fedora's gcc13 patch ++++ kernel-64kb: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-azure: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-default: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-rt: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ drbd-utils: - bsc#1208922: fails to replace directory /lib/drbd with symlink * modify drbd-utils.spec to manipulate the symlink in %postun and %posttrans script ++++ dtb-aarch64: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ grafana: - Update to version 8.5.22: * Fix XSS in Graphite functions tooltip (bsc#1209645, CVE-2023-1410) ++++ grub2: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) * grub2-btrfs-05-grub2-mkconfig.patch ++++ junit: - Conditionalize the spec file so that junit can be built with both hamcrest 1.3 and 2.2 from the same sources ++++ kernel-debug: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-source: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-source-azure: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-source-rt: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-docs: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-kvmsmall: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-obs-build: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-obs-qa: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-rt_debug: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-syms: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-syms-azure: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-syms-rt: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ kernel-zfcpdump: - Update patches.suse/Revert-block-freeze-the-queue-earlier-in-del_gendisk-4c66.patch (git-fixes bsc#1208921). - commit b2c9582 ++++ s390-tools: - Allow activation of devices at boot via kernel command line for live installation media (jsc#PED-2975) * Added a Source dracut-zdev-live-20230321.tar * Updated the .spec file for the new Source - Amended read_value.c ++++ openvswitch3: - Added OVN version 23.03.0 as it is built together with OVS and as such from this same source package. * For a list of changes, check https://github.com/ovn-org/ovn/blob/v23.03.0/NEWS * Added Patch 0001-Run-ovn-as-openvswitch-openvswitch.patch ++++ lshw: - Update to version B.02.19.2+git.20230320 (bsc#1209531): * fix NVMe multipath detection * NVMe: fix logical name with native multipath ++++ parsec: - Update to 1.2.0-rc1 - Drop upstream patch: * 664.patch ++++ parsec-tool: - Update to 0.6.0-rc1: * Bump parsec-client * Allow to exclude algorithms for encryption/decryption tests * Add support for RSA OAEP into parsec-tool and parsec-cli-tests.sh * Fix clippy needless_borrow warnings * Update lib.rs to remove const_err - Add true to _service to apply security updates - Use cargo-packaging for all flavors - Enable cargo_audit ++++ sudo: - Fix CVE-2023-28486, sudo does not escape control characters in log messages, (CVE-2023-28486, bsc#1209362) * Add sudo-CVE-2023-28486.patch - Fix CVE-2023-28487, sudo does not escape control characters in sudoreplay output (CVE-2023-28487, bsc#1209361) ++++ tomcat: - Fixed CVEs: * CVE-2023-28708: tomcat: not including the secure attribute causes information disclosure (bsc#1209622) - Added patches: * tomcat-9.0.43-CVE-2023-28708.patch ++++ yast2-cluster: - bsc#1209602 bugs in yast2-cluster Write funcion - Remove sensless call to sysconfig.openais - Remove sensless sysconfig.openais agent - Enable csync2.socket - Add SCR.Write(PATH,nil) to save the configuration inmediately - Version 4.5.2 ++++ yast2-users: - Stop mangling the value of "Create as Btrfs Subvolume" for new users when clicking on "Edit -> Details" (bsc#1209377). - 4.5.4 - AutoYaST: Fix creation of home for system users (bsc#1202974). ------------------------------------------------------------------ ------------------ 2023-3-22 - Mar 22 2023 ------------------- ------------------------------------------------------------------ ++++ chromium: - Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE ++++ chromium: - Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE ++++ kernel-64kb: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-azure: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-default: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-rt: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - commit 455f384 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ cmark: - Added cmark-gfm-CVE-2023-22486.patch: Backport from upstream to fix quadratic complexity bug with repeated `![[]()`. (boo#1207674) ++++ dtb-aarch64: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-debug: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-source: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-source-azure: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-source-rt: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - commit 455f384 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-docs: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-kvmsmall: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-obs-build: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-obs-qa: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-rt_debug: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - commit 455f384 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-syms: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-syms-azure: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-syms-rt: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552). - commit 455f384 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ kernel-zfcpdump: - bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1209079). - bnxt_en: Fix mqprio and XDP ring checking logic (bsc#1209079). - bnxt: Do not read past the end of test names (bsc#1209079). - bnxt: make sure we return pages to the pool (bsc#1209079). - bnxt_en: Fix HDS and jumbo thresholds for RX packets (bsc#1209079). - bnxt_en: Fix first buffer size calculations for XDP multi-buffer (bsc#1209079). - bnxt_en: Fix XDP RX path (bsc#1209079). - bnxt_en: Simplify bnxt_xdp_buff_init() (bsc#1209079). - commit 776d314 - scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315). - scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315). - scsi: smartpqi: Initialize feature section info (bsc#1207315). - scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315). - scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315). - scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315). - scsi: smartpqi: Correct max LUN number (bsc#1207315). - scsi: smartpqi: Add new controller PCI IDs (bsc#1207315). - scsi: smartpqi: Convert to host_tagset (bsc#1207315). - commit b83f575 - netlink: prevent potential spectre v1 gadgets (bsc#1209547 CVE-2017-5753). - commit 82fdaab - NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes). - commit 14ee2c8 ++++ multipath-tools: - Update to version 0.9.4+71+suse.c648a77: * libmultipath: avoid grouping paths wrongly with "find_multipaths smart" (bsc#1209623) * fix multipath-tools build with liburcu 0.14.0 ++++ pacemaker: - libcrmcommon: allow crm_attribute to try OCF_RESOURCE_INSTANCE environment variable if -p is specified with an empty string (bsc#1209586) * bsc#1209586-0001-Fix-libcrmcommon-allow-crm_attribute-to-try-OCF_RESO.patch - libcrmcommon: avoid libqb assertion * 0001-Low-libcrmcommon-avoid-libqb-assertion.patch ++++ python-yarl: - Skip failing test after fix CVE-2023-24329 (bsc#1208471) the test test_url_parsing.TestScheme.test_not_a_scheme2 fails on all openSUSE/SLE Python interpreters. - Added: * fix_test_failure_after_cve_2023_24329.patch ++++ rp-pppoe: - Require iproute2 instead of net-tools ++++ xfce4-docklike-plugin: - Initial package version 0.4.1 * build: Use same automake init as other projects and bump autoconf * Update copyright year and fix bug report address * build: Use XDT_FEATURE_DEBUG * basename() called but not included * Add option to change behavior of middle mouse button (Closes #32) * build: Keep /usr/local as default prefix * build: Fix autotools warnings * build: Fix intltool lock file problem during make distcheck * build: Bump GLib minimum required to 2.58 * Anchor group menu to center of app icon * Add option to change inactive indicator style * List window previews horizontally if panel is horizontal * Add option to get the indicator color automatically from the Gtk theme foreground color * Startup notification support Closes #13 Additionally, correctly release memory after launching. * Reorder AppInfos.cpp for clarity * Skip loadDesktopEntry() for files not ending in .desktop * Pass std::string by const reference to avoid unnecessary copy * Speed up ftw() by increasing handle limit * Added Ciliora and Circles indicator styles * Fix reordering (ctrl+dragging) icons to the right * Fix size_t being truncated into uint and comparing unequal to npos * Fix .desktop file StartupWMClass values being ignored * Update TODO * Fix warnings/crashes from timeouts In many cases the timeout's stop method was being called more than once raising GLib warnings. * Don't clear this list * Delete unused declarations * Improve PANEL_DEBUG macro * Improve debugging messages * Drop the inotify dependency GLib provides a GAppInfoMonitor object that allows us to detect desktop file changes. * Use the default theme hover effect The previous effect can still be achieved with CSS: * Update the README Better debugging instructions and long desctiption. * Cleanup: remove uneccessary casts to GtkWidget* * Remove highlight on active group Related #14 It can be restored by using css or a future option. * Add a "window_count" class to labels Related #9 * Translation Updates ++++ xorg-x11-server: - U_xserver-composite-Fix-use-after-free-of-the-COW.patch * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866, bsc#1209543) ++++ xwayland: - U_xserver-composite-Fix-use-after-free-of-the-COW.patch * overlay window use-after-free (CVE-2023-1393, ZDI-CAN-19866, bsc#1209543) ------------------------------------------------------------------ ------------------ 2023-3-21 - Mar 21 2023 ------------------- ------------------------------------------------------------------ ++++ apache2-mod_php7: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ onednn: - Update to 3.0.1: * Changes: https://github.com/oneapi-src/oneDNN/releases/tag/v3.0.1 - Skipped 3.0: * Changes: https://github.com/oneapi-src/oneDNN/releases/tag/v3.0 - Add patch to fix build with GCC13: * onednn-fix-gcc13.patch - Disable Arm Compute library support until fixed upstream https://github.com/oneapi-src/oneDNN/issues/1599 - Drop upstream patches: * 1428.patch * fa93750.patch ++++ kernel-64kb: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-azure: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-default: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-rt: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ dtb-aarch64: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ gstreamer-plugins-good: - Conflict with gstreamer-plugins-ugly < 1.22.0 to ensure we don't have conflicts with gstreamer-plugins-ugly 1.20.1 since libgstxingmux.so was moved from -ugly to -good (boo#1209541) ++++ kernel-debug: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-source: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-source-azure: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-source-rt: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-docs: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-firmware: - Revert pssufix change that caused the package renaming and broke dependencies from other packages ++++ kernel-kvmsmall: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-obs-build: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-obs-qa: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-rt_debug: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-syms: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-syms-azure: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-syms-rt: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kernel-zfcpdump: - ppc64le: HWPOISON_INJECT=m (bsc#1209572). - commit 3d2007b ++++ kubernetes1.24: - Update to version 1.24.12: * Release commit for Kubernetes v1.24.12 * One lock among PodNominator and SchedulingQueue * releng/go: Update images, dependencies and version to Go 1.19.7 * Fix for windows kube-proxy: 'externalTrafficPolicy: Local' results in no clusterIP entry in windows node. * Re-enable label selector * Add integration test for diff --prune --selector * Use label selector for filtering out resources when pruning. Matches same behavior as for kubectl apply * scheduler/framework/plugins/volumebinding: fix inaccurate log for when a volume is bound to a claim * Remove check for CSI driver running on node for CSI migration attach operations * Simplify construction of /metrics request * Move CSI json file saving to SetUpAt() * Fix for issue with Loadbalancer policy creation for IPV6 endpoints in Dualstack mode. * Invoke gimme from kube::golang::verify_go_version * Defer builds to test-cmd and test-integration targets * Carefully compute request path for metrics ++++ pmix: - Move the requirement for pmix-runtime-config to libpmix2 and make it version-independent (bsc#1209473). ++++ zstd: - Fix CVE-2022-4899, bsc#1209533 * Fix buffer underflow when dir1 == "" * Disallow empty string as an argument for --output-dir-flat="" and --output-dir-mirror="". - Added patches: * Disallow-empty-output-directory.patch * Fix-buffer-underflow-for-null-dir1.patch ++++ mksusecd: - merge gh#openSUSE/mksusecd#65 - create efi boot image, if missing - support grub hybrid boot code - update doc - show missing s390x file name correctly - adjust boot info table checksum in grub - better warning of insufficient file permissions - support Live media (jsc#PED-2975) - 2.10 ++++ pacemaker: - Revert "Fix: libpacemaker: ensure any pending recurring monitor gets updated if it fails" (bsc#1206263) * Drop obsolete bsc#1206263-0004-Fix-libpacemaker-ensure-any-pending-recurring-monito.patch - cts-regression: reflect any test failures again with the return code * 0001-Test-cts-regression-reflect-any-test-failures-again-.patch - tool: update crm_mon synopsis (bsc#1208868) * bsc#1208868-0001-Fix-tool-update-crm_mon-synopsis.patch ++++ php7: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ php7-embed: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ php7-fastcgi: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ php7-fpm: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ php7-test: - security update - added patches fix CVE-2022-4900 [bsc#1209537], potential buffer overflow via PHP_CLI_SERVER_WORKERS environment variable + php7-CVE-2022-4900.patch ++++ virtualbox: - File "fixes_for_kernel_6.3.patch" is updated for more API changes File "fix_7.0.6_locking_problems.patch" is added. Fixes boo#1209529. Larry Len Rainey and I have worked on this bug for some time. It only happened on systems with large numbers of processors and many virtual machines. We suspected a locking problem, but the thought of auditing the entire code was daunting until it was discovered that there was no problem if the host ran VB 6.1.40. It did not matter what version the guests were running. That essentially eliminated every code part except for vboxdrv.ko. That made the audit tractable. There were two files and a total of 8 places where the locking was suspect. When those were changed, the lockups while using 7.0.6 host code were no longer observed. The lockups were infrequent, thus it is impossible to say that we have fixed everything, but the frequency is clearly diminished. ++++ shim: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737) ++++ virtualbox-kmp: - File "fixes_for_kernel_6.3.patch" is updated for more API changes File "fix_7.0.6_locking_problems.patch" is added. Fixes boo#1209529. Larry Len Rainey and I have worked on this bug for some time. It only happened on systems with large numbers of processors and many virtual machines. We suspected a locking problem, but the thought of auditing the entire code was daunting until it was discovered that there was no problem if the host ran VB 6.1.40. It did not matter what version the guests were running. That essentially eliminated every code part except for vboxdrv.ko. That made the audit tractable. There were two files and a total of 8 places where the locking was suspect. When those were changed, the lockups while using 7.0.6 host code were no longer observed. The lockups were infrequent, thus it is impossible to say that we have fixed everything, but the frequency is clearly diminished. ++++ xfce4-clipman-plugin: - Update to version 1.6.3 * Update copyright year and bug report address * history: Fix inactive copy button (Fixes #54) * Shorten the selection text in menu * Move text shorten code to common function * build: Fix autotools warnings * Allow to clear history when only selection is visible * Fix blurry images in plugin menu when UI scale > 1 * Fix link in README * Remove ENABLE_NLS ifdefs * Update `.gitignore` * Add primary clipboard persistence * [PATCH] build: Fix intltool lock file problem during make distcheck * Fix text preview * Replace `g_malloc0()` with safer alternative `g_new0()` * Use `filename` before freeing it * Fix invalid "Show full history..." menu item behavior (#29) * Fix GLib macro expansion compiler warnings * Update copyright year * Check if already running before adding as panel plugin * Do not try to register application twice * Correctly handle a timeout source life cycle within a function * Fix Gtk-CRITICAL when showing main menu * Require glib 2.60 * Translation Updates ------------------------------------------------------------------ ------------------ 2023-3-20 - Mar 20 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 102.9 * fixed: Notification about a sender's changed OpenPGP key was not immediately visible (bmo#1814003) * fixed: TLS Certificate Override dialog did not appear when retrieving messages via IMAP using "Get Messages" context menu (bmo#1816596) * fixed: Spellcheck dictionaries were missing from localized Thunderbird builds that should have included them (bmo#1818257) * fixed: Tooltips for "Show/Hide" calendar toggle did not display (bmo#1809557) * fixed: Various security fixes MFSA 2023-11 (bsc#1209173) * CVE-2023-25751 (bmo#1814899) Incorrect code generation during JIT compilation * CVE-2023-28164 (bmo#1809122) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28162 (bmo#1811327) Invalid downcast in Worklets * CVE-2023-25752 (bmo#1811627) Potential out-of-bounds when accessing throttled streams * CVE-2023-28163 (bmo#1817768) Windows Save As dialog resolved environment variables * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674) Memory safety bugs fixed in Thunderbird 102.9 ++++ chromium: - Add gcc13-fix.patch in order to support GCC 13. ++++ chromium: - Add gcc13-fix.patch in order to support GCC 13. ++++ flatpak: - Update to version 1.14.4 (bsc#1209410, bsc#1209411): + Security fixes: - Escape special characters when displaying permissions and metadata, preventing malicious apps from manipulating the appearance of the permissions list using crafted metadata (CVE-2023-28101). - If a Flatpak app is run on a Linux virtual console (tty1, tty2, etc.), don't allow copy/paste via the TIOCLINUX ioctl (CVE-2023-28100). Note that this is specific to virtual consoles: Flatpak is not vulnerable to this if run from a graphical terminal emulator such as xterm, gnome-terminal or Konsole. + Other bug fixes: - Translation update: pl - Changes from version 1.14.3: + Bug fixes: - When splitting an upgrade into two steps (download without installing, and then upgrade without allowing further downloads) like GNOME Software does, if an app is marked EOL and superseded by a replacement, don't remove the superseded app in the first step, which would result in the replacement incorrectly not being installed - Fix a crash when --socket=gpg-agent is used - Fix a crash when listing apps if one of them is broken or misconfigured - If an app has invalid syntax in its overrides or metadata, mention the filename in the error message - Unset $GDK_BACKEND for apps, ensuring GTK apps with - -socket=fallback-x11 can work - Never try to export a parent of reserved directories as a - -filesystem, for example /run, which would prevent the app from starting - Never try to export a --filesystem below /run/flatpak or /run/host, which could similarly prevent the app from starting - The above change also fixes apps not starting if a - -filesystem is a symlink to the root directory - Show a warning when the --filesystem exists but cannot be shared with the sandbox - Changes from version 1.14.2: + Bug fixes: - Display the intended messages for `flatpak repair` - Exporting an app to an existing repository on a CIFS filesystem now works as intended - Unset $GIO_EXTRA_MODULES for apps, avoiding misbehaviour in some GLib apps when set to a path on the host - Unset $XKB_CONFIG_ROOT for apps, avoiding crashes in GTK and Qt apps under Wayland when this variable is set to a path not available in the sandbox - Unset $KRB5CCNAME for apps - When using the fish shell, avoid duplicate XDG_DATA_DIRS entries if the profile script is sourced more than once + Internal changes: - The INFO log level is now treated the same as the DEBUG log level by `flatpak -v`, to make backports from 1.15.x simpler ++++ kchmviewer: - Add kchmviewer-adding-support-for-old-single-pass-gcc-linker.patch, fixes building for openSUSE Leap ++++ kernel-firmware: - Revert the broken rtw89/rtw8852b_fw.bin firmware temporarily (bsc#1209449) ++++ pmix: - The devel package must require the actual library libpmix2. ++++ rubygem-rack: - security update - added patches fix CVE-2023-27539 [bsc#1209503], denial of service in header parsing + rubygem-rack-CVE-2023-27539.patch ++++ yast2-trans: - Update to version 84.87.20230318.5548fe53da: * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * Translated using Weblate (Galician) * New POT for text domain 'storage'. * New POT for text domain 'installation'. ------------------------------------------------------------------ ------------------ 2023-3-19 - Mar 19 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-03-20 (bsc#1084929) ++++ hdf5: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-mpich-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-mvapich2-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-openmpi2-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-openmpi3-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5_1_10_8-gnu-openmpi4-hpc: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5-mvapich2: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5-openmpi2: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5-openmpi3: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ hdf5-openmpi4: - Remove timestamp/buildhost/kernel version from libhdf5.settings (boo#1209548). ++++ lmdb: - update to 0.9.30: * LMDB page_split: key threshold depends on page size * avoid gcc optimization bug on sparc64 linux * - Mark infrequently used functions as cold * clear C_EOF on cursor with MDB_FIRST_DUP * Use sys/cachectl.h rather than asm/cachectl.h on mips ++++ ugrep: - update to 3.11.0: * Update --format output when used with option -o to also enable option -u to show all matches automatically; * improve --json, --xml, --csv output when used with option -o * update option -o output with headings (when applicable) for every match like GNU grep * update options --format and --replace field %m to output the number of matches sequentially * new --format and --replace field %M outputs number of matching lines ++++ xfce4-notes-plugin: - Update to version 1.10.0 * Add copyright notice to configure.ac * Change maintainer * Minor fixes to README * Fix compilation warnings * Fix double g_object_unref() on removing last note * Fix double call to gtk_main_quit() * Change default background color * build: Silence compiler warnings for generated C code * Update `.gitignore` * Switch tabs on mouse wheel with no accelerators pressed * Add ability to switch tabs with mouse scroll wheel * Unmask scroll wheel events for window title * Fix background color for panel plugin button * Fix up intltool leaving .intltool-merge-cache.lock file behind * Update COPYING * Make note text darker and easier to see * Translation Updates - Remove _service file ++++ xfce4-screensaver: - Update to version 4.18.0 * Add copyright notice to configure.ac * Make missing GNOME Keyring PAM module warning quiet (Fixes #46) * build: Fix --disable-locking (Fixes #83) * Remove duplicated lines in README (Fixes #109) * savers: Fix critical warnings on exit * savers: Fix critical warnings from GSThemeWindow on "realize" * Do not redirect stderr for our own commands * Round the user picture on lock dialog. * build: Do not warn if PAM prefix is correct * Improve lightdm detection (Fixes #39) * build: Fix -Wunused-value compiler warning * build: Fix -Wdeclaration-after-statement compiler warning * build: Fix -Wsign-compare compiler warning * build: Use XDT_FEATURE_DEBUG * Fix use-after-free crash in xfce4-screensaver-dialog * Fix D-Bus sleep inhibit when screen locker is disabled * Complete previous commit * Fix Xfconf memory management * build: Set GLib macros via XDT_CHECK_PACKAGE * autogen.sh: Do not `mkdir m4` * Fix crash when XDG_PICTURES_DIR is not set (Fixes #86) * Fix build warning from Clang * --with-password-helper expects full pathname of password helper * Add missing zeroing of timeout_id in dialog_timed_out() timer handler * Fix wrong signal name for GtkSpinButton * Remove ENABLE_NLS ifdefs and use xfce_textdomain() * build: Fix intltool lock file problem during make distcheck * Fix compilation warnings * autoconf: Some updates * Translation Updates - Remove _service file ------------------------------------------------------------------ ------------------ 2023-3-18 - Mar 18 2023 ------------------- ------------------------------------------------------------------ ++++ felix-osgi-compendium: - Fix lack of variable expansion in dependencies that created unresolvable require. ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to update session->lastOpWasFIPS before destroying the key after derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE, CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases. - Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some excess code. ++++ ugrep: - update to 3.10.1: * Fix a performace issue with specific regex patterns when used with case-insensitive pattern matching ------------------------------------------------------------------ ------------------ 2023-3-17 - Mar 17 2023 ------------------- ------------------------------------------------------------------ ++++ aardvark-dns: - Fix libexecdir issue on Leap and SLE ++++ aardvark-dns: - Fix libexecdir issue on Leap and SLE ++++ antlr3-bootstrap: - No need to use enforcer plugin in controlled environment ++++ antlr3-java: - No need to use enforcer plugin in controlled environment ++++ antlr3: - No need to use enforcer plugin in controlled environment ++++ highway: - Update to release 1.0.4 * Add PPC8..10, SSE2, AVX3_ZEN4, NEON_WITHOUT_AES targets * Add Expand, LoadExpand, integer AbsDiff, SumsOf8AbsDiff * Improved Half/Twice support, codegen for Shift*Same * Faster KV128 sorting * Update RISC-V V intrinsics for 1.0-draft - Remove arm-disable-runtime-dispatch.patch (appears merged) ++++ pmix: - removed library plugin for slurm as a fix was applied there, (bsc#1209260) ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#919 - always delegate used_features from Action to Device - 4.5.86 ++++ suseconnect-ng: - Update to version 1.1.0~git0.e3c41e60892e: * Bump to v1.1.0 ++++ polkit-default-privs: - Update to version 13.2+20230317.d2bceab: * backport of kinfocenter5 (bsc#1209378) ++++ salt: - Require python3-jmespath runtime dependency (bsc#1209233) - Fix problem with detecting PTF packages (bsc#1208691) - Fixes pkg.version_cmp on openEuler systems and a few other OS flavors - Make pkg.remove function from zypperpkg module to handle also PTF packages - Added: * 3005.1-implement-zypper-removeptf-573.patch * skip-package-names-without-colon-bsc-1208691-578.patch * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch ++++ python-tesserocr: - Update to 2.6.0 * _pix_to_image now works with binary images gh#sirfz/tesserocr#274 * SetImage with alpha channels support gh#sirfz/tesserocr#280 * Leptonica 1.83.0 support gh#sirfz/tesserocr#306 * Pointsize should be returned even if fontname doesn't exist gh#sirfz/tesserocr#308 * Added Python 3.10, 3.11 setup classifiers - Drop 1441bec703cf68161acce5e85907ddd71c47fdc3.patch ++++ telegram-desktop: - compiler_upgrade is also needed on Leap 15.5 ++++ xstream: - Upgrade to 1.4.20 * Security fixes + This maintenance release addresses the security vulnerabilities CVE-2022-40151 (bsc#1203520) and CVE-2022-41966 (bsc#1206729), causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types. * Major changes + #308: Add converter for AtomicBoolean, AtomicInteger, AtomicLong, and AtomicReference of package java.util.concurrent.atomic. + #293: Add converter for Optional, OptionalDouble, OptionalInt, and OptionalLong of package java.util. * Minor changes + #287: Close stream opened from provided URL. + #284: Fix disabling check against hash code attack with XStream.setCollectionUpdateLimit(0). * Stream compatibility + The atomic types with new converters of package java.util.concurrent.atomic, that have been written with previous versions of XStream, can still be deserialized. + The Optional types with new converters of package java.util, that have been written with previous versions of XStream, can still be deserialized. + The WildcardTypePermission allows by default no longer anonymous class types. * API changes + Added c.t.x.converters.extended.AtomicBooleanConverter. + Added c.t.x.converters.extended.AtomicIntegerConverter. + Added c.t.x.converters.extended.AtomicLongConverter. + Added c.t.x.converters.extended.AtomicReferenceConverter. + Added c.t.x.converters.extended.OptionalConverter. + Added c.t.x.converters.extended.OptionalDoubleConverter. + Added c.t.x.converters.extended.OptionalIntConverter. + Added c.t.x.converters.extended.OptionalLongConverter. + Added c.t.x.security.WildcardTypePermission .WildcardTypePermission(boolean,String[]). ------------------------------------------------------------------ ------------------ 2023-3-16 - Mar 16 2023 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches fix CVE-2023-1289 [bsc#1209141], segmentation fault and possible DoS via specially crafted SVG + ImageMagick-CVE-2023-1289.patch ++++ breeze: - Add patches to make the window outline configurable (kde#465948): * 0001-Outline-intensity-setting.patch * 0002-Undo-some-string-changes-from-the-preceding-commit.patch ++++ kernel-64kb: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-azure: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-default: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-rt: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ dtb-aarch64: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ fence-agents: - Update to version 4.12.1+git.1677142927.bf55c675: Include IBM Cloud VPC fence agent (jsc#PED-3626) * fence_scsi: fix registration handling if ISID conflicts ISID (Initiator Session ID) belonging to I_T Nexus changes for RHEL based on the session ID. This means that the connection to the device can be set up with different ISID on reconnects. * fence_amt/fence_ipmilan/fence_ironic: use shlex instead of pipes when available, as pipes is deprecated and will be removed in Python 3.13 * fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout (20s) to remove tmp dirs on fail * fencing: add plug_separator to default DEPENDENCY_OPT * fence_virt: fix man page spelling (#522) * fence_scsi: skip key generation during validate-all action * [virt] fix clang build * [virt] fix cpg plugin build * [virt] update man page to cover all serial listener configs * [virt] update man page for serial listener in serial mode * [virt] fix serial debug output * [virt] add debug print for static map check * [virt] Clarify usage of ip= for vsock listener * [virt] fix tcp plugin to properly pass info to acl check * [virt] drop last qmf bits (rhel6 era) * [virt] allow groups to only specify vm_name without UUID * [virtd] add support for named groups * fence_virtd: add info about using multiple uuid/ip entries for groups * fence_wti: increase login timeout to avoid random timeouts * fence_virtd: set secure file permissions for fence_virtd.conf and key file if they are not mode 600 * fencing: add plug_separator parameter to be able to specify one that isnt part of the plug name(s) * build: dont rm PKG_CHECK_VAR.m4 when running maintainer-clean * fence_vmware_soap: set default login timeout less than Pacemakers default timeout to remove tmp dirs * fence_virtd: add link and non-user socket example to man page * fence_ibm_powervs: improve defaults based on testing * fence_lpar: only output additional error output on DEBUG level * fence_virt: add note that reboot-action doesnt power on nodes that are powered off * fencing: source_env(): dont process empty lines * fence_ecloud: new fence agent * fence_sbd: improve error handling * configure: check for google-auth instead of deprecated oauth2client * fence_ibm_vpc: add token cache support * build: add FENCETMPDIR for state files * build: make xml-check: ignore detected paths in *_file parameters not matching saved metadata * fence_gce: add httplib2 to try/except: pass * configure/spec: cleanup and fixes * fence_gce: Add user agent to API requests (#491) * fence_ibm_powervs: add support for proxy, private API servers and get token via API key (#490) * fence_ibm_vpc: add proxy support * fence_zvmip: show unable to connect error instead of full stacktrace, e.g. when not using --ssl for SSL devices * Mid: fence_scsi,fence_mpath: Add suppress-errors option. (#484) * fence_gce: Make zone optional for get_nodes_list (#487) * fence_apc/fence_ilo_moonshot: add missing "import logging" * fence_gce: inform that SSLError might be caused by old versions of httplib2 * fence_ibm_vpc: remove unused instance parameter and make limit optional * all agents: unify ssl parameters to avoid having to use --ssl when using --ssl-secure/--ssl-insecure for some agents * fence_apc.py compatibility for Firmware major release 7 workaround #475 * fence_lpar: fix missing import logging, use fail_usage * fence_raritan: Also allow pure port number, not only system1/outletX string (#473) * fence_cdu: add 8i support (#471) * fence_zvmip: add --disable-ssl * fencing: add ability to set bool parameters to 0 or false * Fix typo in fence_virtd.service * fence_gce: Add timeouts and failure options (#458) * fence_zvm: deprecate agent * fence_openstack: fix issues with new clouds.yaml/openrc parameters - hardcoded clouds.yaml paths to work like the openstack cli client (used by the resource agents) * fence_openstack: add support for reading config from clouds.yaml and openrc * fencing: add source_env() * fence_kubevirt: take default namespace from context * build: fix parallel build of lib/ * fence_openstack: relax ssl cacert default * - spec: dont use commas in license * fence_lpar: Support comanaged LPARs * fence_ibmz: add option --load-on-activate * fence_openstack: add --ssl-insecure * spec: fix python3-suds dependency having changed name on opensuse 16+ * fencing: encode instead of failing for chinese or other non-utf8 character sets * fence_aliyun: Optimize log output (#449) * fence_zvmip: use ssl by default * fence_zvmip: add ssl/tls support * configure: fix --with-agents to not match *virt in regex * fence_vmware_soap: Use --login-timeout option (#447) * fence_kubevirt: set default power-timeout to 40s * fence_kubevirt: Fix kubevirt VM status * fence_kdump: fix typo * fence_raritan_px3: new fence agent (#425) * fence_amt_ws: fix --boot-option (choices are uppercased while getting parsed) * fence_gce: add plugzonemap parameter * fence_gce: Adds existing operation checks and multiple plug support (#400) * azure_fence: fix support for sovereign clouds and MSI for new versions of azure libraries (#439) * fence_cyberpower_ssh: new fence agent (#437) * fence_amt_ws: fix "or" causing dead code * fence_kubevirt: make apiversion a parameter * fence_ibm_vpc/fence_ibm_powervs: new fence agents * fence_kdump: properly support -v[X] and -vvv (and combinations) * fence_mpath/fence_scsi: use store path detected by configure * fence_kubevirt: add --ssl-insecure parameter * fence_kdump: accept message from multiple addresses (useful for RRP clusters) (#374) * fence_pve: Replace `nodename` with `pmx-node` in fence_pve.py (matching original intent) (#424) * spec: add dependency to new split packages for Fedora 35+ * log exceptions to be more detailed when failing * Mid: fence_sbd: A warning message is output when disable-timeout is enabled. * spec: export PYTHON to avoid configure ignoring it * build: expose delay-check to be able to skip the other tests when debugging * fence-kubevirt: Add fence-kubevirt declaration for rpm creation * fence_kubevirt: Fix accept header param to openshift client - Don’t use python-oauth2client, which is deprecated (gh#ClusterLabs/fence-agents#495). - Remove python2 stuff from spec file - remove patches included by update: * 0001-fence_gce-Add-timeouts-and-failure-options-458.patch * 0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch * 0001-fix_support_for_sovereign_clouds_and_MSI-439.patch ++++ gstreamer-editing-services: - Replace the dependency in the .pc file from python to python3 ++++ hidviz: - Update to version 0.2 * fixed build with cmake 3.17 * imported libhidx directly into the sources (fixes a lot of compilation issues) * updated to QT6 * added a new icon - Drop hidviz-moc_policy.patch and hidviz-gcc11.patch (no longer necessary) ++++ kalarm: - Add %ldconfig_scriptlets macro ++++ kdevelop5-plugin-python3: - Add patch that fixes build with python < 3.9 as in SLE/Backports: * fix-for-python3.6.patch ++++ kernel-debug: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-source: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-source-azure: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-source-rt: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-docs: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-kvmsmall: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-obs-build: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-obs-qa: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-rt_debug: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-syms: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-syms-azure: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-syms-rt: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kernel-zfcpdump: - Update references in patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch (git-fixes bsc#1209291 CVE-2023-28328). - commit eeabf0f ++++ kubevirt: - Use recent golang compiler (bsc#1208916) - Limit operator secrets permission (CVE-2023-26484, bsc#1209359) 0003-Vulnerability-fix-limit-operator-secrets-permission.patch ++++ kvantum-qt5: - Use qt6_build macros to fix build in SLE15 SP5 ++++ kvantum-qt6: - Use qt6_build macros to fix build in SLE15 SP5 ++++ libqt5-qtconnectivity: - Update to version 5.15.8+kde8: * SDP scanner: encode input URLs and escape XML-specific characters * sdpscanner: fix URL processing * sdpscanner: fix potential unwanted truncation for SDP_TEXT_STR{8,16,32} ++++ libqt5-qtbase: - Update to version 5.15.8+kde183: * Add nullptr guard in QStyleSheetStyle::drawPrimitive(PE_PanelLineEdit) * QAbstractItemView: don't access invalid indexes on copy-key * Apply CVE-2023-24607-qtbase-5.15.diff * QXcbConnection::getTimestamp: do not return stale timestamp * QToolButton: Elide text when constraints prevent from showing whole text * correctly set up ref counting in QThreadPool::tryStart(std::function) * Do not set Qt::ToolTip flag for QShapedPixmapWindow * Fix deletion order also for QImageReader/Writer::setDevice() * Fix deletion order in QImageReader/Writer destructors * QNetworkReply: Fix typos in the documentation * Doc: Fix typo in the online documentation template * Doc: Link to page documenting Qt trademarks in the copyright footer * [doc] Fix typo in QBuffer::setBuffer() description * qwindowsdrag: Fix typo in documentation * openglblacklists: Fix typo in description * qxcbscreen: Fix typo in documentation * Fix typos in SQL driver documentation * qxcbwindow.cpp: Fix sign-compare and another warnings * QToolButton: reimplement the fix for QTBUG-95255 * QSysInfo::prettyProductName(): Add macOS Ventura product name * QSysInfo::prettyProductName(): add missing macOS product names * xcb: correctly disconnect xsettings callbacks * ibus: add SetCursorLocationRelative in InputContext.xml ++++ libqt5-qtmultimedia: - Update to version 5.15.8+kde3: * Drop obsolete QtOpengl dependency * Pass explicit GL api when initializing GStreamer backend ++++ libqt5-qtwayland: - Update to version 5.15.8+kde63: * Client: Remove flip popup constraints * client: set_constraint_adjustment() for popups in xdg * client: Do not cast placeholder screens to QWaylandScreen * Client: Manage QMimeData lifecycle * client: Force a roundtrip when an XdgOutput is not ready yet * Client: Fix handling of Qt::BlankCursor ++++ slurm: - use libpmix.so.2 instead of libpmix.so to fix (bsc#1209260) this removes the need of pmix-pluginlib added: right-pmix-path.patch ++++ owncloud-client: - Make the package own the 1024x1024 icon dirs in SLE15 since they don't exist there. ++++ mobipocket: - Follow the shared library naming policy ++++ libqt5-qtimageformats: - Update to version 5.15.8+kde9: * TGA Plugin: Fix reading of CMapDepth * Implement support for file memory mapping for tiff reading * Explicitly include QVarLengthArray header ++++ mkvtoolnix: - Requires qt6-multimedia in Leap 15.5 ++++ musescore: - Update to 4.0.2: * Score corruption fixes - Multiple issues causing score corruption have been fixed - Part scores are now scanned for corruptions - There is now a more comprehensive system for alerting you when there are corruptions identified on your score (including a mechanism to help you avoid saving those corruptions) * Usability improvements - The Properties panel has been improved so it's possible to edit the visibility, colour and play settings of individual notes within chords - Toggling visibility of notes within chords now produces more predictable results - Images in frames can now be deleted - Parts can now be reset to their original layout - The UI is now easier to interact with when the user is holding the mouse unsteadily - The audio export process can now be cancelled - There's a new feature to save relevant diagnostic files (making it easier to get support from MuseScore developers) * Performance enhancements - Major improvements to how MuseScore handles with WASAPI (Benefits Windows users) * Bugs squashed and regressions repaired - Various crashes have been fixed (including numerous VST-related crashes) - Zoom controls in the status bar are easier to use and more intuitive - Various problems with the visual behaviour of the app on second monitors are now resolved - Text line spacing option has been reinstated in Properties - Some playback problems have been resolved, including when entering tablature notation, and when changing the tempo using the tempo slider - Multiple other minor bug fixes * A ton of engraving fixes and improvements - Multiple fixes to system-line objects - Several errors arising from setting notes to cue size are resolved - Fixes to the behaviour of system objects - Various fixes to the behaviour of stems - Voices now align correctly in 'full' tab staves - Sticking in percussion music no longer breaks slurs - Slurs now show correctly in parts when only some voices are displayed - Cross-page glissando lines have been finessed - Various collisions have been resolved (clefs and key signatures, accidentals and cross-staff beams) - Add musescore-4.0.2-return.patch: to make the compiler happy ++++ netavark: - Bump required rust version & fix libexecdir ++++ netavark: - Bump required rust version & fix libexecdir ++++ product-builder-plugin-SLE_15: - update to 1.0.13 * rerun generate_sbom for full media on the combined trees - update to 1.0.12 * handle full media like pool media (create the same empty repodata on medium 2 as on the others) (bsc#1209384) ++++ rpmlint: - backport of kinfocenter5 whitelisting for D-Bus (bsc#1209378) ------------------------------------------------------------------ ------------------ 2023-3-15 - Mar 15 2023 ------------------- ------------------------------------------------------------------ ++++ ansifilter: - Update to version 2.19: * Added stdin/stdio default stream hints in `--help` (gl#saalen/ansifilter#34). * Added shell completion scripts (gl#saalen/ansifilter#36). - Update ansifilter.keyring. ++++ dracut: - Update to version 055+suse.353.g5603b001: A series of changes for the NVMeoF boot with IPv6 (bsc#1209166): * fix(nvmf): move connect logic to initqueue script * fix(nvmf): don't assume prefix lenth 64 by default * fix(nvmf): prefix syntax for static iBFT IPv6 addresses * fix(network): IPv6: don't wait for RA for static IPv6 assignments * fix(network-legacy): always include af_packet * fix(network): don't assume prefix lenth 64 by default * fix(iscsi): prefix syntax for static iBFT IPv6 addresses ++++ kubernetes1.24: - Split individual completions into separate packages ++++ kvantum-qt5: - Fix a typo in kvantum-themes dep-requirement * Change kvanum-qt5 to kvantum-qt5 ++++ kvantum-qt6: - Fix a typo in kvantum-themes dep-requirement * Change kvanum-qt5 to kvantum-qt5 ++++ libgit2: - Verify ssh remote host keys (boo#1207364 CVE-2023-22742): 0001-ssh-verify-the-remote-s-host-key-against-known_hosts.patch 0002-tests-append-the-github.com-ssh-keys-so-we-have-acce.patch 0003-tests-move-online-clone-ssh_auth_methods-into-the-ss.patch 0004-ssh-look-for-a-key-in-known_hosts-to-set-the-key-typ.patch ++++ slurm: - slurm-plugins need to require pmix-pluginlib (bsc#1209260) ++++ openvswitch3: - Rename package python3-ovs to shift the old openvswitch version 2.14.2 to legacy module ++++ python3-core: - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#918 - allow trailing space when parsing btrfs version (bsc#1209252) - 4.5.85 ++++ parsec: - Add patch to fix build on Tumbleweed (update tss-esapi to 7.2.0): * 664.patch - Add true to _service to apply security updates - Use cargo-packaging for all flavors - Enable cargo_audit ++++ pitivi: - pkgconfig(gst-validate-1.0) is only needed for test which that don't run ++++ python3: - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ++++ python-PyQt6-3D: - Do not require python 3.7 when 3.6 is good enough, which allows to build the package for Leap ++++ python-PyQt6-Charts: - Add patch to support python 3.6 in order to build for SLE/Leap: * support-python3.6.patch ++++ python-PyQt6-DataVisualization: - Add patch to support python 3.6 in order to build for SLE/Leap: * support-python3.6.patch ++++ python-PyQt6-NetworkAuth: - Add patch to support python 3.6 in order to build for SLE/Leap: * support-python3.6.patch ++++ python-PyQt6-WebEngine: - Add patch to support python 3.6 in order to build for SLE/Leap: * support-python3.6.patch ++++ python3-documentation: - Add bpo-44434-libgcc_s-for-pthread_cancel.patch which eliminates unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ------------------------------------------------------------------ ------------------ 2023-3-14 - Mar 14 2023 ------------------- ------------------------------------------------------------------ ++++ ComputeLibrary: - Update to 23.02: * Public major release * Documentation (API, changelogs, build guide, contribution guide, errata, etc.) available here: https://arm-software.github.io/ComputeLibrary/v23.02 ++++ apache2-mod_php7: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ apache2-mod_php8: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ bluedevil5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ breeze: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Setting height before adding margins * Calling expandSize in flat comboboxes too ++++ cargo-c: - add constraints to avoid out of disk space errors ++++ rust1.68: - Really disable test of issue-71519 on aarch64 ++++ kernel-64kb: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-azure: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-default: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-rt: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ discover: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * rpm-ostree/notifier: Setup a watcher to trigger reboot check * rpm-ostree/notifier: Fix update/reboot notification logic * ApplicationPage: Allow main app info column to grow with window * ApplicationPage: off-by-one in stackedLayout calc * ApplicationResouceButton: place icon side-by-side to the title * ApplicationResourceButton: attribute the left/right padding * ApplicationPage: drop the ternary operator for buttonWidth * flatpak: Use Downloading as the status for Flatpak transactions * pk: Finish porting away from runservices (kde#466742) * pk: Don't forget to finish streams (kde#466765) * Flatpak: Fix spacing in permissions view * fwupd: Mark the backend as invalid if fwupd_client_connect() fails - Drop patches, now upstream: * 0001-pk-Don-t-forget-to-finish-streams.patch ++++ drkonqi5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Add emoji picker to mappings ++++ dtb-aarch64: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ plasma5-workspace: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * klipper: remove duplicate items when loading from history (kde#466236) * kcms/region_language: set LC_PAPER, not LC_PAGE (kde#467269) * Screenpool: avoid uniqueConnection with lambda * kcms/fonts: Enable change notifications for base fonts settings (forceFontDPI) * sddm-theme: Transfer the focus to the text field as we show the OSK (kde#466969) * appstreamtest: fix test failure * wallpapers/image: improve efficiency of ImageFinder * klipper: Make action menu Frameless (kde#466406) * dataengines/mpris2: tolerate non-standards compliant players like mpris-proxy (kde#466288) * klipper: History test passes now * klipper: Insert items before remove (kde#466041) * sddm: Focus something useful when switching between alternative login screens ++++ golang-github-prometheus-node_exporter: - Remove node_exporter-1.5.0.tar.gz - Execute tar and recompress service modules at buildtime ++++ grub2-theme-breeze: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ breeze-gtk: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * gtk3, gtk4: apply searchbar styles to the box inside the revealer inside the searchbar * gtk3, gtk4: Make image-buttons have min-height * Remove margins between linked buttons ++++ kactivitymanagerd: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kcm_flatpak: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Too many changes to list here - Drop patches, now upstream: * 0001-Expose-FlatpakReferencesModel-to-QML.patch * 0002-Avoid-duplicating-connections-between-ref-and-its-re.patch * 0003-Port-from-NULL-to-nullptr.patch * 0004-Fix-GLib-memory-management-issue.patch ++++ kcm_sddm: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kde-cli-tools5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kde-gtk-config5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kernel-debug: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-source: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-source-azure: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-source-rt: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-docs: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-firmware: - Update to version 20230313 (git commit 5bc279fb161d): * iwlwifi: update core69 and core72 firmwares for So device * qat: update licence text * rtl_bt: Update RTL8822C BT USB firmware to 0x0CC6_D2E3 * rtl_bt: Update RTL8822C BT UART firmware to 0x05C6_D2E3 * WHENCE: remove duplicate File entries * WHENCE: remove trailing white space * linux-firmware: add fw for qat_4xxx (jsc#PED-3699) * Fix symlinks for Intel firmware * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * linux-firmware: update firmware for MT7921 WiFi device * iwlwifi: update core69 and core72 firmwares for Ty device * rtlwifi: Add firmware v16.0 for RTL8710BU aka RTL8188GU * brcm: Add nvram for the Lenovo Yoga Book X90F / X90L convertible * brcm: Fix Xiaomi Inc Mipad2 nvram/.txt file macaddr * brcm: Add nvram for the Advantech MICA-071 tablet * rtl_bt: Update RTL8852C BT USB firmware to 0xD7B8_FABF * rtl_bt: Add firmware and config files for RTL8821CS * rtw89: 8852b: update fw to v0.29.29.0 * rtw89: 8852b: update fw to v0.29.26.0 * liquidio: remove lio_23xx_vsw.bin * intel: avs: Add AudioDSP base firmware for CNL-based platforms * intel: avs: Add AudioDSP base firmware for APL-based platforms * intel: avs: Add AudioDSP base firmware for SKL-based platforms * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: WCN6750 hw1.0: update board-2.bin * ath11k: IPQ5018 hw1.0: add to WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1 * ath11k: IPQ5018 hw1.0: add board-2.bin * ath10k: QCA6174 hw3.0: update firmware-sdio-6.bin to version WLAN.RMH.4.4.1-00174 * ath10k: WCN3990 hw1.0: update board-2.bin * cnm: update chips&media wave521c firmware. * amdgpu: Update GC 11.0.1 firmware * intel: catpt: Add AudioDSP base firmware for BDW platforms - Update topics for catpt/avs - Update aliases - Update spec template - set psuffix to deduplicate src.rpms - spec-cleaner induced cleanups ++++ kernel-kvmsmall: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-obs-build: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-obs-qa: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-rt_debug: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-syms: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-syms-azure: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-syms-rt: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kernel-zfcpdump: - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - commit b7234d1 - s390/kexec: fix ipl report address for kdump (bsc#1207529). - commit a28d6d2 - rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601). - rds: rds_rm_zerocopy_callback() use list_first_entry() (CVE-2023-1078 bsc#1208601). - commit 590edab ++++ kgamma5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ khotkeys5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kinfocenter5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kmenuedit5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kpipewire: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Guard m_producer * stream: better fallback for BGR formats when downloading into a QImage * stream: Fix support of SPA_VIDEO_FORMAT_RGB * recording: Drop unnecessary conditional * recording: use "good" deadline rather than quality that is deprecated upstream * recording: Make bitrate depend on the stream size ++++ kscreen5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * kded/output: with duplicate edid hashes, use different global config files (kde#452614,kde#448599) ++++ kscreenlocker: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ ksshaskpass5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ libksysguard5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ ksystemstats5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kwayland-integration: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ kwin5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * colordevice: default the simple transformations to 1 * backends/drm: fail commits if nonexistent properties would be set * backends/drm: ignore opaque formats for the cursor plane * Forward keymap and modifier change to input method keyboard grab when changed. * inputmethod: Show the input method even if it was dismissed (kde#466969) * backends/drm: support CTM for simple color transformations (kde#455720) * xwayland: Prevent potential file descriptor leak * wayland: Prevent leaking --wayland-fd and --xwayland-fd to child processes * helper: Don't leak lock file to kwin_wayland * backends/wayland: Don't leak renderD128 fd * backends/wayland: Don't leak WaylandEventThread's pipe fds * Fix text-input-v1 compatibility with 111.0.5563.64-1 * input: Make sure input backends are initialised when the workspace is set up (kde#466721) * Tabbox: Fix grouping windows by application * scene: Use correct scale when computing world transform * wayland: Fix interactive resize of debug console * kscreenintegration: read global output data * workspace: move kscreen integration into separate files * screencast: Try harder to be compatible with the pipewire buffer format * screencasting: on memfd, skip the QImage step (kde#466655) * TabBox: Avoid unnecesary resets of the client model (kde#466660) * wayland: Cancel selections if set without focus * windowitem: properly handle sub-subsurfaces (kde#466747) * tabletmodemanager: properly export properties * Enable GLSL for Mali (Lima) / PinePhone devices ++++ kwrited5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ layer-shell-qt: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ libkscreen2: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * libdpms/wayland: Do not create dpms interfaces for placeholder QScreens (kde#466674) * dpms/xcb: Make sure we are setting it as unsupported when it is (kde#466181) * backends/wayland: Round passed scale ++++ libkdecoration2: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ pmix: - Create library plugin for Slurm: it contains the libpmix.so link which normally goes into the devel package - without the headers (bsc#1209260). ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#917 - extended error logging - 4.5.84 ++++ suseconnect-ng: - Update to version 1.0.0~git23.406b219ccc9e: * Added MemTotal detection for HwInfo * move 'ExcludeArch' out of the if block ++++ milou5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ oxygen5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ oxygen5-sounds: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ pacemaker: - libcrmcommon: Don't parse "-INFINITY" as a list of cmdline options (CLBZ#5509) * CLBZ#5509-0001-Fix-libcrmcommon-Don-t-parse-INFINITY-as-a-list-of-c.patch - tools: crm_shadow --commit now works with CIB_file * 0001-Fix-tools-crm_shadow-commit-now-works-with-CIB_file.patch - watchdog-fencing: correctly derive timeout with topology * 0003-Fix-watchdog-fencing-correctly-derive-timeout-with-t.patch * 0002-Refactor-watchdog-fencing-convenience-function-pcmk_.patch - watchdog-fencing: terminate dangling timer before watchdog-waiting * 0001-Fix-watchdog-fencing-terminate-dangling-timer-before.patch - libcrmcommon: Fix problems with pcmk__output_and_clear_error. * 0001-Low-libcrmcommon-Fix-problems-with-pcmk__output_and_.patch ++++ pam_kwallet: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ php7: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ php7-embed: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ php7-fastcgi: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ php7-fpm: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ php7-test: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v19.patch (refreshed) ++++ php8: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ php8-embed: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ php8-fastcgi: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ php8-fpm: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ php8-test: - fix potential buffer overflow [bsc#1208199] - modified patches % php-systzdata-v20.patch (refreshed) ++++ plasma-browser-integration: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma-nm5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Don't crash when importing VPN config with missing NetworkManager plugin (kde#465484) * [kcm] Show VPN import error in the UI ++++ plasma-vault: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-addons: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-bigscreen: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-openSUSE: - Update to 5.27.3 ++++ plasma5-desktop: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Partly revert "make sure screen numbers are consecutive" (kde#464873) ++++ plasma5-disks: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-firewall: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-integration: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Revert "extend kio with portal-based open-with implementation" (kde#460741) ++++ plasma5-mobile: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-nano: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-pa: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * kcm: Fix visuals when testing non-standard channel names * kcm: Fix missing id and implicit parameter signal handler (kde#466075) ++++ plasma5-sdk: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-systemmonitor: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-thunderbolt: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plasma5-welcome: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Set "ShouldShow=false" when quitting the app using amy method (kde#466475) ++++ plasma5-workspace-wallpapers: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ plymouth-theme-breeze: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ polkit-kde-agent-5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ powerdevil5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Suspend by default on AC profile * Use correct tablet mode function to determine mobile-ness ++++ python-PyQt6-sip: - Add patch to support Python 3.6 in order to build for SLE/Leap 15: * support-python3.6.patch ++++ qqc2-breeze-style: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ systemsettings5: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - No code changes since 5.27.2 ++++ xdg-desktop-portal-kde: - Update to 5.27.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.3 - Changes since 5.27.2: * Fix cursor and borders selectors in screenshot dialog ------------------------------------------------------------------ ------------------ 2023-3-13 - Mar 13 2023 ------------------- ------------------------------------------------------------------ ++++ aws-cli: - Update to version 1.27.89 + For detailed changes see https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst - Update Requires in spec file from setup.py ++++ rust1.68: - Re-add obsoletes on rust1.62 to prevent file conflicts. ++++ curl: - Security fixes: * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy Add curl-CVE-2023-27534.patch * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse Add curl-CVE-2023-27535.patch * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use Add curl-CVE-2023-27536.patch * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still Add curl-CVE-2023-27538.patch ++++ gource: - Update to 0.54: * Added experimental support for Wayland. - Add new build dependency on libboost_system-devel. ++++ grafana: - Update to version 8.5.21: * Apply attribute sanitation to GeomapPanel (bsc#1208821, CVE-2023-0507) * Avoid storing XSS in TraceView panel (bsc#1208819, CVE-2023-0594) * Login: Fix panic when UpsertUser is called without ReqContext ++++ s390-tools: - Applied a patch (bsc#1209196) * s390-tools-sles15sp5-lszcrypt-use-separate-index-for-inner-sub-device-loo.patch ++++ pam_kwallet: - Add patches for handling edge cases and hardening: * 0001-Verify-that-XDG_RUNTIME_DIR-is-usable.patch * 0002-Don-t-do-anything-if-the-password-is-empty.patch * 0003-Exit-early-if-the-target-user-is-root.patch * 0004-Don-t-call-pam_sm_open_session-within-pam_sm_authent.patch ++++ pdsh: - Fix slurm plugin: make sure slurm_init() is called before using the Slurm API. This has been the case since version 20.11 (bsc#1209216). Add-call-to-slurm_init-this-makes-sure-the-config-options-are-set.patch ++++ pgadmin4: - Add (rebased) patch from upstream to fix a vulnerability that allows a user of the product to change another user's settings or alter the database (bsc#1207464, CVE-2023-0241): * 0001-Ensure-that-the-authenticated-users-cant-access-each-other-directories.patch ++++ python-boto3: - Update to 1.26.89 * api-change:``ivschat``: [``botocore``] This release adds a new exception returned when calling AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when invalid updates are made in sequence to Logging Configurations. * api-change:``secretsmanager``: [``botocore``] The type definitions of SecretString and SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you pass in empty values. - from version 1.26.88 * api-change:``codeartifact``: [``botocore``] This release introduces the generic package format, a mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for publishing generic packages. * api-change:``connect``: [``botocore``] This release adds a new API, GetMetricDataV2, which returns metric data for Amazon Connect. * api-change:``evidently``: [``botocore``] Updated entity override documentation * api-change:``networkmanager``: [``botocore``] This update provides example usage for TransitGatewayRouteTableArn. * api-change:``quicksight``: [``botocore``] This release has two changes: add state persistence feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden collapsed row dimensions in PivotTableOptions. * api-change:``redshift-data``: [``botocore``] Added support for Redshift Serverless workgroup-arn wherever the WorkgroupName parameter is available. * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now allows SSM access to customer's model container by setting the "EnableSSMAccess" parameter for a ProductionVariant in CreateEndpointConfig API. * api-change:``servicediscovery``: [``botocore``] Updated all AWS Cloud Map APIs to provide consistent throttling exception (RequestLimitExceeded) * api-change:``sesv2``: [``botocore``] This release introduces a new recommendation in Virtual Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification (BIMI) DNS records for customer sending identities. - from version 1.26.87 * api-change:``athena``: [``botocore``] A new field SubstatementType is added to GetQueryExecution API, so customers have an error free way to detect the query type and interpret the result. * api-change:``dynamodb``: [``botocore``] Adds deletion protection support to DynamoDB tables. Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting is not replicated for Global Tables. * api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based instances. * api-change:``lakeformation``: [``botocore``] This release adds two new API support "GetDataCellsFiler" and "UpdateDataCellsFilter", and also updates the corresponding documentation. * api-change:``mediapackage-vod``: [``botocore``] This release provides the date and time VOD resources were created. * api-change:``mediapackage``: [``botocore``] This release provides the date and time live resources were created. * api-change:``route53resolver``: [``botocore``] Add dual-stack and IPv6 support for Route 53 Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule * api-change:``sagemaker``: [``botocore``] There needs to be a user identity to specify the SageMaker user who perform each action regarding the entity. However, these is a not a unified concept of user identity across SageMaker service that could be used today. - from version 1.26.86 * api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor Target Recommendation APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation calculation. * api-change:``location``: [``botocore``] Documentation update for the release of 3 additional map styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data Visualization Dark. - from version 1.26.85 * api-change:``account``: [``botocore``] AWS Account alternate contact email addresses can now have a length of 254 characters and contain the character "|". * api-change:``ivs``: [``botocore``] Updated text description in DeleteChannel, Stream, and StreamSummary. - from version 1.26.84 * api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB. * api-change:``ec2``: [``botocore``] This release adds support for a new boot mode for EC2 instances called 'UEFI Preferred'. * api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has improved handling for different input and output color space combinations. * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for Nielsen watermark timezones. * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports role access for these API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter. - from version 1.26.83 * api-change:``iot``: [``botocore``] A recurring maintenance window is an optional configuration used for rolling out the job document to all devices in the target group observing a predetermined start time, duration, and frequency that the maintenance window occurs. * api-change:``migrationhubstrategy``: [``botocore``] This release updates the File Import API to allow importing servers already discovered by customers with reduced pre-requisites. * api-change:``organizations``: [``botocore``] This release introduces a new reason code, ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API. * api-change:``pi``: [``botocore``] This release adds a new field PeriodAlignment to allow the customer specifying the returned timestamp of time periods to be either the start or end time. * api-change:``pipes``: [``botocore``] This release fixes some input parameter range and patterns. * api-change:``sagemaker``: [``botocore``] Add a new field "EndpointMetrics" in SageMaker Inference Recommender "ListInferenceRecommendationsJobSteps" API response. - from version 1.26.82 * api-change:``codecatalyst``: [``botocore``] Published Dev Environments StopDevEnvironmentSession API * api-change:``pricing``: [``botocore``] This release adds 2 new APIs - ListPriceLists which returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists from the generated file from ListPriceLists * api-change:``s3outposts``: [``botocore``] S3 on Outposts introduces a new API ListOutpostsWithS3, with this API you can list all your Outposts with S3 capacity. - from version 1.26.81 * enhancement:Documentation: Splits service documentation into multiple sub-pages for better organization and faster loading time. * enhancement:Documentation: [``botocore``] Splits service documentation into multiple sub-pages for better organization and faster loading time. * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports flywheels to help you train and manage new model versions for custom models. * api-change:``ec2``: [``botocore``] This release allows IMDS support to be set to v2-only on an existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default. * api-change:``kms``: [``botocore``] AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will end support for this wrapping algorithm by October 1, 2023. * api-change:``lightsail``: [``botocore``] This release adds Lightsail for Research feature support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount. * api-change:``managedblockchain``: [``botocore``] This release adds support for tagging to the accessor resource in Amazon Managed Blockchain * api-change:``omics``: [``botocore``] Minor model changes to accomodate batch imports feature - from version 1.26.80 * api-change:``devops-guru``: [``botocore``] This release adds the description field on ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies. * api-change:``drs``: [``botocore``] New fields were added to reflect availability zone data in source server and recovery instance description commands responses, as well as source server launch status. * api-change:``internetmonitor``: [``botocore``] CloudWatch Internet Monitor is a a new service within CloudWatch that will help application developers and network engineers continuously monitor internet performance metrics such as availability and performance between their AWS-hosted applications and end-users of these applications * api-change:``lambda``: [``botocore``] This release adds the ability to create ESMs with Document DB change streams as event source. For more information see https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html. * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support for HDR10 to SDR tone mapping, and animated GIF video input sources. * api-change:``timestream-write``: [``botocore``] This release adds the ability to ingest batched historical data or migrate data in bulk from S3 into Timestream using CSV files. - from version 1.26.79 * api-change:``connect``: [``botocore``] StartTaskContact API now supports linked task creation with a new optional RelatedContactId parameter * api-change:``connectcases``: [``botocore``] This release adds the ability to delete domains through the DeleteDomain API. For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html * api-change:``redshift``: [``botocore``] Documentation updates for Redshift API bringing it in line with IAM best practices. * api-change:``securityhub``: [``botocore``] New Security Hub APIs and updates to existing APIs that help you consolidate control findings and enable and disable controls across all supported standards * api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog - Update BuildRequires and Requires from setup.py ++++ python-botocore: - Update to 1.29.89 * api-change:``ivschat``: This release adds a new exception returned when calling AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when invalid updates are made in sequence to Logging Configurations. * api-change:``secretsmanager``: The type definitions of SecretString and SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you pass in empty values. - from version 1.29.88 * api-change:``codeartifact``: This release introduces the generic package format, a mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for publishing generic packages. * api-change:``connect``: This release adds a new API, GetMetricDataV2, which returns metric data for Amazon Connect. * api-change:``evidently``: Updated entity override documentation * api-change:``networkmanager``: This update provides example usage for TransitGatewayRouteTableArn. * api-change:``quicksight``: This release has two changes: add state persistence feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden collapsed row dimensions in PivotTableOptions. * api-change:``redshift-data``: Added support for Redshift Serverless workgroup-arn wherever the WorkgroupName parameter is available. * api-change:``sagemaker``: Amazon SageMaker Inference now allows SSM access to customer's model container by setting the "EnableSSMAccess" parameter for a ProductionVariant in CreateEndpointConfig API. * api-change:``servicediscovery``: Updated all AWS Cloud Map APIs to provide consistent throttling exception (RequestLimitExceeded) * api-change:``sesv2``: This release introduces a new recommendation in Virtual Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification (BIMI) DNS records for customer sending identities. - from version 1.29.87 * api-change:``athena``: A new field SubstatementType is added to GetQueryExecution API, so customers have an error free way to detect the query type and interpret the result. * api-change:``dynamodb``: Adds deletion protection support to DynamoDB tables. Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting is not replicated for Global Tables. * api-change:``ec2``: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based instances. * api-change:``lakeformation``: This release adds two new API support "GetDataCellsFiler" and "UpdateDataCellsFilter", and also updates the corresponding documentation. * api-change:``mediapackage-vod``: This release provides the date and time VOD resources were created. * api-change:``mediapackage``: This release provides the date and time live resources were created. * api-change:``route53resolver``: Add dual-stack and IPv6 support for Route 53 Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule * api-change:``sagemaker``: There needs to be a user identity to specify the SageMaker user who perform each action regarding the entity. However, these is a not a unified concept of user identity across SageMaker service that could be used today. - from version 1.29.86 * api-change:``dms``: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation calculation. * api-change:``location``: Documentation update for the release of 3 additional map styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data Visualization Dark. - from version 1.29.85 * api-change:``account``: AWS Account alternate contact email addresses can now have a length of 254 characters and contain the character "|". * api-change:``ivs``: Updated text description in DeleteChannel, Stream, and StreamSummary. - from version 1.29.84 * api-change:``dynamodb``: Documentation updates for DynamoDB. * api-change:``ec2``: This release adds support for a new boot mode for EC2 instances called 'UEFI Preferred'. * api-change:``macie2``: Documentation updates for Amazon Macie * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has improved handling for different input and output color space combinations. * api-change:``medialive``: AWS Elemental MediaLive adds support for Nielsen watermark timezones. * api-change:``transcribe``: Amazon Transcribe now supports role access for these API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter. - from version 1.29.83 * api-change:``iot``: A recurring maintenance window is an optional configuration used for rolling out the job document to all devices in the target group observing a predetermined start time, duration, and frequency that the maintenance window occurs. * api-change:``migrationhubstrategy``: This release updates the File Import API to allow importing servers already discovered by customers with reduced pre-requisites. * api-change:``organizations``: This release introduces a new reason code, ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API. * api-change:``pi``: This release adds a new field PeriodAlignment to allow the customer specifying the returned timestamp of time periods to be either the start or end time. * api-change:``pipes``: This release fixes some input parameter range and patterns. * api-change:``sagemaker``: Add a new field "EndpointMetrics" in SageMaker Inference Recommender "ListInferenceRecommendationsJobSteps" API response. - from version 1.29.82 * api-change:``codecatalyst``: Published Dev Environments StopDevEnvironmentSession API * api-change:``pricing``: This release adds 2 new APIs - ListPriceLists which returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists from the generated file from ListPriceLists * api-change:``s3outposts``: S3 on Outposts introduces a new API ListOutpostsWithS3, with this API you can list all your Outposts with S3 capacity. - from version 1.29.81 * enhancement:Documentation: Splits service documentation into multiple sub-pages for better organization and faster loading time. * api-change:``comprehend``: Amazon Comprehend now supports flywheels to help you train and manage new model versions for custom models. * api-change:``ec2``: This release allows IMDS support to be set to v2-only on an existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default. * api-change:``kms``: AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will end support for this wrapping algorithm by October 1, 2023. * api-change:``lightsail``: This release adds Lightsail for Research feature support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount. * api-change:``managedblockchain``: This release adds support for tagging to the accessor resource in Amazon Managed Blockchain * api-change:``omics``: Minor model changes to accomodate batch imports feature - from version 1.29.80 * api-change:``devops-guru``: This release adds the description field on ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies. * api-change:``drs``: New fields were added to reflect availability zone data in source server and recovery instance description commands responses, as well as source server launch status. * api-change:``internetmonitor``: CloudWatch Internet Monitor is a a new service within CloudWatch that will help application developers and network engineers continuously monitor internet performance metrics such as availability and performance between their AWS-hosted applications and end-users of these applications * api-change:``lambda``: This release adds the ability to create ESMs with Document DB change streams as event source. For more information see https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html. * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for HDR10 to SDR tone mapping, and animated GIF video input sources. * api-change:``timestream-write``: This release adds the ability to ingest batched historical data or migrate data in bulk from S3 into Timestream using CSV files. - from version 1.29.79 * api-change:``connect``: StartTaskContact API now supports linked task creation with a new optional RelatedContactId parameter * api-change:``connectcases``: This release adds the ability to delete domains through the DeleteDomain API. For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html * api-change:``redshift``: Documentation updates for Redshift API bringing it in line with IAM best practices. * api-change:``securityhub``: New Security Hub APIs and updates to existing APIs that help you consolidate control findings and enable and disable controls across all supported standards * api-change:``servicecatalog``: Documentation updates for Service Catalog ++++ yast2-add-on: - Removed unnecessary executable flag from file add-on-workflow.rb (bsc#1209094) - 4.5.4 ++++ yast2-firstboot: - Removed unnecessary executable flag from several files (bsc#1209094) - 4.5.6 ++++ yast2-installation: - Removed unnecessary executable flag from file security_proposal.rb (bsc#1209094) - 4.5.16 ++++ yast2-trans: - Update to version 84.87.20230312.2a5006f40f: * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * New POT for text domain 'online-update'. * Translated using Weblate (Javanese) * Translated using Weblate (Polish) * Translated using Weblate (Polish) * Translated using Weblate (Dutch) * Translated using Weblate (Dutch) * Translated using Weblate (Javanese) * Translated using Weblate (Georgian) ------------------------------------------------------------------ ------------------ 2023-3-12 - Mar 12 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaFirefox: - Firefox Extended Support Release 102.9.0 ESR * Fixed: Various security fixes. MFSA 2023-10 (bsc#1209173) * CVE-2023-25751 (bmo#1814899) Incorrect code generation during JIT compilation * CVE-2023-28164 (bmo#1809122) URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28162 (bmo#1811327) Invalid downcast in Worklets * CVE-2023-25752 (bmo#1811627) Potential out-of-bounds when accessing throttled streams * CVE-2023-28163 (bmo#1817768) Windows Save As dialog resolved environment variables * CVE-2023-28176 (bmo#1808352, bmo#1811637, bmo#1815904, bmo#1817442, bmo#1818674) Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 ++++ clamav-database: - database refresh on 2023-03-13 (bsc#1084929) ++++ libstorage-ng: - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.83 ++++ munin: - Update to 2.0.72 * Import custom css file in style-new.css ------------------------------------------------------------------ ------------------ 2023-3-11 - Mar 11 2023 ------------------- ------------------------------------------------------------------ ++++ libdnet: - update to 1.16.3: - IPv6 support - fixed some potential buffer overflows ++++ mujs: - Allow build on leap ++++ musescore: - More licenses found, also include licenses for sources we don't build. The license line also applies to the SRPMs ++++ zathura-plugin-pdf-mupdf: - Allow build on leap 15.5 ------------------------------------------------------------------ ------------------ 2023-3-10 - Mar 10 2023 ------------------- ------------------------------------------------------------------ ++++ rust: - Update to version 1.68.0 - for details see the rust1.68 package ++++ rust1.68: Version 1.68.0 (2023-03-09) Language -------- - [Stabilize default_alloc_error_handler](https://github.com/rust-lang/rust/pull/102318/) This allows usage of `alloc` on stable without requiring the definition of a handler for allocation failure. Defining custom handlers is still unstable. - [Stabilize `efiapi` calling convention.](https://github.com/rust-lang/rust/pull/105795/) - [Remove implicit promotion for types with drop glue](https://github.com/rust-lang/rust/pull/105085/) Compiler -------- - [Change `bindings_with_variant_name` to deny-by-default](https://github.com/rust-lang/rust/pull/104154/) - [Allow .. to be parsed as let initializer](https://github.com/rust-lang/rust/pull/105701/) - [Add `armv7-sony-vita-newlibeabihf` as a tier 3 target](https://github.com/rust-lang/rust/pull/105712/) - [Always check alignment during compile-time const evaluation](https://github.com/rust-lang/rust/pull/104616/) - [Disable "split dwarf inlining" by default.](https://github.com/rust-lang/rust/pull/106709/) - [Add vendor to Fuchsia's target triple](https://github.com/rust-lang/rust/pull/106429/) - [Enable sanitizers for s390x-linux](https://github.com/rust-lang/rust/pull/107127/) Libraries --------- - [Loosen the bound on the Debug implementation of Weak.](https://github.com/rust-lang/rust/pull/90291/) - [Make `std::task::Context` !Send and !Sync](https://github.com/rust-lang/rust/pull/95985/) - [PhantomData layout guarantees](https://github.com/rust-lang/rust/pull/104081/) - [Don't derive Debug for `OnceWith` & `RepeatWith`](https://github.com/rust-lang/rust/pull/104163/) - [Implement DerefMut for PathBuf](https://github.com/rust-lang/rust/pull/105018/) - [Add O(1) `Vec -> VecDeque` conversion guarantee](https://github.com/rust-lang/rust/pull/105128/) - [Leak amplification for peek_mut() to ensure BinaryHeap's invariant is always met](https://github.com/rust-lang/rust/pull/105851/) Stabilized APIs - [`{core,std}::pin::pin!`](https://doc.rust-lang.org/stable/std/pin/macro.pin.html) - [`impl From for {f32,f64}`](https://doc.rust-lang.org/stable/std/primitive.f32.html#impl-From%3Cbool%3E-for-f32) - [`std::path::MAIN_SEPARATOR_STR`](https://doc.rust-lang.org/stable/std/path/constant.MAIN_SEPARATOR_STR.html) - [`impl DerefMut for PathBuf`](https://doc.rust-lang.org/stable/std/path/struct.PathBuf.html#impl-DerefMut-for-PathBuf) These APIs are now stable in const contexts: - [`VecDeque::new`](https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.new) Cargo ----- - [Stabilize sparse registry support for crates.io](https://github.com/rust-lang/cargo/pull/11224/) - [`cargo build --verbose` tells you more about why it recompiles.](https://github.com/rust-lang/cargo/pull/11407/) - [Show progress of crates.io index update even `net.git-fetch-with-cli` option enabled](https://github.com/rust-lang/cargo/pull/11579/) Misc ---- Compatibility Notes - [Add `SEMICOLON_IN_EXPRESSIONS_FROM_MACROS` to future-incompat report](https://github.com/rust-lang/rust/pull/103418/) - [Only specify `--target` by default for `-Zgcc-ld=lld` on wasm](https://github.com/rust-lang/rust/pull/101792/) - [Bump `IMPLIED_BOUNDS_ENTAILMENT` to Deny + ReportNow](https://github.com/rust-lang/rust/pull/106465/) - [`std::task::Context` no longer implements Send and Sync](https://github.com/rust-lang/rust/pull/95985) ++++ kernel-64kb: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-azure: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-default: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-rt: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ crmsh: - Update to version 4.5.0+20230309.a4c4192d: * Dev: version: Bump crmsh version to 4.5.0 * Fix: report: Fix crm report issue under non-root user * Fix: log: Redirect debug messages into stderr (bsc#1208991) ++++ dpdk22: - Remove redundant obsoletes and unnecessary provides - Remove obsoleting old dpdk package changes and let user decide. - Add conflict for the KMP module in preamble ++++ dpdk22-thunderx: - Remove redundant obsoletes and unnecessary provides - Remove obsoleting old dpdk package changes and let user decide. - Add conflict for the KMP module in preamble ++++ drbd-utils: - bsc#1208922: fails to replace directory /lib/drbd with symlink * modify drbd-utils.spec to rename it in pretrans script ++++ dtb-aarch64: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ golang-github-prometheus-alertmanager: - Prevent authentication bypass via cache poisoning (bsc#1208051, CVE-2022-46146) - Add 0003-Update-prometheus-exporter-toolkit-to-0.7.3.patch ++++ intel-media-driver: - no longer set LIBVA_DRIVER_NAME=iHD; it's no longer needed; implemented in libva meanwhile (boo#1209134) ++++ kernel-debug: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-source: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-source-azure: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-source-rt: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-docs: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-kvmsmall: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-obs-build: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-obs-qa: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-rt_debug: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-syms: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-syms-azure: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-syms-rt: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ kernel-zfcpdump: - kABI workaround for struct fb_deferred_io changes (bsc#1208266). - commit 4c272e6 - fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release() (bsc#1208266). - commit a4b869b - Move upstreamed fbdev fix into sorted section - commit 322351e ++++ openvswitch3: - Remove reduntant obsoletes and add proper obsoletes version - Do not obsolete old package and let user decide. - Add conflict for openvswitch-doc ++++ libstorage-ng: - Translated using Weblate (Czech) (bsc#1149754) - 4.5.82 - Translated using Weblate (Catalan) (bsc#1149754) - 4.5.81 ++++ libvirt: - libxl: Support custom firmware paths bf3be5b7-libxl-Support-custom-firmware-path.patch, 705525cb-libxl-Support-custom-firmware-path-conversion.patch bsc#1209161 - spec: Move ovmf dependency to correct package ++++ manpages-l10n: - Update to version 4.18.0 * Updated and added many translations. * Switched from fedora-37 to fedora-38. * Archived some old translations (grub2-rpm-sort.8). ++++ openssl-ibmca: - Updated .spec file removed '#' from the line containing 'sed -e 's/^dynamic_path/#dynamic_path/' (bsc#1209038) - Added in %files * /usr/lib64/engines-3/ibmca-provider.la * /usr/lib64/engines-3/ibmca-provider.so ++++ python-parallax: - Fix: manager: writer thread can only be started once (bsc#1208817) Add patch 0001-Fix-manager-writer-thread-can-only-be-started-once-b.patch ++++ yast2-storage-ng: - Removed unnecessary executable flags from files (bsc#1209094) - 4.5.18 ------------------------------------------------------------------ ------------------ 2023-3-9 - Mar 9 2023 ------------------- ------------------------------------------------------------------ ++++ apache2: - Security update: * fix CVE-2023-27522 [bsc#1209049], mod_proxy_uwsgi HTTP response splitting + Added patch apache2-CVE-2023-27522.patch * fix CVE-2023-25690 [bsc#1209047], HTTP request splitting with mod_rewrite and mod_proxy + Added patch apache2-CVE-2023-25690.patch ++++ nextcloud-desktop: - Update to 3.7.4 - desktop#5425 [stable-3.7] check German translation for wrong wording - desktop#5437 [stable-3.7] Fix "Create new folder" menu entries in settings not working correctly on macOS - desktop#5438 [stable-3.7] Clean up account creation and deletion code - desktop#5446 [stable-3.7] Fix share dialog infinite loading - desktop#5450 [stable-3.7] fix edit locally job not finding the user account: wrong user id - desktop#5454 [stable-3.7] skip e2e encrypted files with empty filename in metadata - desktop#5481 [stable-3.7] Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - desktop#5483 [stable-3.7] use new connect syntax - desktop#5484 [stable-3.7] with cfapi when dehydrating files add missing flag - desktop#5487 [stable-3.7] Fix avatars not showing up in settings dialog account actions until clicked on - desktop#5488 [stable-3.7] Fix text labels in Sync Status component - desktop#5489 [stable-3.7] Fix infinite loading in the share dialog when public link shares are disabled on the server - desktop#5490 [stable-3.7] Ci/clang tidy checks init variables - desktop#5494 [stable-3.7] Display 'Search globally' as the last sharees list element - desktop#5499 [stable-3.7] Resize WebView widget once the loginpage rendered - desktop#5502 [stable-3.7] Bugfix/do not restore virtual files - desktop#5505 [stable-3.7] Fix display of 2FA notification. ++++ chromium: - Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12 - Bump Leap's GCC to 12 as Chromium really likes newer standards - Chromium 111.0.5563.64 * New View Transitions API * CSS Color Level 4 * New developer tools in style panel for color functionality * CSS added trigonometric functions, additional root font units and extended the n-th child pseudo selector. * previousslide and nextslide actions are now part of the Media Session API * A number of security fixes (boo#1209040) * CVE-2023-1213: Use after free in Swiftshader * CVE-2023-1214: Type Confusion in V8 * CVE-2023-1215: Type Confusion in CSS * CVE-2023-1216: Use after free in DevTools * CVE-2023-1217: Stack buffer overflow in Crash reporting * CVE-2023-1218: Use after free in WebRTC * CVE-2023-1219: Heap buffer overflow in Metrics * CVE-2023-1220: Heap buffer overflow in UMA * CVE-2023-1221: Insufficient policy enforcement in Extensions API * CVE-2023-1222: Heap buffer overflow in Web Audio API * CVE-2023-1223: Insufficient policy enforcement in Autofill * CVE-2023-1224: Insufficient policy enforcement in Web Payments API * CVE-2023-1225: Insufficient policy enforcement in Navigation * CVE-2023-1226: Insufficient policy enforcement in Web Payments API * CVE-2023-1227: Use after free in Core * CVE-2023-1228: Insufficient policy enforcement in Intents * CVE-2023-1229: Inappropriate implementation in Permission prompts * CVE-2023-1230: Inappropriate implementation in WebApp Installs * CVE-2023-1231: Inappropriate implementation in Autofill * CVE-2023-1232: Insufficient policy enforcement in Resource Timing * CVE-2023-1233: Insufficient policy enforcement in Resource Timing * CVE-2023-1234: Inappropriate implementation in Intents * CVE-2023-1235: Type Confusion in DevTools * CVE-2023-1236: Inappropriate implementation in Internals - drop patches: * chromium-86-ImageMemoryBarrierData-init.patch * chromium-93-InkDropHost-crash.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch * chromium-icu72-1.patch ++++ chromium: - Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12 - Bump Leap's GCC to 12 as Chromium really likes newer standards - Chromium 111.0.5563.64 * New View Transitions API * CSS Color Level 4 * New developer tools in style panel for color functionality * CSS added trigonometric functions, additional root font units and extended the n-th child pseudo selector. * previousslide and nextslide actions are now part of the Media Session API * A number of security fixes (boo#1209040) * CVE-2023-1213: Use after free in Swiftshader * CVE-2023-1214: Type Confusion in V8 * CVE-2023-1215: Type Confusion in CSS * CVE-2023-1216: Use after free in DevTools * CVE-2023-1217: Stack buffer overflow in Crash reporting * CVE-2023-1218: Use after free in WebRTC * CVE-2023-1219: Heap buffer overflow in Metrics * CVE-2023-1220: Heap buffer overflow in UMA * CVE-2023-1221: Insufficient policy enforcement in Extensions API * CVE-2023-1222: Heap buffer overflow in Web Audio API * CVE-2023-1223: Insufficient policy enforcement in Autofill * CVE-2023-1224: Insufficient policy enforcement in Web Payments API * CVE-2023-1225: Insufficient policy enforcement in Navigation * CVE-2023-1226: Insufficient policy enforcement in Web Payments API * CVE-2023-1227: Use after free in Core * CVE-2023-1228: Insufficient policy enforcement in Intents * CVE-2023-1229: Inappropriate implementation in Permission prompts * CVE-2023-1230: Inappropriate implementation in WebApp Installs * CVE-2023-1231: Inappropriate implementation in Autofill * CVE-2023-1232: Insufficient policy enforcement in Resource Timing * CVE-2023-1233: Insufficient policy enforcement in Resource Timing * CVE-2023-1234: Inappropriate implementation in Intents * CVE-2023-1235: Type Confusion in DevTools * CVE-2023-1236: Inappropriate implementation in Internals - drop patches: * chromium-86-ImageMemoryBarrierData-init.patch * chromium-93-InkDropHost-crash.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch * chromium-icu72-1.patch ++++ llvm15: - update constraints to exclude workers with very slow CPU ++++ samba: - Make samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck. ++++ cups: - 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error that fixes bsc#1191467, bsc#1198932: "lpr reports 'No such file or directory' for missing catalogue files" "/usr/bin/lpr: No such file or directory" - after-network_target-sssd_service.patch is derived from https://github.com/apple/cups/issues/5550 with its https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch to add "After=network.target sssd.service" to the systemd unit source files cupsd.service.in and cups.cups-lpdAT.service.in to fix bsc#1201234, bsc#1200321: "Missing network dependency in systemd unit for cups-2.2.7" "CUPS may not always start if sssd is in use" ++++ gn: - Bump Leap's GCC version to 12 to align with the other Chromium tools - Exclude ppc - it doesn't build ++++ go1.20: - Add subpackage go1.x-libstd for compiled shared object libstd.so. Refs jsc#PED-1962 * Main go1.x package included libstd.so in previous versions * Split libstd.so into subpackage that can be installed standalone * Continues the slimming down of main go1.x package by 40 Mb * Experimental and not recommended for general use, Go currently has no ABI * Upstream Go has not committed to support buildmode=shared long-term * Do not use in packaging, build static single binaries (the default) * Upstream Go go1.x binary releases do not include libstd.so * go1.x Suggests go1.x-libstd so not installed by default Recommends * go1.x-libstd does not Require: go1.x so can install standalone * Provides go-libstd unversioned package name * Fix build step -buildmode=shared std to omit -linkshared - Packaging improvements: * go1.x Suggests go1.x-doc so not installed by default Recommends * Use Group: Development/Languages/Go instead of Other ++++ helm: - Update to version 3.11.2: * chore(deps): bump github.com/rubenv/sql-migrate from 1.2.0 to 1.3.1 * the linter varcheck and deadcode are deprecated (since v1.49.0) * fix template --output-dir issue ++++ jeos-firstboot: - Update to version 1.2.0.5: * Support /usr/lib/os-release (#102) ++++ kirigami-addons: - Update to 0.7.2. No changelog. Changes since 0.7.1: * Fix indicator spacing * Add edit text * Silence some errors * Add avatar of user if specified * qdatetimeparser "QVariant::Type" -> "QMetaType::Type" * Fix layout bug in AboutPage ++++ kubernetes1.24: - Use upstream fish completions and obsolete external package ++++ re2: - Require GCC 12 on Leap due to code containing speed ups which require newer standards - Allow tests to fail - they fail too often ++++ libscrypt: - Cleanup spec file - Build AVX2 enabled hwcaps library for x86_64-v3 ++++ libstorage-ng: - Translated using Weblate (Slovak) (bsc#1149754) - 4.5.80 - Translated using Weblate (Dutch) (bsc#1149754) - 4.5.79 - Translated using Weblate (Japanese) (bsc#1149754) - Translated using Weblate (French) (bsc#1149754) - merge gh#openSUSE/libstorage-ng#916 - updated bindings - extended integration tests - update pot and po files - 4.5.78 ++++ messagelib: - Add patch to fix encoding of replies (kde#447297, kde#443009, kde#298349): * 0001-Fix-fallback-path-in-MessageFactoryNG-applyCharset.patch ++++ pacemaker: - libcrmcommon: Fix handling node=NULL in pcmk__attrd_api_query. * 0001-High-libcrmcommon-Fix-handling-node-NULL-in-pcmk__at.patch - fencer: Avoid double source remove of op_timer_total (rh#2166967) * rh#2166967-0002-Fix-fencer-Avoid-double-source-remove-of-op_timer_to.patch ++++ patterns-base: - removed openssl1_0_0, it is not certifed in SLES 15 (bsc#1209108) ++++ python-setuptools: - Update to 67.6.0: * Deprecations + #3434: Added deprecation warning for pkg_resources.declare_namespace. * Breaking Changes + #3741: Removed patching of distutils._msvccompiler.gen_lib_options for compatibility with Numpy < 1.11.2 -- by :user:`mgorny` + #2497: Support for PEP 440 non-conforming versions has been removed. * Changes + #3804: Added caching for supported wheel tags. + #3846: Added pruning heuristics to PackageFinder based on exclude. + #3843: Although pkg_resources has been discouraged for use, some projects still consider pkg_resources viable for usage. This change makes it clear that pkg_resources should not be used, emitting a DeprecationWarning when imported. + #3809: Merge with distutils@8c3c3d29, including fix for sysconfig.get_python_inc() (pypa/distutils#178), fix for segfault on MinGW (pypa/distutils#196), and better has_function support (pypa/distutils#195, #3648). + #3795: Ensured that __file__ is an absolute path when executing setup.py as part of setuptools.build_meta. + #3685: Fix improper usage of deprecated/removed pkgutil APIs in Python 3.12+. + #3769: Replace 'appdirs' with 'platformdirs'. * Misc + #3838: Improved error messages for pyproject.toml validations. + #3839: Fixed pkg_resources errors caused when parsing metadata of packages that are already installed but do not conform with PEP 440. + #3823: Fixes egg_info code path triggered during integration with pip. + #3782: Fixed problem with file directive in tool.setuptools.dynamic when value is a simple string instead of list. ++++ qemu: - Fix bsc#1209064 * Patches added: s390x-pci-reset-ISM-passthrough-devices-.patch s390x-pci-shrink-DMA-aperture-to-be-boun.patch ++++ qemu-linux-user: - Fix bsc#1209064 * Patches added: s390x-pci-reset-ISM-passthrough-devices-.patch s390x-pci-shrink-DMA-aperture-to-be-boun.patch ++++ rubygem-rack: - security update - added patches fix CVE-2023-27530 [bsc#1209095], Denial of service in Multipart MIME parsing + rubygem-rack-CVE-2023-27530.patch ++++ yast2-online-update: - Fix showing of release notes when we update a rubygem (bsc#1205913) - 4.5.3 ------------------------------------------------------------------ ------------------ 2023-3-8 - Mar 8 2023 ------------------- ------------------------------------------------------------------ ++++ dpdk22: - Updated package name:dpdk22 for DPDK version 22.11.1 as legacy DPDK version(v19.11.10) also needs to be supported. ++++ dpdk22-thunderx: - Updated package name:dpdk22 for DPDK version 22.11.1 as legacy DPDK version(v19.11.10) also needs to be supported. ++++ helix: - Fix upgrade path ++++ s390-tools: - Updated cputype (bsc#1208983) * Changed the script to avoid "/usr/bin/cputype: line xx: nnnn: command not found", when machine type was found more than once in the /proc/cpuinfo. ++++ libksieve: - Add patch to fix accidentially using the password as username (kde#437858, kde#467034, boo#1209050): * 0001-Fix-467034-libksieve-src-kmanagesieve-session.cpp-as.patch ++++ openvswitch3: - Updated package name:openvswitch3 for version v3.1.0 as legacy openvswitch version(v2.14.2) also needs to be supported. ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#915 - rename source files with actions - expose some functions of action classes in API - extended commit callbacks to include pointer to action - 4.5.77 ++++ suseconnect-ng: - Update to version 1.0.0~git19.b225bc3: * Make keepalive on SUMA systems exit without error (bsc#1207876) * Update README.md * Add deactivate API to ruby bindings (bsc#1202705) ++++ musescore: - Update Licenses ++++ patterns-kde: - Recommend pam_kwallet in kde_plasma (boo#1208684) ++++ python3-pyotherside: - Fix build with SLE's python packages where %py_ver is no longer used so replace that with %python3_version. - Use %license - Add patches from upstream to fix several issues fixed from 1.5.4 to 1.5.6: * 0001-Initialize-sys.argv.patch * 0002-Update-plugins.qmltypes.patch * 0003-Allow-calling-signals-from-Python.patch * 0004-Add-support-for-QByteArray.patch ++++ qemu-testsuite: - Fix bsc#1180207 (CVE-2020-14394) * Patches added: hw-usb-hcd-xhci-Fix-unbounded-loop-in-xh.patch ++++ spack: - Improve run-find-external.sh: * Extend to run 'spack compiler find'. * Separate triggers for packages and compilers. * Better handle when search patterns match multiple directories. ++++ spack: - Improve run-find-external.sh: * Extend to run 'spack compiler find'. * Separate triggers for packages and compilers. * Better handle when search patterns match multiple directories. ++++ installation-images-openSUSE: - merge gh#openSUSE/installation-images#635 - Include openssl hmac for SLE Micro (bsc#1208981) - 16.58.5 ------------------------------------------------------------------ ------------------ 2023-3-7 - Mar 7 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-azure: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-default: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-rt: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ fwupd: - Change version 1.8.6: + Fix compiling error when building s390x ppc64le - add %ifnarch conditional to spec file + Recover one changelog unexpectedly removed when first pushing fwupd-1.8.6 to 15-SP5 - Thu Feb 24 06:29:53 UTC 2022 - jlee@suse.com - Add fwupd-bsc1193921-nvme-ignore-non-PCI-NVMe-devices.patch to ignore non-PCI NVMe devices (bnc#1193921) ++++ dtb-aarch64: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ gnutls: - FIPS: PBKDF2 additional requirements [bsc#1209001] * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N) * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1) * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2) * Set the minimum passlen of 20 characters (SP SP800-132 sec 5) * Add regression tests for the new PBKDF2 requirements. * Add gnutls-FIPS-pbkdf2-additional-requirements.patch ++++ go1.19: - go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the linker, the runtime, and the crypto/x509 and syscall packages. Refs boo#1200441 go1.19 release tracking CVE-2023-24532 * go#58719 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results * go#58441 runtime: some linkname signatures do not match * go#58502 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58535 runtime: long latency of sweep assists * go#58716 net: TestTCPSelfConnect failures due to unexpected connections * go#58773 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58810 crypto/x509: TestSystemVerify consistently failing ++++ go1.20: - go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages. Refs boo#1206346 go1.20 release tracking CVE-2023-24532 * go#58720 go#58647 boo#1209030 security: fix CVE-2023-24532 crypto/elliptic: specific unreduced P-256 scalars produce incorrect results * go#58427 cmd/covdata: short read on string table when merging coverage counters * go#58442 runtime: some linkname signatures do not match * go#58444 cmd/compile: inline static init cause compile time error * go#58467 cmd/compile: internal compiler error: '(*Tree[go.shape.int]).RemoveParent.func1': value .dict (nil) incorrectly live at entry * go#58498 crypto/ecdh: ECDH method doesn't check curve * go#58503 cmd/link: relocation truncated to fit: R_ARM_CALL against `runtime.duffcopy' * go#58505 crypto/internal/bigmod: flag amd64 assembly as noescape * go#58531 runtime: endless traceback when panic in generics funtion * go#58536 runtime: long latency of sweep assists * go#58624 syscall.Faccessat and os.LookPath regression in Go 1.20 * go#58627 os: cmd/go gets error "copy_file_range: function not implemented" * go#58717 net: TestTCPSelfConnect failures due to unexpected connections * go#58774 syscall: Environ uses an invalid unsafe.Pointer conversion on Windows * go#58776 cmd/compile: ICE on method value involving imported anonymous interface * go#58793 crypto/x509: Incorrect documentation for ParsePKCS8PrivateKey * go#58811 crypto/x509: TestSystemVerify consistently failing ++++ gstreamer-plugins-rs: - Increase constraints so it doesn't fail to build for lack of disk space. ++++ vim: - Updated to version 9.0 with patch level 1386, fixes the following security problems * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247 * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376 * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown() - for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ++++ hwdata: - update to 0.368: * Update pci, usb and vendor ids ++++ kernel-debug: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-source: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-source-azure: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-source-rt: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-docs: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-kvmsmall: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-obs-build: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-obs-qa: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-rt_debug: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-syms: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-syms-azure: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-syms-rt: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ kernel-zfcpdump: - rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl "$HOME/group-source-files.pl" -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html - commit 6d65136 ++++ pimcommon: - Require libKF5PimCommonAutoCorrection5 in the -devel package ++++ slurm: - Stop pulling firewall rules from github. There is no benefit to host these separately. - Remove pre-sle12 pieces. ++++ openssl-1_1: - FIPS: Service-level indicator [bsc#1208998] * Add additional check required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password. * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch ++++ re2: - update to 2023-03-01: * changes for other platforms ++++ pdns-recursor: - update to 4.8.3 * Fix serve-stale logic to not cause intermittent high CPU load by: + correcting the removal of a negative cache entry, + correcting the serve-stale main loop regarding exception handling, + correctly handle negcache entries with serve-state status. - changes in version 4.8.2 * Make cache cleaning of record an negative cache more fair * Do not report “not decreasing socket buf size” as an error * Do not use “message” as key, it has a special meaning to systemd-journal * Add the ‘parse packet from auth’ error message to structured logging * Refresh of negcache stale entry might use wrong qtype * Do not chain ECS enabled queries * Properly encode json string containing binary data ++++ perl-Net-Server: - Added CVE-2013-1841.patch * CVE-2013-1841 * bsc#808830 * Add double_reverse_lookups capability. Can now do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. This can be enabled by setting 'reverse_lookups=double' or 'double_reverse_lookups=1' ++++ smartmontools: - fix smartctl crash for an NVMe on big endian systems [bsc#1208905] - added patches fix https://www.smartmontools.org/changeset/5448 + smartmontools-smartctl-NVMe-big-endian.patch ++++ xen: - bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus log-dirty mode use-after-free (XSA-427) xsa427.patch - bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM pinned cache attributes mis-handling (XSA-428) xsa428-1.patch xsa428-2.patch - bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative vulnerability in 32bit SYSCALL path (XSA-429) xsa429.patch ++++ yast2-nfs-client: - Fixed unit test to not read the values from the current system (bsc#1209007) - 4.5.2 ++++ zathura-plugin-pdf-mupdf: - Add patch 0001-Don-t-link-against-gumbo.patch to allow building without linking against gumbo - Add patch 0002-Revert-Rework-detection-of-mupdf.patch to unbreak mupdf detection keep building this on life support. - Build with external libs ------------------------------------------------------------------ ------------------ 2023-3-6 - Mar 6 2023 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - Update to version 1.38.6 (bsc#1208631): + Fix honoring DNS priority. + Decline DHCPv6 lease when DAD fails. + Various bugfixes. - Changes from version 1.38.4: + Fix DAD for DHCPv6 addresses. + Wi-Fi: improvements for OWE networks. + Support EC private keys. + Fix nmcli tab completion support for embedded quote characters. + Fix reapply for lldp/mdns/llmnr/dns-over-tls settings. + Various bugfixes. ++++ apache2-mod_php7: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ apache2-mod_php8: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ kernel-64kb: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-azure: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-default: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-rt: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ dtb-aarch64: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ glibc: - amd-cacheinfo.patch: x86: Cache computation for AMD architecture (bsc#1207957) ++++ glibc-utils-src: - amd-cacheinfo.patch: x86: Cache computation for AMD architecture (bsc#1207957) ++++ helix: - Changed runtime path to /usr/libexec/helix as it includes loadable shared objects * Added helix-runtime-path.patch - Some spec file cleanup ++++ java-1_8_0-openj9: - Update to OpenJDK 8u362 build 09 with OpenJ9 0.36.0 virtual machine - Including Oracle January 2023 CPU changes CVE-2023-21830 (bsc#1207249), CVE-2023-21843 (bsc#1207248) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36/ ++++ kernel-debug: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-source: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-source-azure: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-source-rt: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-docs: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-kvmsmall: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-obs-build: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-obs-qa: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-rt_debug: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-syms: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-syms-azure: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-syms-rt: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ kernel-zfcpdump: - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead. - commit 152a069 - Refresh patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. - Refresh patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. Fix bug introduced by broken backport (bsc#1208628). - commit d43449e - Move upstreamed ipmi patches into sorted section - commit 6815ed5 ++++ libqt5-qtlocation: - Update to version 5.15.8+kde4: * Update mapbox-gl-native - Drop patches, now upstream: * 0001-Add-some-missing-cstdint-inclusions-872.patch ++++ libmlt: - Update to 7.14.0 Framework: * Added functions to get detailed info about a producer more directly * Added functions to add normalizer links to chains * Changed locale_t to mlt_locale_t to avoid redefinition on some systems (e.g. clang/llvm on win32). * Fixed the value provided with event "consumer-thread-join" to be mlt_event_data_thread as documented. * Fixed mlt_image_format_planes() for mlt_image_yuv420p. Modules * Added a swresample link to the avformat module. * Added a resample link to the resample module. * Fixed compatibility of avformat module with FFmpeg version 6. * Fixed rotoscoping filter when request image size different than profile. * Fixed timeremap link breaking crop filter. * Fixed audio/video sync in avformat producer when the video start time is not 0. * Improved seeking on a WMA audio file in avformat producer. * Optimization to set AVDISCARD_ALL on disinterested streams in avformat producer. * Added separate demuxing thread in avformat producer. * Added filtergraph property to the avformat producer. * Fixed filter movit.convert's CPU image converter in mlt_tractor and mlt_frame_clone(). * Fixed using movit module with mlt_chain. * Fixed 10-bit full range YUV color input with Movit. * Fixed aspect ratio issues in qtblend filter transform. * Fixed the movit.luma transition. * Changed the qglsl consumer to use an OpenGL core profile version 3.2 context to make it compatible with recent Movit versions. * Upgraded glaxnimate git submodule to version 0.5.2. * Fixed xml producer incorrectly adds a path prefix to a consumer producer. * Fixed using opencv.tracker filter with mlt_chain. * Added interlace-aware chroma conversion from mlt_image_yuv422 to yuv420p in the avformat consumer. * Added the speed_map property to the timeremap link. * Fixed the loader producer not injecting the consumer producer when a xml producer changes the frame rate. * Fixed 'loader' producer corrupts the profile colorspace and description when it injects a consumer producer. * Added a loader-nogl producer to the core module based on loader but prevents adding movit-based filters. * Changed count producer to take an optional string argument with the name of a loader producer. * Fixed yadif deinterlace not working in a mlt_chain. * Fixed the bob, weave, greedy, onefield deinterlace filter methods on x86-64 architecture. Other: * Fixed SWIG python shadow functions for mlt7. * Added CMake build option MOD_GLAXNIMATE_QT6. - Add compilation fix: * 0001-Fix-compilation-with-Werror-return-type.patch ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#914 - use some actions for different objects - more defensive programming - 4.5.76 ++++ xxhash: - Add xxhash-ppc64le-gcc7.patch: fix build failure on ppc64le when using gcc 7 (boo#1208794). - Remove gcc 9 requirement: not needed anymore. ++++ libyui: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-ncurses: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-ncurses-pkg: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-ncurses-rest-api: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-qt: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-qt-graph: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-qt-pkg: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-qt-rest-api: - Bump version to 4.5.0 (bsc#1208913) ++++ libyui-rest-api: - Bump version to 4.5.0 (bsc#1208913) ++++ mupdf: - Disable system gumbo, so it may be removed [boo#1208381]. ++++ libyui-bindings: - Bump version to 4.5.0 (bsc#1208913) ++++ pgadmin4: - Add (rebased) patch from upstream to fix a vulnerability that allows a remote unauthenticated user to redirect a user to an arbitrary web site by crafting a malicious URL (boo#1207238, CVE-2023-22298) * 0001-Fixes-a-redirect-vulnerability-when-the-user-opens-the-pgAdmin-URL.patch ++++ php7: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php7-embed: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php7-fastcgi: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php7-fpm: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php7-test: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php8: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php8-embed: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php8-fastcgi: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php8-fpm: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ php8-test: - ensure extension=mysqlnd will be called before extension=mysqli [bsc#1205162] ++++ python-osc-tiny: - Release .0.7.12 * Enhanced usability and reliability for `HttpSignatureAuth` * Prevent sharing of sessions across forked processes * Fixed typo in quickstart doc ++++ virtualbox: - Added file "fixes_for_kernel_6.3.patch" to handle API change. - File "fixes_for_gcc13.patch" updated for additional changes in GCC 13 boo#1207468 spec-cleaner used to remove extra blank line is spec file. ++++ skopeo: - disable hard requirement to go1.12, just use the current standard go ++++ stellarium: - Update _constraints to require at least 8 GB of disk and 16 GB of memory. Also require at least 4 GB of memory per build job to prevent running out of memory on build servers with lots of cores/threads. ++++ sudo: - sudo-dont-enable-read-after-pty_finish.patch * bsc#1203201 * Do not re-enable the reader when flushing the buffers as part of pty_finish(). * While sudo-observe-SIGCHLD patch applied earlier prevents a race condition from happening, this fixes a related buffer hang. ++++ virtualbox-kmp: - Added file "fixes_for_kernel_6.3.patch" to handle API change. - File "fixes_for_gcc13.patch" updated for additional changes in GCC 13 boo#1207468 spec-cleaner used to remove extra blank line is spec file. ++++ yast2: - Revert dropping DnsServerAPI.pm to prevent build failures for yast2-dns-server, yast2-http-server (bsc#1208833) - 4.5.25 ++++ yast2-trans: - Update to version 84.87.20230306.ba31ff5670: * Fixed string interpolations * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Persian) * New POT for text domain 'control'. * New POT for text domain 'security'. * New POT for text domain 'packager'. * Translated using Weblate (Czech) ------------------------------------------------------------------ ------------------ 2023-3-5 - Mar 5 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-03-06 (bsc#1084929) ++++ libstorage-ng: - Translated using Weblate (Swedish) (bsc#1149754) - 4.5.75 ++++ tryton: - Version 6.0.26 - Bugfix Release ++++ trytond: - Version 6.0.29 - Bugfix Release ++++ trytond_account_invoice: - Version 6.0.9 - Bugfix Release ++++ trytond_purchase: - Version 6.0.10 - Bugfix Release ++++ trytond_stock_supply: - Version 6.0.5 - Bugfix Release ++++ xorg-x11-server: - U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch * fixes regression introduced with security update for CVE-2022-46340 (bsc#1205874) ++++ xwayland: - U_Xext-fix-invalid-event-type-mask-in-XTestSwapFakeInp.patch * fixes regression introduced with security update for CVE-2022-46340 (bsc#1205874) ------------------------------------------------------------------ ------------------ 2023-3-4 - Mar 4 2023 ------------------- ------------------------------------------------------------------ ++++ rstudio: - New upstream release 2022.12.0+353. - Add missing-include.patch to fix build by adding include. - Add unbundle-fmt.patch to use the system version of fmt. - Drop boost_patches.diff that landed upstream. - Use the correct soname for libclang. ++++ strawberry: - Update to version 1.0.15 + Bugfixes: + Fixed playlist column showing invalid last played date for streams. + Fixed crash when the audio bin failed to initialize (#1123, #1133). + Fixed duplicated filename when organizing files using dot in the filename (#1136). + Fixed tag inline editing for streams (#1130). + Fixed resetting play statistics using tag edit dialog (#1124). + Fixed compilation songs not showing if group by was set to other than (Album) Artist / Album (#1140). + Enhancements: + Added lyrics from stands4 (lyrics.com). + Added Sonogram analyzer. + Use GStreamer playbin3 with GStreamer 1.22.0 and higher. + Code improvements: + Made use of C++11 enum class where possible. + Use new QNativeIpcKey based QSharedMemory constructor with Qt 6.6 and higher. ++++ xfburn: - Update to version 0.7.0 * Add MIME types to open blank and audio CDs * Automatically update burner list as burners are plugged and unplugged * Change default temporary directory to /var/tmp * Improve text of write modes * Replace some icons with symbolic versions that better respect light/dark mode * Support delete key in audio compositions * Fix adding progress dialog not appearing after dragging files * Fix adding progress dialog cancel button not working * Fix adding progress dialog not being modal * Fix assertion failure when burner not present * Fix composition term not being used consistently * Fix crash when adding files to a data composition * Fix dragged audio composition tracks being copied instead of moved * Fix excessive minimum width of main window * Fix icons not appearing on dialogs * Fix intltool lock file bug in `make distcheck` * Fix multiple selection being instantly deselected upon right click * Fix multithreading issue when initializing an audio composition * Fix out-of-date address in COPYING * Fix project homepage URL * Fix removed audio composition tracks not reducing total composition length * Fix some compilation warnings * Fix typo in burn failure dialog * Fix XSLT processor warnings * Add basic GitLab pipeline * Add Markdown version of the README * Add more translatable content to the AppStream/AppData * Bump GLib minimum required to 2.38 * Modernize build system * Resolve AppStream warnings from Debian * Strip trailing whitespace like as in Debian's build process * Update bug tracker links in readme * Update information on how to build xfburn * Translation Updates ------------------------------------------------------------------ ------------------ 2023-3-3 - Mar 3 2023 ------------------- ------------------------------------------------------------------ ++++ apache2: - Rename patches to use proper naming: * Rename patch: - Removed bsc1207327-fix-mod_proxy-handling-long-urls.patch - Added apache2-bsc1207327-fix-mod_proxy-handling-long-urls.patch - [bsc#1208708] fix passing health check does not recover worker from its error state: * Added: apache2-bsc1208708-fix-passing-health-check-recover-worker-from-error-state.patch ++++ aws-nitro-enclaves-cli: - Update to version 1.2.2~git0.4ccc639 to get all the precious cargo (bsc#1208555, CVE-2022-31394) ++++ cargo-packaging: - Update vendored dependencies - Add supporting sources for cargo metadata extraction * cargo-packaging-1.2.0+0.tar.xz * cargo_config * vendor.tar.xz ++++ crmsh: - Update to version 4.4.1+20230302.2b5310b9: * Fix: qdevice: Unable to setup qdevice under non-root user (bsc#1208770) ++++ discover: - Add patch to fix some pages not loading (kde#466765): * 0001-pk-Don-t-forget-to-finish-streams.patch ++++ grub2: - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch ++++ kpat: - Don't use dashes with %bcond_without. The parser doesn't like them ++++ libqt5-qtlocation: - Add patch to fix build with GCC 13 (boo#1207470): * 0001-Add-some-missing-cstdint-inclusions-872.patch ++++ libX11: - U_Don-t-try-to-destroy-NULL-condition-variables.patch * fixes regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881) ++++ python311-core: - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. ++++ libvirt: - tools: Fix detection of remote libvirt access in virt-qemu-sev-validate 0f350a4d-virt-qemu-sev-validate-remote-detect.patch jsc#PED-1472 ++++ wireshark: - Wireshark 3.6.12: * CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash (bsc#1208914). - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.12.html ++++ prometheus-blackbox_exporter: - Build with go1.18 only for SLE-15-SP3 and build with >= go1.19 on higher SP (bsc#1203599) ++++ python311: - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. ++++ python311-documentation: - Update to 3.11.2: Bug fixes, no changes in API and no security bugs. ++++ shotcut: - Limit architectures to avoid build errors ------------------------------------------------------------------ ------------------ 2023-3-2 - Mar 2 2023 ------------------- ------------------------------------------------------------------ ++++ QGnomePlatform-qt5: - Don't use %elif which is not supported in SLE/Leap - Use qt6 macros when building the qt6 flavor so the correct compiler is used to build the package in SLE/Leap - Add patch to fix an undefined reference to XSetTransientForHint in SLE/Leap: * fix-XSetTransientForHint.patch ++++ QGnomePlatform-qt6: - Don't use %elif which is not supported in SLE/Leap - Use qt6 macros when building the qt6 flavor so the correct compiler is used to build the package in SLE/Leap - Add patch to fix an undefined reference to XSetTransientForHint in SLE/Leap: * fix-XSetTransientForHint.patch ++++ adwaita-qt-src: - Use the qt6 %cmake macros when building the qt6 flavor which uses the right compiler in SLE/Leap instead of gcc7 (which fails to build since it doesn't support C++17 headers used by Qt6). ++++ adwaita-qt6-src: - Use the qt6 %cmake macros when building the qt6 flavor which uses the right compiler in SLE/Leap instead of gcc7 (which fails to build since it doesn't support C++17 headers used by Qt6). ++++ bcache-tools: - bcache-tools: improve is_zoned_device() (bsc#1208425) 0029-bcache-tools-improve-is_zoned_device.patch ++++ cinnamon-session: - Fix Meson build flags for the newer Meson from SLE15(0.61.x) ++++ cups: - cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7 which belongs to https://github.com/OpenPrinting/cups/issues/308 that fixes bsc#1191525, bsc#1203446: "Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)" "/usr/bin/lpr: Error - The printer or class does not exist." ++++ deepin-screen-recorder: - Use BuildRequires: libimagevisualresult-devel on Leap 15 * deepin-image-editor doesn't generated pkg-config file on Leap 15 therefore pkgconfig(libimagevisualresult) would not work ++++ instlux: - upgraded to 15.5.0. * Added Leap 15.5 (but not default) ++++ kiwi-templates-Minimal: - Add hyper-v for aarch64 ++++ kubernetes1.23: - update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch - Update to version 1.23.17: * Release commit for Kubernetes v1.23.17 * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 * add scale test for probes * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * egress_selector: prevent goroutines leak on connect() step. * tls.Dial() validates hostname, no need to do that manually * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Bump Konnectivity to v0.0.35 * Improve vendor verification works for each staging repo * Update to go1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Match go1.17 defaults for SHA-1 and GC * update golangci-lint to 1.45.0 * kubelet: make the image pull time more accurate in event * change k8s.gcr.io/pause to registry.k8s.io/pause * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * Add CVE-2021-25749 to CHANGELOG-1.23.md * Add CVE-2022-3294 to CHANGELOG-1.23.md * kubeadm: use registry.k8s.io instead of k8s.gcr.io * etcd: Updated to v3.5.5 * Bump konnectivity network proxy to v0.0.33. Includes a couple bug fixes for better handling of dial failures. [Agent & Server](https://github.com/kubernetes-sigs/apiserver-network-proxy/commits/v0.0.33) include numerous other fixes. * kubeadm: allow RSA and ECDSA format keys in preflight check * Fixes kubelet log compression on Windows * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * update structured-merge-diff to 4.2.3 * Add rate limiting when calling STS assume role API * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess. ++++ kubernetes1.24: - update patch files to reflect upstream registry changes from k8s.gcr.io to registry.k8s.io * kubeadm-opensuse-registry.patch * revert-coredns-image-renaming.patch - Update to version 1.24.11: * Release commit for Kubernetes v1.24.11 * releng: Update images, dependencies and version to Go 1.19.6 * Update golang.org/x/net to v0.7.0 * Pin golang.org/x/net to v0.4.0 in 1.24 * kubelet/client: collapse transport wiring onto standard approach * apiserver: remove 34s from DELETECOLLECTION rest handler * update prev succeeded indexes for indexed jobs unconditionally * use custom dialer for http probes * use custom dialer for tcp probes * add custom dialer optimized for probes * bump honnef.co/go/tools to support go1.20 * Fix issue that Audit Server could not correctly encode DeleteOption * Do not include scheduler name in the preemption event message * Do not leak cross namespace pod metadata in preemption events * pkg/controller/job: re-honor exponential backoff * releng: Update images, dependencies and version to Go 1.19.5 * Explicitly call rand.Seed() method * Improve vendor verification works for each staging repo * Bump Konnectivity to v0.0.35 * Add pod to dsw if termination is not completed during reconstruction #issues/113979 * integration: migrate taint tests * integration: migrate scoring tests * integration: migrate preemption tests * integration: migrate plugings tests * integration: migrate extender tests * integration: scheduler: migrate PDB from v1beta1 to v1 * Fix issues in volumesnapshot test for ephemeral storage * update golangci-lint for go 1.19 * golang: Update to 1.19 * Adjust for os/exec changes in 1.19 * Update golangci-lint to 1.46.2 and fix errors * Windows Kube-Proxy implementation for internal traffic policy. * Fix a regression that scheduler always go through all Filter plugins * Fix SPDY proxy authentication with special chars * Creating Ingress IP loadbalancer alone when all the endpoints are terminating. KEP1669 * change k8s.gcr.io/pause to registry.k8s.io/pause * Update golang.org/x/net 1e63c2f * image pull event include duration with waiting * kubelet: make the image pull time more accurate in event * update structured-merge-diff to 4.2.3 * regression test for exponential recursion bug on CRDs * Fix endpoint reconciler failing to delete masterlease * kubeadm: remove v1.25 etcd "3.5.6-0" for v1.24 * use etcd 3.5.6-0 after promotion * changelog: CVE-2022-3294 and CVE-2022-3162 were fixed in v1.23.14 * upgrade system-validators to v1.8.0 for a bugfix of cgroupv2 io check * Introducing LoadbalancerPortMapping flags for VipExternalIP * egress_selector: prevent goroutines leak on connect() step. * Merge pull request #113133 from sxllwx:automated-cherry-pick-of-#113133-upstream-release-1.25 * Fixed (CVE-2022-27664) Bump golang.org/x/net to v0.1.1-0.20221027164007-c63010009c80 * Add CVE-2022-3162 to CHANGELOG-1.24.md * tls.Dial() validates hostname, no need to do that manually * e2e: use custom timeouts in GetSnapshotContentFromSnapshot() * test/e2e/storage: replace hardcoded value with custom timeout in cleanup routine * StatefulSet: Cleanup the complex defer function updating the status * Be sure to update the status of StatefulSet even if the new replica creation fails * added retries to winkernel proxy rules deletion * added backend hashing to winkernel proxier * kubelet: fix pod log line corruption when using timestamps and long lines * kubeadm: mutate ClusterConfiguration.imageRepository to "registry.k8s.io" * kubeadm: use registry.k8s.io instead of k8s.gcr.io * add GetAllocatableCPUs test in cpumanager * fix GetAllocatableCPUs in cpumanager * e2e: restore volume lifecycle checks for csi-hostpath driver * kubelet: fix volume reconstruction for CSI ephemeral volumes * NodeLifecycleController: Remove race condition * kube-proxy wait for cluster cidr skip delete events * kube-proxy handle node PodCIDR changs * kube-proxy: gate topology correctly * service update event should be triggered when appProtocol in port is changed. * filter out terminated containers in cadvisor_stats_provider * Fix winkernel proxier setting the wrong HNS loadbalancer ID for ingress IP * Bump konnectivity-client to v0.0.33 * Fix list estimator for lists that are executed as gets * kubeadm: allow RSA and ECDSA format keys in preflight check * Limit redirect proxy handling to redirected responses * Make sure auto-mounted subpath mount source is already mounted * Call SetupDevice only if Volume is not globally Mounted * Fixes kubelet log compression on Windows * Add zone field to vsphere test cloudconfig * Reduce default gzip compression level from 4 to 1 in apiserver * exec auth: support TLS config caching * Add an option for aggregator * Update go-runner to v2.3.1-go1.18.6-bullseye.0 * Update kube-cross image to v1.24.0-go1.18.6-bullseye.0 * Fix problem in updating VolumeAttached in node status * Call queueSet::boundNextDispatchLocked enough * Always log APF InitialSeats and FinalSeats values * Marshal MicroTime to json and proto at the same precision * Windows: ensure runAsNonRoot does case-insensitive comparison on user name * Tolerate sub-microsecond eventTime changes on update * Improve kubectl display of invalid errors * fix unmatch reason when updating pod status * fix nestedPendingOperations mount and umount parallel bug * client-go/rest: check if url is nil to prevent nil pointer dereference * Revert "client-go: remove no longer used finalURLTemplate" * Skip "instance not found" error for LB backend address pools * Update cel-go to v0.10.2. * fix a memory leak problem when calling DryRunPreemption * Fix JobTrackingWithFinalizers when a pod succeeds after the job fails * Use CheckAndMarkAsUncertainViaReconstruction for uncertain volumes * Remove volume from found during reconstruction if mounted * Add unit test for verifying if processReconstructedVolumes works as expected * Fix code to process volumes which were skipped during reconstruction * Keep track of each pod that uses a volume during reconstruction * allow namespace admins to use leases to encourage migration off of configmaps * Fix: filter out unsatisfied nodes when calling AddPod in PodTopologySpread * Fix `kubeadm upgrade plan` issue with FQDN nodes names * Add rate limiting when calling STS assume role API * Fix kubelet panic when accessing metrics/resource endpoint * Fixing issue in generatePodSandboxWindowsConfig for hostProcess containers by where pod sandbox won't have HostProcess bit set if pod does not have a security context but containers specify HostProcess. * Add retry logic for Unix Domain sockets on Windows * Execute the Run function of kubelet, no log output after failure * Prune defaults for CRD serving ++++ libqt5-qtbase: - Drop the mechanism for supporting systems without SSE2. glibc removed support for looking up libraries in sse2/ subdirectories and qtdeclarative without SSE2 crashes Plasma (boo#1208188) ++++ mozilla-nss: - Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546). ++++ libstorage-ng: - merge gh#openSUSE/libstorage-ng#913 - move Action classes to separate directory - 4.5.74 ++++ libvirt: - Apparmor: Add support for SUSE edk2 firmware paths 4959490e-support-SUSE-edk2-firmware-paths.patch boo#1208567 ++++ logfilegen: - logfilegen 2.3.0: * randomization engine take less resources ++++ mako: - Removed unknown "tray" option ++++ musescore: - Don't package the KDDockWidgets development files. It's only a third party library that cannot be used for anything. - Update build constraints - Spec cleanup ++++ pdsh: - Hack-to-work-around-a-generic-type-name-breakage-introduced-by-latest-Slurm.patch Schedmd did it again! Slurm 23.02 broke the pdsh-internal List type by exposing it thru it's public API. The way to protect from it no longer works as types are actually used in the header. This is a hot fix on the pdsh side, that is hopefully sufficiently generic. (boo#1208846). ++++ post-build-checks-malwarescan: - revert EXCLUDELIST on qemu (FP is fixed - related to bsc#1199055) - skip unpacking debuginfo/debugsource: sources are checked already and debuginfo contains no executable code - use clamscan -r as it is faster than the xargs -P 0 execution (jsc#PED-3641) ++++ python-pyglet: - Drop config(Mesa): it was a random provides from the Mesa package that indicates it ships configuration file. The Mesa package is an empty metadata package. ++++ qemu-testsuite: - Fix: bsc#1185000, CVE-2021-3507 * Patches added: hw-block-fdc-Prevent-end-of-track-overru.patch ++++ yast2-storage-ng: - Fix comparing ProposalSettings in tests, avoid using Marshal (bsc#1208259) - 4.5.17 ------------------------------------------------------------------ ------------------ 2023-3-1 - Mar 1 2023 ------------------- ------------------------------------------------------------------ ++++ ack: - ack 3.7.0 * Add a repeatable --not option to let user supply patterns that should NOT match * Add .Rmd to the list of extensions understood to be R * Add file type for for Powershell (.ps1 and .psm1 files) ++++ bpftrace: - Add Vendor-BPF_F_KPROBE_MULTI_RETURN-definition.patch to fix build on SLE15-SP5 ++++ kernel-64kb: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-azure: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-default: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-rt: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ containerd: - Re-build containerd to use updated golang-packaging. jsc#1342 ++++ dtb-aarch64: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ gnutls: - libgnutls: Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562] * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a * Add gnutls-increase-TLS-PSK-username-limit.patch ++++ go1.18: - Fix for SG#65262, bsc#1208491: * go#57855 boo#1208270 security: fix CVE-2022-41723 bsc1208491.patch * go#58001 boo#1208271 security: fix CVE-2022-41724 bsc1208491-41724.patch * go#58006 boo#1208272 security: fix CVE-2022-41725 bsc1208491-41725.patch ++++ gstreamer-devtools: - Add patch to reduce the required meson version to 0.61.0 since that's what we have in SLE 15: * reduce-required-meson.patch ++++ gstreamer-editing-services: - Add patch to reduce the required meson version to 0.61.0 since that's what we have in SLE 15: * reduce-required-meson.patch ++++ gstreamer-plugins-bad: - Disable zxing in Leap * Leap 15.5 can not provide zxing >= 1.4.0, zxing is a SLE built which was version 1.2.0, Factory do have zxing-cpp 2.0.0 but it doesn't an API compatible version, and looks it's too late to update it to SLE15 because LO might be affected. ++++ gstreamer-plugins-libav: - Add patch to reduce the required meson version to 0.61.0 since that's what we have in SLE 15: * reduce-required-meson.patch ++++ gstreamer-plugins-vaapi: - Add patch to reduce the required meson version to 0.61.0 since that's what we have in SLE 15: * reduce-required-meson.patch ++++ gstreamer-rtsp-server: - Add patch to reduce the required meson version to 0.61.0 since that's what we have in SLE 15: * reduce-required-meson.patch ++++ helix: - Replace Suggests to Recommends. - Check desktop file ++++ kcm_flatpak: - Apply important fixes from the 5.27 branch: * 0001-Expose-FlatpakReferencesModel-to-QML.patch * 0002-Avoid-duplicating-connections-between-ref-and-its-re.patch * 0003-Port-from-NULL-to-nullptr.patch * 0004-Fix-GLib-memory-management-issue.patch ++++ kernel-debug: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-source: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-source-azure: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-source-rt: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-docs: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-kvmsmall: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-obs-build: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-obs-qa: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-rt_debug: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-syms: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-syms-azure: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-syms-rt: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ kernel-zfcpdump: - xfs: get root inode correctly at bulkstat (git-fixes bsc#1207501 ltc#201370). - commit cc3c733 ++++ libmicrohttpd: - Apply patch for bsc#1208745 CVE-2023-27371 fix parser bug that could be used to crash servers using the MHD_PostProcessor * fix-parser-bug-MHD_PostProcessor.patch ++++ slurm: - Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts. - Unify Obsoletes:. - Consolidate spec files between different Slurm releases in Leap/SLE maintenance. - Add dependency for the general plugin package to the AcctGatherProfile HDF5 plugin. - Adjust node RealMemory in slurm.conf of test suite for 8G test nodes. ++++ python311-core: - Add python310 Obsoletes line to obsolete_python_versioned macro. ++++ python3-core: - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ++++ patterns-base: - Rename command-not-found to scout-command-not-found * command-not-found RPM has showed in pool still, we need to recommands the exact filename to avoid the old one got picked ++++ python3: - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ++++ python3-documentation: - Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329, bsc#1208471) blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters ++++ virtualbox: - Add file "fixes_for_gcc13.patch" to fix builds with GCC13. ++++ python311: - Add python310 Obsoletes line to obsolete_python_versioned macro. ++++ python311-documentation: - Add python310 Obsoletes line to obsolete_python_versioned macro. ++++ spack: - Udpate to 0.19.1 with following bug fixes: * buildcache create: make "file exists" less verbose * spack mirror create: don't change paths to urls * Improve error message for requirements * Fix libtool filter for Fujitsu compilers * FileCache: delete the new cache file on exception - using `--all` flag for `spack external find` in the %triggrin section, as MPI packages were not recognized any more, fixing (bsc#1208751) ++++ spack: - Udpate to 0.19.1 with following bug fixes: * buildcache create: make "file exists" less verbose * spack mirror create: don't change paths to urls * Improve error message for requirements * Fix libtool filter for Fujitsu compilers * FileCache: delete the new cache file on exception - using `--all` flag for `spack external find` in the %triggrin section, as MPI packages were not recognized any more, fixing (bsc#1208751) ++++ ugrep: - update to 3.10.0: * This release adds the option --tree to output directory trees of files for the options -l (--files-with-matches), - L (--files-withou-match), and -c (--count) * The option --pretty was updated to to enable --tree when output is sent to a terminal. This can be disabled with --no-tree. ++++ virtualbox-kmp: - Add file "fixes_for_gcc13.patch" to fix builds with GCC13. ++++ yast2-network: - Fixed a random build failure (introduced by the previous fix for bsc#1207221) (bsc#1208796). - 4.5.17 ++++ yast2-transfer: - Fixed TFTP download, truncate the target file to avoid garbage at the end of the file when saving to an already existing file (bsc#1208754) - 4.5.1 ------------------------------------------------------------------ ------------------ 2023-2-28 - Feb 28 2023 ------------------- ------------------------------------------------------------------ ++++ akonadi-calendar: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-calendar-tools: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-contact: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-import-wizard: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-mime: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-notes: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-search: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadi-server: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akonadiconsole: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ akregator: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ analitza: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ark: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ artikulate: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ baloo5-widgets: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ blinken: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ bluedevil5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 - Remove obsolete scriptlets for mime info ++++ bomber: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ bovo: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ breeze: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ calendarsupport: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ cantor: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ cervisia: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kernel-64kb: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-azure: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-default: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-rt: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ colord-kde: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ discover: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Don't claim 3rd-party repos are part of the OS on Debian derivatives * Flatpak: correctly check for the appstream-qt version * ApplicationPage: Improve narrow layout with lots of buttons * pk: Properly check for AppStream versions * fwupd: do fwupd_client_connect before setting user agent * Fix rendering Missing Backends * pk: Fix searching by state * screenshots: Only use AnimatedImage if we think there's a chance * Always show distro name for PackageKit apps (kde#465204) ++++ dolphin: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ dolphin-plugins: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ dragonplayer: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ drkonqi5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Add plasma-welcome to mappings file * scroll bug description (kde#466180) ++++ dtb-aarch64: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ elisa: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ eventviews: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ falkon: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ffmpegthumbs: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ filelight: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kiten: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ glibc: - gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow (CVE-2023-0687, bsc#1207975, BZ #29444) ++++ glibc-utils-src: - gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow (CVE-2023-0687, bsc#1207975, BZ #29444) ++++ plasma5-workspace: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * applets/systemtray: add test for xembed tray icon * libtaskmanager: consider current activity when computing first task index * libtaskmanager: test invalid preferred launchers are filtered out * libtaskmanager: use icon name directly when icon value does not contain period * kcms/users: Fallback to show username in title when real name isn't set * kcms/users: Limit connection scope to `this` * Add an action to remove the containments of a screen * libtaskmanager: filter out invalid preferred launcher tasks (kde#436667) * shell: Have the DesktopView::title include which output it should be on * kcms/color: Add highlight outline for color dots (kde#465800) * Lock screen: Prevent Escape key from displaying UI if it's currently hidden (kde#465920) ++++ granatier: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ grantlee-editor: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ grantleetheme: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ grub2-theme-breeze: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ breeze-gtk: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ gwenview5: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ incidenceeditor: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ itinerary: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ juk: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ k3b: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kaccounts-integration: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kaccounts-providers: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kactivitymanagerd: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kaddressbook: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kajongg: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kalarm: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kalgebra: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kalzium: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kamera: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kamoso: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kanagram: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kapman: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kapptemplate: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kate: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ katomic: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kbackup: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kblackbox: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kblocks: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kbounce: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kbreakout: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kbruch: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcachegrind: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcalc: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcalutils: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcharselect: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcm_flatpak: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Adjust popup modals for the footer padding in KCM * UI: Adapt "Apply / Discard" dialog to narrow screens: turn row layout into column * Plasma/5.27: Revert partially last commit due to string freeze * UI: Add changed app's name & icon to the "Apply / Discard" dialog * UI: Reparent app switching dialog, so that it is centered to the whole view * Use standard QQC2 namespace for Dialog constants * UI: Dynamically create "Apply / Discard" dialog when switching apps * Move app changing logic out of delegate, fetch ref directly from model * UI: Don't try to reload app when clicking on the current one ++++ kcm_sddm: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kcolorchooser: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kcron: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kde-cli-tools5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kde-gtk-config5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Avoid creating gtkrc-2.0 if it does not exist (kde#415770,kde#417534) ++++ poxml: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kde-print-manager: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdebugsettings: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdeconnect-kde: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdeedu-data: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkdegames: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdegraphics-thumbnailers: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdenetwork-filesharing: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdenlive: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdepim-addons: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdepim-runtime: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdesdk-scripts: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdesdk-thumbnailers: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdevelop5: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdevelop5-plugin-php: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdevelop5-plugin-python3: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdf: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdialog: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdiamond: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdnssd: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ keditbookmarks: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kernel-debug: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-source: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-source-azure: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-source-rt: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-docs: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-kvmsmall: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-obs-build: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-obs-qa: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-rt_debug: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-syms: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-syms-azure: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-syms-rt: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kernel-zfcpdump: - powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1208376 ltc#201076). - powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1208376 ltc#201076). - commit 2a06230 - ibmvnic: Assign XPS map to correct queue index (bsc#1208757 ltc#201720 jsc#PED-2322 git-fixes). - commit be76316 - Update patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch (bsc#1208741 CVE-2023-22995). Added CVE reference for fix already present - commit 80a158a ++++ kfind: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kfloppy: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kfourinline: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kgamma5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kgeography: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kget: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kgoldrunner: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kgpg: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ khangman: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ khelpcenter5: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ khotkeys5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kidentitymanagement: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kig: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kigo: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ killbots: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kimagemapeditor: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kimap: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kinfocenter5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kio-extras5: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kio-gdrive: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kio_audiocd: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kdesdk-kioslaves: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kipi-plugins: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kirigami-gallery: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kiriki: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kitinerary: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ - Add GCC 13 compatibility fix (boo#1201089): * 0001-asn1-Fix-build-with-GCC-13-add-missing-cstdint-inclu.patch ++++ kjumpingcube: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kldap: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kleopatra: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ klettres: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ klickety: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ klines: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmag: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmahjongg: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmail: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmail-account-wizard: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmailtransport: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmbox: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmenuedit5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Fix crash when cutting an item that was dragged to the root (kde#466242) ++++ kmime: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmines: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmix: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmousetool: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmouth: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kmplot: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ knavalbattle: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ knetwalk: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ knights: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ knotes: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kolf: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kollision: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kolourpaint: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kompare: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ konqueror: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ konquest: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ konsole: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kontact: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kontactinterface: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kontrast: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ konversation: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kopeninghours: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kopete: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ korganizer: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kosmindoormap: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kde-dev-utils: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kpat: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kpimtextedit: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kpipewire: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * PipewireSourceItem: Expose stream state * Finish the recording when the last frame has arrived * Export logging categories where they belong * sourcestream: Allocate the buffer outside together with the pods ++++ kpkpass: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kpmcore: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kpublictransport: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kqtquickcharts: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ krdc: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kreversi: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ krfb: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kross-interpreters: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kruler: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksanecore: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kscreen5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * kcm: Guard against config being null in checkConfig() (kde#464707) * kcm: use onRejected to handle reject button click - Drop patches, now upstream: * 0001-kcm-use-onRejected-to-handle-reject-button-click.patch ++++ kscreenlocker: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kshisen: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksirk: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksmtp: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksnakeduel: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kspaceduel: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksquares: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksshaskpass5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ ksudoku: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libksysguard5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ ksystemlog: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ksystemstats5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kteatime: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktimer: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktnef: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktorrent: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktouch: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-accounts-kcm: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-approver: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-auth-handler: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-common-internals: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-contact-list: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-contact-runner: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-desktop-applets: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-filetransfer-handler: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-kded-module: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-send-file: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktp-text-ui: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ ktuberling: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kturtle: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kubrick: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kwalletmanager5: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kwave: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kwayland-integration: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ kwin5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * x11: Fix client area lookup with pending move resize * wayland: Fix xdg-toplevel and xdg-popup window initialization (kde#466530) * screencasting: Choose the correct GL type to download into an image (kde#466299) * screencasting: Close streams when the output is disabled * wayland: Setup compositing for internal window when it's mapped (kde#466313) * Remove no longer relevant case in Workspace::replaceInStack() * effects/zoom: Fix crash on X11 (kde#466376) * Fix edid serial parsing (kde#466136) * effects/zoom: Fix rendering with mixed scale factors * effects/magnifier: Reduce the number of heap allocations * effects/magnifier: Fix rendering on multi screen setups * backends/drm: Make sure attributes are always initialized * backends/wayland: fall back to qpainter when there's no render node (kde#466302) * backends/x11: explicitly free the outputs (kde#466183) * backends/libinput: Fix crash upon receiving motion absolute events (kde#449317,kde#465456) * pointer input: always confine pointer to screens (kde#461911) * effects: Fix selecting hidden windows using keyboard (kde#466120) * feat: allow VT switching even with global shortcuts disabled * scene: Ensure there's current opengl context when DecorationItem is repainted for last time (kde#466186) ++++ kwordquiz: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ kwrited5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ layer-shell-qt: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Use the QScreen of the QWindow as default output ++++ ledmon: - add a patch to fix bsc#1208613 * 0003-ipmi-avoid-error-messages-on-non-dell-platforms-112.patch ++++ libkeduvocdocument: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkcddb: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkcompactdisc: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libgravatar: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkdcraw: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkexiv2: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkmahjongg: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkipi: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkdepim: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkleo: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ mailcommon: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ mailimporter: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ pimcommon: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libksane: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkscreen2: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Revert "fix(randr): screen is dirty when switching display modes" (kde#462725) * dpms/wayland: properly manage org_kde_kwin_dpms instances * dpms/wayland: Explicitly set as unsupported if addRegistryListener didn't find the interface (kde#466181) ++++ libktorrent: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libkgapi: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ marble: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ mozilla-nss: - Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency checks. Thanks to Martin for the DHKey parts. ++++ libkdecoration2: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ libkomparediff2: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ libksieve: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ mariadb: - Update to 10.6.12: https://mariadb.com/kb/en/library/mariadb-10612-release-notes https://mariadb.com/kb/en/library/mariadb-10612-changelog https://mariadb.com/kb/en/library/mariadb-10611-release-notes https://mariadb.com/kb/en/library/mariadb-10611-changelog * fixes for the following security vulnerabilities: 10.6.12: none 10.6.11: none - Update mariadb.keyring - Update list of skipped tests ++++ mobipocket: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ rocs: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ systemd: - Import commit dad0071f15341be2b24c2c9d073e62617e0b46733 (merge of v249.16) - Fix return non-zero value when disabling SysVinit service (bsc#1208432) ++++ lokalize: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ lskat: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ markdownpart: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ mbox-importer: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ messagelib: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ milou5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Do not run match automatically when query string changed (kde#459859) ++++ minuet: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ okular: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ oxygen5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ oxygen5-sounds: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ palapeli: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ pam_kwallet: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ parley: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ partitionmanager: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ picmi: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ pim-data-exporter: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ pim-sieve-editor: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ plasma-browser-integration: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma-nm5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma-vault: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-addons: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-bigscreen: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-openSUSE: - Update to 5.27.2 ++++ plasma5-desktop: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * kcms/keys: Don't show visual feedback on press for sole delegates * Folder View: fix scrollbar overlapping list view items (kde#465980) * Add an ui to remove desktop containments ++++ plasma5-disks: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-firewall: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-integration: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Fix exporting window id on Wayland * codify runtime dependency on xdg-desktop-portal-kde (kde#466148) ++++ plasma5-mobile: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-nano: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-pa: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-sdk: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-systemmonitor: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-thunderbolt: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plasma5-welcome: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * Use themable icon for System Settings (kde#466250) ++++ plasma5-workspace-wallpapers: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ plymouth-theme-breeze: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ polkit-kde-agent-5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ powerdevil5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * cmake: Fix capitalisation in the find_package_handle_standard_args() call * ddc: Fix cleaning up handles when we are redetecting screens ++++ qbittorrent: - Update to version 4.5.2 Bug fixes: * Don't unexpectedly activate queued torrents when prefetching metadata for added magnets * Update the cached torrent state once recheck is started * Be more likely to allow the system to use power saving modes Web UI: * Migrate away from unsafe function * Blacklist bad ciphers for TLS in the server * Allow only TLS 1.2+ in the server * Allow to set read-only directory as torrent location * Reject requests that contain backslash in path RSS: * Prevent RSS folder from being moved into itself ++++ qqc2-breeze-style: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ signon-kwallet-extension: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ skanlite: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ spectacle: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ step: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ sudo: - Added sudo-no-double-free.patch * bsc#1208595 CVE-2023-27320 * Fix a situation where per-command chroot sudoers rules can cause a double-free. ++++ svgpart: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ sweeper: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ systemsettings5: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - Changes since 5.27.1: * sidebar: Replace OpacityAnimator with NumberAnimation for proper fade in * sidebar: Prevent placeholder empty search results from jumping as it fades out ++++ telegram-desktop: - appstream-util is too old on Leap 15.4 - don't call it at the end of installation ++++ tomcat: - Fixed CVEs: * CVE-2023-24998: tomcat,tomcat6: FileUpload DoS with excessive parts (bsc#1208513) - Added patches: * tomcat-9.0.43-CVE-2023-24998.patch ++++ umbrello: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ xdg-desktop-portal-kde: - Update to 5.27.2 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.2 - No code changes since 5.27.1 ++++ xfce4-notifyd: - Update to 0.8.2: * Remove WM_TAKE_FOCUS from WM_PROTOCOLS for notification windows * Add pref to change what fields are shown in notifications * Fix a use-after-free with a notification's app ID * Fix plural forms missing from translatable strings * Fix weird formatting mistake in configure.ac * Remove support for xfce4-panel 4.12. * Reduce gettext requirement to 0.20. * Simplify notification placement code * Add assertion to ensure no window with new ID exists in the tree * Fix possible index out of bounds issue * Don't compare uints like char pointers * Support default actions * Add option to allow gauge notifications to ignore DnD * Don't move notifications on mouse-over * If urgency updated, start/stop expiration * Close all non-urgent notifications when DnD is activated * Add a missing $(AM_V_GEN) * Remove intltool in favor of plain gettext * Use pkg-config to find gdbus-codegen * Don't hide glib-genmarshal behind MAINTAINER_MODE * Use glib-compile-resources instead of xdt-csource * Don't require xdt-csource for dist tarball builds * Translation Updates ++++ yakuake: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ++++ zanshin: - Update to 22.12.3 * New bugfix release * For more details please see: * https://kde.org/announcements/gear/22.12.3/ ------------------------------------------------------------------ ------------------ 2023-2-27 - Feb 27 2023 ------------------- ------------------------------------------------------------------ ++++ gnutls: - FIPS: Fix pct_test() return code in case of error [bsc#1207183] * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch ++++ google-guest-agent: - Bump go API version to 1.18 (bsc#1208723) + Address CVE-2021-38297 and CVE-2022-23806 - Update to version 20230221.00 * Allow a comment part of a pub ssh key to have an arbitrary format (#198) + Split GetUserKey() into two functions: get and validate + Correct the name of ValidateUser func as it validates only users + Update tests * Update OWNERS (#201) - from version 20230207.00 * Update OWNERS file (#199) ++++ google-osconfig-agent: - Bump go API version to 1.18 (bsc#1208723) + Address CVE-2021-38297 and CVE-2022-23806 - Update to version 20230222.00 * Remove Debian 9 from e2e tests image list (#460) - from version 20230217.00 * Update OWNERS (#458) - from version 20230208.00 * Fix the error in the `copy_file_from_bucket.yaml` example. (#456) - from version 20230202.00 * Update owners file. (#455) - from version 20230123.00 * Call FQDN (#454) ++++ libcontainers-common: - Add registry.suse.com to the unqualified-search-registries (jsc#SMO-143), fixes bsc#1205536 ++++ makedumpfile: - fix wrong free issue in init_xen_crash_info (bsc#1201209) ++++ podman: - Add patch to let quadlet use the default runtime Added patch: * Quadlet-use-the-default-runtime.patch => Remove dependency on crun ++++ python-tesserocr: - Disable current broken tests, test_LSTM_choices, test_detect_os and or test_init, gh#sirfz/tesserocr#295 ++++ rubygem-passenger: - updated to version 6.0.17 see installed CHANGELOG ++++ telegram-desktop: - Refresh 0002-use-bundled-rnnoise-expected-gsl-ranges-webrtc.patch ------------------------------------------------------------------ ------------------ 2023-2-26 - Feb 26 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-02-27 (bsc#1084929) ++++ kidletime: - Build the wayland plugin (kde#462695) ++++ openvswitch3: - Update to version v3.1.0. Some of the features are, - ovs-vswitchd now detects changes in CPU affinity and adjusts the number of handler and revalidator threads if necessary. - AF_XDP: * Added support for building with libxdp and libbpf >= 0.7. * Support for AF_XDP is now enabled by default if all dependencies are available at the build time. Use --disable-afxdp to disable. Use --enable-afxdp to fail the build if dependencies are not present. - ovs-appctl: * "ovs-appctl ofproto/trace" command can now display port names with the "--names" option. - OVSDB-IDL: * Add the support to specify the persistent uuid for row insert in both C and Python IDLs. - Windows: * Conntrack IPv6 fragment support. - DPDK: * Add support for DPDK 22.11.1. - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes 10 Gbps link speed by default in case the actual link speed cannot be determined. Previously it was 10 Mbps. Values can still be overridden by specifying 'max-rate' or '[r]stp-path-cost' accordingly. - OpenFlow: * New OpenFlow extension NXT_CT_FLUSH to flush connections matching the specified fields. - ovs-ctl: * New option '--dump-hugepages' to include hugepages in core dumps. This can assist with postmortem analysis involving DPDK, but may also produce significantly larger core dump files. - ovs-dpctl and 'ovs-appctl dpctl/' commands: * 'flush-conntrack' is now capable of handling partial 5-tuple, with additional optional parameter to specify the reply direction. - ovs-ofctl: * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial 5-tuple) for both directions. - Support for travis-ci.org based continuous integration builds has been dropped. - Userspace datapath: * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show the pmd usage of an Rx queue over a configurable time period. * Add new experimental PMD load based sleeping feature. PMD threads can request to sleep up to a user configured 'pmd-maxsleep' value under low load conditions. - For more details, check https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS - Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) - OVN package is not included as new version with API chnages are not yet released. - Removed upstreamed patches, * 0001-Replace-deprecated-var-run-with-run.patch * openvswitch-CVE-2021-36980.patch - Added ovsb tool install patch, * install-ovsdb-tools.patch - Removed patch "0001-Run-ovn-as-openvswitch-openvswitch.patch" as compatible OVN is not yet released. ++++ logfilegen: - logfilegen 2.2.0: * C++11 compatibility fixes (down from C++17) ++++ telegram-desktop: - Update to 4.6.5: * Fix payment card input field validation. - Update from version 4.4.1 to 4.6.4: * Allow media viewer to exit fullscreen and become a normal window. * Fix polls forwarding to private chats. * Bug fixes and other minor improvements. - Update tg_owt-master.zip ------------------------------------------------------------------ ------------------ 2023-2-25 - Feb 25 2023 ------------------- ------------------------------------------------------------------ ++++ open-iscsi: - Build system: meson builds were ignoring optflags, and other passed in compiler options. ++++ owncloud-client: - Spec cleanup ------------------------------------------------------------------ ------------------ 2023-2-24 - Feb 24 2023 ------------------- ------------------------------------------------------------------ ++++ apptainer: - added simple sif building for SLE systems via suseconnect-container - added files: * simpler-sif-building.patch * SLE-12SP5.def * leap.def ++++ aws-cli: - Update to version 1.27.78 + For detailed changes see https://github.com/aws/aws-cli/blob/1.27.78/CHANGELOG.rst - Update Requires in spec file from setup.py ++++ kernel-64kb: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-azure: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-default: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-rt: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ crmsh: - Update to version 4.4.1+20230224.498677ab: * Dev: upgradeutil: do upgrade silently (bsc#1208327, bsc#1206183) * Fix: bootstrap: `crm cluster join ssh` raises TypeError (bsc#1208327) * Dev: utils: Change the way to get pacemaker's version (bsc#1208216) ++++ dpdk22: -- Update to LTS release version v22.11.1 Some of the new features are, * Added initial LoongArch architecture support. * Added support for multiple mbuf pools per ethdev Rx queue. * Added support for congestion management in ethdev. * Added protocol header based buffer split. * Added proactive error handling mode for ethdev. * Added ethdev Rx/Tx descriptor dump API. * Added ethdev hairpin memory configuration options. * Added new configuration flags for hairpin queues in rte_eth_hairpin_conf: * Added strict queue to pre-configuration flow hints. * Added configuration for asynchronous flow connection tracking. * Added support for queue-based async query in flow API. * Added new function rte_flow_async_action_handle_query() to query the action asynchronously. * Extended metering and marking support in the flow API. * Added flow offload action to route packets to kernel. * Updated AF_XDP driver. * Updated AMD Pensando ionic driver. * Added GVE net PMD. * Updated Intel iavf driver. * Updated Intel ice driver. * Added Intel idpf driver. * Updated Marvell cnxk driver. * Added Microsoft mana driver. * Updated Netronome nfp driver. * Added flow API support: * Updated NVIDIA mlx5 driver. * Updated NXP dpaa2 driver. * Updated Wangxun ngbe driver. * Added DMA vChannel unconfiguration for async vhost. * Added non-blocking notify API to vhost library. * Added support for MACsec in rte_security. * Added new algorithms to cryptodev. * Updated Intel QuickAssist Technology (QAT) crypto driver. * Updated Marvell cnxk crypto driver. * Updated aesni_mb crypto driver. * Updated ipsec_mb crypto driver. * Added UADK crypto driver. * Added bbdev operation for FFT processing. * Added Intel ACC200 bbdev driver. * Added eventdev adapter instance get API. * Added eventdev Tx adapter queue start/stop API. * Added event crypto adapter vectorization support. * Added NitroSketch in membership library. * Added Intel uncore frequency control API to the power library. * Added security performance test application. * Updated IPsec sample application. * Updated FIPS validation sample application. * Rewrote pmdinfo script. * More details can be found in http://doc.dpdk.org/guides/rel_notes/release_22_11.html * Removed the patches as fixed in upstream 0001-kni-allow-configuring-thread-granularity.patch 0001-usertools-read-PCI-device-name-as-UTF-8.patch 0003-dpdk-fallthrough-comment-fixes.patch 0004-kni-update-kernel-API-to-set-random-MAC-address.patch 0005-kni-use-dedicated-function-to-set-random-MAC-address.patch 0006-kni-use-dedicated-function-to-set-MAC-address.patch dpdk-CVE-2021-3839.patch dpdk-CVE-2022-0669.patch dpdk-CVE-2022-2132.patch dpdk-CVE-2022-28199.patch * Rebased patches: 0001-fix-cpu-compatibility.patch 0002-SLE15-SP3-compatibility-patch-for-kni.patch ++++ dpdk22-thunderx: -- Update to LTS release version v22.11.1 Some of the new features are, * Added initial LoongArch architecture support. * Added support for multiple mbuf pools per ethdev Rx queue. * Added support for congestion management in ethdev. * Added protocol header based buffer split. * Added proactive error handling mode for ethdev. * Added ethdev Rx/Tx descriptor dump API. * Added ethdev hairpin memory configuration options. * Added new configuration flags for hairpin queues in rte_eth_hairpin_conf: * Added strict queue to pre-configuration flow hints. * Added configuration for asynchronous flow connection tracking. * Added support for queue-based async query in flow API. * Added new function rte_flow_async_action_handle_query() to query the action asynchronously. * Extended metering and marking support in the flow API. * Added flow offload action to route packets to kernel. * Updated AF_XDP driver. * Updated AMD Pensando ionic driver. * Added GVE net PMD. * Updated Intel iavf driver. * Updated Intel ice driver. * Added Intel idpf driver. * Updated Marvell cnxk driver. * Added Microsoft mana driver. * Updated Netronome nfp driver. * Added flow API support: * Updated NVIDIA mlx5 driver. * Updated NXP dpaa2 driver. * Updated Wangxun ngbe driver. * Added DMA vChannel unconfiguration for async vhost. * Added non-blocking notify API to vhost library. * Added support for MACsec in rte_security. * Added new algorithms to cryptodev. * Updated Intel QuickAssist Technology (QAT) crypto driver. * Updated Marvell cnxk crypto driver. * Updated aesni_mb crypto driver. * Updated ipsec_mb crypto driver. * Added UADK crypto driver. * Added bbdev operation for FFT processing. * Added Intel ACC200 bbdev driver. * Added eventdev adapter instance get API. * Added eventdev Tx adapter queue start/stop API. * Added event crypto adapter vectorization support. * Added NitroSketch in membership library. * Added Intel uncore frequency control API to the power library. * Added security performance test application. * Updated IPsec sample application. * Updated FIPS validation sample application. * Rewrote pmdinfo script. * More details can be found in http://doc.dpdk.org/guides/rel_notes/release_22_11.html * Removed the patches as fixed in upstream 0001-kni-allow-configuring-thread-granularity.patch 0001-usertools-read-PCI-device-name-as-UTF-8.patch 0003-dpdk-fallthrough-comment-fixes.patch 0004-kni-update-kernel-API-to-set-random-MAC-address.patch 0005-kni-use-dedicated-function-to-set-random-MAC-address.patch 0006-kni-use-dedicated-function-to-set-MAC-address.patch dpdk-CVE-2021-3839.patch dpdk-CVE-2022-0669.patch dpdk-CVE-2022-2132.patch dpdk-CVE-2022-28199.patch * Rebased patches: 0001-fix-cpu-compatibility.patch 0002-SLE15-SP3-compatibility-patch-for-kni.patch ++++ driverctl: - Add patch add_list-persisted_command-ec102481.patch: * driverctl: add list-persisted command * Fix device driver binding issue after re-enumeration * driverctl: fix list_devices() when `driver_override` is not set * driverctl: fix --help to return success. * Makefile: drop extra '/' * improve help text * bash-completion: suggest pci addresses instead of driver. * bash-completion: add support for options. * bash-completion: simplify and autocomplete cmds. * bash-completion: add support for list- commands. ++++ dtb-aarch64: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ libheif: - security update - added patches fix CVE-2023-0996 [bsc#1208640], buffer overflow in heif_js_decode_image in libheif + libheif-CVE-2023-0996.patch ++++ kdump: - revert back to using rd.neednet=1 to enable network (bsc#1206015) - kdumptool calibrate: add even more margin to reservation calculations (bsc#1207061) - run kdump.service only after kdump-early.service (bsc#1196335) - don't skip infiniband interfaces (bsc#1186745) (not a complete fix, requires a patch in dracut as well) ++++ kernel-debug: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-source: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-source-azure: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-source-rt: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-docs: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-kvmsmall: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-obs-build: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-obs-qa: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-rt_debug: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-syms: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-syms-azure: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-syms-rt: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ kernel-zfcpdump: - loop: fix ioctl calls using compat_loop_info (bsc#1207333). - commit 11a60da ++++ openblas_0_3_21-gnu-hpc: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas_0_3_21-gnu12-hpc: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas-pthreads_0_3_21-gnu-hpc: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas-pthreads_0_3_21-gnu12-hpc: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas_openmp: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas_pthreads: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ openblas_serial: - Recreate old library scheme for existing products: It turned out the new scheme on existing systems has been causing package breakages. - Do not generate baselibs.conf for HPC builds. - Add support for gcc11 & 12. - For SLE/Leap on x86_64 and s390x do not mix compiler versions as this will make the gfortran ABI version inconsistent. Instead use the stock compiler and set the list of kernels for x86_64 cores explicitly as Cooperlake requires compiler intrinsics which are not provided by gcc 7. - Require at least 7G of disk space for building. ++++ libzpc: - Upgrade to version 1.1.0 (jsc#PED-582) * Implements an ECC-KEY API : `zpc/ecc_key.h`. * Implements an ECDSA-CTX API : `zpc/ecdsa_ctx.h`. ++++ logfilegen: - logfilegen 2.1.0: * fix console overflow * ENV variables now in the UPPER CASE only ++++ podman: - Update to version 4.4.2: * Bump to v4.4.2 * Release notes for v4.4.2 * Revert "CI: Temporarily disable all AWS EC2-based tasks" * kube play: only enforce passthrough in Quadlet * Emergency fix for man pages: check for broken includes * CI: Temporarily disable all AWS EC2-based tasks * quadlet system tests: add useful defaults, logging * volume,container: chroot to source before exporting content * install sigproxy before start/attach * Update to c/image 5.24.1 * events + container inspect test: RHEL fixes * Bump to v4.4.2-dev - Remove patches (merged upstream): * volume-container-chroot-to-source-before-exporting-content.patch - podman.spec: add `crun` requirement for quadlet (https://github.com/containers/podman/pull/17601) ++++ python-boto3: - Update to 1.26.78 * api-change:``appflow``: [``botocore``] This release enables the customers to choose whether to use Private Link for Metadata and Authorization call when using a private Salesforce connections * api-change:``ecs``: [``botocore``] This release supports deleting Amazon ECS task definitions that are in the INACTIVE state. * api-change:``grafana``: [``botocore``] Doc-only update. Updated information on attached role policies for customer provided roles * api-change:``guardduty``: [``botocore``] Updated API and data types descriptions for CreateFilter, UpdateFilter, and TriggerDetails. * api-change:``iotwireless``: [``botocore``] In this release, we add additional capabilities for the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy ratio of the FUOTA tasks * api-change:``location``: [``botocore``] This release adds support for using Maps APIs with an API Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys. * api-change:``macie2``: [``botocore``] This release adds support for a new finding type, Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is shared with an Amazon CloudFront OAI or OAC. * api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF v2 web ACL with an AWS App Runner service. - from version 1.26.77 * api-change:``chime-sdk-voice``: [``botocore``] This release introduces support for Voice Connector media metrics in the Amazon Chime SDK Voice namespace * api-change:``cloudfront``: [``botocore``] CloudFront now supports block lists in origin request policies so that you can forward all headers, cookies, or query string from viewer requests to the origin *except* for those specified in the block list. * api-change:``datasync``: [``botocore``] AWS DataSync has relaxed the minimum length constraint of AccessKey for Object Storage locations to 1. * api-change:``opensearch``: [``botocore``] This release lets customers configure Off-peak window and software update related properties for a new/existing domain. It enhances the capabilities of StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and allows Auto-tune to make use of Off-peak window. * api-change:``rum``: [``botocore``] CloudWatch RUM now supports CloudWatch Custom Metrics * api-change:``ssm``: [``botocore``] Document only update for Feb 2023 - from version 1.26.76 * api-change:``quicksight``: [``botocore``] S3 data sources now accept a custom IAM role. * api-change:``resiliencehub``: [``botocore``] In this release we improved resilience hub application creation and maintenance by introducing new resource and app component crud APIs, improving visibility and maintenance of application input sources and added support for additional information attributes to be provided by customers. * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub * api-change:``tnb``: [``botocore``] This is the initial SDK release for AWS Telco Network Builder (TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage telecom networks. - from version 1.26.75 * bugfix:SSO: [``botocore``] Fixes aws/aws-cli`#7496 `__ by using the correct profile name rather than the one set in the session. * api-change:``auditmanager``: [``botocore``] This release introduces a ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation. * api-change:``connect``: [``botocore``] Reasons for failed diff has been approved by SDK Reviewer - from version 1.26.74 * api-change:``apprunner``: [``botocore``] This release supports removing MaxSize limit for AutoScalingConfiguration. * api-change:``glue``: [``botocore``] Release of Delta Lake Data Lake Format for Glue Studio Service - from version 1.26.73 * api-change:``emr``: [``botocore``] Update emr client to latest version * api-change:``grafana``: [``botocore``] With this release Amazon Managed Grafana now supports inbound Network Access Control that helps you to restrict user access to your Grafana workspaces * api-change:``ivs``: [``botocore``] Doc-only update. Updated text description in DeleteChannel, Stream, and StreamSummary. * api-change:``wafv2``: [``botocore``] Added a notice for account takeover prevention (ATP). The interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East (N. Virginia), without returning an error. ATP response inspection is only available in web ACLs that protect CloudFront distributions. - from version 1.26.72 * api-change:``cloudtrail``: [``botocore``] This release adds an InsufficientEncryptionPolicyException type to the StartImport endpoint * api-change:``efs``: [``botocore``] Update efs client to latest version * api-change:``frauddetector``: [``botocore``] This release introduces Lists feature which allows customers to reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage these attributes in real time. Lists can be created/deleted and its contents can be modified using the Fraud Detector API. * api-change:``glue``: [``botocore``] Fix DirectJDBCSource not showing up in CLI code gen * api-change:``privatenetworks``: [``botocore``] This release introduces a new StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite. * api-change:``rds``: [``botocore``] Database Activity Stream support for RDS for SQL Server. * api-change:``wafv2``: [``botocore``] For protected CloudFront distributions, you can now use the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login attempts from clients that have recently submitted too many failed login attempts. - Update BuildRequires and Requires from setup.py ++++ python-botocore: - Update to 1.29.78 * api-change:``appflow``: This release enables the customers to choose whether to use Private Link for Metadata and Authorization call when using a private Salesforce connections * api-change:``ecs``: This release supports deleting Amazon ECS task definitions that are in the INACTIVE state. * api-change:``grafana``: Doc-only update. Updated information on attached role policies for customer provided roles * api-change:``guardduty``: Updated API and data types descriptions for CreateFilter, UpdateFilter, and TriggerDetails. * api-change:``iotwireless``: In this release, we add additional capabilities for the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy ratio of the FUOTA tasks * api-change:``location``: This release adds support for using Maps APIs with an API Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys. * api-change:``macie2``: This release adds support for a new finding type, Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is shared with an Amazon CloudFront OAI or OAC. * api-change:``wafv2``: You can now associate an AWS WAF v2 web ACL with an AWS App Runner service. - from version 1.29.77 * api-change:``chime-sdk-voice``: This release introduces support for Voice Connector media metrics in the Amazon Chime SDK Voice namespace * api-change:``cloudfront``: CloudFront now supports block lists in origin request policies so that you can forward all headers, cookies, or query string from viewer requests to the origin *except* for those specified in the block list. * api-change:``datasync``: AWS DataSync has relaxed the minimum length constraint of AccessKey for Object Storage locations to 1. * api-change:``opensearch``: This release lets customers configure Off-peak window and software update related properties for a new/existing domain. It enhances the capabilities of StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and allows Auto-tune to make use of Off-peak window. * api-change:``rum``: CloudWatch RUM now supports CloudWatch Custom Metrics * api-change:``ssm``: Document only update for Feb 2023 - from version 1.29.76 * api-change:``quicksight``: S3 data sources now accept a custom IAM role. * api-change:``resiliencehub``: In this release we improved resilience hub application creation and maintenance by introducing new resource and app component crud APIs, improving visibility and maintenance of application input sources and added support for additional information attributes to be provided by customers. * api-change:``securityhub``: Documentation updates for AWS Security Hub * api-change:``tnb``: This is the initial SDK release for AWS Telco Network Builder (TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage telecom networks. - from version 1.29.75 * bugfix:SSO: Fixes aws/aws-cli`#7496 `__ by using the correct profile name rather than the one set in the session. * api-change:``auditmanager``: This release introduces a ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation. * api-change:``connect``: Reasons for failed diff has been approved by SDK Reviewer - from version 1.29.74 * api-change:``apprunner``: This release supports removing MaxSize limit for AutoScalingConfiguration. * api-change:``glue``: Release of Delta Lake Data Lake Format for Glue Studio Service - from version 1.29.73 * api-change:``emr``: Update emr client to latest version * api-change:``grafana``: With this release Amazon Managed Grafana now supports inbound Network Access Control that helps you to restrict user access to your Grafana workspaces * api-change:``ivs``: Doc-only update. Updated text description in DeleteChannel, Stream, and StreamSummary. * api-change:``wafv2``: Added a notice for account takeover prevention (ATP). The interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East (N. Virginia), without returning an error. ATP response inspection is only available in web ACLs that protect CloudFront distributions. - from version 1.29.72 * api-change:``cloudtrail``: This release adds an InsufficientEncryptionPolicyException type to the StartImport endpoint * api-change:``efs``: Update efs client to latest version * api-change:``frauddetector``: This release introduces Lists feature which allows customers to reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage these attributes in real time. Lists can be created/deleted and its contents can be modified using the Fraud Detector API. * api-change:``glue``: Fix DirectJDBCSource not showing up in CLI code gen * api-change:``privatenetworks``: This release introduces a new StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite. * api-change:``rds``: Database Activity Stream support for RDS for SQL Server. * api-change:``wafv2``: For protected CloudFront distributions, you can now use the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login attempts from clients that have recently submitted too many failed login attempts. ++++ qemu: - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch ++++ qemu-linux-user: - Fix build issue with Linux 6.2's headers (bsc#1208657) by dropping linux-user-add-more-compat-ioctl-definit.patch and adding Revert-linux-user-fix-compat-with-glibc-.patch - Patches meson-enforce-a-minimum-Linux-kernel-hea.patch and linux-user-drop-conditionals-for-obsolet.patch were added as downstream patches as they were part of a series, but they never made it upstream, so we don't want them here either * Patches dropped: linux-user-add-more-compat-ioctl-definit.patch linux-user-drop-conditionals-for-obsolet.patch meson-enforce-a-minimum-Linux-kernel-hea.patch * Patches added: Revert-linux-user-fix-compat-with-glibc-.patch ------------------------------------------------------------------ ------------------ 2023-2-23 - Feb 23 2023 ------------------- ------------------------------------------------------------------ ++++ lapack: - Set -mfpmath=sse for the entire build for ix86 platforms on SLE/Leap. Since we build for x86_64, we know that sse is available. This helps to avoid effects from excess precision that can be seen in the test suite. On Factory we leave -ffloat-store for the test suite only as this option comes at a performance penalty. We may see precision related issues in the test suite with future compilers regardless. ++++ chromium: - Chromium 110.0.5481.177 (boo#1208589) * CVE-2023-0927: Use after free in Web Payments API * CVE-2023-0928: Use after free in SwiftShader * CVE-2023-0929: Use after free in Vulkan * CVE-2023-0930: Heap buffer overflow in Video * CVE-2023-0931: Use after free in Video * CVE-2023-0932: Use after free in WebRTC * CVE-2023-0933: Integer overflow in PDF * CVE-2023-0941: Use after free in Prompts * Various fixes from internal audits, fuzzing and other initiatives ++++ chromium: - Chromium 110.0.5481.177 (boo#1208589) * CVE-2023-0927: Use after free in Web Payments API * CVE-2023-0928: Use after free in SwiftShader * CVE-2023-0929: Use after free in Vulkan * CVE-2023-0930: Heap buffer overflow in Video * CVE-2023-0931: Use after free in Video * CVE-2023-0932: Use after free in WebRTC * CVE-2023-0933: Integer overflow in PDF * CVE-2023-0941: Use after free in Prompts * Various fixes from internal audits, fuzzing and other initiatives ++++ nodejs18: - node-gyp_7.1.2.tar.xz: added dependencies so they don't conflict with npm dependencies. ++++ glibc: - strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition check (bsc#1208358, BZ #25933) ++++ glibc-utils-src: - strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition check (bsc#1208358, BZ #25933) ++++ grub2: - Move unsupported zfs modules into 'extras' packages (bsc#1205554) (PED-2947) ++++ heaptrack: - Try another way to ignore the GLIBC_PRIVATE requirement ++++ kphotoalbum: - Update to 5.9.1 * Hotfix: Due to a problem with the tarme.rb releasme script, the 5.9.0 tarball lacked all l10n data. We thus had to withdraw the release and tag a new one. - Changes in 5.9.0 * Bugfix: Fix crash when forgetting to select images upon import * Bugfix: Fix faulty assertion when video thumbnail files cannot be written * Bugfix: Remove incomplete URL encoding of non-ASCII characters in HTML export * Bugfix: Fix crash when reimporting deleted files from a .kim file * Bugfix: Fix multiple issues identified by code analysis tools. * Deprecation: Tip of the day feature was removed because it is no longer supported by KDE Frameworks. * Enhancement: Generic file metadata can now be viewed via the Exif metadata dialog. * Enhancement: Support other video backends (libVLC, QtAV) in addition to Phonon. * Enhancement: Add volume controls to video player. - Update minimum cmake version - Add BuildRequires QtAV-devel and pkgconfig(libvlc) ++++ libregraphapi: - Rename package ++++ owncloud-client: - Update to upstream version 3.2.0 and use of liblibregaphapi Changelog https://github.com/owncloud/client/releases/tag/v3.2.0 ++++ libpulp: - Update package with libpulp-0.2.8: * Minor code refactoring. * Fixed a bug where libpulp rejected correct ELF files as library input. * Fixed a file descriptor leak when -check-stack is passed to ulp. * Fixed a bug where ulp did not shown libcrypto.so.1.1 as a livepatchable library (bsc#1208575) ++++ thunar: - Update to 4.18.4: * Dont open folder when mounting device (Issue #919) * Dont show full menu for unmounted devices (#1049) * Support handling URIs via desktop file (#1044) * Focus correct split pane on mouse click (#1039) * Prevent wrong undo/redo notify (#1036) * Support undo trash for linked pathes (#1030) * Always ask before delete files via undo (#1027) * Fix use after free fault (#1031) * Allow symlink creation on remote locations (#875) * Prevent crash when closing window (#884) * Keep directory specific sort details (#1017) * Dont add extra-dot when creating links (#1019) * Translation Updates ++++ mdadm: - mdadm fails to change bitmap type from none to clustered (bsc#1208618) 1006-Grow-fix-can-t-change-bitmap-type-from-none-to-clust.patch ++++ python-Django1: - Add CVE-2023-24580-DOS_file_upload.patch (CVE-2023-24580, bsc#1208082) to prevent DOS in file uploads. - Add test_custom_fields.patch to make inspectdb.tests.InspectDBTestCase.test_custom_fields pass. - .sig file is actually not available (and https://www.djangoproject.com/download/1.7.11/checksum/ is not it), so stop pretending we can cryptographically verify the tarball. ++++ qemu: - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ++++ qemu-linux-user: - Fixes bsc#1197653, CVE-2022-1050 * Patches added: block-Handle-curl-7.55.0-7.85.0-version-.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ------------------------------------------------------------------ ------------------ 2023-2-22 - Feb 22 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-azure: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-default: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-rt: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ nodejs18: - Update to NodeJS 18.14.2 LTS: * deps: upgrade npm to 9.5.0 * deps: update undici to 5.20.0 - Changes in version 18.14.1: * fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) * fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920) * fixes OpenSSL error handling issues in nodejs crypto library (bsc#1208483, CVE-2023-23919) * updates undici to v5.19.1 + Fetch API in Node.js did not protect against CRLF injection in host headers + Regular Expression Denial of Service in Headers in Node.js fetch API (bsc#1208413, bsc#1208485, CVE-2023-24807, CVE-2023-23936) - versioned.patch: refreshed - sysctl.patch: unit test fixes ++++ dtb-aarch64: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ grub2: - Fix out of memory error on lpar installation from virtual cdrom (bsc#1208024) * 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch - Fix lpar got hung at grub after inactive migration (bsc#1207684) * 0002-ieee1275-implement-vec5-for-cas-negotiation.patch ++++ heaptrack: - Add upstream change: * 0001-Return-early-when-__libc_dlopen_mode-is-detected.patch - Define _filter_GLIBC_PRIVATE to fix installation on Leap ++++ jakarta-commons-fileupload: - Security fix: [CVE-2016-3092 and CVE-2023-24998, bsc#1208513, bsc#986359] * Usage of vulnerable FileUpload package can result in denial of service. * Added jakarta-commons-fileupload-CVE-2016-3092.patch * Added jakarta-commons-fileupload-CVE-2016-3092-2.patch ++++ kernel-debug: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-source: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-source-azure: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-source-rt: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-docs: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-kvmsmall: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-obs-build: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-obs-qa: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-rt_debug: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-syms: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-syms-azure: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-syms-rt: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ kernel-zfcpdump: - Add missing s390 vfio patch hunk (bsc#1208565 ltc#201535). - Refresh patches.suse/vfio-simplify-iommu-group-allocation-for-mediated-devices. - Refresh patches.suse/s390-vfio-ap-prepare-for-dynamic-update-of-guest-s-APCB-on-queue. - Refresh patches.suse/s390-vfio-ap-rename-matrix_dev-lock-mutex-to-matrix_dev-mdevs_lo. - commit 43ce0be ++++ libcbor: - Merge change from SLE15 SP4 made by pgajdos@suse.com on Tue Apr 5 14:36:56 UTC 2022: - do not build manual page for 15sp4, it does not succeed [bsc#1197743] - added sources + libcbor.3 ++++ libcbor-doc: - Merge change from SLE15 SP4 made by pgajdos@suse.com on Tue Apr 5 14:36:56 UTC 2022: - do not build manual page for 15sp4, it does not succeed [bsc#1197743] - added sources + libcbor.3 ++++ ndctl: - Merge fixes since v75 + daxctl-Fix-memblock-enumeration-off-by-one.patch + daxctl-Skip-over-memory-failure-node-status.patch + meson.build-fix-version-for-v75.patch + libndctl-msft-Remove-NDN_MSFT_SMART_-_VALID-defines.patch + libndctl-msft-Replace-nonsense-NDN_MSFT_CMD_SMART-co.patch + libndctl-msft-Add-custom-cmd_is_supported-method.patch + libndctl-msft-Improve-smart-state-reporting.patch ++++ python3-core: - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). ++++ libxslt: - Security Fix: [bsc#1208574, CVE-2021-30560] * Use after free in Blink XSLT * Add libxslt-CVE-2021-30560.patch ++++ logfilegen: - logfilegen 2.0.0: * exposes metrics in Prometheus format at http://localhost:8080/metrics and a self-hosted statistics page at http://localhost:8080 * can write final statistics to the file or stdout in a configurable format ++++ python3: - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). ++++ python3-documentation: - Add bpo27321-email-no-replace-header.patch to stop email.generator.py from replacing a non-existent header (bsc#1208443, gh#python/cpython#71508). ++++ qemu-testsuite: - Fixes bsc#1205808 (CVE-2022-4144), bsc#1203788 (CVE-2022-3165), bsc#1197653 (CVE-2022-1050) * Patches added: hw-display-qxl-Assert-memory-slot-fits-i.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch ui-vnc-clipboard-fix-integer-underflow-i.patch hw-pvrdma-Protect-against-buggy-or-malic.patch ++++ qt6-creator: - Update to 9.0.2. Bugfix release: * https://www.qt.io/blog/qt-creator-9.0.2-released ++++ spacecmd: - version 4.3.19-1 * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) ++++ terraform-provider-helm: - Update to version 2.9.0 * FEATURES: + provider: Add a new attribute burst_limit for client-side throttling limit configuration. [GH-1012] * ENHANCEMENT: + data_source/helm_template: Add a new attribute crds which when include_crds is set to true will be populated with a list of the manifests from the crds/ folder of the chart. [GH-1050] * BUG FIXES: + resource/helm_release: Fix an issue when the provider crashes with the error message Provider produced inconsistent final plan after upgrading from v2.5.1 to v2.6.0 and higher. That happened due to changes in the provider schema and the introduction of a new attribute pass_credentials that was not properly handled. [GH-982] * DOCS: + data_source/helm_template: Add a new attribute crds [GH-1050] + data_source/helm_template: Correct some errors in examples. [GH-1027] + provider: Add a new attribute burst_limit. [GH-1012] + provider: Add a note regarding the KUBECONFIG environment variable. [GH-1051] + resource/helm_release: Add usage example for OCI repositories. [GH-1030] + resource/helm_release: Add usage examples for GCS and S3 plugins. [GH-1026] * DEPENDENCIES: + Bump github.com/containerd/containerd from 1.6.6 to 1.6.12 [GH-1029] + Bump golang.org/x/crypto from 0.5.0 to 0.6.0 [GH-1055] + Bump helm.sh/helm/v3 from 3.9.4 to 3.11.1 [GH-1036] [GH-1054] (bsc#1208086, CVE-2023-25165) + Bump k8s.io/client-go from 0.24.2 to 0.26.1 [GH-1037] * NOTES: + provider: kubernetes.exec.api_version no longer supports client.authentication.k8s.io/v1alpha1. Please, switch to client.authentication.k8s.io/v1beta1 or client.authentication.k8s.io/v1. [GH-1037] - from version 2.8.0 * FEATURES: + Add support for configuring OCI registries inside provider block [GH-862] + Add support for setting kube version on helm_template data source [GH-994] * BUG FIXES: + Fix larger diff than expected when updating helm_release "set" block value [GH-915] - from version 2.7.1 * BUG FIXES: + Crash Fix: Fix Unknown Value in Manifest Diff [GH-966] - from version 2.7.0 * FEATURES: + Update helm package to 3.9.4 (#945) + Show Manifest when creating release [GH-903] * BUG FIXES: + Do dependency update in resourceDiff #771 (#855) + Crash: Fix show_only crash when string is empty [GH-950] - from version 2.6.0 * IMPROVEMENTS: + Upgrade helm dependency to 3.9.0 (#867) + Add args attribute in post_render block in (#869) + Add pass_credentials attribute (#841) + Add proxy_url attribute to provider block (#843) * BUG FIXES: + Don't persist state when update causes an error (#857) - from version 2.5.1 * FIX: + Only run OCI login on create and update (#846) + OCI login concurrency issue (#848) - from version 2.5.0 * IMPROVEMENTS: + Upgrade helm dependency to v3.8.1 * FEATURES: + Add support for OCI registries - from version 2.4.1 * HOTFIX: + Fix exec plugin interactive mode regression (#798) - from version 2.4.0 * IMPROVEMENTS: + Update helm dependency to v3.7.1 * FEATURES: + Add wait support to helm_release delete operation - Fix terraform architecture mapping for aarch64 ++++ installation-images-openSUSE: - merge gh#openSUSE/installation-images#630 - clean up Xorg config (bsc#1192678, bsc#1207516) - 16.58.4 ++++ uyuni-proxy-systemd-services: - version 4.3.8-1 * Allow using container images from different registry paths ++++ yast2-security: - bsc#1208492 - do not store empty values in CFA login.defs empty value to avoid crash when parsing according to login.defs lens - 4.5.6 ------------------------------------------------------------------ ------------------ 2023-2-21 - Feb 21 2023 ------------------- ------------------------------------------------------------------ ++++ bluedevil5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ breeze: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kernel-64kb: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-azure: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-default: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-rt: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ discover: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * [notifier] Fix KAboutData component name * Fix parsing of the tag. * Extend CategoriesTest with checking of tag parsing. * flatpak: fix build with appstream<0.16 * flatpak: Allow using newer appstream API to look up by bundle id ++++ dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml (bsc#1205599) ++++ drkonqi5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Make python distro and psutil modules in the gdb preable optional * Handle WITH_SENTRY correctly * login on field accepting (kde#466109) - Drop patches, now upstream: * 0001-Handle-WITH_SENTRY-correctly.patch * 0002-Make-python-distro-and-psutil-modules-in-the-gdb-pre.patch ++++ dtb-aarch64: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ emacs: - Add upstream commit/patches * 01a4035c.patch Fix etags local command injection vulnerability (CVE-2022-48337, bsc#1208515) * CVE-2022-48338.patch Fix ruby-mode.el local command injection vulnerability (CVE-2022-48338, bsc#1208514) * CVE-2022-48339.patch Fix htmlfontify.el command injection vulnerability (CVE-2022-48339 bsc#1208512) ++++ plasma5-workspace: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * sddm-wayland-session: Disable global shortcuts * kcms/users: Port Connections to modern syntax * Better screen removal handling (kde#465892) * applets/digital-clock: fix logic error in tooltip (kde#465873) * Fix search for DWD weather data engine * applets/mediacontroller: add test for interacting with MPRIS2 interface * kcms/region_language: Down highlight delegate on press * If the desktopview is not deleted, don'r emit screenRemoved (kde#465536) * set LANG if we have language to glibc locale mapping (kde#464983) * plasmacalendarintegration: Omit astronomical events from Holidays data (kde#465539) * shell: read thickness from default group * use KDE_INSTALL_LIBEXECDIR ++++ grub2-theme-breeze: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ breeze-gtk: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ greybird-theme: - Make "*:link:selected" optional to work around too old gtk4 libs on Leap 15.5, too. ++++ greybird-geeko-theme: - Make "*:link:selected" optional to work around too old gtk4 libs on Leap 15.5, too. ++++ hawk2: - Update sass-ansible dependency in the hawk2.spec: * Unable to activate sass-rails-5.1.0 (bsc#1208533) ++++ kactivitymanagerd: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kcm_flatpak: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * DRY the code a bit * use range based for loops where possible * make clazy happy * typo-- * always use frontend strings but convert to backend strings when saving (kde#465818) * add a test case to cover BUG 465818 * don't needlessly define a default constructor * don't else after return * initialize variables where possible * don't declare multiple variables in a single line * don't const primitives * pass qstrings by reference where appropriate * refresh git-blame-ignore-revs for latest clang-format run * automatic clang-format run (clang 15) * enable clang-format * print a cmake feature summary * don't needlessly define default dtors * mark constructors explicit where appropriate * don't declare getters as slots * sort includes * Avoid creating empty fs permission entry from overrides ++++ kcm_sddm: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kde-cli-tools5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kde-gtk-config5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * xsettings: restrict `pidof` to own processes * Add support for XWayland client scaling (kde#465733) * Remove unnecessary `canConvert` check * Unset `Gdk/UnscaledDPI` and `Gdk/WindowScalingFactor` on Wayland (kde#465733) ++++ kernel-debug: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-source: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-source-azure: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-source-rt: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-docs: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-kvmsmall: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-obs-build: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-obs-qa: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-rt_debug: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-syms: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-syms-azure: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-syms-rt: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kernel-zfcpdump: - Update kabi files. Based on PublicBeta-202302 ISO, kernel 5.14.21-150500.40.1 - commit 2b36ed6 ++++ kgamma5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ khotkeys5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kinfocenter5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Fix typo in string (kde#466144) ++++ kmenuedit5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kpipewire: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kscreen5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * kcm: notify scale factor change through DBus * kcm: Use correct role for revert button (kde#465788) - Add patch to fix the revert button: * 0001-kcm-use-onRejected-to-handle-reject-button-click.patch ++++ kscreenlocker: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Install logging categories, to make them configurable via KDebugSettings * CMake: Clean up whitespace ++++ ksshaskpass5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ libksysguard5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * formatter: Properly extract strings to a translation catalog (kde#465281,kde#465282) ++++ ksystemstats5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * gpu/nvidia: lower pci id (kde#462512) ++++ kwayland-integration: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ kwin5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * effects/glide: Fix transform (kde#465849) * Aurorae: Add dummy window for working device pixel ratio (kde#452730,kde#465790) * tiling: Make child tiles inherit padding from parent tile (kde#465842) * effects/contrast: Round device coordinates when creating geometry (kde#464526) * cursorsource: fix scaling with Xwayland (kde#466094) * cursordelgate: round cursor position when rendering * outputchangeset: Round passed scale (kde#465850) * Mark Window as damaged when decoration or shadow changes (kde#464417) * Add missing cerrno include. * effects/tileseditor: Set translation domain in QML files (kde#464572) * wayland: Remove SeatInterfacePrivate::accumulatedCapabilities * Match pointer/keyboard/touch lifespan to Seat lifespan * add support for Lima, V3D, VC4 (based on https://github.com/OpenMandrivaAssociation/kwin/blob/master/kwin-5.21.4-add-support-for-panfrost-driver.patch made by Bernhard Rosenkraenzer) and update list of supported devices for Panfrost * x11: Drop xv-related workaround * XWayland: Don't dispatch xwayland events in QAbstractEventDispatcher sleeps * tiling: Evacuate tiled windows from custom & quick tiling on output removal (kde#465522) * wayland: Fix a typo in DataControlDeviceV1Interface::sendPrimarySelection() * wayland: Version check before send_primary_selection calls (kde#465657) * Set CXX standard for crossbuilding utility * Include missing header for std::round * Fix button to Qt::MouseButton mapping (kde#465463) * backends/drm: set cursor again after it was hidden (kde#461181) * screencast: Fix region screencasts top coordinate ++++ kwrited5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ layer-shell-qt: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ libkscreen2: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Fix potential crash setting new configs (kde#464590) ++++ s390-tools: - Applied the following patches (bsc#1208527, bsc#1206173) * s390-tools-sles15sp5-01-zipl-boot-discard-.eh_frame-and-.interp-input-sectio.patch * s390-tools-sles15sp5-02-zipl-boot-declare-that-no-executable-stack-is-requir.patch * s390-tools-sles15sp5-03-zipl-boot-use-no-warn-rwx-segments-linker-flag.patch * s390-tools-sles15sp5-04-zipl-boot-disable-build-id.patch * s390-tools-sles15sp5-05-zipl-boot-simplify-objcopy-commands.patch * s390-tools-sles15sp5-06-zipl-move-STAGE2_MAX_SIZE-and-STAGE1B_LOAD_ADDR-to-l.patch * s390-tools-sles15sp5-07-zipl-boot-use-linker-scripts-for-all-bootloaders.patch * s390-tools-sles15sp5-08-genprotimg-boot-declare-that-no-executable-stack-is-.patch * s390-tools-sles15sp5-09-genprotimg-boot-use-no-warn-rwx-segments-linker-flag.patch * s390-tools-sles15sp5-10-genprotimg-boot-disable-build-id.patch * s390-tools-sles15sp5-11-genprotimg-boot-Makefile-simplify-objcopy-command.patch * s390-tools-sles15sp5-12-genprotimg-boot-improve-linker-scripts.patch * s390-tools-sles15sp5-13-genprotimg-boot-stage3b-add-size-check-to-the-linker.patch * s390-tools-sles15sp5-14-genprotimg-boot-stage3b_reloc.bin-add-linker-script.patch * s390-tools-sles15sp5-15-zipl-Embed-loader-data-directly-into-boot-object.patch ++++ libkdecoration2: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ python311-core: - Add provides for readline and sqlite3 to the main Python package. ++++ milou5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ oxygen5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ oxygen5-sounds: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ pam_kwallet: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ patterns-gnome: - Require xorg-x11-fonts to fix gnome-shell starting failure (bsc#1203966) ++++ plasma-browser-integration: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma-nm5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Guard against double instantiation or double-free of PlasmaNM.NetworkModel (kde#465805) * Filter out the loopback device (kde#465655) * Revert "Use QWindow instead of KWindowSystem to set KeepAbove" (kde#465751) ++++ plasma-vault: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-addons: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-bigscreen: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-openSUSE: - Update to 5.27.1 ++++ plasma5-desktop: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * applets/taskmanager: don't honor groupPopups setting in IOTM form factor (kde#464627) ++++ plasma5-disks: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-firewall: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-integration: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * autotests: Link against KXmlGui * autotests: Fix CMake code style (use some line breaks) * Remove unused include ++++ plasma5-mobile: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * homescreens/halcyon: Remove drop shadow for placeholder message It's extremely slow on the PinePhone, remove it from release for now. * Revert "lockscreen: Refactor and lazy load notifications" * components: Remove splash screen close button support, due to crashing problems * homescreens/halcyon: Fix configure screen showing up in task switcher * quicksettings/screenrotation: Make available dbus call async * quicksettings/screenrotation: hide when not available ++++ plasma5-nano: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-pa: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-sdk: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-systemmonitor: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-thunderbolt: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plasma5-welcome: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * pages/PowerfulWhenNeeded: Fix grid by correctly setting cell width ++++ plasma5-workspace-wallpapers: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ plymouth-theme-breeze: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ podman: - podman.spec: set PREFIX at build stage (boo#1208510) ++++ polkit-kde-agent-5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ powerdevil5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Only skip batteries if neither start or stop thresholds are available (kde#464535) ++++ python311: - Add provides for readline and sqlite3 to the main Python package. ++++ python311-documentation: - Add provides for readline and sqlite3 to the main Python package. ++++ qemu-testsuite: - Fix bsc#1206527 * Patches added: s390x-tod-kvm-don-t-save-restore-the-TOD.patch ++++ qqc2-breeze-style: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ systemsettings5: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - No code changes since 5.27.0 ++++ xdg-desktop-portal-kde: - Update to 5.27.1 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.1 - Changes since 5.27.0: * Extract i18n from QML files * appchooserdialog: show all apps while searching (kde#464521) ------------------------------------------------------------------ ------------------ 2023-2-20 - Feb 20 2023 ------------------- ------------------------------------------------------------------ ++++ kernel-64kb: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-azure: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-default: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-rt: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ dtb-aarch64: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-debug: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-source: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-source-azure: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-source-rt: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-docs: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-kvmsmall: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-obs-build: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-obs-qa: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-rt_debug: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-syms: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-syms-azure: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-syms-rt: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ kernel-zfcpdump: - Update patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch (CVE-2023-23559 bsc#1207051). Added CVE reference to existing fix - commit af8ad62 ++++ slurm: - updated to 23.02.0 * Highlights + slurmctld - Add new RPC rate limiting feature. This is enabled through SlurmctldParameters=rl_enable, otherwise disabled by default. + Make scontrol reconfigure and sending a SIGHUP to the slurmctld behave the same. If you were using SIGHUP as a 'lighter' scontrol reconfigure to rotate logs please update your scripts to use SIGUSR2 instead. + Change cloud nodes to show by default. PrivateData=cloud is no longer needed. + sreport - Count planned (FKA reserved) time for jobs running in IGNORE_JOBS reservations. Previously was lumped into IDLE time. + job_container/tmpfs - Support running with an arbitrary list of private mount points (/tmp and /dev/shm are the default, but not required). + job_container/tmpfs - Set more environment variables in InitScript. + Make all cgroup directories created by Slurm owned by root. This was the behavior in cgroup/v2 but not in cgroup/v1 where by default the step directories ownership were set to the user and group of the job. + accounting_storage/mysql - change purge/archive to calculate record ages based on end time, rather than start or submission times. + job_submit/lua - add support for log_user() from slurm_job_modify(). + Run the following scripts in slurmscriptd instead of slurmctld: ResumeProgram, ResumeFailProgram, SuspendProgram, ResvProlog, ResvEpilog, and RebootProgram (only with SlurmctldParameters=reboot_from_controller). + Only permit changing log levels with 'srun --slurmd-debug' by root or SlurmUser. + slurmctld will fatal() when reconfiguring the job_submit plugin fails. + Add PowerDownOnIdle partition option to power down nodes after nodes become idle. + Add "[jobid.stepid]" prefix from slurmstepd and "slurmscriptd" prefix from slurmcriptd to Syslog logging. Previously was only happening when logging to a file. + Add purge and archive functionality for job environment and job batch script records. + Extend support for Include files to all "configless" client commands. + Make node weight usable for powered down and rebooting nodes. + Removed 'launch' plugin. + Add "Extra" field to job to store extra information other than a comment. + Add usage gathering for AMD (requires ROCM 5.5+) and NVIDIA gpus. + Add job's allocated nodes, features, oversubscribe, partition, and reservation to SLURM_RESUME_FILE output for power saving. + Automatically create directories for stdout/stderr output files. Paths may use %j and related substitution characters as well. + Add --tres-per-task to salloc/sbatch/srun. + Allow nodefeatures plugin features to work with cloud nodes. e.g. - Powered down nodes have no active changeable features. - Nodes can't be changed to other active features until powered down. - Active changeable features are reset/cleared on power down. + Make slurmstepd cgroups constrained by total configured memory from slurm.conf (NodeName=<> RealMemory=#) instead of total physical memory. + node_features/helpers - add support for the OR and parentheses operators in a --constraint expression. + slurmctld will fatal() when [Prolog|Epilog]Slurmctld are defined but are not executable. + Validate node registered active features are a super set of node's currently active changeable features. + On clusters without any PrologFlags options, batch jobs with failed prologs no longer generate an output file. + Add SLURM_JOB_START_TIME and SLURM_JOB_END_TIME environment variables. + Add SuspendExcStates option to slurm.conf to avoid suspending/powering down specific node states. + Add support for DCMI power readings in IPMI plugin. + slurmrestd served /slurm/v0.0.39 and /slurmdb/v0.0.39 endpoints had major changes from prior versions. Almost all schemas have been renamed and modified. Sites using OpenAPI Generator clients are highly suggested to upgrade to to using atleast version 6.x due to limitations with prior versions. + Allow for --nodelist to contain more nodes than required by --nodes. + Rename "nodes" to "nodes_resume" in SLURM_RESUME_FILE job output. + Rename "all_nodes" to "all_nodes_resume" in SLURM_RESUME_FILE output. + Add jobcomp/kafka plugin. + Add new PreemptParameters=reclaim_licenses option which will allow higher priority jobs to preempt jobs to free up used licenses. (This is only enabled for with PreemptModes of CANCEL and REQUEUE, as Slurm cannot guarantee suspended jobs will release licenses correctly.) + hpe/slingshot - add support for the instant-on feature. + Add ability to update SuspendExc* parameters with scontrol. + Add ability to restore SuspendExc* parameters on restart with slurmctld - R option. + Add ability to clear a GRES specification by setting it to "0" via 'scontrol update job'. + Add SLURM_JOB_OVERSUBSCRIBE environment variable for Epilog, Prolog, EpilogSlurmctld, PrologSlurmctld, and mail ouput. + System node down reasons are appended to existing reasons, separated by ':'. + New command scrun has been added. scrun acts as an Open Container Initiative (OCI) runtime proxy to run containers seamlessly via Slurm. + Fixed GpuFreqDef option. When set in slurm.conf, it will be used if - -gpu-freq was not explicitly set by the job step. * Configuration Changes + job_container.conf - Added "Dirs" option to list desired private mount points. + node_features plugins - invalid users specified for AllowUserBoot will now result in fatal() rather than just an error. + Deprecate AllowedKmemSpace, ConstrainKmemSpace, MaxKmemPercent, and MinKmemSpace. + Allow jobs to queue even if the user is not in AllowGroups when EnforcePartLimits=no is set. This ensures consistency for all the Partition access controls, and matches the documented behavior for EnforcePartLimits. + Add InfluxDBTimeout parameter to acct_gather.conf. + job_container/tmpfs - add support for expanding %h and %n in BasePath. + slurm.conf - Removed SlurmctldPlugstack option. + Add new SlurmctldParameters=validate_nodeaddr_threads= option to allow concurrent hostname resolution at slurmctld startup. + Add new AccountingStoreFlags=job_extra option to store a job's extra field in the database. + Add new "defer_batch" option to SchedulerParameters to only defer scheduling for batch jobs. + Add new DebugFlags option 'JobComp' to replace 'Elasticsearch'. + Add configurable job requeue limit parameter - MaxBatchRequeue - in slurm.conf to permit changes from the old hard-coded value of 5. + helpers.conf - Allow specification of node specific features. + helpers.conf - Allow many features to one helper script. + job_container/tmpfs - Add "Shared" option to support shared namespaces. This allows autofs to work with the job_container/tmpfs plugin when enabled. + acct_gather.conf - Added EnergyIPMIPowerSensors=Node=DCMI and Node=DCMI_ENHANCED. + Add new "getnameinfo_cache_timeout=" option to CommunicationParameters to adjust or disable caching the results of getnameinfo(). + Add new PrologFlags=ForceRequeueOnFail option to automatically requeue batch jobs on Prolog failures regardless of the job --requeue setting. + Add HealthCheckNodeState=NONDRAINED_IDLE option. + Add 'explicit' to Flags in gres.conf. This makes it so the gres is not automatically added to a job's allocation when --exclusive is used. Note that this is a per-node flag. + Moved the "preempt_" options from SchedulerParameters to PreemptParameters, and dropped the prefix from the option names. (The old options will still be parsed for backwards compatibility, but are now undocumented.) + Add LaunchParameters=ulimit_pam_adopt, which enables setting RLIMIT_RSS in adopted processes. + Update SwitchParameters=job_vni to enable/disable creating job VNIs for all jobs, or when a user requests them. + Update SwitchParameters=single_node_vni to enable/disable creating single node vnis for all jobs, or when a user requests them. + Add ability to preserve SuspendExc* parameters on reconfig with ReconfigFlags=KeepPowerSaveSettings. + slurmdbd.conf - Add new AllResourcesAbsolute to force all new resources to be created with the Absolute flag. + topology/tree - Add new TopologyParam=SwitchAsNodeRank option to reorder nodes based on switch layout. This can be useful if the naming convention for the nodes does not natually map to the network topology. + Removed the default setting for GpuFreqDef. If unset, no attempt to change the GPU frequency will be made if --gpu-freq is not set for the step. * Command Changes + sacctmgr - no longer force updates to the AdminComment, Comment, or SystemComment to lower-case. + sinfo - Add -F/--future option to sinfo to display future nodes. + sacct - Rename 'Reserved' field to 'Planned' to match sreport and the nomenclature of the 'Planned' node. + scontrol - advanced reservation flag MAINT will no longer replace nodes, similar to STATIC_ALLOC + sbatch - add parsing for #PBS -d and #PBS -w. + scontrol show assoc_mgr will show username(uid) instead of uid in QoS section. + Add strigger --draining and -R/--resume options. + Change --oversubscribe and --exclusive to be mutually exclusive for job submission. Job submission commands will now fatal if both are set. Previously, these options would override each other, with the last one in the job submission command taking effect. + scontrol - Requested TRES and allocated TRES will now always be printed when showing jobs, instead of one TRES output that was either the requested or allocated. + srun --ntasks-per-core now applies to job and step allocations. Now, use of --ntasks-per-core=1 implies --cpu-bind=cores and - -ntasks-per-core>1 implies --cpu-bind=threads. + salloc/sbatch/srun - Check and abort if ntasks-per-core > threads-per-core. + scontrol - Add ResumeAfter= option to "scontrol update nodename=". + Add a new "nodes=" argument to scontrol setdebug to allow the debug level on the slurmd processes to be temporarily altered. + Add a new "nodes=" argument to "scontrol setdebugflags" as well. + Make it so scrontab prints client-side the job_submit() err_msg (which can be set i.e. by using the log_user() function for the lua plugin). + scontrol - Reservations will not be allowed to have STATIC_ALLOC or MAINT flags and REPLACE[_DOWN] flags simultaneously. + scontrol - Reservations will only accept one reoccurring flag when being created or updated. + scontrol - A reservation cannot be updated to be reoccurring if it is already a floating reservation. + squeue - removed unused '%s' and 'SelectJobInfo' formats. + squeue - align print format for exit and derived codes with that of other components (:). + sacct - Add --array option to expand job arrays and display array tasks on separate lines. + Partial support for '--json' and '--yaml' formated outputs have been implemented for sacctmgr, sdiag, sinfo, squeue, and scontrol. The resultant data ouput will be filtered by normal command arguments. Formatting arguments will continue to be ignored. + salloc/sbatch/srun - extended the --nodes syntax to allow for a list of valid node counts to be allocated to the job. This also supports a "step count" value (e.g., --nodes=20-100:20 is equivalent to - -nodes=20,40,60,80,100) which can simplify the syntax when the job needs to scale by a certain "chunk" size. + srun - add user requestible vnis with '--network=job_vni' option. + srun - add user requestible single node vnis with the '--network=single_node_vni' option. * API Changes + job_container plugins - container_p_stepd_create() function signature replaced uint32_t uid with stepd_step_rec_t* step. + gres plugins - gres_g_get_devices() function signature replaced pid_t pid with stepd_step_rec_t* step. + cgroup plugins - task_cgroup_devices_constrain() function signature removed pid_t pid. + task plugins - replace task_p_pre_set_affinity(), task_p_set_affinity(), and task_p_post_set_affinity() with task_p_pre_launch_priv() like it was back in slurm 20.11. + Allow for concurrent processing of job_submit_g_submit() and job_submit_g_modify() calls. If your plugin is not capable of concurrent operation you must add additional locking within your plugin. + Removed return value from slurm_list_append(). + The List and ListIterator types have been removed in favor of list_t and list_itr_t respectively. + burst buffer plugins - add bb_g_build_het_job_script(). bb_g_get_status() - added authenticated UID and GID. bb_g_run_script() - added job_info argument. + burst_buffer.lua - Pass UID and GID to most hooks. Pass job_info (detailed job information) to many hooks. See etc/burst_buffer.lua.example for a complete list of changes. WARNING: Backwards compatibility is broken for slurm_bb_get_status: UID and GID are passed before the variadic arguments. If UID and GID are not explicitly listed as arguments to slurm_bb_get_status(), then they will be included in the variadic arguments. Backwards compatibility is maintained for all other hooks because the new arguments are passed after the existing arguments. + node_features plugins - node_features_p_reboot_weight() function removed. node_features_p_job_valid() - added parameter feature_list. node_features_p_job_xlate() - added parameters feature_list and job_node_bitmap. + New data_parser interface with v0.0.39 plugin. * Added: Fix-test-1.99.patch * Reworked: Fix-test-38.11.patch pam_slurm-Initialize-arrays-and-pass-sizes.patch ++++ libraw: - security update - added patches fix CVE-2021-32142 [bsc#1208470], Buffer Overflow in the LibRaw_buffer_datastream:gets function + libraw-CVE-2021-32142.patch ++++ redis: - Fix redis-sentinel not starting due to the hardening in the systemd service, bsc#1208235 ++++ rpm-repos-openSUSE: - Refresh GPG key link for Tumbleweed and add 2022 key for Leap (boo#1199184) ++++ sddm: - Honor /etc/nologin like login, sshd, xdm and gdm do * added: auth requisite pam_nologin.so to proper_pam.diff * see: man 5 nologin ++++ installation-images-openSUSE: - merge gh#openSUSE/installation-images#629 - adjust to sap-installation-wizard package changes (jsc#PED-3111) - 16.58.3 ++++ yast2-packager: - Fixed a crash when selecting depending products (bsc#1208421) - 4.5.16 ------------------------------------------------------------------ ------------------ 2023-2-19 - Feb 19 2023 ------------------- ------------------------------------------------------------------ ++++ clamav-database: - database refresh on 2023-02-20 (bsc#1084929) ++++ php7-ice: - Ice 1.10.1 * Arr, deprecation message fix #311 * Loader, don't encode to utf8 * Don't encode regex in route group count data generator * Passing null to parameter of type string is deprecated * Filter, sanitize string is deprecated * Model, serializable interface is deprecated fix #311 * Auth, add login tests, logout fix * Composer, update zephir to 0.17.0 ++++ php8-ice: - Ice 1.10.1 * Arr, deprecation message fix #311 * Loader, don't encode to utf8 * Don't encode regex in route group count data generator * Passing null to parameter of type string is deprecated * Filter, sanitize string is deprecated * Model, serializable interface is deprecated fix #311 * Auth, add login tests, logout fix * Composer, update zephir to 0.17.0 ++++ tryton: - Version 6.0.25 - Bugfix Release ++++ trytond: - Version 6.0.28 - Bugfix Release ++++ trytond_account: - Version 6.0.15 - Bugfix Release ++++ trytond_purchase_request: - Version 6.0.4 - Bugfix Release ------------------------------------------------------------------ ------------------ 2023-2-18 - Feb 18 2023 ------------------- ------------------------------------------------------------------ ++++ cargo-packaging: - Update to version 1.2.0+0: * marcos.cargo: add path parameter in cargo_install (#3) ++++ yascreen: - yascreen 1.97: * add yascreen_willto - allows to optimize polling in external event loops ++++ opi: - Version 2.15.0 - Fix repo name encoding when asking for new key addition ++++ parole: - Update to version 4.18.0 * Update copyright year * Update bug report address * player: Prevent infinite cycle when setting volume (#119) * Update some icon names (!17) * Reduce hiding controls to 2 seconds (Fixes #80, !12) * autoconf: Some updates * Update `.gitignore` * build: Replace DATADIRNAME no longer set by xfce4-dev-tools >= 4.17.0 * build: Bump GLib minimum required to 2.38 * autoconf: Use AC_CONFIG_MACRO_DIRS (!14) * Fix memory leak when loading cover image (#98) * Fix compilation warnings (!11) * Makefile.am: INCLUDES -> AM_CPPFLAGS * autoconf: Some updates * Remove the deprecated keys from desktop file (!9) * Translation Updates ------------------------------------------------------------------ ------------------ 2023-2-17 - Feb 17 2023 ------------------- ------------------------------------------------------------------ ++++ apache2-mod_php7: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ buildah: - Update to version 1.29.1: * [release-1.29] Bump to Buildah v1.29.1 * Update to c/image 5.24.1 ++++ kernel-64kb: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-azure: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-default: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-rt: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ crmsh: - Update to version 4.4.1+20230217.7fe11a5c: * Dev: report: Enable crm report for sudoer user * Dev: bootstrap: allow the cluster to operate with ssh session under non-root sudoer (jsc#PED-290) * Dev: utils: Add sudo for the commands in user hints * Fix: hawk fails to parse the slash (bsc#1206217) * Fix: extra logs while configuring passwordless (bsc#1207720) ++++ distribution: - add 0001-Fix-runaway-allocation-on-v2-_catalog.patch (CVE-2023-2253, bsc#1207705) ++++ dtb-aarch64: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ go1.20: - Improvements to go1.x packaging spec: * On Tumbleweed bootstrap with current default gcc13 and gccgo118 * On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap using go1.x package (%bcond_without gccgo). This is no longer needed on current SLE-12:Update and removing will consolidate the build configurations used. * Change source URLs to go.dev as per Go upstream * On x86_64 export GOAMD64=v1 as per the current baseline. At this time forgo GOAMD64=v3 option for x86_64_v3 support. * On x86_64 %define go_amd64=v1 as current instruction baseline * In %check on x86_64 use value %go_amd64=v1 as GOAMD64=v1 to grep correct TSAN version is checked out from LLVM with new spelling for internal/amd64v1/race_linux.syso ++++ java-11-openjdk: - Remove the accessibility sub-package, since it was never really working and creates another problems (bsc#1206549). It can eventually be built as standalone if needed - Removed patches: * jaw-jdk10.patch * jaw-misc.patch * jaw-nogtk.patch + not needed after the removal of the accessibility sub-package ++++ java-17-openjdk: - Remove the accessibility sub-package, since it was never really working and creates another problems (bsc#1206549). It can eventually be built as standalone if needed - Removed patches: * jaw-jdk10.patch * jaw-misc.patch * jaw-nogtk.patch + not needed after the removal of the accessibility sub-package ++++ kernel-debug: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-source: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-source-azure: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-source-rt: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-docs: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-kvmsmall: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-obs-build: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-obs-qa: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-rt_debug: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-syms: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-syms-azure: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-syms-rt: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ kernel-zfcpdump: - Revert "block: freeze the queue earlier in del_gendisk" (git-fixes). - commit 6b26f6b ++++ libica: - Upgrade to version 4.2.1 (jsc#PED-2872) - [PATCH] fix regression opening shared memory ++++ openssl-1_0_0: - Fix DH key generation in FIPS mode, add support for constant BN for DH parameters [bsc#1202062] * Add patch: openssl-fips_fix_DH_key_generation.patch ++++ systemd: - Drop build requirement on libpci, it's not more needed since udev hwdb was introduced 11 years ago. ++++ php7: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ php7-embed: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ php7-fastcgi: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ php7-fpm: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ php7-test: - security update - added patches fix CVE-2023-0568 [bsc#1208366], NULL byte off-by-one in php_check_specific_open_basedir + php7-CVE-2023-0568.patch fix CVE-2023-0662 [bsc#1208367], DoS vulnerability when parsing multipart request body + php7-CVE-2023-0662.patch https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5, relates to CVE-2023-0567 [bsc#1208388] + php7-crypt-possible-buffer-overread.patch ++++ podman: - Add patch to fix bsc#1208364 aka CVE-2023-0778 Added patch: * volume-container-chroot-to-source-before-exporting-content.patch ++++ python-yattag: - Updated to release 1.15.0 ++++ xfce4-notifyd: - Update to 0.8.1: * Set 1.5s timeouts for the log dbus proxy * Move log dbus server to its own object/file * Wrap queue item struct creation with a function * Improve old log migration error reporting * Delete old log file if it was empty * Clean up old log action parsing loop * Print a message if log db is busy or locked * Plug memleak when not sending log changed signal * Use GStrvBuilder instead of constructing one manually * Handle empty strings from DBus * Limit notification body to 2 lines in plugin menu * Remove old legacy support options from configure * Ensure gdbus-codegen doesn't generate too-new code * Clean up generate code and deprecate Quit method * Make all notification log access go through dbus * Drop old gtk 3.0 themes (3.20 themes are always used) * Clean up build system * Add hidden setting to restore override-redirect behavior * Remove ChangeLog make target * Markdownify and update the readme * Disconnect from GtkIconTheme::changed when plugin destroyed * Load main panel icon with _load_symbolic() variant * Restore log viewer's scrolled window shadow-type * Update icon when icon-theme changes * Fix incorrect signal handler connections in settings dialog * Translation Updates ------------------------------------------------------------------ ------------------ 2023-2-16 - Feb 16 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 102.8.0 * new: Added option to build RNP library with OpenSSL backend (use "--with-librnp-backend=openssl" configure option) (bmo#1799123,bmo#1805215) * changed: Thunderbird now warns user that OpenPGP is disabled if RNP library is outdated or missing (bmo#1799874) * fixed: "Get Messages" did not retrieve messages from Gmail accounts using a local folder as a deferred inbox (bmo#1799106) * fixed: Various visual and UX improvements (bmo#1777788,bmo#1790278) * unresolved: Source strings for localized builds not uploaded to FTP as expected (bmo#1817086) * fixed: Various security fixes MFSA 2023-07 (bsc#1208144) * CVE-2023-0616 (bmo#1806507) User Interface lockup with messages combining S/MIME and OpenPGP * CVE-2023-25728 (bmo#1790345) Content security policy leak in violation reports using iframes * CVE-2023-25730 (bmo#1794622) Screen hijack via browser fullscreen mode * CVE-2023-0767 (bmo#1804640) Arbitrary memory write via PKCS 12 in NSS * CVE-2023-25735 (bmo#1810711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-25737 (bmo#1811464) Invalid downcast in SVGUtils::SetupStrokeGeometry * CVE-2023-25738 (bmo#1811852) Printing on Windows could potentially crash Thunderbird with some device drivers * CVE-2023-25739 (bmo#1811939) Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * CVE-2023-25729 (bmo#1792138) Extensions could have opened external schemes without user knowledge * CVE-2023-25732 (bmo#1804564) Out of bounds memory write from EncodeInputStream * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338) Opening local .url files could cause unexpected network loads * CVE-2023-25742 (bmo#1813424) Web Crypto ImportKey crashes tab * CVE-2023-25746 (bmo#1544127, bmo#1762368, bmo#1789449, bmo#1803628, bmo#1810536) Memory safety bugs fixed in Thunderbird 102.8 ++++ webkit2gtk3-soup2: - Update to version 2.38.5 (boo#1208328): + Fix large memory allocation when uploading content. + Fix scrolling after a history navigation with PSON enabled. + Always update the active uri of WebKitFrame. + Fix the build on Ubuntu 20.04. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23529. - Add webkit2gtk3-gtk4-build-fix.patch: fix the build with gtk 4.6.0. ++++ webkit2gtk3: - Update to version 2.38.5 (boo#1208328): + Fix large memory allocation when uploading content. + Fix scrolling after a history navigation with PSON enabled. + Always update the active uri of WebKitFrame. + Fix the build on Ubuntu 20.04. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23529. - Add webkit2gtk3-gtk4-build-fix.patch: fix the build with gtk 4.6.0. ++++ webkit2gtk4: - Update to version 2.38.5 (boo#1208328): + Fix large memory allocation when uploading content. + Fix scrolling after a history navigation with PSON enabled. + Always update the active uri of WebKitFrame. + Fix the build on Ubuntu 20.04. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23529. - Add webkit2gtk3-gtk4-build-fix.patch: fix the build with gtk 4.6.0. ++++ apache2-mod_php8: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ bind: - Update to release 9.16.38 Bug Fixes: * A constant stream of zone additions and deletions via rndc reconfig could cause increased memory consumption due to delayed cleaning of view memory. This has been fixed. * The speed of the message digest algorithms (MD5, SHA-1, SHA-2), and of NSEC3 hashing, has been improved. * Building BIND 9 failed when the --enable-dnsrps switch for ./configure was used. This has been fixed. [jsc#SLE-24600] - Updated keyring and signature ++++ chromium: - Chromium 110.0.5481.100 * fix regression on SAP Business Objects web UI * fix date formatting behavior change from ICU 72 ++++ chromium: - Chromium 110.0.5481.100 * fix regression on SAP Business Objects web UI * fix date formatting behavior change from ICU 72 ++++ clamav: - Update to 0.103.8 * CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208363) * CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (bsc#1208365) * Update vendored libmspack library to version 0.11alpha. ++++ gnutls: - FIPS: Make the jitterentropy calls thread-safe [bsc#1208146] * Add gnutls-FIPS-jitterentropy-threadsafe.patch - FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183] * Rebase patches with the version submitted upstream. * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch - Security Fix: [bsc#1208143, CVE-2023-0361] * Bleichenbacher oracle in TLS RSA key exchange * Add gnutls-CVE-2023-0361.patch ++++ gstreamer-plugins-bad: - Remove sys/decklink since that contains a non-standard license and disable the decklink plugin ++++ gstreamer-plugins-rs: - Disable the aws plugin in big endian architectures since it requires the ring crate which doesn't support big endian systems (see gh#briansmith/ring#1555). Fixes bsc#1208795 - Add BuildRequires: zstd so it build in SLE/Leap now that the sources are compressed with zstd ++++ s390-tools: - Implemented read_values -u. The result of -u is a unique identifier composed of: * Machine Serial Number. * LPAR Name. * VM Name (can be optional). ++++ lsvpd: - Fix NVMe information parsing for some devices (bsc#1208122 ltc#200118) + lsvpd-Add-NVME-f1h-log-page-VPD-information-parsing-.patch + lsvpd-Update-nvme_template-with-logpage-format-for-0.patch ++++ nautilus-share: - Fix `'net usershare' returned error 255`; (bsc#1208375). Add patch Bug1208375.patch. ++++ php8: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ php8-embed: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ php8-fastcgi: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ php8-fpm: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ php8-test: - version update to 8.0.28 14 Feb 2023 Core: Fixed bug #81744 (Password_verify() always return true with some hash). Fixed bug #81746 (1-byte array overrun in common path resolve code). SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) This is a security release that addresses CVE-2023-0567, CVE-2023-0568, and CVE-2023-0662. - We are not affected by CVE-2023-0567 (https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4) as we build against system libcrypt. - See [bsc#1208388], [bsc#1208366], [bsc#1208367]. ++++ systemd-rpm-macros: - Bump version to 12 - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ++++ warewulf4: - added Fix-for-CVE-2022-41723.patch in order to fix CVE-2022-41723 (bsc#1208301) Note: an updated vendor.tar.gz is also required - use the static dhpd configuration, which means known nodes will not only be static configured, but also get their configured ip address via dhcp ------------------------------------------------------------------ ------------------ 2023-2-15 - Feb 15 2023 ------------------- ------------------------------------------------------------------ ++++ applet-window-buttons: - Add kdecoration-5.27.patch to fix build with Plasma 5.27 - Increase version requirement for plasma and kdecoration to 5.27 ++++ apptainer: - update to 1.1.6 with following changes: * Included a fix for CVE-2022-23538 which potentially leaked user credentials to a third-party S3 storage service when using the library:// protocol. See the https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 for details. * Make PS1 environment variable changeable via %environment section on definition file that used to be only changeable via APPTAINERENV_PS1 outside of container. This makes the container's prompt customizable. * Fix the passing of nested bind mounts when there are multiple binds separated by commas and some of them have colons separating sources and destinations. * Hide messages about SINGULARITY variables if corresponding APPTAINER variables are defined. Fixes a regression introduced in 1.1.4. * Print a warning if extra arguments are given to a shell action, and show in the run action usage that arguments may be passed. * Check for the existence of the runtime executable prefix, to avoid issues when running under Slurm's srun. If it doesn't exist, fall back to the compile-time prefix. * Increase the timeout on image driver (that is, FUSE) mounts from 2 seconds to 10 seconds. Instead, print an INFO message if it takes more than 2 seconds. * If a remote is defined both globally (i.e. system-wide) and individually, change apptainer remote commands to print an info message instead of exiting with a fatal error and to give precedence to the individual configuration. ++++ aws-cli: - Update to version 1.27.71 + For detailed changes see https://github.com/aws/aws-cli/blob/1.27.71/CHANGELOG.rst - Update Requires in spec file from setup.py ++++ lapack: - As a configurable option add tmglib code to the LAPACK librarly and enable TMG in LAPACKE as the header files provide its API (boo#1207989 & bsc#1087426). - Fix update-alternatives for lapacke (bsc#1207358). - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Move update-alternatives --remove to %%postun to stop rpmlint from complaining. - Removed useless - because never executed - %%postrans scriptlets. - Added missing _%%{_arch} to update-alternative names. - rpmlint complains anyway - this time about alternative-link-missing - as it does not understand the _%%{_arch} endings: muffle with rpmlintrc. - Make arch-dependent generic names conditional. ++++ build: - CycloneDX SBOM support added ++++ kernel-64kb: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-azure: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-default: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-rt: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ dtb-aarch64: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ grafana: - Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065, CVE-2022-46146). - Add: * 0002-Update-exporter-toolkit-to-version-0.7.3.patch - Require Go 1.19 or newer (bsc#1208293, CVE-2022-41723) ++++ gssntlmssp: - Adapt license changes from upstream * LGPL-3.0-or-later -> ISC - Upstream moved to github - Update to version 1.2.0 * Implement gss_set_cred_option. * Allow to gss_wrap even if NEGOTIATE_SEAL is not negotiated. * Move HMAC code to OpenSSL EVP API. * Fix crash bug when acceptor credentials are NULL. * Translations update from Fedora Weblate. Fix CVE: * CVE-2023-25563 (boo#1208278): multiple out-of-bounds read when decoding NTLM fields. * CVE-2023-25564 (boo#1208279): memory corruption when decoding UTF16 strings. * CVE-2023-25565 (boo#1208280): incorrect free when decoding target information. * CVE-2023-25566 (boo#1208281): memory leak when parsing usernames. * CVE-2023-25567 (boo#1208282): out-of-bounds read when decoding target information. - Update to version 1.1 * various build fixes and better compatibility when a MIC is requested. - Update to version 1.0 * Fix test_gssapi_rfc5587. * Actually run tests with make check. * Add two tests around NTLMSSP_NEGOTIATE_LMKEY. * Refine LM compatibility level logic. * Refactor the gssntlm_required_security function. * Implement reading LM/NT hashes. * Add test for smpasswd-like user files. * Return confidentiality status. * Fix segfault in sign/seal functions. * Fix dummy signature generation. * Use UCS16LE instead of UCS-2LE. * Provide a zero lm key if the password is too long. * Completely omit CBs AV pairs when no CB provided. * Change license to the more permissive ISC. * Do not require cached users with winbind. * Add ability to pass keyfile via cred store. * Remove unused parts of Makefile.am. * Move attribute names to allocated strings. * Adjust serialization for name attributes. * Fix crash in acquiring credentials. * Fix fallback to external_creds interface. * Introduce parse_user_name() function. * Add test for parse_user_name. * Change how we assemble user names in ASC. * Use thread local storage for winbind context. * Make per thread winbind context optional. * Fixed memleak of usr_cred. * Support get_sids request via name attributes. * Fixed memory leaks found by valgrind. - Update to version 0.9 * add support for getting session key. * Add gss_inquire_attrs_for_mech(). * Return actual data for RFC5587 API. * Add new Windows version flags. * Add Key exchange also when wanting integrity only. * Drop support for GSS_C_MA_NOT_DFLT_MECH. ++++ kernel-debug: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-source: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-source-azure: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-source-rt: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-docs: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-kvmsmall: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-obs-build: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-obs-qa: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-rt_debug: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-syms: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-syms-azure: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-syms-rt: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ kernel-zfcpdump: - Update kabi files. Add arm64 64kb flavor, based on daily build 5.14.21-150500.9.1.g9b76281.aarch64.rpm - commit 2a6f1f8 ++++ mozilla-nss: - Add manpages to mozilla-nss-tools (bsc#1208242) ++++ thunar: - Explicitly require the newer libpcre2 instead of libpcre; this fixes boo#1208260 ++++ neochat: - Update to 23.01.0 * notifications are now shown for all accounts * new compact mode for the room list * searching in history is now possible * emojis and reactions improvements ++++ openCryptoki: - Updated package to openCryptoki 3.20 (bsc#1207760, jsc#PED-3376, jsc#PED-2870, jsc#PED-2869 ) - Removed the following obsolite patches: * ocki-3.19.0-0001-EP11-Unify-key-pair-generation-functions.patch * ocki-3.19.0-0002-EP11-Do-not-report-DSA-DH-parameter-generation-as-be.patch * ocki-3.19.0-0003-EP11-Do-not-pass-empty-CKA_PUBLIC_KEY_INFO-to-EP11-h.patch * ocki-3.19.0-0004-Mechtable-CKM_IBM_DILITHIUM-can-also-be-used-for-key.patch * ocki-3.19.0-0005-EP11-Remove-DSA-DH-parameter-generation-mechanisms-f.patch * ocki-3.19.0-0006-EP11-Pass-back-chain-code-for-CKM_IBM_BTC_DERIVE.patch * ocki-3.19.0-0007-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0008-EP11-Supply-CKA_PUBLIC_KEY_INFO-when-importing-priva.patch * ocki-3.19.0-0009-EP11-Fix-memory-leak-introduced-with-recent-commit.patch * ocki-3.19.0-0010-p11sak-Fix-segfault-when-dilithium-version-is-not-sp.patch * ocki-3.19.0-0011-EP11-remove-dead-code-and-unused-variables.patch * ocki-3.19.0-0012-EP11-Update-EP11-host-library-header-files.patch * ocki-3.19.0-0013-EP11-Support-EP11-host-library-version-4.patch * ocki-3.19.0-0014-EP11-Add-new-control-points.patch * ocki-3.19.0-0015-EP11-Default-unknown-CPs-to-ON.patch * ocki-3.19.0-0016-COMMON-Add-defines-for-Dilithium-round-2-and-3-varia.patch * ocki-3.19.0-0017-COMMON-Add-defines-for-Kyber.patch * ocki-3.19.0-0018-COMMON-Add-post-quantum-algorithm-OIDs.patch * ocki-3.19.0-0019-COMMON-Dilithium-key-BER-encoding-decoding-allow-dif.patch * ocki-3.19.0-0020-COMMON-EP11-Add-CKA_VALUE-holding-SPKI-PKCS-8-of-key.patch * ocki-3.19.0-0021-COMMON-EP11-Allow-to-select-Dilithium-variant-via-mo.patch * ocki-3.19.0-0022-EP11-Query-supported-PQC-variants-and-restrict-usage.patch * ocki-3.19.0-0023-POLICY-Dilithium-strength-and-signature-size-depends.patch * ocki-3.19.0-0024-TESTCASES-Test-Dilithium-variants.patch * ocki-3.19.0-0025-COMMON-EP11-Add-Kyber-key-type-and-mechanism.patch * ocki-3.19.0-0026-EP11-Add-support-for-generating-and-importing-Kyber-.patch * ocki-3.19.0-0027-EP11-Add-support-for-encrypt-decrypt-and-KEM-operati.patch * ocki-3.19.0-0028-POLICY-STATISTICS-Check-for-Kyber-KEM-KDFs-and-count.patch * ocki-3.19.0-0029-TESTCASES-Add-tests-for-CKM_IBM_KYBER.patch * ocki-3.19.0-0030-p11sak-Support-additional-Dilithium-variants.patch * ocki-3.19.0-0031-p11sak-Add-support-for-IBM-Kyber-key-type.patch * ocki-3.19.0-0032-testcase-Enhance-p11sak-testcase-to-generate-IBM-Kyb.patch * ocki-3.19.0-0033-EP11-Supply-CKA_PUBLIC_KEY_INFO-with-CKM_IBM_BTC_DER.patch * ocki-3.19.0-0034-EP11-Fix-setting-unknown-CPs-to-ON.patch * ocki-3.19.0-0035-Fix-compile-error-error-initializer-element-is-not-c.patch - Reworked ocki-3.19-remove-make-install-chgrp.patch to fit the current version of the package and renamed it to ocki-3.20-remove-make-install-chgrp.patch. ++++ ovmf: - Add ovmf-Revert-OvmfPkg-OvmfXen-Set-PcdFSBClock.patch to revert 71cdb91f313380152d7bf38cfeebe76f5b2d39ac patch (bsc#1205613) - 71cdb91f313380152d7bf38cfeebe76f5b2d39ac OvmfPkg/OvmfXen: Set PcdFSBClock - We are waiting better upsteam patch, revert the issue patch first. Then PcdFSBClock will back to fixed variable. - Reference: https://edk2.groups.io/g/devel/topic/94891128#96077 https://bugzilla.tianocore.org/show_bug.cgi?id=4340 ++++ plasma5-desktop: - Don't try to delete the DBus interfaces folder on s390x. There's nothing to delete on this arch. ++++ product-builder-plugin-SLE_15: - update to version 1.0.11 * final output SBOM filenames following OBS definitions * CycloneDX SBOM support added ++++ python-boto3: - Update to 1.26.71 * api-change:``appconfig``: [``botocore``] AWS AppConfig now offers the option to set a version label on hosted configuration versions. Version labels allow you to identify specific hosted configuration versions based on an alternate versioning scheme that you define. * api-change:``datasync``: [``botocore``] With this launch, we are giving customers the ability to use older SMB protocol versions, enabling them to use DataSync to copy data to and from their legacy storage arrays. * api-change:``ec2``: [``botocore``] With this release customers can turn host maintenance on or off when allocating or modifying a supported dedicated host. Host maintenance is turned on by default for supported hosts. - from version 1.26.70 * api-change:``account``: [``botocore``] This release of the Account Management API enables customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information, see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html * api-change:``appconfigdata``: [``botocore``] AWS AppConfig now offers the option to set a version label on hosted configuration versions. If a labeled hosted configuration version is deployed, its version label is available in the GetLatestConfiguration response. * api-change:``snowball``: [``botocore``] Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices. - from version 1.26.69 * api-change:``autoscaling``: [``botocore``] You can now either terminate/replace, ignore, or wait for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back changes from a failed instance refresh. * api-change:``connect``: [``botocore``] This update provides the Wisdom session ARN for contacts enabled for Wisdom in the chat channel. * api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for an imported snapshot until it reaches the completed state. * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for selecting algorithms in CreateAutoMLJob API. * api-change:``sns``: [``botocore``] This release adds support for SNS X-Ray active tracing as well as other updates. - from version 1.26.68 * api-change:``chime-sdk-meetings``: [``botocore``] Documentation updates for Chime Meetings SDK * api-change:``emr-containers``: [``botocore``] EMR on EKS allows configuring retry policies for job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events. * api-change:``evidently``: [``botocore``] Updated entity overrides parameter to accept up to 2500 overrides or a total of 40KB. * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version * api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for creating environments with a network fabric type of NONE * api-change:``workdocs``: [``botocore``] Doc only update for the WorkDocs APIs. * api-change:``workspaces``: [``botocore``] Removed Windows Server 2016 BYOL and made changes based on IAM campaign. - from version 1.26.67 * api-change:``backup``: [``botocore``] This release added one attribute (resource name) in the output model of our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No input required from Customers. * api-change:``cloudfront``: [``botocore``] CloudFront Origin Access Control extends support to AWS Elemental MediaStore origins. * api-change:``glue``: [``botocore``] DirectJDBCSource + Glue 4.0 streaming options * api-change:``lakeformation``: [``botocore``] This release removes the LFTagpolicyResource expression limits. - Update BuildRequires and Requires from setup.py ++++ python-botocore: - Update to 1.29.71 * api-change:``appconfig``: AWS AppConfig now offers the option to set a version label on hosted configuration versions. Version labels allow you to identify specific hosted configuration versions based on an alternate versioning scheme that you define. * api-change:``datasync``: With this launch, we are giving customers the ability to use older SMB protocol versions, enabling them to use DataSync to copy data to and from their legacy storage arrays. * api-change:``ec2``: With this release customers can turn host maintenance on or off when allocating or modifying a supported dedicated host. Host maintenance is turned on by default for supported hosts. - from version 1.29.70 * api-change:``account``: This release of the Account Management API enables customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information, see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html * api-change:``appconfigdata``: AWS AppConfig now offers the option to set a version label on hosted configuration versions. If a labeled hosted configuration version is deployed, its version label is available in the GetLatestConfiguration response. * api-change:``snowball``: Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices. - from version 1.29.69 * api-change:``autoscaling``: You can now either terminate/replace, ignore, or wait for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back changes from a failed instance refresh. * api-change:``connect``: This update provides the Wisdom session ARN for contacts enabled for Wisdom in the chat channel. * api-change:``ec2``: Adds support for waiters that automatically poll for an imported snapshot until it reaches the completed state. * api-change:``polly``: Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for selecting algorithms in CreateAutoMLJob API. * api-change:``sns``: This release adds support for SNS X-Ray active tracing as well as other updates. - from version 1.29.68 * api-change:``chime-sdk-meetings``: Documentation updates for Chime Meetings SDK * api-change:``emr-containers``: EMR on EKS allows configuring retry policies for job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events. * api-change:``evidently``: Updated entity overrides parameter to accept up to 2500 overrides or a total of 40KB. * api-change:``lexv2-models``: Update lexv2-models client to latest version * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version * api-change:``lightsail``: Documentation updates for Lightsail * api-change:``migration-hub-refactor-spaces``: This release adds support for creating environments with a network fabric type of NONE * api-change:``workdocs``: Doc only update for the WorkDocs APIs. * api-change:``workspaces``: Removed Windows Server 2016 BYOL and made changes based on IAM campaign. - from version 1.29.67 * api-change:``backup``: This release added one attribute (resource name) in the output model of our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No input required from Customers. * api-change:``cloudfront``: CloudFront Origin Access Control extends support to AWS Elemental MediaStore origins. * api-change:``glue``: DirectJDBCSource + Glue 4.0 streaming options * api-change:``lakeformation``: This release removes the LFTagpolicyResource expression limits. ++++ rmw: - rmw 0.9.0: - When purging, '-ff' is no longer needed to confirm removal of non-writable expired directories and files * replace function used to remove directories with rm from FreeBSD; Thanks to @DiegoMagdaleno and @dcantrell * change message displayed to user when a file being rmw'ed is on a filesystem that doesn't haven't a WASTE folder defined + Ignore requests to ReMove top-level files, add --top-level-bypass option to bypass the protection + Ignore requests to ReMove user's home directory * bugfix: buffer underflow when calling trim_char() with empty string (Thanks to Christopher Wellons) * replace valgrind test setup with asan (-fsanitize) * the 'ESC' key can now be used to quit the restore file selection menu ++++ trivy: - Update to version 0.37.3 (bsc#1208091, CVE-2023-25165): * chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574) * chore(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 (#3536) * chore(deps): bump golang/x/mod to v0.8.0 (#3606) * chore(deps): bump golang.org/x/crypto from 0.3.0 to 0.5.0 (#3529) * chore(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.1 (#3580) * ci: quote pros in c++ for semantic pr (#3605) * fix(image): check proxy settings from env for remote images (#3604) ++++ ucode-intel: - Updated to Intel CPU Microcode 20230214 release. Security issues fixed: - CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275) - CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276) - CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277) New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4 | SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max | RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13 Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12 | ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12 | CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2 | CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2 | CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile | ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3 | JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105 | LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology | RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11 | RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13 | SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable ++++ xen: - bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return Address Predictions (XSA-426) 63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch ------------------------------------------------------------------ ------------------ 2023-2-14 - Feb 14 2023 ------------------- ------------------------------------------------------------------ ++++ aardvark-dns: - First version of aardvark-dns ++++ aardvark-dns: - First version of aardvark-dns ++++ rust: - Update to version 1.67.1 - for details see the rust1.67 package ++++ cfengine: - Update to version 3.21.0: * Added cf-support utility for generating support information (ENT-9037) * Adjusted cf-check and package module code for empty updates list (ENT-9050) * '$(this.promiser)' can now be used in 'files' promise attributes 'if', 'ifvarclass' and 'unless' (CFE-2262, ENT-7008) * Fixed storage promise for nfs on MacOS (CFE-4093) * Fixed definition of _low_ldt class from cf-monitord (CFE-4022) * Insertion of contents of a file with blank lines into another file with blank lines no longer results in mixed content (ENT-8788) * Added suggestion to use a negative lookahead when non-convergent edits are attempted (CFE-192) * Unresolved function calls that return scalar values are now considered OK for constraints expecting strings during syntax check (CFE-4094) * cf-monitord now honors monitorfacility in body monitor control (ENT-4492) * cf-serverd now periodically reloads its policy if it contains unresolved variables (e.g. $(sys.policy_hub) in 'allowconnect'). (ENT-8456) * cf-serverd now starts in the network-online.target on systemd-based systems (ENT-8456) * edit_line bundles can now use the new $(edit.empty_before_use) variable mirroring the value of edit_defaults=>empty_before_use of the related files promise (ENT-5866) * Package modules with unresolved variables in their names are now skipped in package queries (ENT-9377) * Removed unsupported name_connect capability for udp_socket class (ENT-8824) * 'meta' attribute can now be used in custom promises (CFE-3440) * Custom promise modules can now support the 'action_policy' feature allowing promises of their custom types to be used in dry-run and simulation modes and in combination with 'action_policy => "warn"'. (CFE-3433) * Use of custom promise modules that don't fully specify protocol now results in warning (CFE-3433) * Warnings are logged if levels of log messages from custom promise modules don't match results of their related promises (CFE-3433) * Adjusted SELinux policy for RHEL 9 (ENT-8824) * Fixed SELinux policy to allow hub to send emails (ENT-9557, ENT-9473) * SELinux no longer breaks SQL queries with large result sets on RHEL 8 hubs (ENT-9496) * Added SELinux LDAP port access for Mission Portal (ENT-9694) * Allowed ciphers are now properly split into TLS 1.3 cipher suites and ciphers used for TLS 1.2 and older (ENT-9018) * Fixed git_cfbs_deploy_refspec in masterfiles_stage leaving temp dir - Update to version 3.20.0: * 'rxdirs' now defaults to "false". This means that the read permission bit no longer implies execute bit for directories, by default. Permission bits will be exactly as specified. To restore the old behavior you can still enable 'rxdirs' explicitly. (CFE-951) * 'N' or 'Ns' signal specs can now be used to sleep between signals sent by 'processes' promises (CFE-2207, ENT-5899) * Directories named .no-distrib are no longer copied from policy server (in bootstrap/failsafe) (ENT-8079) * Files promises using content attribute or template method now create files by default unless create => "false" is specified. (CFE-3955, CFE-3916) * template_method mustache and inline_mustache now create file in promiser, if template rendering was successfull and file does not exist. (ENT-4792) * Added support for use of custom bodies in custom promise types (CFE-3574) * Custom promise modules now never get promise data with unresolved variables (CFE-3434) * Custom promises now use standard promise locking and support ifelapsed (CFE-3434) * Enable comment-attribute for custom promise types (CFE-3432) * cf-secret encrypt now encrypts for localhost if no key or host is specified (CFE-3874) * CFEngine now builds with OpenSSL 3 (ENT-8355) * CFEngine now requires OpenSSL 1.0.0 or newer (ENT-8355) * Moved Skipping loading of duplicate policy file messages from VERBOSE to DEBUG (CFE-3934) * CFEngine processes now try to use getent if the builtin user/group info lookup fails (CFE-3937) * No longer possible to undefine reserved hard classes (ENT-7718) * Unspecified 'rxdirs' now produces a warning (CFE-951) * Fixed wrong use of log level in users promises log messages (CFE-3906) * Fixed default for ignore_missing_bundles and ignore_missing_inputs The issue here was that these attributes should default to false, but when they are assigned with an unresolved variable, they would default to true. (ENT-8430) * Added protocol 3 (cookie) to syntax description (ENT-8560) * Moved errors from data_sysctlvalues from inform to verbose (CFE-3818) * Fixed inconsistencies with methods promises and missing bundles ++++ cfengine-masterfiles: - Update to 3.21.0 * https://github.com/cfengine/masterfiles/blob/3.21.0/CHANGELOG.md ++++ kernel-64kb: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-azure: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-default: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-rt: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ linux-glibc-devel: - Add asm/uvdevice.h to the package (bsc#1207886) + drivers-s390-char-Add-Ultravisor-io-device ++++ discover: - Discover 5.27 can be built again on archs missing QtWebEngine ++++ dtb-aarch64: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ go1.19: - go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the go command, the linker, the runtime, and the crypto/x509, net/http, and time packages. Refs boo#1200441 go1.19 release tracking CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 * go#57275 boo#1208269 security: fix CVE-2022-41722 * go#58355 boo#1208270 security: fix CVE-2022-41723 * go#58358 boo#1208271 security: fix CVE-2022-41724 * go#58362 boo#1208272 security: fix CVE-2022-41725 * go#56154 net/http: bad handling of HEAD requests with a body * go#57635 crypto/x509: TestBoringAllowCert failures * go#57812 runtime: performance regression due to bad instruction used in morestack_noctxt for ppc64 in CL 425396 * go#58118 time: update zoneinfo_abbrs on Windows * go#58223 cmd/link: .go.buildinfo is gc'ed by --gc-sections * go#58449 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing ++++ go1.20: - go1.20.1 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the time package. Refs boo#1206346 go1.20 release tracking CVE-2022-41722 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 * go#57276 boo#1208269 security: fix CVE-2022-41722 path/filepath: path traversal in filepath.Clean on Windows * go#58356 boo#1208270 security: fix CVE-2022-41723 net/http: avoid quadratic complexity in HPACK decoding * go#58359 boo#1208271 security: fix CVE-2022-41724 crypto/tls: large handshake records may cause panics * go#58363 boo#1208272 security: fix CVE-2022-41725 net/http, mime/multipart: denial of service from excessive resource consumption * go#58117 time: update zoneinfo_abbrs on Windows * go#58224 cmd/link: .go.buildinfo is gc'ed by --gc-sections * go#58309 cmd/compile/internal/pgo: Detect sample value position instead of hard-coding * go#58319 cmd/compile: constant overflows when assigned to package level var (Go 1.20 regression) * go#58335 cmd/compile: internal compiler error: panic: interface conversion: ir.Node is *ir.CompLitExpr, not *ir.Name * go#58413 cmd/compile: internal compiler error: Type.Elem UNION * go#58419 runtime: GOOS=ios fails Apple's app validation due to use of private API * go#58421 cmd/go/internal/test: stale flagdefs.go not detected by tests * go#58431 all: test failures with ETXTBSY * go#58450 cmd/go/internal/modfetch: TestCodeRepo/gopkg.in_natefinch_lumberjack.v2/latest failing ++++ gstreamer-plugins-rs: - Update to version 0.10.1+git20230213.9cd68ff: * rtpav1pay: Fix calculation of Leb128 size size to work correctly with streams from certain encoders. - Changes from version 0.10.0: * Fixed: - audiornnoise: Use correct value range for the samples - awss3sink: Treat stopping without EOS as an error for multipart upload - awss3hlssink: . Fix the name of the hlssink child element . Fix deadlock on EOS - dav1d: Various fixes to improve performance, to handle decoding errors more gracefully and to make sure all frames are output in the end - fmp4mux: Various fixes to fragment splitting behaviour, output formatting and header generation - gtk4: Various stability and rendering fixes - meson: Various fixes and improvements to the meson-based build system - ndi: provide non-Linux/macOS UNIX fallback for the soname - ndisrc: Use default channel mask for audio output to allow >2 channels to work better - rav1e: Correctly enable threading support - rtpav1: Various fixes to the payloader and depayloader to handle streams more correctly and to handle errors more cleanly - rtpav1depay: Set caps on the source pad - spotify: fix "start a runtime from within a runtime" with static link - textahead: fix previous buffers - textwrap: Don't panic on empty buffers - tttocea608: Don't fail if a GAP event contains no duration - webrtchttp: whipsink: construct TURN URL correctly - webrtcsink: fix panic on pre-bwe request error - whipsink: . Send ICE candidates together with the offer . Various cleanups and minor fixes * Added: - audiornnoise: Add voice detection threshold property - awss3hlssink: Add stats property - awss3sink: Add properties to set Content-Type and Content-Disposition - fmp4mux: . Add 'offset-to-zero' property . Add support for CMAF-style chunking, e.g. low-latency / LL HLS and DASH - fmp4mux/mp4mux: . Add support for muxing Opus, VP8, VP9 and AV1 streams . Make media/track timescales configurable - gtk4: Support for rendering GL textures on X11/EGL, X11/GLX, Wayland and macOS - hlssink3: Allow generating i-frame-only playlist - livesync: New element that alllows maintaining a contiguous live stream without gaps from a potentially unstable source. - mp4mux: New non-fragmented MP4 muxer element - spotifyaudiosrc: Support configurable bitrate - textahead: add settings to display previous buffers - threadshare: Introduce new ts-audiotestsrc - webrtcsink: Support nvv4l2vp9enc - whepsource: Add a WebRTC WHEP source element * Changed: - audiofx: Derive from AudioFilter where possible - dav1ddec: Lower rank to primary to allow usage of hardware decoders with higher ranks - fmp4mux: Only push fragment_offset if write-mfra is true to reduce memory usage - webrtcsink: . Make the turn-server property a turn-servers list . Move from async-std to tokio ++++ helix: - Automatic update of vendored dependencies ++++ kernel-debug: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-source: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-source-azure: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-source-rt: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-docs: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-kvmsmall: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-obs-build: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-obs-qa: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-rt_debug: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-syms: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-syms-azure: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-syms-rt: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ kernel-zfcpdump: - Fix page corruption caused by racy check in __free_pages (bsc#1208149). - commit 4cd4141 - ipmi:ssif: Add a timer between request retries (bsc#1206459). - ipmi:ssif: Remove rtc_us_timer (bsc#1206459). - ipmi_ssif: Rename idle state and check (bsc#1206459). - ipmi:ssif: resend_msg() cannot fail (bsc#1206459). - commit b0ebf1b - Delete patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch. - commit 8704cd7 ++++ libcontainers-common: - New upstream release 20230214 - bump c/storage to 1.45.3 - bump c/image to 5.24.1 - bump c/common to 0.51.0 - containers.conf: * add commented out options containers.read_only, engine.platform_to_oci_runtime, engine.events_container_create_inspect_data, network.volume_plugin_timeout, engine.runtimes.youki, machine.provider * remove deprecated setting containers.userns_size * add youki to engine.runtime_supports_json - shortnames.conf: pull in latest upstream version - storage.conf: add commented out option storage.transient_store - correct license to APACHE-2.0 only (there's no GPLv3 code to be found) - add source URLs to spec - drop pointless copyright year ++++ openblas_0_3_21-gnu-hpc: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas_0_3_21-gnu12-hpc: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas-pthreads_0_3_21-gnu-hpc: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas-pthreads_0_3_21-gnu12-hpc: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas_openmp: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas_pthreads: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ openblas_serial: - Make sure pre-existing (arch-independent) update-alternatives are wiped before registering new ones. Since update-alternatives has no reliable way to check if a certain 'generic name' exists, brute-force it and ignore any error (boo#1208248). - Remove totally pointless - ie. never executed - %%posttrans script. - Restore generic link for update-alternatives. This is usually set by the update-alternatives and it is '%ghost'ed but rpmlint complains. - Add rpmlintrc rules to avoid false positives from consistently guessing the update-alternatives generic name wrong. - Make arch dependent generic names conditional. ++++ libyui: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-ncurses: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-ncurses-pkg: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-ncurses-rest-api: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-qt: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-qt-graph: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-qt-pkg: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-qt-rest-api: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ libyui-rest-api: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ lxqt-build-tools: - boo#1208217: Bump required C++ version See also: gh/lxqt/lxqt-config#903 Add lxqt-build-tools-0.12.0-cpp17.patch ++++ lxqt-config: - boo#1208217: Include kscreen mode header See also: gh/lxqt/lxqt-config#903 Add lxqt-config-1.2.0-include.patch ++++ libyui-bindings: - Fixed build with GCC13 (-Woverloaded-virtual) (bsc#1208238) - build-all: Don't build bindings with --small (-s) - More docs for YShortcutManager (FAQ for our QA) - Merged PR #88 from krai: libyui-ncurses: Replace off64_t with off_t and stat64 with stat - 4.4.9 ++++ plasma5-openSUSE: - Require distribution-logos-openSUSE-icons ++++ tar: - Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump (CVE-2022-48303, bsc#1207753) * fix-CVE-2022-48303.patch - Fix hang when unpacking test tarball, bsc#1202436 * remove bsc1202436.patch * bsc1202436-1.patch * bsc1202436-1.patch ++++ yast2: - Allow dir:///foo to equal dir:/foo (bsc#1207239) - 4.5.24 ++++ yast2-packager: - Ruby 3.2: Change a test to treat dir:///foo equal to dir:/foo (bsc#1207239) - 4.5.15 ------------------------------------------------------------------ ------------------ 2023-2-13 - Feb 13 2023 ------------------- ------------------------------------------------------------------ ++++ apache2-mod_security2: - Fix CVE-2023-24021, FILES_TMP_CONTENT sometimes lacked the complete content (CVE-2023-24021, bsc#1207379) * fix-CVE-2023-24021.patch ++++ rust1.67: - bsc#1207928 - 1.67 breaks rusticl build in Mesa:drivers Version 1.67.1 (2023-02-09) - [Fix interoperability with thin archives.](https://github.com/rust-lang/rust/pull/107360) - [Fix an internal error in the compiler build process.](https://github.com/rust-lang/rust/pull/105624) - [Downgrade `clippy::uninlined_format_args` to pedantic.](https://github.com/rust-lang/rust-clippy/pull/10265) ++++ cloud-regionsrv-client: - Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 ) - Removes a warning about system_token entry present in the credentials file. - Adds logrotate configuration for log rotation. ++++ kernel-64kb: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-azure: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-default: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-rt: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ desktop-translations: - Update to version 84.87.20230128.350400f: * Translated using Weblate (Macedonian) * Translated using Weblate (German) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Finnish) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Macedonian) * Translated using Weblate (Russian) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Swedish) * Translated using Weblate (Russian) ++++ dtb-aarch64: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ git: - Fix CVE-2023-22490, using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport (CVE-2023-22490, bsc#1208027) - Fix CVE-2023-23946, a path outside the working tree can be overwritten as the user who is running "git apply" (CVE-2023-23946, bsc#1208028) * fix-CVE-2023-22490-1.patch * fix-CVE-2023-22490-2.patch * fix-CVE-2023-22490-3.patch * fix-CVE-2023-22490-4.patch ++++ plasma5-workspace: - Tarball got respun. Changes: * klipper: store QImage and construct QPixmap only when necessary (kde#465225, kde#465326, kde#464828, kde#465603) * shell: Ensure containments that belong to the current activity are not deleted prior to loading ++++ hdf5: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-mpich-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-mvapich2-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-openmpi2-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-openmpi3-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5_1_10_8-gnu-openmpi4-hpc: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5-mvapich2: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5-openmpi2: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5-openmpi3: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ hdf5-openmpi4: - Fix CVE-2021-37501 - overflow in calculation of data buffer due to bogus input file (bsc#1207973). https://github.com/HDFGroup/hdf5/issues/2458 https://github.com/HDFGroup/hdf5/pull/2459 Check-for-overflow-when-calculating-on-disk-attribute-data-size-2459.patch Remove-duplicate-code.patch ++++ helvum: - update to 0.4.0 - Improvements - The graphview no longer renders content outside the visible area and uses less CPU drawing, which should improve performance greatly. - The graphview can now be zoomed. Zooming is possible via two-finger-gesture, CTRL+Scrolling, and a zoom widget in the header bar. - The graphview now has a fixed size, and the view is initially centered in middle. - Labels on nodes and ports now may use multiple lines when too long, and very long labels will be ellipsized. A new tooltip is displayed when hovering a label, which displays the full name and is never ellipsized. - The label for a node now prefers displaying the node.description property over the node.nick property of a pipewire node, which is usually more human-readable and helpful, and also matches the behaviour of other tools. - Fixes - Helvum should build again with pipewire versions 0.3.64 and 0.3.65 due to an updated pipewire dependency. ++++ indi: - Initial OBS release. This is a temporary package so that Stellarium can be built again until it supports INDI 2.0. ++++ kcm_flatpak: - Tarball got respun. Changes: * Avoid creating empty fs permission entry from overrides ++++ kernel-debug: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-source: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-source-azure: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-source-rt: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-docs: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-firmware: - Update to version 20230210 (git commit bf4115c1aa2b): * linux-firmware: Update AMD cpu microcode * brcm: revert firmware files for Cypress devices * brcm: restore previous firmware file for BCM4329 device * rtw88: 8822c: Update normal firmware to v9.9.14 * i915: Add DMC v2.11 for MTL (jsc#PED-1225) * linux-firmware: Add firmware for Cirrus CS35L41 on UM3402 ASUS Laptop * linux-firmware: Add missing tuning files for HP Laptops using Cirrus Amps (bsc#1203699) * i915: Add DMC v2.18 for ADLP (jsc#PED-1225) ++++ kernel-kvmsmall: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-obs-build: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-obs-qa: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-rt_debug: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-syms: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-syms-azure: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-syms-rt: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ kernel-zfcpdump: - drm/i915/dg2: Drop force_probe requirement (bsc#1208203 jsc#PED-1218). - commit 4a027ed - module: Don't wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - commit 4544b7b - Update config files to enable CONFIG_IMA_DISABLE_HTABLE (bsc#1207301) - ppc64le/default, arm64/default, armv7hl/default,s390x/default, x86_64/default - commit c4d15e7 ++++ libzypp: - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) - version 17.31.8 (22) ++++ lilypond: - Remove linked lilypond-doc package and use one spec file ++++ opi: - Version 2.14.0 - Install openh264 according to arch - Use http instead of https for openh264 repo - Version 2.13.0 - Add openh264 (#119) - Version 2.12.0 - Enforce ffmpeg>=5 on tumbleweed ++++ package-translations: - Update to version 89.87.20230128.cd224a6: * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Finnish) * Translated using Weblate (Japanese) * Translated using Weblate (Japanese) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Spanish) * Translated using Weblate (Macedonian) * Translated using Weblate (Macedonian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Russian) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (Czech) * Translated using Weblate (German) * Translated using Weblate (Macedonian) * Translated using Weblate (Swedish) * Translated using Weblate (Macedonian) * Added translation using Weblate (Macedonian) * Translated using Weblate (Japanese) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Russian) * Translated using Weblate (Swedish) * Translated using Weblate (Russian) * Added translation using Weblate (Macedonian) ++++ plasma5-desktop: - Tarball got respun. Changes: * applets/taskmanager: Only activate the triangle filter when a tooltip is open (kde#465595) * kcms/landingPage: Remove double definition of onClickHandler ++++ python-cryptography: - Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931) * Don't allow update_into to mutate immutable objects ++++ virtualbox: - Remove requires for unused sysvinit-tools ++++ python-wxPython: - add repack script, do not include packaging/ dir in sources [gh#wxWidgets/Phoenix#2105], [bsc#670523] ++++ qemu: - Fixes: jsc#PED-1716 Add S390 features from IBM requirements * Patches added: dump-Add-architecture-section-and-sectio.patch dump-Refactor-dump_iterate-and-introduce.patch dump-Reintroduce-memory_offset-and-secti.patch dump-Rename-write_elf_loads-to-write_elf.patch dump-Rename-write_elf-_phdr_note-to-prep.patch dump-Reorder-struct-DumpState.patch dump-Replace-opaque-DumpState-pointer-wi.patch dump-Rework-dump_calculate_size-function.patch dump-Rework-filter-area-variables.patch dump-Rework-get_start_block.patch dump-Split-elf-header-functions-into-pre.patch dump-Use-a-buffer-for-ELF-section-data-a.patch dump-Write-ELF-section-headers-right-aft.patch include-elf.h-add-s390x-note-types.patch s390x-Add-KVM-PV-dump-interface.patch s390x-Add-protected-dump-cap.patch s390x-Introduce-PV-query-interface.patch s390x-pv-Add-dump-support.patch ++++ qemu-linux-user: - Fixes: jsc#PED-1716 Add S390 features from IBM requirements * Patches added: dump-Add-architecture-section-and-sectio.patch dump-Refactor-dump_iterate-and-introduce.patch dump-Reintroduce-memory_offset-and-secti.patch dump-Rename-write_elf_loads-to-write_elf.patch dump-Rename-write_elf-_phdr_note-to-prep.patch dump-Reorder-struct-DumpState.patch dump-Replace-opaque-DumpState-pointer-wi.patch dump-Rework-dump_calculate_size-function.patch dump-Rework-filter-area-variables.patch dump-Rework-get_start_block.patch dump-Split-elf-header-functions-into-pre.patch dump-Use-a-buffer-for-ELF-section-data-a.patch dump-Write-ELF-section-headers-right-aft.patch include-elf.h-add-s390x-note-types.patch s390x-Add-KVM-PV-dump-interface.patch s390x-Add-protected-dump-cap.patch s390x-Introduce-PV-query-interface.patch s390x-pv-Add-dump-support.patch ++++ stellarium: - Add dependency on the newly introduced INDI 1.x package. Since Stellarium doesn't support INDI 2.x, we need to depend on this temporary package until INDI 2.x is fully supported. (boo#1207852) ++++ sudo: - Added sudo-fix_NULL_deref_RunAs.patch * bsc#1206483 * Fix a situation where "sudo -U otheruser -l" would dereference a NULL pointer. ++++ virtualbox-kmp: - Remove requires for unused sysvinit-tools ++++ yast2-trans: - Update to version 84.87.20230211.83e08d8766: * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * Translated using Weblate (Georgian) * New POT for text domain 'iscsi-client'. * New POT for text domain 'control'. * New POT for text domain 'base'. * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Spanish) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (French) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Portuguese (Brazil)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (Taiwan) (zh_TW)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * New POT for text domain 'control'. * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (Italian) * Translated using Weblate (Italian) * Translated using Weblate (Chinese (China) (zh_CN)) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (French) * Translated using Weblate (French) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (German) * Translated using Weblate (Chinese (China) (zh_CN)) ------------------------------------------------------------------ ------------------ 2023-2-12 - Feb 12 2023 ------------------- ------------------------------------------------------------------ ++++ blasphemer: - Update to release 0.1.8 * Added Ghoul (Mummy), replacing the previous deer demon. * Added Harpy (Imp), replacing the previous lost soul. * Added Ogre (Maulotaurus). * Added Morphed Eye (Chicken). * Added Unknown (Lich), replacing Freedoom's cacodemon. * Textures: added archways variations - Added Deathmatch maps ++++ clamav-database: - database refresh on 2023-02-13 (bsc#1084929) ++++ gnuhealth: - version 4.2.0 * Enhanced Medical Imaging functionality and ergonomics. * Introduced GNU Health "Focus on" section on patient main form. * Surgery package has been vastly revised and enhanced in collaboration with our colleagues from Cirugia Solidaria * Enhanced Insurance and billing functionality. * The Vital Record System (VRS) can now issue reports on birth and death certificates. * Demographics can now accept entering estimate age / DoB. * Health services has now the functionality of "grouping" all the tests from a single order - lab and medical imaging. * Improved Patient encounter / evaluation. * Weblate translations holds 35 languages * On the technical side, we have improved unit testing on each package, speedup load times on large datafiles and using python-sql for most queries. * GNU Health is now REUSE (Free Software Foundation Europe) compliant. ++++ gnuhealth-client: - verion 4.2.0 * Instance and connection information visible at the GTK client title * Add GNUHEalth scalable icon - svg - for desktop menu and panel entries * see Changelog for full description * separate gnuhalth-client.desktop file removed ++++ mkvtoolnix: - Update to version 74.0.0 New features and enhancements: * mkvmerge: SRT handling: added a hack called `--engage keep_whitespaces_in_text_subtitles` which disables stripping whitespaces from the start & end of each line of SRT entries during muxing. Bug fixes: * all: Windows: UNC paths of type `\\?\C:\…` are supported again by switching back to Boost's file system library instead of using C++17's file system library. * mkvmerge: AVC/H.264 & HEVC/H.265 packetizers: when appending tracks the pixel dimensions will be checked & muxing will be aborted if they don't match. * mkvmerge: file type detection: file types that can be detected unambiguously by their content (e.g. Matroska, MP4, WAV…) will now preferred in the detection order over file types based on their extension. Prevents certain cases of mis-detection, e.g. DTS in WAV but with a file name extension of `.dts` being detected as the wrong type of DTS. * mkvmerge: SRT handling: whitespaces will now be stripped from the start & the end of each line of each entry, not just from the end of the last line. * mkvextract: SRT extraction: whitespaces will not be stripped from the start & end of the whole entry anymore. * MKVToolNix GUI: multiplexer: when adding multiple files that include certain file types (chapters, segment info and tag files) and when the choice where to add them is "all files to a single new tab", these certain file types will now be added in the newly added tab as well instead of the current tab that had already been open. * build system: fixed compatibility with Ruby 3.2.0 by using `FileTest.exist?` instead of `File.exists?`, `Dir.exists?` & `FileTest.exists?` which were removed in that release. Build system changes: * MKVToolNix is now using & requiring Boost's "file system" and "system" libraries again instead of C++17's file system library. This is due to gcc's library not supporting UNC paths of types `\\?\C:\dir\file.ext`. ++++ qbittorrent: - Update to version 4.5.1 New features: * Re-allow to use icons from system theme Bug fixes: * Fix Speed limit icon size * Revise and fix some text colors * Correctly load folder based UI theme * Fix crash due to invalid encoding of tracker URLs * Don't drop !qB extension when renaming incomplete file * Correctly count the number of torrents in subcategories * Use "additional trackers" when metadata retrieving * Apply correct tab order to Category options dialog * Add all torrents passed via the command line * Fix startup performance on Qt5 * Automatic move will now overwrite existing files * Some fixes for loading Chinese locales * New Pause icon color for toolbar/menu * Adjust env variable for PDB discovery Web UI: * Fix missing "queued" icon * Return paths using platform-independent separator format * Change order of accepted types of file input * Add missing icons * Add "Resume data storage type" option * Make rename file dialog resizable * Prevent incorrect line breaking * Improve hotkeys * Remove suggestions while searching for torrents * Expose "IS PRIVATE" flag * Return name/hash/infohash_v1/infohash_v2 torrent properties Other: * Fix tray icon issues ------------------------------------------------------------------ ------------------ 2023-2-11 - Feb 11 2023 ------------------- ------------------------------------------------------------------ ++++ adwaita-xfce-icon-theme: - Dependency adwaita-icon-theme needs to be explicit ++++ dracula-gtk-theme: - Update to version 3.0+git94.9840b6b: * Gnome 43: Improve popovers appearance * Gnome 43: Fix treeviews header appearance * Gnome 43: Improve nautilus pathbar appearance * Gnome 43: Fix spacing in nautilus list rows * Xfce v4.18: Fix odd transparency in panel items * Gnome-shell v43: Improve sliders appearance * Xfce v4.18: Fix invisible items in thunar sidebar * Gnome 43: Fix background color of tab bar and action bar * Gnome-shell v43: Quick-settings - Improve toggle buttons appearance * Gnome-shell: Fix page navigation arrow appearance ++++ clustershell: - Update to upstream release 1.9.1: * clush: select proper last parsed config file * setup.py: update download url and remove python 2.6 support * setup.py: improvements for pip install and venv * doc: correct typo 'sterr' * Fix typos found with codespell * RangeSet: support negative ranges * RangeSet: remove duplicate intiter() definition ++++ dnscrypt-proxy: - Update to version 2.1.4 * Fixes a regression from version 2.1.3: when cloaking was enabled, blocked responses were returned for records that were not A/AAAA/PTR even for names that were not in the cloaked list. ++++ helix: - Automatic update of vendored dependencies. ++++ keepass: - Update to 2.53.1 * When testing a KDF ('Test' button in the database settings dialog), KeePass now spawns a child process that performs the KDF computation (which allows to cancel the test more cleanly in the case of excessive parameters; security is unaffected, because dummy data is used for the test). * Removed the 'Export - No Key Repeat' application policy flag; KeePass now always asks for the current master key when trying to export data. * Minor other improvements. ++++ lighttpd: - update to 1.4.69: * bug fixes and portability fixes ++++ patterns-xfce: - Replaced gnome-calculator with galculator since it better integrates with Xfce look and feel. - Do not recommend package-update-indicator on Tumbleweed. Only Leap supports update method via PackageKit. ++++ qore-linenoise-module: - Update to version 1.0.1 * Fix build with newer qore ++++ qore-pgsql-module: - Add new runtime dependency ++++ qore-uuid-module: - Update to version 1.4.1 * Support Qore 1.12.4+ ++++ vale: - Update to version 2.23.0: * fix: create `lintTxt` * chore: update go.mod * feat: add `--filter` * feat: Add pre-commit support (#558) * chore: update runner name * Add `perf` workflow * docs: fix typos (#553) * chore: set version for Docker ++++ xfce4-notifyd: - Update to 0.8.0: * Notification windows don't need to be override-redirect * Reposition notifications when workarea changes * Add setting to allow ignoring app-specified expire timeout * Add setting to never expire notifications * Update log viewer in settings when log changes on disk * Fix one more unnecessary full count of unread messages * Update log entry icons when marking all read * Remove unused var * Use new unread emblem for icons in log * Stop checking if there are unread notifications as often * Improve the panel icon when there are unread notifications * Make the log max size a little friendlier * Remove warning about high log size limit * Add ability to mark individual log entries read * Add emblem to icon of unread messages in log * Make migrating the old log file more robust * Remove bool returns from the log write functions * Improve unread handling * Make max-log-size option work again * Add missing finalize for 'delete all' sqlite statement * Implement progressive loading for log viewer * Move log viewer to its own widget/file * Add options for what to do when opening the plugin menu * Add option to only show unread notifications in plugin menu * Reduce some error-checking boilerplate * Glade-ify the plugin settings dialog * Queue writes to sqlite database * settings: don't bail if libnotify init fails * Fix deprecated unitless font-size in ZOMG-PONIES! theme * Rearrange settings dialog * Add ability to delete individual log entries * Update my copyright & email * Add timestamp formatting options * Clean up extraneous things in settings glade file * Add "Mark All Read" button to settings and panel plugin * Move notification log to sqlite * Set default debug based on git/not-git * Remove configure.ac from gitignore * Eliminate need for pre-processed configure.ac.in * Translation Updates ++++ xfce4-settings: - Update to version 4.18.2 * Update copyright year * mime-settings: Increase dialog size (!96) * display: fix blurry 'help' indicator on output (#400, !95) * display: fix blurry icon in profiles treeview * display: fix blurry icons in minimal display settings dialog * mime: fix blurry icons in default app menus * mouse: fix blurriness in cursor theme previews * appearance: fix blurry subpixel antialias icons * appearance: fix blurry icon theme previews * xfsettingsd: Make xsettings.xml well-formed (Fixes #431, !94) * xfsettingsd: Remove duplicated config line (Fixes #425) * Translation Updates ------------------------------------------------------------------ ------------------ 2023-2-10 - Feb 10 2023 ------------------- ------------------------------------------------------------------ ++++ Mesa: - U_ReturnME.patch * fixes blackscreen in Return To Monkey Island on Intel graphics (boo#1208145) ++++ Mesa-drivers: - U_ReturnME.patch * fixes blackscreen in Return To Monkey Island on Intel graphics (boo#1208145) ++++ Mesa-drivers: - U_ReturnME.patch * fixes blackscreen in Return To Monkey Island on Intel graphics (boo#1208145) ++++ MozillaFirefox: - Firefox Extended Support Release 102.8.0 ESR * Fixed: Various security fixes. MFSA 2023-06 (bsc#1208144) * CVE-2023-25728 (bmo#1790345) Content security policy leak in violation reports using iframes * CVE-2023-25730 (bmo#1794622) Screen hijack via browser fullscreen mode * CVE-2023-25743 (bmo#1800203) Fullscreen notification not shown in Firefox Focus * CVE-2023-0767 (bmo#1804640) Arbitrary memory write via PKCS 12 in NSS * CVE-2023-25735 (bmo#1810711) Potential use-after-free from compartment mismatch in SpiderMonkey * CVE-2023-25737 (bmo#1811464) Invalid downcast in SVGUtils::SetupStrokeGeometry * CVE-2023-25738 (bmo#1811852) Printing on Windows could potentially crash Firefox with some device drivers * CVE-2023-25739 (bmo#1811939) Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * CVE-2023-25729 (bmo#1792138) Extensions could have opened external schemes without user knowledge * CVE-2023-25732 (bmo#1804564) Out of bounds memory write from EncodeInputStream * CVE-2023-25734 (bmo#1784451, bmo#1809923, bmo#1810143, bmo#1812338) Opening local .url files could cause unexpected network loads * CVE-2023-25742 (bmo#1813424) Web Crypto ImportKey crashes tab * CVE-2023-25744 (bmo#1789449, bmo#1803628, bmo#1810536) Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 * CVE-2023-25746 (bmo#1544127, bmo#1762368) Memory safety bugs fixed in Firefox ESR 102.8 ++++ lapack: - Fix missing symbols for deprecated functions in LAPACK, add Restore_missing_deprecated_prototypes.patch - Add -Wl,--no-undefined when creating shared libraries, to catch missing symbols during build - Test fixes: * Build test binaries during %build, run in %check * Fix incorrect path for test output, to actually catch any test failures - Spec file cleanup: * Do not rename blaslib, it is used for test binaries * Use same commands for building lapacke as for other libs * Remove unused FFLAGS_NOOP for test binaries ++++ blueman: - Update to version 2.3.5: * Right click menu was pointing to the wrong list row * Double click to connect - Changes from version 2.3.4: * Errors when connected to a device with the DisconnectItems plugin enabled - Changes from version 2.3.3: * Issues with NM PANU connections of equally named devices * Submenus in KDE Plasma tray * Avoid using StatusNotifierItem and GtkStatusIcon icons in parallel * Do not re-use dbusmenu item identifiers; avoids issues at least with gnome-shell-extension-appindicator - Changes from version 2.3.2: * StatusNotifierItem submenus did not work in lxqt-panel (@niknah) * StatusNotifierItem vanished on panel restarts * StatusNotifierItem compatibility issues with libdbusmenu used at least by xfce4-panel and Waybar * StatusNotifierItem showed the menu on left click in xfce4-panel - Changes from version 2.3.1: * StatusNotifierItem sent an incomplete NewStatus signal. * Avoid statusbar resize when showing progressbar - Changes from version 2.3.0: * Blocked emblem was not visible for scales other than 1 * Audio profile switcher in applet menu (@abhijeetviswa) * Symbolic tray icon option (GSettings switch symbolic-status-icons in org.blueman.general) * Replace AppIndicator with DBus StatusNotifierItem * Use a GtkTreeModelFilter to show/hide unnamed devices * Replace sigint hack with GLib to catch it * Port meson from deprecated python3 module * Rework battery handling * Merge Battery applet plugin into ConnectionNotifier * Symbolic icons and small UI improvements - Changes from version 2.2.5: * Fix network interface iteration on 32 bit systems * Manager: Fix cancel button in send-note dialog * Fix battery and signals bars - Removed blueman-2.2.4-ayatana-appindicator.patch as Appindicator has been replaced with DBus StatusNotifierItem - Dependencies.md file is no longer packaged ++++ build: - added support for generating VCS url information into rpms ++++ nextcloud-desktop: - Update to 3.7.3 - Revert "Fix(l10n): capital_abcd Update translations from Transifex" - Revert "Fix(l10n): capital_abcd Update translations from Transifex" - Revert "Fix(l10n): capital_abcd Update translations from Transifex" ++++ kernel-64kb: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-azure: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-default: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-rt: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ dtb-aarch64: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ enc: - Initial package of enc 1.1.0 for openSUSE ++++ gnome-commander: - Add 96f706fa7833af79e01625c0118b36f6c83c7d44.patch: avoid the installation of the libgcmd static library. - Drop find/delete command used to remove the libgcmd static library from the build root. ++++ haproxy: - VUL-0: serious vulnerability in the HTTP/1 parser (bsc#1208132) o Apply upstream patch: 2.0-2.5-BUG-CRITICAL-http-properly-reject-empty-http-header-.patch - The output buffer is not zero-initialized. If we don't clear reserved bytes, fcgi requests sent to backend will leak sensitive data. o Apply proposed patch: 0001-output-buffer-is-not-zero-initialized.path ++++ java-17-openjdk: - Modified patch: * fips.patch + avoid calling C_GetInfo() too early, before cryptoki is initialized (bsc#1205916) ++++ kernel-debug: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-source: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-source-azure: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-source-rt: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-docs: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-kvmsmall: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-obs-build: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-obs-qa: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-rt_debug: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-syms: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-syms-azure: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-syms-rt: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ kernel-zfcpdump: - qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure (jsc#PED-1523). - commit d6be7f9 - qlcnic: Clean up some inconsistent indenting (jsc#PED-1523). - commit 721c552 - drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() (jsc#PED-1523). - commit 821568b ++++ mozilla-nss: - update to NSS 3.79.4 (bsc#1208138) * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types. (CVE-2023-0767) ++++ libjxl: - build glibc hwcaps optimized overlay ++++ systemd: - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package: they may deserve a dedicated sub-package in the future but for now move them to udev so they aren't installed in systemd based containers. ++++ xfce4-panel: - Ensure statusnotifier plugin is fully usable with appindicators ++++ mpc-qt: - Update to version 23.02 Features and/or improvements in this version: * Expose pipewire buffer setting * Sanitize more illegal characters from filenames * Fix compatibility with newer KDE, dropping some UX fixes for older KDE * Fix control area hiding on multiple monitors * Implement copying subtitle text to clipboard with ctrl-s * Turn off prefer forced subs * Better support for ultra-dark themes * Implement basic ricing support In addition, there may be other improvements not listed here. ++++ netavark: - First version of netavark ++++ netavark: - First version of netavark ++++ nvidia-open-driver-G06-signed: - no longer use %hardcode_pci_list macro on sle15/Leap15, since the issue with generating wrong PCI ID modaliases for Supplements has been fixed meanwhile also in pesign-obs-integration package for sle15/Leap15 (boo#1207520) ++++ pacemaker: - fencer: Prevent double g_source_remove of op_timer_one (rh#2166967) * rh#2166967-0001-Fix-fencer-Prevent-double-g_source_remove-of-op_time.patch - scheduler: handle cleaned migrate_from history correctly (bsc#1182313) * bsc#1182313-0005-Test-scheduler-update-expected-output-for-migration-.patch * bsc#1182313-0004-Fix-scheduler-handle-cleaned-migrate_from-history-co.patch * bsc#1182313-0003-Test-scheduler-add-regression-test-for-migration-int.patch - scheduler: unknown_on_node() should ignore pending actions (bsc#1182313) * bsc#1182313-0002-Low-scheduler-unknown_on_node-should-ignore-pending-.patch * bsc#1182313-0001-Refactor-scheduler-improve-xpath-efficiency-when-unp.patch ++++ php7-ice: - Ice 1.10.0 * PHP 8.2, add support fix #309 * Install on Alpine fix #308 * Update zephir-lang/zephir@57c522d * Update zephir parser to 1.5.3 * Fix phpunit tests ++++ php8-ice: - Ice 1.10.0 * PHP 8.2, add support fix #309 * Install on Alpine fix #308 * Update zephir-lang/zephir@57c522d * Update zephir parser to 1.5.3 * Fix phpunit tests ++++ postgresql12-orafce: - Added "Name:" tag. ++++ postgresql13-orafce: - Added "Name:" tag. ++++ postgresql14-orafce: - Added "Name:" tag. ++++ postgresql15-orafce: - Added "Name:" tag. ++++ prometheus-ha_cluster_exporter: - Release 1.3.1 [#]# Changed * Brought GitHub Actions config and Makefile up to speed. * Bump github.com/prometheus/client_golang from 1.12.2 to 1.14.0 by @dependabot in https://github.com/ClusterLabs/ha_cluster_exporter/pull/208 * Bump github.com/stretchr/testify from 1.7.1 to 1.8.1 by @dependabot in https://github.com/ClusterLabs/ha_cluster_exporter/pull/211 * Bump github.com/prometheus/exporter-toolkit from 0.7.1 to 0.7.3 by @dependabot in https://github.com/ClusterLabs/ha_cluster_exporter/pull/207 (fixes bnc#1208046 CVE-2022-46146) * *Full Changelog**: https://github.com/ClusterLabs/ha_cluster_exporter/compare/1.3.0...1.3.1 ++++ qemu: - Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165), bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139 - Improved handling of: bsc#1202282 (jsc#PED-2592) * Patches dropped: pc-q35-Bump-max_cpus-to-1024.patch * Patches added: accel-abort-if-we-fail-to-load-the-accel.patch bios-tables-test-add-test-for-number-of-.patch bios-tables-test-teach-test-to-use-smbio.patch dmg-warn-when-opening-dmg-images-contain.patch hw-acpi-erst.c-Fix-memory-handling-issue.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch hw-smbios-add-core_count2-to-smbios-tabl.patch hw-smbios-support-for-type-8-port-connec.patch module-add-Error-arguments-to-module_loa.patch module-removed-unused-function-argument-.patch module-rename-module_load_one-to-module_.patch openSUSE-pc-q35-Bump-max_cpus-to-1024.patch s390x-tod-kvm-don-t-save-restore-the-TOD.patch tests-acpi-allow-changes-for-core_count2.patch tests-acpi-update-tables-for-new-core-co.patch ui-vnc-clipboard-fix-integer-underflow-i.patch ++++ qemu-linux-user: - Fixed: bsc#1205847 (CVE-2022-4172), bsc#1203788 (CVE-2022-3165), bsc#1205808 (CVE-2022-4144), bsc#1206527, bsc#1208139 - Improved handling of: bsc#1202282 (jsc#PED-2592) * Patches dropped: pc-q35-Bump-max_cpus-to-1024.patch * Patches added: accel-abort-if-we-fail-to-load-the-accel.patch bios-tables-test-add-test-for-number-of-.patch bios-tables-test-teach-test-to-use-smbio.patch dmg-warn-when-opening-dmg-images-contain.patch hw-acpi-erst.c-Fix-memory-handling-issue.patch hw-display-qxl-Avoid-buffer-overrun-in-q.patch hw-display-qxl-Document-qxl_phys2virt.patch hw-display-qxl-Have-qxl_log_command-Retu.patch hw-display-qxl-Pass-requested-buffer-siz.patch hw-smbios-add-core_count2-to-smbios-tabl.patch hw-smbios-support-for-type-8-port-connec.patch module-add-Error-arguments-to-module_loa.patch module-removed-unused-function-argument-.patch module-rename-module_load_one-to-module_.patch openSUSE-pc-q35-Bump-max_cpus-to-1024.patch s390x-tod-kvm-don-t-save-restore-the-TOD.patch tests-acpi-allow-changes-for-core_count2.patch tests-acpi-update-tables-for-new-core-co.patch ui-vnc-clipboard-fix-integer-underflow-i.patch ++++ rescue: - update to 1.0.5: * Grasshopper update (2.9) to fix font loading deadlock on startup ++++ trivy: - Update to version 0.37.2: * BREAKING: use normalized trivy-java-db (#3583) * fix(image): add timeout for remote images (#3582) * chore(deps): bump golang.org/x/mod from 0.6.0 to 0.7.0 (#3532) * chore(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 (#3534) * fix(misconf): handle dot files better (#3550) * chore: bump Go to 1.19 (#3551) * chore(deps): bump alpine from 3.17.0 to 3.17.1 (#3522) * chore(deps): bump docker/build-push-action from 3 to 4 (#3523) * chore(deps): bump actions/cache from 3.2.2 to 3.2.4 (#3524) * chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.4.0 (#3525) * chore(deps): bump aquaproj/aqua-installer from 1.2.0 to 2.0.2 (#3526) ++++ xfce4-power-manager: - Update to version 4.18.1 * Update copyright year * Use XfceScreensaver from Libxfce4ui (!33) * screensaver: Fall back on lock command if D-Bus call failed (#142, !24) * panel-plugin: Properly disconnect signal handler * build: Fix autotools warnings * Fix management of source ids * panel-plugin: Add missing ref on image * Fix blurriness in icons when UI scale factor > 1 (!30) * Translation Updates ++++ xfce4-session: - Update to version 4.18.1 * Update copyright year * Fix bus name acquisition/ownership (#54, !34) * Use XfceScreensaver from Libxfce4ui (!35) * build: Fix previous commit * build: Fix autotools warnings * Avoid duplicating directories in the tail of $XDG_* envs (#111, !21) * settings: Fix memory leak * libxfsm: Fix wrong return value * Fix memory leaks when opening xfce4-session-settings * Fix blurry session snapshots (!33) * Fix blurry icons in autostart tab when UI scale > 1 (!33) * build: Fix GTK deprecation warnings (!32) * build: Fix some other GDK deprecation warnings (!32) * build: Fix gdk_error_trap_push/pop() deprecation warnings (!32) * build: Let xdt-depends.m4 macros set GLib macros (!32) * build: Remove GDK_VERSION_MIN_REQUIRED/MAX_ALLOWED (!32) * Make use of translations for run hooks (Fixes #156) * Translation Updates - Regenerate xfce4-session-adapt-session-scripts-git.patch and xfce4-session-adapt-session-scripts.patch - Remove two stray comments about add-light-locker-support patches ++++ yast2-iscsi-client: - Expose all core functionality from IscsiClientLib, with options to suppress usage of pop-ups (related t gh#yast/d-installer#402). - Finish client: copy the content of both /etc/iscsi and /var/lib/iscsi (bsc#1207374). - Finish client: never enable both the iscsid socket and the service (partial fix for bsc#1207839). - 4.5.7 ------------------------------------------------------------------ ------------------ 2023-2-9 - Feb 9 2023 ------------------- ------------------------------------------------------------------ ++++ ImageMagick: - security update - added patches fix CVE-2022-44267 [bsc#1207982], denial of service when parsing a PNG image fix CVE-2022-44268 [bsc#1207983], arbitrary file disclosure when parsing a PNG image + ImageMagick-CVE-2022-44267,44268.patch ++++ Mesa: - Update to version 22.3.5 * bug fix release which fixes bugs found since Mesa 22.3.4 * see https://docs.mesa3d.org/relnotes/22.3.5.html for more details - refreshed u_dep_xcb.patch ++++ Mesa-drivers: - Update to version 22.3.5 * bug fix release which fixes bugs found since Mesa 22.3.4 * see https://docs.mesa3d.org/relnotes/22.3.5.html for more details - refreshed u_dep_xcb.patch ++++ QMPlay2: - Added 0001-fix-mono-playback.patch to fix pipewire mono playback ++++ bluedevil5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ bpftrace: - Set USE_SYSTEM_BPF_BCC to ON so system libraries are used - Update to 0.17.0 + Support opaque pointer (boo#1207295) + Support 32-bit ARM systems + Support BTF in kernel modules + Add %rh option to print buffer as hex without \x + Add stdbool.h to built-in headers + Raise minimum versions for libbpf and bcc and vendor them for local builds + Support comparison for integer arrays + Drop Ubuntu 19.10 lockdown detection + Fix pointer/register loads on 32-bit architectures + Fix kprobe multi-attachment + Fix attaching to multiple USDT probes using the same wildcard + Fix pointer arithmetics codegen + Fix segfault for invalid AssignVarStatement visit + Better handling of missing function trace support files + Fix unroll ID reset + Support profile and interval probes in probe matcher + Fix BTF detection macro in tools/old/mdflush.bt ++++ breeze: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * MenuItem,TitleBar: Don't stretch icons, instead scale them down to fit and center inside their rect * Revert "MenuItem: Don't stretch icons, instead scale them down to fit rect" * MenuItem: Don't stretch icons, instead scale them down to fit rect * Factor out 3 pixelMetric calls in MenuItemControl drawing * Moved old wallpaper, added new one, updated previews * ToolButton: Fix text position in text-with-menu-but-no-icon RTL mode * ToolButton: Fix drop-down menu arrow in RTL layouts * ScrollBar: Fix pixel alignment in RTL mode * kdecoration: Fix outline gap with fractional scale (kde#461358) * Only use frameworkintegration on Linux/BSD ++++ caddy: - Update to version 2.6.3: * New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally * Unix sockets on Windows now supported as proxy upstreams * Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written) * The quic-go package has received significant optimizations and HTTP/3 should be more efficient now * CVE-2022-41721: ineffective mitigation for unsafe io.ReadAll (boo#1207207) ++++ nextcloud-desktop: - Update to 3.7.2 - No regular changelog from upstream. See instead: https://github.com/nextcloud/desktop/compare/v3.7.1...v3.7.2 ++++ containerd: - Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes: ++++ discover: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Workaround visibly empty changelog * PackageKit: PackageState takes the packageName not the appstreamId (kde#464357) * ui: Fix plural calculation of app list page heading (kde#464882) * flatpak: Use the recommended URL for flathub's flatpakrepo * flatpak: Make sure we are reading the correct metadata (kde#464128) * flatpak: Don't filter twice the componentsByFlatpakId result for its bundle id * flatpak: Make test run a bit faster * flatpak: Address install package look-up * flatpak: Properly read .flatpakrepo names * flatpak: Fix test on the CI * Specify the domain in libdiscover's QML i18n calls * DiscoverObject: Also show C++ errors in the messages sheet * flatpak: Fix loading flatpakref files (kde#464206) * Add network timeouts by default * ReviewsPage: Fix clipping under scroll bar - Refresh 0001-Warning-for-FlatHub.patch ++++ drkonqi5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-workspace: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Too many changes to list here ++++ grub2-theme-breeze: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ breeze-gtk: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ helm: - Update to version 3.11.1 (bsc#1208084, CVE-2023-25165) * Update to func handling - from version 3.11.0 * Fix improper use of Table request/response to k8s API * Check status code before retrying request * bump version to v3.11.0 * Bump containerd to 1.6.15, oras-go to 1.2.2 and image-spec to v1.1.0-rc2 * change linting error messages for null values in arrays * Fix after CR * Trigger CI * Add test for User-Agent header setting and refactor * Fix User-Agent header in requests made by Helm * Bump k8s.io deps to v0.26.0 * fix adopted resource not replaced * chore(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 * Resolve conflicts for go.mod and go.sum * Fix backwards compatibility * docs: add docs for cli/values.Options * Update chartrepo.go * chore(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 * bump sprig version 3.2.3 * Update string handling * Update repo handling * improve error message on plugin install * harmonize URL reference resolving * Update logic of non-git situation just to print warning logs * Add a flag var to check git is installed or not * Add support for CSVs in template --api-versions arg * update .golangci for go1.18 * redirect registry client output to stderr * chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 * Readiness & liveness probes correct port * Update schema validation handling * fix a few function names on comments * use intstr.GetScaledValueFromIntOrPercent instead of the deprecated * Updating the deb location for azure cli * retry http request on temporary errors * Revert "Tolerate temporary errors from etcdserver" * Updating the repo the azure cli is installed from * Updating to kubernetes 1.25.2 packages * Allow CGO_ENABLED to be overridden for build * chore(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 * chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 * chore(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0 * chore(deps): bump github.com/rubenv/sql-migrate from 1.1.2 to 1.2.0 * Tolerate temporary errors from etcdserver * update: Optimize the error message * add nil judge for dependency , maintainers validate and some testcase. * Fix code style * bump version to v3.10.0 * Addressing review comments - move printing code out of client.go * Addressing review comments: Extend Interface with new InterfaceResources to avoid breaking changes Move change to staus command behind --show-resources flag * feat(helm): Supporting helm3 to show up resource names that were deployed as part of release in helm status command * During deletion, explicitly log already deleted resource name. * fix: add cases.NoLower option for we can get same effect to strings.Title * one defer * don't change r.CachePath * avoid adding new public function * fix tests * fix: clean up temp files in FindChartInAuthAndTLSAndPassRepoURL (#11171) * Fix URL with encoded path support for ChartDownloader ++++ ibus-typing-booster: - Update to 2.21.1 - Small performance tweak in detecting terminals - Translation update from Weblate (nl 100%, pl 100%, sv 100%, tr 100%) ++++ jdupes: - update to 1.21.3: * Major performance fix in the double traversal prevention tree code * Added undocumented '-9' benchmark option for testing traversal code * Extra error checks to try to finally solve a very rare crash bug * Tiny code size reduction by discarding unused xxHash code * jody_hash re-added as a build-time option * Many options/features/safety checks can now be selectively compiled out * New 'make BARE_BONES=1' option builds the most minimal jdupes possible * Fix exit behavior when no valid directories are given * Only act on "normal" files and directories ++++ kactivitymanagerd: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kaidan: - Add patches to fix build with ZXing >= 2.0: * 0001-QrCodeDecoder-Replace-deprecated-BarcodeFormat-QR_CO.patch * 0001-QrCodeGenerator-Replace-deprecated-BarcodeFormat-QR_.patch * 0001-Support-ZXing-2.0.patch ++++ kcm_flatpak: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Keep Advanced Permissions section collapsed by default * Copy gitignore from systemsettings * Fix memory management for graph of cross-referenced objects * Fix signatures of overridden methods in model to match super-class * Generate desktop file for KCM * Use QStandardPaths::GenericDataLocation instead of hardcoding .local/share (kde#465339) * Fix rows height, including partially hidden text field at the bottom * Add "=" label between environment variable name and value in dialog * Add workaround for broken ListView layout (rows drifting down on scroll) * Clean up QML/JavaScript, simplify some code * Specify translation domain (kde#464573) * flatpakpermission: Make sure editPerm() cannot access out of bounds * Add installed user apps to list of installed apps * Find icons by using the deploy dir of the installed flatpak * Initialise default index * Make views frameless ++++ kcm_sddm: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kde-cli-tools5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kde-gtk-config5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Set DPI scaling settings for GTK on Plasma/X11 sessions (kde#442901) ++++ kgamma5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ khotkeys5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kinfocenter5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kmenuedit5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kpipewire: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * record: Use vp8 instead of x264 * Prefer x264 * Allow to reset fd in `PipeWireSourceItem` * Record: Make sure we issue key frames and sequential pts * Record: Make sure the frames we encode are in an expected format * PipeWireRecord: Make sure we use the correct pixel formats ++++ kscreen5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * common: fix unset translation domain and add `Messages.sh` * kcm: notify update through DBus ++++ kscreenlocker: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Only inhibit screen locker on "ChangeScreenSettings" (kde#464119) ++++ ksshaskpass5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ libksysguard5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Faces: Specify the domain in Choices.qml i18n calls * Add an autotest for UnitBootTimestamp * formatter: Add ticks as time unit and use it for user/system time columns * Un-deprecate UnitBootTimestamp and use it for the "start time" column (kde#458277) * formatter: Use KFormat::formatDuration for formatting the Time unit ++++ ksystemstats5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kwayland-integration: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ kwin5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Too many changes to list here ++++ kwrited5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ layer-shell-qt: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ libkscreen2: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ qcoro-qt5: - Update to 0.8.0 * test: use offscreen QPA for QCoroQuick tests * Update pymdown-extensions requirement from ~=9.8 to ~=9.9 * cmake: make sure we explicitly find_package Qt private modules * Update pygments requirement from ~=2.13 to ~=2.14 * Implement moveToThread() awaitable * Implement sleepFor() and sleepUntil() coroutines * Make QCoro::waitFor() usable with any awaitable * Fix QCoro::waitFor() for Awaitable with operator co_await ++++ qcoro-qt6: - Update to 0.8.0 * test: use offscreen QPA for QCoroQuick tests * Update pymdown-extensions requirement from ~=9.8 to ~=9.9 * cmake: make sure we explicitly find_package Qt private modules * Update pygments requirement from ~=2.13 to ~=2.14 * Implement moveToThread() awaitable * Implement sleepFor() and sleepUntil() coroutines * Make QCoro::waitFor() usable with any awaitable * Fix QCoro::waitFor() for Awaitable with operator co_await ++++ libblastrampoline: - Only builds for aarch64 and x86_64 - Update to version 0.5.4: * [CirrusCI] Run FreeBSD tests with Julia 1; add more platforms by @giordano in #99 * On Windows only build library with major soversion by @giordano in #97 - Move libraries to lib64 if 64 bit arch ++++ postgresql15: - Update to 15.2: * CVE-2022-41862, bsc#1208102: memory leak in libpq * https://www.postgresql.org/about/news/2592/ * https://www.postgresql.org/docs/15/release-15-2.html - Bump latest_supported_llvm_ver to 15. ++++ sssd: - Fix build with MIT 1.20; Add patch 0004-BUILD-Accept-krb5-1.20-for-building-the-PAC-plugin.patch ++++ libkdecoration2: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ mousepad: - Update to version 0.6.0 * Dependency Changes: - GLib >= 2.56.2 * New Features: - Keep saved state in memory to track actual modification state * Appearance Changes / Minor Improvements: - Add "match whole word" toggle to search toolbar (#180, !124) * Code Refactoring: - cleanup: prefs: Reduce the diff from what Glade 3.40.0 would do - cleanup: Use G_DECLARE_FINAL_TYPE - cleanup: Remove dead code - cleanup: Use consistent naming and avoid duplicated code - build: Let xdt-depends.m4 macros set GLib macros - flatpak: Updates from Flathub * Bug Fixes: - Clear undo action list in case of unbuffered modification - Set file properties only for actual changes - Emit "encoding-changed" after setting BOM if needed - Update action states on reload - Mark document as modified if line ending actually changes (Fixes #187) - Do not show the menubar on Alt key release if focus is lost (#185) - plugins: Do not resize unnecessarily the prefs dialog on Wayland - Initialize static variable only once - prefs-dialog: Improve history widget alignment (Fixes #173) * Translation Updates ++++ slurm: - testsuite: on later SUSE versions claim ownership of directory /etc/security/limits.d. ++++ libstorage-ng: - Translated using Weblate (French) (bsc#1149754) - 4.5.73 ++++ wxsqlite3: - Update to version 4.9.1: * Upgrade to SQLite3 Multiple Ciphers version 1.5.4 (SQLite version 3.40.0) * fixed issue wxSQLite3Database::SetJournalMode always returns DELETE ++++ libxfce4ui: - Update to version 4.18.2 * Update copyright year * Add XfceScreensaver (!89) * docs: Fix broken links * shortcut-dialog: Use parent window for the grab if possible (Fixes #52) * Fix memory leaks ++++ xfce4-panel: - Update to version 4.18.2 * directorymenu: Add missing sanity check * panel: Properly handle null string as property default value * Revert "Use RGBA visual only if compositing is enabled (Fixes gxo#xfce/xfce4-panel#251)" (gxo#xfce/xfce4-panel#672) * Revert "systray: Do not require compositing to be enabled to use RGBA visual" * systray: Fix blurry icons in prefs dialog when UI scale > 1 * launcher: Fix blurry icons in prefs and add dialogs when UI scale > 1 * launcher: Use GIcon for the tooltip icon (gxo#xfce/xfce4-panel#674) * pager: Use WnckHandle if available (gxo#xfce/xfce4-panel#695) * Translation Updates ++++ milou5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ openSUSE-repos-Leap: - Update to version 20230209.87a5e9e: * Drop obsoleting of TW from openSUSE-repos-MicroOS * Do not use distver for TW and MicroOS openh264 repo ++++ oxygen5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ oxygen5-sounds: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ pam_kwallet: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma-browser-integration: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Purpose Plugin: Always send a title ++++ plasma-nm5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Don't initialize sent/received bytes with stale values * applet: Fix key navigation in standalone (non-systray) mode * applet: Only show airplane mode in context menu when visible in toolbar (kde#464527) ++++ plasma-vault: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-addons: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * runners/datetime: refine time zone matching ++++ plasma5-bigscreen: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-openSUSE: - Update to 5.27.0 ++++ plasma5-desktop: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Too many changes to list here - Drop patches, now upstream: * 0001-attica-kde-Use-the-correct-location-for-determining-.patch ++++ plasma5-disks: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-firewall: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-integration: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-mobile: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * homescreen/halcyon: Fix direction of arrow and add drop shadow to placeholder message Fixes https://invent.kde.org/plasma/plasma-mobile/-/issues/235 * Record quicksettings: Move metadata.json to right location - Drop patches, now upstream: * 0001-Record-quicksettings-Move-metadata.json-to-right-loc.patch ++++ plasma5-nano: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Add accessibility and support for gui testing ++++ plasma5-pa: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-sdk: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-systemmonitor: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Set RemoveDeadEntries=true in the pages knsrc (kde#453651) * table: Workaround a memory leak in QQmlPropertyCache (kde#460370) ++++ plasma5-thunderbolt: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ plasma5-welcome: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * config: Store last seen version for initial release * Note mandatory KNewStuff dependency (kde#465072) * Do not run on other desktop environments * Embed source in URLs * Specify desktop file for knewstuff-dialog (kde#464668) * Adjust runCommandAPI to optionally take a desktop file * Fix multiline translated text (kde#464630) * Fix launch feedback for KCMs * Make text on buttons translatable * Look for custom pages in /usr/share/, not /var/lib/ * Make the fake panel clock look more like the real one * Fix kaccounts dep on the CI - Drop patches, now upstream: * 0001-Make-the-fake-panel-clock-look-more-like-the-real-on.patch ++++ plasma5-workspace-wallpapers: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * Moved old wallpaper, added new one, updated previews ++++ plymouth-theme-breeze: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ podman: - Update to version 4.4.1: * Bump to v4.4.1 * Update release notes for Podman 4.4.1 * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test * Bump to v4.4.1-dev ++++ polkit-kde-agent-5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ postgresql12: - Update to 12.14: * CVE-2022-41862, bsc#1208102: memory leak in libpq * https://www.postgresql.org/about/news/2592/ * https://www.postgresql.org/docs/12/release-12-14.html - Bump latest_supported_llvm_ver to 15. ++++ postgresql13: - Update to 13.10: * CVE-2022-41862, bsc#1208102: memory leak in libpq * https://www.postgresql.org/about/news/2592/ * https://www.postgresql.org/docs/13/release-13-10.html - Bump latest_supported_llvm_ver to 15. ++++ postgresql14: - Update to 14.7: * CVE-2022-41862, bsc#1208102: memory leak in libpq * https://www.postgresql.org/about/news/2592/ * https://www.postgresql.org/docs/14/release-14-7.html - Bump latest_supported_llvm_ver to 15. ++++ powerdevil5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * chargethresholdhelper: Filter out batteries without thresholds early (kde#464535) * daemon: Fix wakeup removal not rescheduling the timerfd wakeup BUG: 464251 (kde#464251) ++++ python-PyQt6: - Update to v6.4.2 * Fixed a regression in pylupdate ++++ qqc2-breeze-style: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - No code changes since 5.26.90 ++++ ristretto: - Update to version 0.13.0 * New Features: - Add print support (#1) * Bug Fixes: - editor-chooser: Expand tree view vertically - properties-dialog: Update thumbnail on "ready" signal - Fix remaining blurry icons when UI scale > 1 - thumbnailer: Properly support window scaling (#81) - Revert "thumbnailer: Increase thumbnail sizes" * Translation Updates ++++ spice-vdagent: - Drop allow-enable-on-boot-spice-vdagentd.service.patch. udev takes care of this already. - Don't call systemctl enable in %post, that's what presets are for. - Add 0001-Switch-to-spice-vdagent.service-by-default.patch to allow use of spice-vdagent.service ++++ systemsettings5: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * sidebar: Use a proper checked state for the menu button (kde#464536) * Make external apps clickable in search results (kde#464491) * Sidebar: Move final trailing separator out of main layout * Remove unused KF5ActivitiesStats dependency ++++ xdg-desktop-portal-kde: - Update to 5.27.0 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.27.0 - Changes since 5.26.90: * fix streams not being ended correctly (kde#465302) * Fix segfault crash: capture QStringList variable by value * notifications: Do not crash as notifications get removed (kde#464549) * Fix condition for cmake feature ++++ xen: - bsc#1205792 - Partner-L3: launch-xenstore error messages show in SLES15 SP4 xen kernel. 63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch ++++ yast2-network: - Fix calling method read on nil crash in bootloader caused by not restoring SCR chroot in save_network client when running in autoyast (bsc#1207968) - 4.5.16 ------------------------------------------------------------------ ------------------ 2023-2-8 - Feb 8 2023 ------------------- ------------------------------------------------------------------ ++++ MozillaThunderbird: - Mozilla Thunderbird 102.7.2 * fixed: Various crash fixes (bmo#1806245,bmo#1806247) ++++ aegisub: - Add aegisub-3.3.3-fix-boost-181-build.patch copied from mageia to fix build against boost-1.81 ++++ attica-qt5: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ aws-cli: - Update to version 1.27.66 + For detailed changes see https://github.com/aws/aws-cli/blob/1.27.66/CHANGELOG.rst - Update Requires in spec file from setup.py ++++ build: - SPDX SBOM generation for container and product builds - Revert & Redo "Better filetype detection for temp changes files" - Fix typo in glibc hwcaps supplements - Implement lua string macros ++++ chromium: - Chromium 110.0.5481.77 (boo#1208029): * CVE-2023-0696: Type Confusion in V8 * CVE-2023-0697: Inappropriate implementation in Full screen mode * CVE-2023-0698: Out of bounds read in WebRTC * CVE-2023-0699: Use after free in GPU * CVE-2023-0700: Inappropriate implementation in Download * CVE-2023-0701: Heap buffer overflow in WebUI * CVE-2023-0702: Type Confusion in Data Transfer * CVE-2023-0703: Type Confusion in DevTools * CVE-2023-0704: Insufficient policy enforcement in DevTools * CVE-2023-0705: Integer overflow in Core * Various fixes from internal audits, fuzzing and other initiatives - build with bundled libavif - dropped patches: * chromium-109-compiler.patch * chromium-icu72-3.patch - added patches: * chromium-110-compiler.patch * chromium-110-system-libffi.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch ++++ chromium: - Chromium 110.0.5481.77 (boo#1208029): * CVE-2023-0696: Type Confusion in V8 * CVE-2023-0697: Inappropriate implementation in Full screen mode * CVE-2023-0698: Out of bounds read in WebRTC * CVE-2023-0699: Use after free in GPU * CVE-2023-0700: Inappropriate implementation in Download * CVE-2023-0701: Heap buffer overflow in WebUI * CVE-2023-0702: Type Confusion in Data Transfer * CVE-2023-0703: Type Confusion in DevTools * CVE-2023-0704: Insufficient policy enforcement in DevTools * CVE-2023-0705: Integer overflow in Core * Various fixes from internal audits, fuzzing and other initiatives - build with bundled libavif - dropped patches: * chromium-109-compiler.patch * chromium-icu72-3.patch - added patches: * chromium-110-compiler.patch * chromium-110-system-libffi.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch ++++ kernel-64kb: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-azure: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-default: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-rt: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ crash: - Fix the problem about crash-kmp-rt is being pulled out from sle_module_rt on SP5 after crash SR#289192 and kernels-source SR#288863 [2] are being accepted. ++++ dtb-aarch64: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ extra-cmake-modules: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * ECMAddQtDesignerPlugin: use correct plugin IID * ECMAddQch: support doc linking also against Qt6 docs * KDEPackageAppTemplates: add "_kapptemplate" postfix to target names * Fix compatibility with newer Gradle provided with Qt 5.15.8 ++++ extra-cmake-modules-doc: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * ECMAddQtDesignerPlugin: use correct plugin IID * ECMAddQch: support doc linking also against Qt6 docs * KDEPackageAppTemplates: add "_kapptemplate" postfix to target names * Fix compatibility with newer Gradle provided with Qt 5.15.8 ++++ grub2: - Fix nvmf boot device setup (bsc#1207811) * 0001-grub2-Can-t-setup-a-default-boot-device-correctly-on.patch ++++ karchive: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Limit size of file to be added by what the tar header supports ++++ kauth: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Fix polkit-qt-1 CI dep ++++ kbookmarks: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kcodecs: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Remove winsami2 from codecs list * Replace jis7 with ISO-2022-JP in offered codecs * Fix name for CP 949 in KCharsets::encodingsByScript ++++ kcompletion: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kconfig: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * kconf_update: use standard exit status code * kconf_update: use CMAKE_INSTALL_FULL_LIBDIR * KCoreConfigSkeleton::ItemEnum::Choice2: add deprecation warning markup * KCoreConfigSkeleton::ItemEnum::choices2(): add deprecation markup * Android: Fix a bug where new file wouldn't be created ++++ kconfigwidgets: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Port away from deprecated KCoreConfigSkeleton::ItemEnum::Choice2 typedef * [kcodecaction] Deprecate QTextCodec and mib-based API (kde#463421) * [kcodecaction] Add name-based trigger signal * kcommandbar: Fix positioning when no mainwindow parent * kcommandbar: Fix no central widget crashes app (kde#463251) ++++ kcoreaddons: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * don't needlessly copy urls while iterating * KSandbox: Warn when running without flatpak-spawn privileges ++++ kcrash: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kdbusaddons: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kded: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Only recreate icons if an icon dir changed (kde#463353) ++++ kdoctools: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kernel-debug: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-source: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-source-azure: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-source-rt: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-docs: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-firmware-nvidia-gsp-G06: - update firmware to version 525.89.02 ++++ kernel-kvmsmall: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-obs-build: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-obs-qa: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-rt_debug: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-syms: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-syms-azure: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-syms-rt: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kernel-zfcpdump: - aquantia: Do not purge addresses when setting the number of rings (jsc#PED-1530). - commit 39a03b2 - net: atlantic: macsec: clear encryption keys from the stack (jsc#PED-1530). - commit 643f719 - atlantic: fix deadlock at aq_nic_stop (jsc#PED-1530). - commit 4a9a64f - net: atlantic: fix potential memory leak in aq_ndev_close() (jsc#PED-1530). - commit 719db2f - net: atlantic: remove aq_nic_deinit() when resume (jsc#PED-1530). - commit ff2f581 - net: atlantic: remove deep parameter on suspend/resume functions (jsc#PED-1530). - commit 9e96b4d - net: atlantic:fix repeated words in comments (jsc#PED-1530). - commit d6d4ffb - net: atlantic: verify hw_head_ lies within TX buffer ring (jsc#PED-1530). - commit 7059ede - net: atlantic: add check for MAX_SKB_FRAGS (jsc#PED-1530). - commit e719b81 - net: atlantic: reduce scope of is_rsc_complete (jsc#PED-1530). - commit b04c254 - net: atlantic: fix "frag[0] not initialized" (jsc#PED-1530). - commit 0263576 - Update patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bsc#1207036 CVE-2023-23454). - commit 521fdca - Update patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch (bsc#1207361 bc#1207125 CVE-2023-23455). - commit c8b6243 - io_uring/poll: fix poll_refs race with cancelation (bsc#1207511 CVE-2023-0468). - io_uring: make poll refs more robust (bsc#1207511 CVE-2023-0468). - io_uring: cmpxchg for poll arm refs release (bsc#1207511 CVE-2023-0468). - io_uring: fix tw losing poll events (bsc#1207511 CVE-2023-0468). - io_uring: update res mask in io_poll_check_events (bsc#1207511 CVE-2023-0468). - commit 4fe9bfe ++++ kglobalaccel: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Send X11 startup id when invoking service actions ++++ kguiaddons: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * waylandinhibition singleton pattern for ShortcutsInhibitManager * waylandclipboard: roundtrip to get accurate focus state (kde#463199) * KColorSchemeWatcherMac: do not use new NSAppearance API on older macOS versions (kde#463752) ++++ ki18n: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kiconthemes: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kidletime: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kio: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * CommandLauncher: Emit error when command was not found * Add KUrlNavigator::supportedSchemes, to replace customProtocols * Add missing copyFromFile entries to http.json for webdav and webdavs (kde#464450) * Mark WorkerBase::needSubUrlData as deprecated * [commandlauncherjob] Deprecate setIcon * job_error: add missing space between sentences for one string (kde#464631) * Correct setDesktopName() docs regarding optionality of .desktop suffix * Drop outdated docs for mailto kioslave * Add deprecation warnings for KDirOperator::setView(KFile::FileView) * Deprecate unused Scheduler::connect/disconnects methods * Deprecate Slave::isConnected/setConnected * Restore old behavior for KFileFilterCombo::setFilter (kde#463309) * KCoreDirListerCache: Remove unnecessary assert * KFilePlacesView: Set transientParent on context menu (kde#453532) * KURISearchFilterEngine: Use DuckDuckGo as a default shortcut * widgets/renamefiledialog: remove bulk rename number limit ++++ kitemviews: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kjobwidgets: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ knotifications: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * knotification: Fix documentation typo ++++ kservice: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kstars: - Backport multiple fixes from the master branch, because there won't be a new release for the next two months: * Add fix-dir-separator.patch * Add fix-indi-timestamp.patch * Add fix-placeholder-path-part1.patch * Add fix-placeholder-path-part2.patch * Add fix-scheduler.patch ++++ ktextwidgets: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kwallet: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kwidgetsaddons: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Restore ABI compatibility broken in 29bb6d ++++ kwindowsystem: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ kxmlgui: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Prevent user from expanding tooltips by key, if they weren't expandable * Remove duplicate "Whats This?" tooltips ++++ solid: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - No code change since 5.102.0 ++++ sonnet: - Update to 5.103.0 * New feature release * For more details please see: * https://kde.org/announcements/frameworks/5/5.103.0 - Changes since 5.102.0: * Change underscores to spaces in Esperanto trigrams ++++ libindi: - Add fix-operator.patch (#1843) - Add fix-timestamp.patch (#1837) ++++ openssl-1_1: - FIPS: Serialize jitterentropy calls [bsc#1207994] * Add openssl-1_1-serialize-jitterentropy-calls.patch ++++ rssguard: - Update to version 4.3.2: + Added: - Display total number of underlying feeds/categories in account's tooltip in feed list. (gh#martinrotter/rssguard#881) - Press "CTRL+F" when article script textbox is highlighted in "Article filters" dialog to allow for text searching. (gh#martinrotter/rssguard#889) - Filtering option in article list toolbar are now inclusive with checkbox like appearance. You can now thus select multiple filtering conditions and if article meets atleast one of them, it is displayed. (gh#martinrotter/rssguard#468) - WebEngine disk cache now can be disabled in settings. If it is "disabled" then RSS Guard will use memory-based cache which is automatically destroyed when RSS Guard exits. (gh#martinrotter/rssguard#725) - Help spoilers now can display HTML help with clickable hyperlinks. - Skins are now able to load custom TTF and OTF fonts and also skins now are able to specify application-wide font. You can see sample usage of this feature in sample skin. + Fixed: - Fixed crash when importing OPML files. - Fixed looooong-standing hidden bug which could cause that labels DEassigned from filters were not synchronized back to feed service if supported. - Enhanced information about "resources" in "About" dialog. - Update to version 4.3.1: + Fixed: - Reverted to Qt 6.3 for Windows 10+ builds due to some regressions AGAIN. - Fixed TT-RSS icons downloading when obtaining list of feeds/folders. - RSS Guard now converts all placeholders (for example "%data%") to native path folder separators. - Update to version 4.3.0: + Added: - Massive update for feed fetching mechanism. It is now very parallelized and performance gain should be brutal. On my development PC with 4 cores (Intel i5) I observed 800 % performance boost. Note that this feature required huge number of changes on source code so there could be some corner case regressions or not so polished situations. File bug report when that happens. Also, number of threads used by this feature is configurable via --threads command line switch. This parallelization approach will also be applied to some other parts of application in the future, particularly for some massive batched network operations in some plugin - TT-RSS, Greader or Gmail - which will result in massive performance boost too. - RSS Guard is now available on Flathub in two distinct variants - "full" and "lite" (same as "nonwebengine"). - Suffix ".xml" is also accepted for OPML 2.0 files. - Brutal speed enhancements when importing OPML 2.0 files. Whole functionality is now properly parallelized and performance boost is potentially massive, depending on number of your CPU cores/threads. - Qt 6 bumped to 6.4.2 version - this fixes some regressions. + Fixed: - Some random Mac OS X crash. (gh#martinrotter/rssguard#866) - Update to version 4.2.6: + Added: - Bunch of premade sample article filters added to "Article filters" window. - Placeholders in external tools definitions can be now arbitrarily placed. - Article RSS enclosures can now be added from within article filters. - Added customizable skin color for feeds with NEW articles. So now it is possible to distinguish between NEW and UNREAD (but old) articles. (gh#martinrotter/rssguard#850) - Added application debug log dialog. See "Help" menu for more. - Too big fetched feed icons are now automatically scaled down to fixed size (48x48). - Now it is possible to run post-process script when importing OPML. (gh#martinrotter/rssguard#848) - Now it is possible to change "User-Agent" HTTP header. (gh#martinrotter/rssguard#835) - Added now column into article list which shows labels for each article. (gh#martinrotter/rssguard#768) - Now it is possible to "suppress" feed. Suppressed feeds do not trigger notifications. (gh#martinrotter/rssguard#745) + Fixed: - HTML detection on the QTextBrowser viewer is now more precise. (gh#martinrotter/rssguard#813) - Article decoding for Nextcloud News works better. (gh#martinrotter/rssguard#814) - Inoreader built-in API tokens are removed, because they were abused. - Default AdBlock lists now have corrected URL addresses. - Fixed full-article scraper "scrape-full-articles.py". - Do some preparations and code cleanups for adding "lite" RSS Guard variant to Flathub. - Nextcloud News plugin processes "mediaThumbnail" and "mediaDescription" when parsing articles. (gh#martinrotter/rssguard#831) - Avoid appending empty RSS enclosures to articles. (gh#martinrotter/rssguard#832) - AppImage reverted to Qt 5 as Qt 6 support in AppImage generator is very very buggy. - All dialogs where icons/images are selected now load their "formats" dynamically to support all possible image formats correctly. (gh#martinrotter/rssguard#834) This effectivelly adds "webp" and other formats on systems where it is supported. - Fixed crash. (gh#martinrotter/rssguard#849) - Enable smooth-scrolling by default. (gh#martinrotter/rssguard#793) ++++ libstorage-ng: - Translated using Weblate (Spanish) (bsc#1149754) - 4.5.72 - Translated using Weblate (Chinese (Taiwan) (zh_TW)) (bsc#1149754) - 4.5.71 ++++ libvirt: - qemu: Fix umount of /dev in VM private namespace c3f16cea-qemu-cleanup-label-on-umount-failure.patch, 697c16e3-qemu_process-better-debug-message.patch, 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch boo#1207889 ++++ linuxrc: - merge gh#openSUSE/linuxrc#319 - really parse 'firmwaretype' key (bsc#1208042) - 7.0.32.4 ++++ logfilegen: - logfilegen 1.2.0: * The log rotation queue minimal length is 1 now, i.e. one log file + at least one rotation file, if needed. * Add a new, simpler version of the benchmark: --test ++++ nvidia-open-driver-G06-signed: - Update to version 525.89.02 ++++ python-kiwi-keg: - Update to version 2.0.3: * Bump version: 2.0.2 → 2.0.3 - Update to version 2.0.2: * Use keg instead of kiwi-keg as source dir name * Nameing consistency * Warn if referenced archive is not defined * tox.ini: Use allowlist_external * CI testing: Use Ubuntu 20.04 for python 3.6 build * Fix unit tests of OBS src service module * Regenerate docbook source file * Fix issues with man page sources * Update installation documentation ++++ obs-service-product_converter: - 1.5.4 * make purl_distro of SPDX data configurable ++++ orage: - Update to version 4.18.0 * Changed Orage internal time and data strings to GDateTime (MR !20) * In event list, fixed event hiding when event start at 00:00 and end 00:00 in same date (this kind event can be created when creating full day event, save event and then unset full day option). (MR !20) * Removed bundled libical (Issue #5) * Removed panel plugin (Issue #11) * Removed GlobalTime (Issue #12) * Replaced old Orage icons (Issue #16) and removed 160x160 icons * Replaced deprecated dbus-glib with GDBus (Issue #4) * Changed event attach order in day view window (Issue #15) * Added Wayland support (Issue #2) * Fixed orage_persistent_alarms.txt not found messages (MR !35) * Fixed after wakeup tray icon updating (Issue #14) * Changed alarm_structure to reference counted structure. This fixes warnings about memory leaks (MR !38, replaces MR !8) * Changed libnotify minimum version to 0.7.0 (MR !39) * Disabled sound alarm when sound command is not set (MR !40) * Fixed large ical file import (Issue #8) * Translation Updates ++++ perl-Mojolicious-Plugin-AssetPack: - updated to 2.14 * added support for retry during download assets ++++ phpMyAdmin: - Update to 5.2.1 This is a security and bufix release. * Security - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS attack through the drag-and-drop upload feature. * Bugfix - issue #17522 Fix case where the routes cache file is invalid - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick - issue Fix blank page when some error occurs - issue #17519 Fix Export pages not working in certain conditions - issue #17496 Fix error in table operation page when partitions are broken - issue #17386 Fix system memory and system swap values on Windows - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive - issue #17271 Fix database names not showing on Processes tab - issue #17424 Fix export limit size calculation - issue #17366 Fix refresh rate popup on Monitor page - issue #17577 Fix monitor charts size on RTL languages - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing - issue #17586 Fix statistics not showing for empty databases - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore - issue #17584 It's now possible to browse a database that includes two % in its name - issue Fix PHP 8.2 deprecated string interpolation syntax - issue Some languages are now correctly detected from the HTTP header - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true - issue #17593 Table filtering now works when action buttons are on the right side of the row - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found - issue #17551 Enum/Set editor will not fail to open when creating a new column - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events - issue #17673 Allow empty values to be inserted into columns - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console - issue Fixed debug queries console broken UI for query time and group count - issue Fixed escaping of SQL query and errors for the debug console - issue Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled - issue #17543 Fix JS error on saving a new designer page - issue #17546 Fix JS error after using save as and open page operation on the designer - issue Fix PHP warning on GIS visualization when there is only one GIS column - issue #17728 Some select HTML tags will now have the correct UI style - issue #17734 PHP deprecations will only be shown when in a development environment - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page - issue #16418 Fix FAQ 1.44 about manually removing vendor folders - issue #12359 Setup page now sends the Content-Security-Policy headers - issue #17747 The Column Visibility Toggle will not be hidden by other elements - issue #17756 Edit/Copy/Delete row now works when using GROUP BY - issue #17248 Support the UUID data type for MariaDB >= 10.7 - issue #17656 Fix replace/change/set table prefix is not working - issue Fix monitor page filter queries only filtering the first row - issue Fix "Link not found!" on foreign columns for tables having no char column to show - issue #17390 Fix "Create view" modal doesn't show on results and empty results - issue #17772 Fix wrong styles for add button from central columns - issue #17389 Fix HTML disappears when exporting settings to browser's storage - issue #17166 Fix "Warning: #1287 'X' is deprecated [...] Please use ST_X instead." on search page - issue Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB) - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB) - issue #17281 Fix links to databases for information_schema.SCHEMATA - issue #17553 Fix Metro theme unreadable links above navigation tree - issue #17553 Metro theme UI fixes and improvements - issue #17553 Fix Metro theme login form with - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened - issue Fix Original theme buttons style and login form width - issue #17892 Fix closing index edit modal and reopening causes it to fire twice - issue #17606 Fix preview SQL modal not working inside "Add Index" modal - issue Fix PHP error on adding new column on create table form - issue #17482 Default to "Full texts" when running explain statements - issue Fixed Chrome scrolling performance issue on a textarea of an "export as text" page - issue #17703 Fix datepicker appears on all fields, not just date - issue Fix space in the tree line when a DB is expanded - issue #17340 Fix "New Table" page -> "VIRTUAL" attribute is lost when adding a new column - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5 - issue Fix column names option for CSV Export - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP - issue #17944 Fix unable to create a view from tree view button - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround) - issue #17967 Fix missing icon for collapse all button - issue #18006 Fixed UUID columns can't be moved - issue Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks - issue Remove non working "Analyze Explain at MariaDB.org" button (MariaDB stopped this service) - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API - issue #18019 Fix "Call to a member function fetchAssoc() on bool" with SQL mode ONLY_FULL_GROUP_BY on monitor search logs - issue Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions - issue #17398 Fix clicking on JSON columns triggers update query - issue Fix silent JSON parse error on upload progress - issue #17833 Fix "Add Parameter" button not working for Add Routine Screen - issue #17365 Fixed "Uncaught Error: regexp too big" on server status variables page - Rebase phpMyAdmin-config.patch. ++++ product-builder-plugin-SLE_15: - update to version 1.0.8 * backport SPDX generation support ++++ python-boto3: - Update to 1.26.66 * api-change:``transfer``: [``botocore``] Updated the documentation for the ImportCertificate API call, and added examples. - from version 1.26.65 * api-change:``compute-optimizer``: [``botocore``] AWS Compute optimizer can now infer if Kafka is running on an instance. * api-change:``customer-profiles``: [``botocore``] This release deprecates the PartyType and Gender enum data types from the Profile model and replaces them with new PartyTypeString and GenderString attributes, which accept any string of length up to 255. * api-change:``frauddetector``: [``botocore``] My AWS Service (Amazon Fraud Detector) - This release introduces Cold Start Model Training which optimizes training for small datasets and adds intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights models with minimal historical-data. * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added improved scene change detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to the AVC encoder. * api-change:``outposts``: [``botocore``] Adds OrderType to Order structure. Adds PreviousOrderId and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum length of pagination token. - from version 1.26.64 * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.9 * api-change:``proton``: [``botocore``] Add new GetResourcesSummary API * api-change:``redshift``: [``botocore``] Corrects descriptions of the parameters for the API operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster. - from version 1.26.63 * api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK) encryption of configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported. * api-change:``connect``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``ec2``: [``botocore``] Documentation updates for EC2. * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version * api-change:``keyspaces``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``quicksight``: [``botocore``] QuickSight support for Radar Chart and Dashboard Publish Options * api-change:``redshift``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``sso-admin``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. - from version 1.26.62 * bugfix:``s3``: [``botocore``] boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked` when user also supplies `ChecksumAlgorithm`. * api-change:``devops-guru``: [``botocore``] This release adds filter support ListAnomalyForInsight API. * api-change:``forecast``: [``botocore``] This release will enable customer select INCREMENTAL as ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/ * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management (IAM). * api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly has added support for program updates, and the ability to clip the end of VOD sources in programs. * api-change:``sns``: [``botocore``] Additional attributes added for set-topic-attributes. - from version 1.26.61 * api-change:``accessanalyzer``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``appsync``: [``botocore``] This release introduces the feature to support EventBridge as AppSync data source. * api-change:``cloudtrail-data``: [``botocore``] Add CloudTrail Data Service to enable users to ingest activity events from non-AWS sources into CloudTrail Lake. * api-change:``cloudtrail``: [``botocore``] Add new "Channel" APIs to enable users to manage channels used for CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to manage the resource-based permissions policy attached to a channel. * api-change:``codeartifact``: [``botocore``] This release introduces a new DeletePackage API, which enables deletion of a package and all of its versions from a repository. * api-change:``connectparticipant``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``ec2``: [``botocore``] This launch allows customers to associate up to 8 IP addresses to their NAT Gateways to increase the limit on concurrent connections to a single destination by eight times from 55K to 440K. * api-change:``groundstation``: [``botocore``] DigIF Expansion changes to the Customer APIs. * api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Cloudwatch Logs action batch mode. * api-change:``kinesis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option for a VPC endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can now use remote reindex to copy indices from one VPC domain to another without a reverse proxy. * api-change:``outposts``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural American English voices - Ruth, Stephen * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports more completion criteria for Hyperparameter Optimization. * api-change:``securityhub``: [``botocore``] New fields have been added to the AWS Security Finding Format. Compliance.SecurityControlId is a unique identifier for a security control across standards. Compliance.AssociatedStandards contains all enabled standards in which a security control is enabled. * api-change:``support``: [``botocore``] This fixes incorrect endpoint construction when a customer is explicitly setting a region. - Update BuildRequires and Requires from setup.py ++++ python-botocore: - Update to 1.29.66 * api-change:``transfer``: Updated the documentation for the ImportCertificate API call, and added examples. - from version 1.29.65 * api-change:``compute-optimizer``: AWS Compute optimizer can now infer if Kafka is running on an instance. * api-change:``customer-profiles``: This release deprecates the PartyType and Gender enum data types from the Profile model and replaces them with new PartyTypeString and GenderString attributes, which accept any string of length up to 255. * api-change:``frauddetector``: My AWS Service (Amazon Fraud Detector) - This release introduces Cold Start Model Training which optimizes training for small datasets and adds intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights models with minimal historical-data. * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added improved scene change detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to the AVC encoder. * api-change:``outposts``: Adds OrderType to Order structure. Adds PreviousOrderId and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum length of pagination token. - from version 1.29.64 * enhancement:AWSCRT: Upgrade awscrt version to 0.16.9 * api-change:``proton``: Add new GetResourcesSummary API * api-change:``redshift``: Corrects descriptions of the parameters for the API operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster. - from version 1.29.63 * api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption of configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported. * api-change:``connect``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``ec2``: Documentation updates for EC2. * api-change:``elbv2``: Update elbv2 client to latest version * api-change:``keyspaces``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``quicksight``: QuickSight support for Radar Chart and Dashboard Publish Options * api-change:``redshift``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``sso-admin``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. - from version 1.29.62 * bugfix:``s3``: boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked` when user also supplies `ChecksumAlgorithm`. * api-change:``devops-guru``: This release adds filter support ListAnomalyForInsight API. * api-change:``forecast``: This release will enable customer select INCREMENTAL as ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/ * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM). * api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added support for program updates, and the ability to clip the end of VOD sources in programs. * api-change:``sns``: Additional attributes added for set-topic-attributes. - from version 1.29.61 * api-change:``accessanalyzer``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``appsync``: This release introduces the feature to support EventBridge as AppSync data source. * api-change:``cloudtrail-data``: Add CloudTrail Data Service to enable users to ingest activity events from non-AWS sources into CloudTrail Lake. * api-change:``cloudtrail``: Add new "Channel" APIs to enable users to manage channels used for CloudTrail Lake integrations, and "Resource Policy" APIs to enable users to manage the resource-based permissions policy attached to a channel. * api-change:``codeartifact``: This release introduces a new DeletePackage API, which enables deletion of a package and all of its versions from a repository. * api-change:``connectparticipant``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``ec2``: This launch allows customers to associate up to 8 IP addresses to their NAT Gateways to increase the limit on concurrent connections to a single destination by eight times from 55K to 440K. * api-change:``groundstation``: DigIF Expansion changes to the Customer APIs. * api-change:``iot``: Added support for IoT Rules Engine Cloudwatch Logs action batch mode. * api-change:``kinesis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``opensearch``: Amazon OpenSearch Service adds the option for a VPC endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can now use remote reindex to copy indices from one VPC domain to another without a reverse proxy. * api-change:``outposts``: Enabled FIPS endpoints for GovCloud (US) regions in SDK. * api-change:``polly``: Amazon Polly adds two new neural American English voices - Ruth, Stephen * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports more completion criteria for Hyperparameter Optimization. * api-change:``securityhub``: New fields have been added to the AWS Security Finding Format. Compliance.SecurityControlId is a unique identifier for a security control across standards. Compliance.AssociatedStandards contains all enabled standards in which a security control is enabled. * api-change:``support``: This fixes incorrect endpoint construction when a customer is explicitly setting a region. ++++ sevctl: - Set cargo_vendor update param to false to bypass upstream semvar issues ++++ tellico: - Update to 3.4.6 Improvements and Bug Fixes: * Updated IMDb data source to better support TV series (kde#463717, kde#460401) * Fixed fallback to https scheme in SRU data source (kde#463438). * Fixed bug with timing of multisource config read (kde#461861). * Fixed edit dialog resizing (kde#462237). ++++ yast2: - DnsServerApi: drop module. It should never be in yast2 as it import module from yast2-dns-server. And now dns-server is going to be dropped (bsc#1205363) - 4.5.23 ++++ yast2-bootloader: - make secure boot for ppc64 consistent with how secure boot works on other architectures (bsc#1206295) - 4.5.8 ++++ yast2-packager: - Prevent crash if nil dependencies instead of [] (bsc#1208068) - 4.5.14 ++++ yast2-python-bindings: - Misc fixes to examples; (bsc#1199343). - Fix python2 utf8 handling (python2 code wasn't displaying unicode strings); (bsc#1199348). - Change conversion of Py_None to YCP_Void instead of YCP_Null; (bsc#1199344). - 4.5.2 ------------------------------------------------------------------ ------------------ 2023-2-7 - Feb 7 2023 ------------------- ------------------------------------------------------------------ ++++ webkit2gtk3-soup2: - Update to version 2.38.4 (boo#1207997): + Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard to avoid audio/video desynchronizationg, among other fixes. + Disable HLS media playback by default, which makes web sites use MSE instead. If needed WEBKIT_GST_ENABLE_HLS_SUPPORT=1 can be set in the environment to enable it back. + Disable threaded rendering in GTK4 builds by default, as it was causing crashes. + Fix MediaSession API not showing artwork images. + Fix MediaSession MPRIS usage when running inside a Flatpak sandbox. + Fix input element controls to correctly scale when applying a zoom factor different than the default. + Fix leakage of Web processes in certain situations. + Fix the injected bundle not being found when running inside a sandbox. + Fix the build with ENABLE_INTROSPECTION when cross-compiling. + FIx the build with ENABLE_WEBGL disabled. + Fix the build with GStreamer-based WebRTC enabled. + Fix the build with USE_GTK4 enabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23517, CVE-2023-23518, CVE-2022-42826. ++++ webkit2gtk3: - Update to version 2.38.4 (boo#1207997): + Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard to avoid audio/video desynchronizationg, among other fixes. + Disable HLS media playback by default, which makes web sites use MSE instead. If needed WEBKIT_GST_ENABLE_HLS_SUPPORT=1 can be set in the environment to enable it back. + Disable threaded rendering in GTK4 builds by default, as it was causing crashes. + Fix MediaSession API not showing artwork images. + Fix MediaSession MPRIS usage when running inside a Flatpak sandbox. + Fix input element controls to correctly scale when applying a zoom factor different than the default. + Fix leakage of Web processes in certain situations. + Fix the injected bundle not being found when running inside a sandbox. + Fix the build with ENABLE_INTROSPECTION when cross-compiling. + FIx the build with ENABLE_WEBGL disabled. + Fix the build with GStreamer-based WebRTC enabled. + Fix the build with USE_GTK4 enabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23517, CVE-2023-23518, CVE-2022-42826. ++++ webkit2gtk4: - Update to version 2.38.4 (boo#1207997): + Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard to avoid audio/video desynchronizationg, among other fixes. + Disable HLS media playback by default, which makes web sites use MSE instead. If needed WEBKIT_GST_ENABLE_HLS_SUPPORT=1 can be set in the environment to enable it back. + Disable threaded rendering in GTK4 builds by default, as it was causing crashes. + Fix MediaSession API not showing artwork images. + Fix MediaSession MPRIS usage when running inside a Flatpak sandbox. + Fix input element controls to correctly scale when applying a zoom factor different than the default. + Fix leakage of Web processes in certain situations. + Fix the injected bundle not being found when running inside a sandbox. + Fix the build with ENABLE_INTROSPECTION when cross-compiling. + FIx the build with ENABLE_WEBGL disabled. + Fix the build with GStreamer-based WebRTC enabled. + Fix the build with USE_GTK4 enabled. + Fix several crashes and rendering issues. + Security fixes: CVE-2023-23517, CVE-2023-23518, CVE-2022-42826. ++++ nextcloud-desktop: - Update to 3.7.1 - Backport/5393/stable 3.7 by @mgallien in #5403 - Fix wrong estimated time when doing sync. in #4902 - Bugfix/selective sync abort error in #4903 - Set UnifiedSearchResultNothingFound visibility less messily in #4751 - Clean up QML type and singleton registration in #4817 - Simplify activity list delegates by making them ItemDelegates, clean up in #4786 - Improve activity list highlighting/keyboard item selection in #4781 - Replace private API QZipWriter with KArchive in #4768 - makes Qt WebEngine optional only on macOS in #4875 - Bugfix/conflict resolution when selecting folder in #4914 - Fix fileactivitylistmodel QML registration in #4920 - Updated link to documentation in #4792 - Fix menu bar height calculation on macOS in #4917 - Fix ActivityItem activityHover error in #4921 - Fix add account window text clipping, enlarge text in #4910 - Accept valid lsColJob reply XML content types in #4919 - Fix low-resolution file changed overlay icons in activities in #4930 - Refactor ActivityListModel population mechanisms in #4736 - Make account setup wizard's adjustWizardSize resize to current page size instead of largest wizard page in #4911 - Deallocate call notification dialog objects when closed by @claucambra in #4939 - Ensure that the file being processed has had its etag properly sanitised, log etag more in #4940 - Feature/syncjournaldb handle errors in #4819 - Do not format text in QML components as HTML in #4944 - Fix two factor auth notification: activity item was disabled. in #4961 - Add a placeholder item for empty activity list in #4959 - Ensure strings in main window QML are presented as plain text and not HTML by @claucambra in #4972 - Improve handling of file name clashes by @claucambra in #4970 - Add a QSortFilterProxyModel-based SortedActivityListModel by @claucambra in #4933 - Bring back .lnk files on Windows and always treat them as non-virtual files. by @allexzander in #4968 - Fix two factor authentication notification by @camilasan in #4967 - Ensure placeholder message in emoji picker wraps correctly in #4960 - Make activity action button an actual button, clean up contents in #4784 - Improve the error box QML component in #4976 - Fix 'Reply' primary property. in #4985 - Fix sync progress bar colours in dark mode in #4986 - Fix predefined status text formatting in #4987 - Don't set up tray context menu on macOS, even if not building app bundle in #4988 - Ci/check clang tidy in ci in #4995 - check our code with clang-tidy in #4999 - alway use constexpr for all text constants in #4996 - avoid possibly crashing static_cast in #4994 - switch AppImage CI to latest tag: client-appimage-6 in #5003 - configure a list of checks for clang-tidy in #5004 - Fix link shares default expire date being enforced as maximum expire date even when maximum date enforcement is disabled on the server in #4982 - apply modernize-use-using via clang-tidy in #4993 - Ci/use no discard in #4992 - Fix files not unlocking after lock time expired in #4962 - Update client image in #5002 - let's check the format via some github action in #4991 - Feature/vfs windows sharing and lock state in #4942 - Update after tx migrate in #5019 - Improve 'Handle local file editing' feature. Add loading popup. Add force sync before opening a file. in #4990 - Command-line client. Do not trust SSL certificates by default, unless '--trust' option is set. in #5022 - Bugfix/files lock fail metadata in #5024 - do not ignore return value in #4998 - improve logs when adding sync errors in activity list of main dialog in #5032 - Fix invisible user status selector button not being checked when user is in Offline mode in #5012 - use correct version copmparison on NSIS updater: fix update from rc in #4979 - Bugfix/check token for edit locally requests in #5039 - Fix the dismiss button: display it whenever possible. in #4989 - Fix account not found when doing local file editing. in #5040 - Improve "pretty user name"-related strings, display in webflow credentials in #5013 - Update CHANGELOG with 3.6.1 changes. in #5066 - Fix call notification dialog buttons in #5074 - validate certificate for E2EE against private key in #4949 - emit missing signal to update folder sync status icon in #5087 - Update CMake usage in README build instructions in #5086 - Clean up methods in sync engine in #5071 - Make Systray's void methods slots in #5042 - Remove unneeded parameter from CleanupPollsJob constructor in #5070 - Add a 'Sync now' button to the sync status header in the tray window in #5018 - Modernise and improve code in AccountManager in #5026 - Fix macOS autoupdater settings in #5102 - Validate and sanitise edit locally token and relpath before sending to server in #5093 - Refactor FolderMan's "Edit Locally" capabilities as separate class in #5107 - Modernise and improve code in AccountSettings in #5027 - Fix compatibility with newer python3-nautilus in #5105 - Only show Sync Now button if account is connected in #5097 - use new public API to open an edit locally URL in #5116 - Add a new file details window, unify file activity and sharing in #4929 - E2EE. Do not generate keypair without user request. in #5067 - Fix incorrect current user index when adding or removing a user account. Also fix incorrect user avatar lookup by id. in #5092 - Remove unused internal link widget from old share dialog in #5123 - Use separate variable for cfg file name in CMAKE. in #5136 - Bugfix/delete folders during propagation even when propagation has errors in #5104 - Remove unused app pointer in CocoaInitializer in #5127 - Ensure 'Sync now' button doesn't have its text elided in #5129 - Fix share delegate button icon colors in dark mode in #5132 - Do not use copy-assignment of QDialog. in #5148 - Remove unused remotePath in User::processCompletedSyncItem in #5118 - Make user status selector modal, show user header in #5145 - properly escape a path when creating a test file during tests in #5151 - Add support cmake unity build in #5109 - Fix typo of connector in #5157 - fully qualify types in signals and slots in #5088 - Remove reference to inexistent property in NCCustomButton in #5173 - Fix ActivityList delegate warnings in #5172 - Ensure forcing a folder to be synced unpauses syncing on said folder in #5152 - switch back to upstream craft in #5178 - fix renaming of folders with a deep hierarchy inside them in #5182 - fix instances of: c++11 range-loop might detach Qt container warnings in #5089 - Implement context menu entry "Leave this share" in #5081 - check that we update local file mtime on changes from server in #5188 - Add end-to-end tests to our CI in #5124 - Modernize the Dolphin action plugin in #5192 - Ci/do not modify configuration file duringtests in #5200 - cmake: Use FindPkgConfig's pkg_get_variable instead of custom macro in #5199 - Fix tray window margins, stop cutting into window border in #5202 - fix regressions on pinState management when doing renames in #520 - Fix bad custom button alignments, sizings, etc. in #5189 - Ci/do not override configuration file in #5206 - Clearly tell user that E2EE has been enabled for an account in #5164 - Fix CfApiShellExtensionsIPCTest in #5209 - l10n: Fixed grammar in #5220 - Prevent bad encrypting of folder if E2EE has not been correctly set up in #5223 - Remove close/dismiss button from encryption message in #5163 - Update macOS shell integration deployment targets in #5227 - Bugfix/case cash conflicts should not terminate sync in #5224 - Differentiate between E2EE not being enabled at all vs. E2EE being enabled already through another device in account settings message in #5179 - Ensure more QML text components are rendering things as plain text in #5231 - l10n: Correct spelling in #5221 - Make use of plain text-enforcing qml labels in #5233 - Feature/edit file locally restart sync in #5175 - Fix CI errors for Edit Locally. in #5241 - Lock file when editing locally in #5226 - Format some QLabels as plain text in #5247 - do not create GUI from a random thread and show error on real error in #5253 - Fix BasicComboBox internal layout in #5216 - Explicitly size and align user status selector text input to avoid bugs with alternate QtQuick styles in #5214 - do not use bulk upload for e2ee files in #5256 - Only show mnemonic request dialog when user explicitly wants to enable E2EE in #5181 - Replace share settings popup with a page on a StackView in #5194 - Add interactive NC Talk notifications on macOS in #5143 - Show file details within the tray dialog, rather than in a separate dialog in #5139 - Silence sync termination errors when running EditLocallyJob. in #5261 - Fix typo in #5257 - Add an "Encrypt" menu entry in file browser context menu for folders in #5263 - Add a nix flake for easy building and dev environments in #5007 - Add an internal link share to the share dialog in #5131 - Avoid the Get-Task-Allow Entitlement (macOS Notarization) in #5274 - sets a fixed version for pixman when buildign desktop client via Craft in #5269 - Fix SyncEngineTest failure when localstate is destroyed. in #5273 - Feature/remove obsolete names in #5271 - Remove unused HeaderBanner component in #5245 - Feature/do not sync enc folders if e2ee is not setup in #5258 - fix migration from old settings configuration files in #5141 - Use QFileInfo::exists where we are only creating a QFileInfo to check if file exists in #5291 - Make correct use of Qt signal 'emit' keyword in #5287 - Remove unused variables in #5290 - Declare all QRegularExpressions statically in #5289 - l10n: Remove space in #5297 - Feature/move shellextensions to root installdir in #5295 - Improve backup dark mode palette for Windows in #5298 - Allow setting up an account with apppasword and folder via command-line arguments. For deployment. in #5296 - Update file's metadata in the local database when the etag changes while file remains unchanged. Fix subsequent conflict when locking and unlocking. in #5293 - Fix warnings on QPROPERTY-s in #5286 - Replace now deprecated FSEventStreamScheduleWithRunLoop with FSEventStreamSetDispatchQueue in #5272 - Fix macOS shell integration class inits in #5299 - Drop dependency on Qt Quick Controls 1 in #5309 - Fix full-text search results not being opened in browser in #5279 - Feature/allow forceoverrideurl via command line in #5329 - Bugfix/e2ee vulnerability empty metadatakeys in #5323 - Always generate random initialization vector when uploading encrypted file in #5324 - Fix bad string for translation. in #5358 - Update legal notice to 2023 in #5361 - Fix migration from legacy client when override server url is set in #5322 - Don't try to lock folders when editing locally in #5317 - Fix fetch more unified search result item not being clickable in #5266 - Add ability to disable E2EE in #5167 - Remove unused monochrome icons setting in #5366 - Feature/sync with case clash names in #5232 - Edit locally. Do not lock if locking is disabled on the server. in #5371 - Revert "Merge pull request #5366 from nextcloud/bugfix/remove-mono-icons-setting" in #5372 - Open calendar notifications in the browser. in #4684 - Migrate old configs in #5362 - Always unlock E2EE folders, even when network failure or crash. in #5370 - [stable-3.7] Fix displaying of file details button for local syncfileitem activities in #5380 - [stable-3.7] Improve config upgrade warning dialog in #5386 - Backport/5385/stable 3.7 in #5388 ++++ ceph: - Update to 16.2.11-58-g38d6afd3b78: + test/CMakeLists.txt: move 'APPEND rgw_libs Boost::filesystem' to top level ++++ ceph-test: - Update to 16.2.11-58-g38d6afd3b78: + test/CMakeLists.txt: move 'APPEND rgw_libs Boost::filesystem' to top level ++++ chezmoi: - Update to version 2.30.0: * feat: Add zstd compression support * feat: Add external_ attribute for directories * fix: Make chezmoi init --purge-binary always remove binary * Set CHEZMOI* environment variables when running cd command * chore: Update dependencies ++++ clone-master-clean-up: - Bump version to 1.11 - clone-master-clean-up fails when /etc/iscsi/initiatorname.iscsi doesn't exist The entire section is wrapped in a test for the existence of this file. (bsc#1207993) ++++ kernel-64kb: - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1207100). - eventfd: provide a eventfd_signal_mask() helper (bsc#1207100). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100). - commit 9e5a117 - fbdev: Fix invalid page access after closing deferred I/O devices (bsc#1207284). - commit 6a8d940 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 14626c0 ++++ kernel-azure: - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1207100). - eventfd: provide a eventfd_signal_mask() helper (bsc#1207100). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100). - commit 9e5a117 - fbdev: Fix invalid page access after closing deferred I/O devices (bsc#1207284). - commit 6a8d940 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 14626c0 ++++ kernel-default: - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1207100). - eventfd: provide a eventfd_signal_mask() helper (bsc#1207100). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100). - commit 9e5a117 - fbdev: Fix invalid page access after closing deferred I/O devices (bsc#1207284). - commit 6a8d940 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 14626c0 ++++ kernel-rt: - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1207100). - eventfd: provide a eventfd_signal_mask() helper (bsc#1207100). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100). - commit 9e5a117 - fbdev: Fix invalid page access after closing deferred I/O devices (bsc#1207284). - commit 6a8d940 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 14626c0 ++++ curl: - Security Fix: [bsc#1207992, CVE-2023-23916] * HTTP multi-header compression denial of service * Add curl-CVE-2023-23916.patch - Security Fixes: * HSTS ignored on multiple requests [bsc#1207990, CVE-2023-23914] * HSTS amnesia with --parallel [bsc#1207991, CVE-2023-23915] * Add curl-CVE-2023-23914-23915.patch ++++ dracut: - Update to version 055+suse.345.g8b8708cb: * feat(lvm): always include all drivers that LVM can use (bsc#1206195) ++++ dtb-aarch64: - io_uring: pass in EPOLL_URING_WAKE for eventfd signaling and wakeups (bsc#1207100). - eventfd: provide a eventfd_signal_mask() helper (bsc#1207100). - eventpoll: add EPOLL_URING_WAKE poll wakeup flag (bsc#1207100). - commit 9e5a117 - fbdev: Fix invalid page access after closing deferred I/O devices (bsc#1207284). - commit 6a8d940 - ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459). - ipmi:ssif: Increase the message retry time (bsc#1206459). - commit 14626c0 ++++ freerdp: - Multiple CVE fixes (bsc#1205512) + Add freerdp-Added-missing-length-checks-in-zgfx_decompress_segme.patch * Fixes CVE-2022-39316 & CVE-2022-39317 + Add freerdp-CVE-2022-39320.patch * Added missing length check in urb_control_transfer + Add freerdp-CVE-2022-39347.patch * Fix path validation in drive channel + Add freerdp-CVE-2022-41877.patch * Fixed missing stream length check in drive_file_query_directory ++++ glab: - Update to version 1.25.3: * Update .gitlab-ci.yml file * Update .gitlab-ci.yml file * chore: better omit test and chores from changelog * fix: Adding git name/email for homebrew * docs: update installation instructions for windows * test(project): add missing project tests * fix(project): fixes issue with filtering with starred and membership * fix(mr): Fixed EOF error when todo is called multiple times ++++ gnome-shell: - Update gs-fate318433-prevent-same-account-multi-logins.patch: Fix no warning messages (bsc#1207323). ++++ grub2: - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064) * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch ++++ gstreamer: - Add fix using sed to find gst-plugin-scanner-%{_target_cpu} program (boo#1207908). ++++ gstreamer-plugins-bad: - Stop building openh264 by default even on 3'rd party buildservices, do this via bcond. Codec now available via a special repo. ++++ gzdoom: - Update gzdoom-vulkan.patch for glslang 12 ++++ heaptrack: - Add GCC 13 and boost 1.81 compatibility patches: * 0001-Fix-build-with-gcc-13-by-including-cstdint.patch * 0001-Add-missing-include.patch ++++ java-11-openjdk: - Upgrade to upstream tag jdk-11.0.18+10 (January 2023 CPU) * CVEs + CVE-2023-21835, bsc#1207246 + CVE-2023-21843, bsc#1207248 * Security fixes + JDK-8286070: Improve UTF8 representation + JDK-8286496: Improve Thread labels + JDK-8287411: Enhance DTLS performance + JDK-8288516: Enhance font creation + JDK-8289350: Better media supports + JDK-8293554: Enhanced DH Key Exchanges + JDK-8293598: Enhance InetAddress address handling + JDK-8293717: Objective view of ObjectView + JDK-8293734: Improve BMP image handling + JDK-8293742: Better Banking of Sounds + JDK-8295687: Better BMP bounds * Other changes + JDK-4819544: SwingSet2 JTable Demo throws NullPointerException + JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider + JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows + JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/ /OnScreenRenderingResizeTest.java fails + JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/ /DropTargetEnterExitTest/MissedDragExitTest.java failed + JDK-8029633: Raw inner class constructor ref should not perform diamond inference + JDK-8030121: java/awt/dnd/MissingDragExitEventTest/ /MissingDragExitEventTest.java fails + JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/ /RepaintTest.java fails + JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/ /RobotWheelTest.java fails + JDK-8159599: [TEST_BUG] java/awt/Modal/ /ModalInternalFrameTest/ModalInternalFrameTest.java + JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/ /MultiresolutionIconTest.java + JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red. + JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout + JDK-8193942: Regression automated test '/open/test/jdk/javax/ /swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails + JDK-8194126: Regression automated Test '/open/test/jdk/javax/ /swing/JColorChooser/Test7194184.java' fails + JDK-8198343: Test java/awt/print/PrinterJob/ /TestPgfmtSetMPA.java may fail w/o printer + JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied + JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails + JDK-8206125: [windows] cannot pass relative path to - -with-boot-jdk + JDK-8210047: some pages contain content outside of landmark region + JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values + JDK-8212096: javax/net/ssl/ServerName/ /SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch + JDK-8213239: Configure cannot handle command overrides with arguments + JDK-8215571: jdb does not include jdk.* in the default class filter + JDK-8217032: Check pandoc capabilities in configure + JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java + JDK-8222251: preflow visitor is not visiting lambda expressions + JDK-8226236: win32: gc/metaspace/ /TestCapacityUntilGCWrapAround.java fails + JDK-8227179: Test for new gc+metaspace=info output format + JDK-8227651: Tests fail with SSLProtocolException: Input record too big + JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms + JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs + JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos + JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS + JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos + JDK-8239708: Split basics.m4 into basic.m4 and util.m4 + JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack + JDK-8242468: VS2019 build missing vcruntime140_1.dll + JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts' + JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts' + JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests + JDK-8244557: test/jdk/javax/swing/JTabbedPane/ /TestBackgroundScrollPolicy.java failed + JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows + JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d + JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message + JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing + JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode + JDK-8255439: System Tray icons get corrupted when Windows scaling changes + JDK-8256109: Create implementation for NSAccessibilityButton protocol + JDK-8257679: Improved unix compatibility layer in Windows build (winenv) + JDK-8257722: Improve "keytool -printcert -jarfile" output + JDK-8258005: JDK build fails with incorrect fixpath script + JDK-8259485: Document need for short paths when building on Windows + JDK-8260272: bash configure --prefix does not work after JDK-8257679 + JDK-8261336: IGV: enhance default filters + JDK-8261445: Use memory_order_relaxed for os::random(). + JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize + JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java + JDK-8263871: On sem_destroy() failing we should assert + JDK-8264593: debug.cpp utilities should be available in product builds. + JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class + JDK-8266082: AssertionError in Annotate.fromAnnotations with - Xdoclint + JDK-8266967: debug.cpp utility find() should print Java Object fields. + JDK-8268361: Fix the infinite loop in next_line + JDK-8268860: Windows-Aarch64 build is failing in GitHub actions + JDK-8268893: jcmd to trim the glibc heap + JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs + JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field + JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64 + JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints + JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 + JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12 + JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction + JDK-8274029: Remove jtreg tag manual=yesno for java/awt/ /print/Dialog/DialogOrient.java + JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/ /PrinterJob/ImagePrinting/ImageTypes.java & show test UI + JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS + JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java + JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening + JDK-8274597: Some of the dnd tests time out and fail intermittently + JDK-8275170: Some jtreg sound tests should be marked with sound keyword + JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + JDK-8276841: Add support for Visual Studio 2022 + JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points + JDK-8277497: Last column cell in the JTable row is read as empty cell + JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode + JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/ /NoInvalidateSocketException.java fails with "tag mismatch" + JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore + JDK-8279695: [TESTBUG] modify compiler/loopopts/ /TestSkeletonPredicateNegation.java to run on C1 also + JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u + JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound + JDK-8280863: Update build README to reflect that MSYS2 is supported + JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR + JDK-8280948: Write a regression test for JDK-4659800 + JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix + JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950 + JDK-8281296: Create a regression test for JDK-4515999 + JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted) + JDK-8282046: Create a regression test for JDK-8000326 + JDK-8282276: Problem list failing two Robot Screen Capture tests + JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access + JDK-8282345: handle latest VS2022 in abstract_vm_version + JDK-8282402: Create a regression test for JDK-4666101 + JDK-8282640: Create a test for JDK-4740761 + JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/ /LoadUnloadGC2.java fails intermittently with exit code 1 + JDK-8282730: LdapLoginModule throw NPE from logout method after login failure + JDK-8282777: Create a Regression test for JDK-4515031 + JDK-8282778: Create a regression test for JDK-4699544 + JDK-8282857: Create a regression test for JDK-4702690 + JDK-8282936: Write a regression test for JDK-4615365 + JDK-8282937: Write a regression test for JDK-4820080 + JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup + JDK-8283422: Create a new test for JDK-8254790 + JDK-8284294: Create an automated regression test for RFE 4138746 + JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph + JDK-8284521: Write an automated regression test for RFE 4371575 + JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X + JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation + JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" + JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java + JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist + JDK-8285305: Create an automated test for JDK-4495286 + JDK-8285373: Create an automated test for JDK-4702233 + JDK-8285604: closed sun/java2d/GdiRendering/ /ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)" + JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/ /PrintARGBImage.java manual test + JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox + JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment + JDK-8285836: sun/net/www/http/KeepAliveCache/ /KeepAliveProperty.java failed with "RuntimeException: Failed in server" + JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/ /AttachReturnError.java fails on Alpine + JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray + JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/ /DropTargetInInternalFrameTest.html times out and fails in Windows + JDK-8286872: Refactor add/modify notification icon (TrayIcon) + JDK-8287076: Document.normalizeDocument() produces different results + JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path + JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative + JDK-8287724: Fix various issues with msys2 + JDK-8287826: javax/accessibility/4702233/ /AccessiblePropertiesTest.java fails to compile + JDK-8287895: Some langtools tests fail on msys2 + JDK-8287896: PropertiesTest.sh fail on msys2 + JDK-8287902: UnreadableRB case in MissingResourceCauseTest is not working reliably on Windows + JDK-8287917: System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier + JDK-8288132: Update test artifacts in QuoVadis CA interop tests + JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces + JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable + JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding + JDK-8288599: com/sun/management/OperatingSystemMXBean/ /TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ... + JDK-8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305 + JDK-8289043: C2: Vector constant materialization attempt + JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output + JDK-8290207: Missing notice in dom.md + JDK-8290209: jcup.md missing additional text + JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1 + JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure + JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI" + JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize + JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses + JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*) + JDK-8291461: assert(false) failed: bad AD file + JDK-8292083: Detected container memory limit may exceed physical machine memory + JDK-8292158: AES-CTR cipher state corruption with AVX-512 + JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update + JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free + JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures + JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18 + JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform + JDK-8293044: C1: Missing access check on non-accessible class + JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + JDK-8293578: Duplicate ldc generated by javac + JDK-8293672: Update freetype md file + JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent + JDK-8293826: Closed test fails after JDK-8276108 on aarch64 + JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening + JDK-8293834: Update CLDR data following tzdata 2022c update + JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC + JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4 + JDK-8294307: ISO 4217 Amendment 173 Update + JDK-8294357: (tz) Update Timezone Data to 2022d + JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode + JDK-8294740: Add cgroups keyword to TestDockerBasic.java + JDK-8295173: (tz) Update Timezone Data to 2022e + JDK-8295288: Some vm_flags tests associate with a wrong BugID + JDK-8295322: Tests for JDK-8271459 were not backported to 11u + JDK-8295429: Update harfbuzz md file + JDK-8295469: S390X: Optimized builds are broken + JDK-8295554: Move the "sizecalc.h" to the correct location + JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev + JDK-8295714: GHA ::set-output is deprecated and will be removed + JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error + JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor + JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + JDK-8296108: (tz) Update Timezone Data to 2022f + JDK-8296239: ISO 4217 Amendment 174 Update + JDK-8296480: java/security/cert/pkix/policyChanges/ /TestPolicy.java is failing + JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation + JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708 + JDK-8296715: CLDR v42 update for tzdata 2022f + JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used + JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/ /OnScreenRenderingResizeTest.java fails again + JDK-8297241: Update sun/java2d/DirectX/ /OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java + JDK-8297481: Create a regression test for JDK-4424517 + JDK-8297656: AArch64: Enable AES/GCM Intrinsics + JDK-8297804: (tz) Update Timezone Data to 2022g + JDK-8298737: 8296772 backport to jdk11u caused build error on sparc + JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18 + JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + JDK-8299483: ProblemList java/text/Format/NumberFormat/ /CurrencyFormat.java + JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport ++++ java-17-openjdk: - Update to upstream tag jdk-17.0.6+10 (January 2023 CPU) * CVEs + CVE-2023-21835, bsc#1207246 + CVE-2023-21843, bsc#1207248 * Security fixes + JDK-8286070: Improve UTF8 representation + JDK-8286496: Improve Thread labels + JDK-8287411: Enhance DTLS performance + JDK-8288516: Enhance font creation + JDK-8289350: Better media supports + JDK-8293554: Enhanced DH Key Exchanges + JDK-8293598: Enhance InetAddress address handling + JDK-8293717: Objective view of ObjectView + JDK-8293734: Improve BMP image handling + JDK-8293742: Better Banking of Sounds + JDK-8295687: Better BMP bounds * Other changes + JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ /ScreenInsetsTest.java fails in Windows + JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/ /Receiver/bug6186488.java fails + JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/ /OnScreenRenderingResizeTest.java fails + JDK-8029633: Raw inner class constructor ref should not perform diamond inference + JDK-8030121: java/awt/dnd/MissingDragExitEventTest/ /MissingDragExitEventTest.java fails + JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled + JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/ /RobotWheelTest.java fails + JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ /ModalInternalFrameTest.java + JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/ /MultiresolutionIconTest.java + JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout + JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails + JDK-8210558: serviceability/sa/TestJhsdbJstackLock.java fails to find '^\s+- waiting to lock <0x[0-9a-f]+> \(a java\.lang\.Class ...' + JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs + JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos + JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos + JDK-8244670: convert clhsdb "whatis" command from javascript to java + JDK-8251466: test/java/io/File/GetXSpace.java fails on Windows with mapped network drives. + JDK-8255439: System Tray icons get corrupted when Windows scaling changes + JDK-8256811: Delayed/missed jdwp class unloading events + JDK-8257722: Improve "keytool -printcert -jarfile" output + JDK-8262721: Add Tests to verify single iteration loops are properly optimized + JDK-8265489: Stress test times out because of long ObjectSynchronizer::monitors_iterate(...) operation + JDK-8266082: AssertionError in Annotate.fromAnnotations with - Xdoclint + JDK-8266519: Cleanup resolve() leftovers from BarrierSet et al + JDK-8267138: Stray suffix when starting gtests via GTestWrapper.java + JDK-8268033: compiler/intrinsics/bmi/verifycode/ /BzhiTestI2L.java fails with "fatal error: Not compilable at tier 3: CodeBuffer overflow" + JDK-8268276: Base64 Decoding optimization for x86 using AVX-512 + JDK-8268297: jdk/jfr/api/consumer/streaming/ /TestLatestEvent.java times out + JDK-8268779: ZGC: runtime/InternalApi/ /ThreadCpuTimesDeadlock.java#id1 failed with "OutOfMemoryError: Java heap space" + JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs + JDK-8269404: Base64 Encoding optimization enhancements for x86 using AVX-512 + JDK-8269571: NMT should print total malloc bytes and invocation count + JDK-8269743: test/hotspot/jtreg/vmTestbase/vm/mlvm/meth/ /stress/jni/nativeAndMH/Test.java crash with small heap (-Xmx50m) + JDK-8270086: ARM32-softfp: Do not load CONSTANT_double using the condy helper methods in the interpreter + JDK-8270155: ARM32: Improve register dump in hs_err + JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction + JDK-8270848: Redundant unsafe opmask register allocation in some instruction patterns. + JDK-8270947: AArch64: C1: use zero_words to initialize all objects + JDK-8271015: Split cds/SharedBaseAddress.java test into smaller parts + JDK-8271834: TestStringDeduplicationAgeThreshold intermittent failures on Shenandoah + JDK-8271956: AArch64: C1 build failed after JDK-8270947 + JDK-8272094: compiler/codecache/TestStressCodeBuffers.java crashes with "failed to allocate space for trampoline" + JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64 + JDK-8272608: java_lang_System::allow_security_manager() doesn't set its initialization flag + JDK-8272776: NullPointerException not reported + JDK-8272791: java -XX:BlockZeroingLowLimit=1 crashes after 8270947 + JDK-8272809: JFR thread sampler SI_KERNEL SEGV in metaspace::VirtualSpaceList::contains + JDK-8273043: [TEST_BUG] Automate NimbusJTreeSelTextColor.java + JDK-8273108: RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276 + JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints + JDK-8273380: ARM32: Default to {ldrexd,strexd} in StubRoutines::atomic_{load|store}_long + JDK-8273459: Update code segment alignment to 64 bytes + JDK-8273497: building.md should link to both md and html + JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 + JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12 + JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction + JDK-8273880: Zero: Print warnings when unsupported intrinsics are enabled + JDK-8273881: Metaspace: test repeated deallocations + JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java + JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/ /PrinterJob/ImagePrinting/ImageTypes.java & show test UI + JDK-8274160: java/awt/Window/ShapedAndTranslucentWindows/ /Common.java delay is too high + JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS + JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java + JDK-8274527: Minimal VM build fails after JDK-8273459 + JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening + JDK-8274903: Zero: Support AsyncGetCallTrace + JDK-8275170: Some jtreg sound tests should be marked with sound keyword + JDK-8275234: java/awt/GraphicsDevice/DisplayModes/ /CycleDMImage.java is entered twice in ProblemList + JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + JDK-8275569: Add linux-aarch64 to test-make profiles + JDK-8276108: Wrong instruction generation in aarch64 backend + JDK-8276904: Optional.toString() is unnecessarily expensive + JDK-8277092: TestMetaspaceAllocationMT2.java#ndebug-default fails with "RuntimeException: Committed seems high: NNNN expected at most MMMM" + JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64 + JDK-8277351: ProblemList runtime/jni/checked/ /TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64 + JDK-8277358: Accelerate CRC32-C + JDK-8277411: C2 fast_unlock intrinsic on AArch64 has unnecessary ownership check + JDK-8277576: ProblemList runtime/ErrorHandling/ /CreateCoredumpOnCrash.java on macosx-X64 + JDK-8277577: ProblemList compiler/onSpinWait/ /TestOnSpinWaitAArch64DefaultFlags.java on linux-aarch64 + JDK-8277578: ProblemList applications/jcstress/acqrel.java on linux-aarch64 + JDK-8277866: gc/epsilon/TestMemoryMXBeans.java failed with wrong initial heap size + JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode + JDK-8277928: Fix compilation on macosx-aarch64 after 8276108 + JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/ /NoInvalidateSocketException.java fails with "tag mismatch" + JDK-8278826: Print error if Shenandoah flags are empty (instead of crashing) + JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore + JDK-8279398: jdk/jfr/api/recording/time/TestTimeMultiple.java failed with "RuntimeException: getStopTime() > afterStop" + JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out + JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC + JDK-8279941: sun/security/pkcs11/Signature/ /TestDSAKeyLength.java fails when NSS version detection fails + JDK-8280016: gc/g1/TestShrinkAuxiliaryData30 test fails on large machines + JDK-8280124: Reduce branches decoding latin-1 chars from UTF-8 encoded bytes + JDK-8280234: AArch64 "core" variant does not build after JDK-8270947 + JDK-8280391: NMT: Correct NMT tag on CollectedHeap + JDK-8280511: AArch64: Combine shift and negate to a single instruction + JDK-8280554: resourcehogs/serviceability/sa/ /ClhsdbRegionDetailsScanOopsForG1.java can fail if GC is triggered + JDK-8280555: serviceability/sa/TestObjectMonitorIterate.java is failing due to ObjectMonitor referencing a null Object + JDK-8280872: Reorder code cache segments to improve code density + JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR + JDK-8280948: Write a regression test for JDK-4659800 + JDK-8281296: Create a regression test for JDK-4515999 + JDK-8281744: x86: Use short jumps in TIG::set_vtos_entry_points + JDK-8282049: AArch64: Use ZR for integer zero immediate volatile stores + JDK-8282276: Problem list failing two Robot Screen Capture tests + JDK-8282347: AARCH64: Untaken branch in has_negatives stub + JDK-8282398: EndingDotHostname.java test fails because SSL cert expired + JDK-8282402: Create a regression test for JDK-4666101 + JDK-8282511: Use fixed certificate validation date in SSLExampleCert template + JDK-8282528: AArch64: Incorrect replicate2L_zero rule + JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary + JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/ /LoadUnloadGC2.java fails intermittently with exit code 1 + JDK-8282730: LdapLoginModule throw NPE from logout method after login failure + JDK-8282777: Create a Regression test for JDK-4515031 + JDK-8282857: Create a regression test for JDK-4702690 + JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 + JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup + JDK-8283298: Make CodeCacheSegmentSize a product flag + JDK-8283337: Posix signal handler modification warning triggering incorrectly + JDK-8283353: compiler/c2/cr6865031/Test.java and compiler/runtime/Test6826736.java fails on x86_32 + JDK-8283383: [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name + JDK-8283999: Update JMH devkit to 1.35 + JDK-8284533: Improve InterpreterCodelet data footprint + JDK-8284681: compiler/c2/aarch64/TestFarJump.java fails with "RuntimeException: for CodeHeap < 250MB the far jump is expected to be encoded with a single branch instruction" + JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X + JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation + JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" + JDK-8284892: java/net/httpclient/http2/TLSConnection.java fails intermittently + JDK-8284980: Test vmTestbase/nsk/stress/except/except010.java times out with -Xcomp -XX:+DeoptimizeALot + JDK-8285093: Introduce UTIL_ARG_WITH + JDK-8285305: Create an automated test for JDK-4495286 + JDK-8285373: Create an automated test for JDK-4702233 + JDK-8285604: closed sun/java2d/GdiRendering/ /ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)" + JDK-8285612: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ClippedImages.java + JDK-8285687: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PageRangesDlgTest.java + JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox + JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment + JDK-8285836: sun/net/www/http/KeepAliveCache/ /KeepAliveProperty.java failed with "RuntimeException: Failed in server" + JDK-8286172: Create an automated test for JDK-4516019 + JDK-8286263: compiler/c1/TestPinnedIntrinsics.java failed with "RuntimeException: testCurrentTimeMillis failed with -3" + JDK-8286313: [macos] Voice over reads the boolean value as null in the JTable + JDK-8286452: The array length of testSmallConstArray should be small and const + JDK-8286460: Remove dependence on JAR filename in CDS tests + JDK-8286551: JDK-8286460 causes tests to fail to compile in Tier2 + JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray + JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/ /DropTargetInInternalFrameTest.html times out and fails in Windows + JDK-8286872: Refactor add/modify notification icon (TrayIcon) + JDK-8287011: Improve container information + JDK-8287076: Document.normalizeDocument() produces different results + JDK-8287349: AArch64: Merge LDR instructions to improve C1 OSR performance + JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path + JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative + JDK-8287740: NSAccessibilityShowMenuAction not working for text editors + JDK-8287826: javax/accessibility/4702233/ /AccessiblePropertiesTest.java fails to compile + JDK-8288132: Update test artifacts in QuoVadis CA interop tests + JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces + JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable + JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding + JDK-8288651: CDS test HelloUnload.java should not use literal string as ClassLoader name + JDK-8289044: ARM32: missing LIR_Assembler::cmove metadata type support + JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output + JDK-8289257: Some custom loader tests failed due to symbol refcount not decremented + JDK-8289301: P11Cipher should not throw out of bounds exception during padding + JDK-8289524: Add JFR JIT restart event + JDK-8289559: java/awt/a11y/AccessibleJPopupMenuTest.java test fails with java.lang.NullPointerException + JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https + JDK-8290207: Missing notice in dom.md + JDK-8290209: jcup.md missing additional text + JDK-8290374: Shenandoah: Remove inaccurate comment on SBS::load_reference_barrier() + JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1 + JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure + JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes + JDK-8290687: serviceability/sa/TestClassDump.java could leave files owned by root on macOS + JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI" + JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize + JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses + JDK-8290839: jdk/jfr/event/compiler/TestJitRestart.java failed with "RuntimeException: No JIT restart event found: expected true, was false" + JDK-8290908: misc tests fail: assert(!thread->owns_locks()) failed: must release all locks when leaving VM + JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false + JDK-8291456: com/sun/jdi/ClassUnloadEventTest.java failed with: Wrong number of class unload events: expected 10 got 4 + JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*) + JDK-8291599: Assertion in PhaseIdealLoop::skeleton_predicate_has_opaque after JDK-8289127 + JDK-8291650: Add delay to ClassUnloadEventTest before exiting to give time for JVM to send all events before VMDeath + JDK-8291775: C2: assert(r != __null && r->is_Region()) failed: this phi must have a region + JDK-8292083: Detected container memory limit may exceed physical machine memory + JDK-8292158: AES-CTR cipher state corruption with AVX-512 + JDK-8292385: assert(ctrl == kit.control()) failed: Control flow was added although the intrinsic bailed out + JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + JDK-8292586: simplify cleanups in NTLMAuthSequence getCredentialsHandle + JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update + JDK-8292695: SIGQUIT and jcmd attaching mechanism does not work with signal chaining library + JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free + JDK-8292816: GPL Classpath exception missing from assemblyprefix.h + JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures + JDK-8292879: com/sun/jdi/ClassUnloadEventTest.java failed due to classes not unloading + JDK-8292880: Improve debuggee logging for com/sun/jdi/ClassUnloadEventTest.java + JDK-8292888: Bump update version for OpenJDK: jdk-17.0.6 + JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform + JDK-8292903: enhance round_up_power_of_2 assertion output + JDK-8293010: JDI ObjectReference/referringObjects/ /referringObjects001 fails: assert(env->is_enabled(JVMTI_EVENT_OBJECT_FREE)) failed: checking + JDK-8293044: C1: Missing access check on non-accessible class + JDK-8293232: Fix race condition in pkcs11 SessionManager + JDK-8293319: [C2 cleanup] Remove unused other_path arg in Parse::adjust_map_after_if + JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + JDK-8293489: Accept CAs with BasicConstraints without pathLenConstraint + JDK-8293535: jdk/javadoc/doclet/testJavaFX/ /TestJavaFxMode.java fail with jfx + JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + JDK-8293550: Optionally add get-task-allow entitlement to macos binaries + JDK-8293578: Duplicate ldc generated by javac + JDK-8293657: sun/management/jmxremote/bootstrap/ /RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake" + JDK-8293659: Improve UnsatisfiedLinkError error message to include dlopen error details + JDK-8293672: Update freetype md file + JDK-8293701: jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present + JDK-8293808: mscapi destroyKeyContainer enhance KeyStoreException: Access is denied exception + JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation + JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent + JDK-8293826: Closed test fails after JDK-8276108 on aarch64 + JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening + JDK-8293834: Update CLDR data following tzdata 2022c update + JDK-8293891: gc/g1/mixedgc/TestOldGenCollectionUsage.java (still) assumes that GCs take 1ms minimum + JDK-8293965: Code signing warnings after JDK-8293550 + JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC + JDK-8294307: ISO 4217 Amendment 173 Update + JDK-8294310: compare.sh fails on macos after JDK-8293550 + JDK-8294357: (tz) Update Timezone Data to 2022d + JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode + JDK-8294740: Add cgroups keyword to TestDockerBasic.java + JDK-8294837: unify Windows 2019 version check in os_windows and java_props_md + JDK-8294840: langtools OptionalDependencyTest.java use File.pathSeparator + JDK-8295173: (tz) Update Timezone Data to 2022e + JDK-8295288: Some vm_flags tests associate with a wrong BugID + JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests + JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8295419: JFR: Change name of jdk.JitRestart + JDK-8295429: Update harfbuzz md file + JDK-8295469: S390X: Optimized builds are broken + JDK-8295554: Move the "sizecalc.h" to the correct location + JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev + JDK-8295714: GHA ::set-output is deprecated and will be removed + JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error + JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor + JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296108: (tz) Update Timezone Data to 2022f + JDK-8296239: ISO 4217 Amendment 174 Update + JDK-8296480: java/security/cert/pkix/policyChanges/ /TestPolicy.java is failing + JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation + JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + JDK-8296715: CLDR v42 update for tzdata 2022f + JDK-8296733: JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect + JDK-8296945: PublicMethodsTest is slow due to dependency verification with debug builds + JDK-8296956: [JVMCI] HotSpotResolvedJavaFieldImpl.getIndex returns wrong value + JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + JDK-8296958: [JVMCI] add API for retrieving ConstantValue attributes + JDK-8296960: [JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool + JDK-8296961: [JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField + JDK-8296967: [JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod + JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used + JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/ /OnScreenRenderingResizeTest.java fails again + JDK-8297241: Update sun/java2d/DirectX/ /OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java + JDK-8297309: Memory leak in ShenandoahFullGC + JDK-8297481: Create a regression test for JDK-4424517 + JDK-8297530: java.lang.IllegalArgumentException: Negative length on strings concatenation + JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run + JDK-8297656: AArch64: Enable AES/GCM Intrinsics + JDK-8297804: (tz) Update Timezone Data to 2022g + JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6 + JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + JDK-8299483: ProblemList java/text/Format/NumberFormat/ /CurrencyFormat.java - Modified patch: * fips.patch + update to newest level - Removed patch: * fix_armv6_build.patch + does not apply and at least a part of the fix is in this version ++++ java-1_8_0-openjdk: - Update to version jdk8u362 (icedtea-3.26.0) * January 2023 CPU * CVEs + CVE-2023-21830, bsc#1207249 + CVE-2023-21843, bsc#1207248 * Security fixes + JDK-8285021: Improve CORBA communication + JDK-8286496: Improve Thread labels + JDK-8288516: Enhance font creation + JDK-8289350: Better media supports + JDK-8293554: Enhanced DH Key Exchanges + JDK-8293598: Enhance InetAddress address handling + JDK-8293717: Objective view of ObjectView + JDK-8293734: Improve BMP image handling + JDK-8293742: Better Banking of Sounds + JDK-8295687: Better BMP bounds * New features + Support for building with autoconf 2.71 * Import of OpenJDK 8 u362 build 09 + JDK-6885993: Named Thread: introduce print() and print_on(outputStream* st) methods + JDK-7124218: [TEST_BUG] [macosx] Space should select cell in the JTable + JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout + JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size. + JDK-8071530: Update OS detection code to reflect Windows 10 version change + JDK-8073464: GC workers do not have thread names + JDK-8079255: [TEST_BUG] [macosx] Test closed/java/awt/Robot/ /RobotWheelTest/RobotWheelTest fails for Mac only + JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/ /RobotWheelTest.java fails + JDK-8148005: One byte may be corrupted by get_datetime_string() + JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ /ModalInternalFrameTest.java + JDK-8159720: Failure of C2 compilation with tiered prevents some C1 compilations + JDK-8197859: VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp + JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems + JDK-8221529: [TESTBUG] Docker tests use old/deprecated image on AArch64 + JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137 + JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS + JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows + JDK-8253702: BigSur version number reported as 10.16, should be 11.nn + JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() + JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport + JDK-8269039: Disable SHA-1 Signed JARs + JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 + JDK-8270344: Session resumption errors + JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity + JDK-8273176: handle latest VS2019 in abstract_