Removed rpms ============ - libbpf0 - libbpf0-32bit - libcamel-1_2-62 - libcamel-1_2-62-32bit - libedataserver-1_2-24 - libedataserver-1_2-24-32bit - libedataserverui-1_2-2 - libedataserverui-1_2-2-32bit - liblmdb-0_9_17 - liblmdb-0_9_17-32bit - qemu-doc - qemu-img - qemu-pr-helper - virtiofsd Added rpms ========== - csp-billing-adapter-service - libetebase-devel - libetebase0 - libmariadbd104-devel - liboqs-devel-32bit - liboqs3-32bit - libsybdb5-32bit - libtdsodbc0-32bit - mariadb104 - mariadb104-bench - mariadb104-client - mariadb104-errormessages - mariadb104-galera - mariadb104-rpm-macros - mariadb104-test - mariadb104-tools - python3-csp-billing-adapter - python3-csp-billing-adapter-amazon - python3-csp-billing-adapter-local - python3-csp-billing-adapter-microsoft - qemu-sgabios - raspberrypi-firmware-config-camera - suma-amazon-adapter-config-llc - suma-amazon-adapter-config-ltd - suma-azure-adapter-config-llc Package Source Changes ====================== GraphicsMagick -- security update +- revert to 1.3.40 [bsc#1214831] + https://sourceforge.net/p/graphicsmagick/news/2023/08/because-1341-is-discarded-i-has-been-published-2-builds-for-win32-architecture/ +- modified patches + % GraphicsMagick-disable-insecure-coders.patch (refreshed) +- deleted patches + - GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch (not needed) + - GraphicsMagick-name-key-return-input-file-base-name.patch (not needed) + +- fix regression in 1.3.41 + https://sourceforge.net/p/graphicsmagick/bugs/722/ - fix CVE-2022-1270 [bsc#1198351], Heap buffer overflow when parsing MIFF - + GraphicsMagick-CVE-2022-1270.patch + fix 17179:91afa18a6161 + + GraphicsMagick-fix-regression-NULL-instead-of-empty-string.patch + fix 17180:bb42cd90ce6f + + GraphicsMagick-name-key-return-input-file-base-name.patch + +- version update to 1.3.41 + Bug fixes: + * Blob: Immediately reject attempts to write blobs to formats which + can not support blobs. + * TranslateTextEx(): An empty string argument should return an empty + string rather than a NULL string. + * SetImageAttribute(): Fix bounds issue when concatenating string. + * JPEG: Do not set image resolution if the values provided are outside + of the valid range. + * Fixes for NaN when reading formats based on floating point. + * HEIF: Fix reading images with rotation/transformation. + * BMP: Do not decode primaries or gamma unless colorspace is + LCS_CALIBRATED_RGB. Add/correct bmp_info.size "biSize" logic which + decides if header chunks are present (or invalid). + * MNG: Fixes for resizing using X_method 5. + * GM command (convert, montage, mogrify): Many command-line parser + fixes/checks for invalid command line syntax which causes unexpected + behavior, or core dumps. + * TopoL: Given that a writer is now provided, issues found in the + reader (and writer) due to continual fuzz-testing have been fixed, + as encountered. + * GetImageClippingPathAttribute(): Check for and use clipping path + name (ID=2999) to get the real attribute name. + * ReadIPTCProfile(): Fix malformed IPTC data parsing. + New Features: + * TopoL: Now provides a writer. + * WPG: Now provides a writer. + * gm batch: Implement simple Test Anything Protocol (TAP) test + counting and "ok N"/"not ok N" messaging. + * TIFF: Support '-define tiff:photometric=minisblack' and '-define + tiff:photometric=miniswhite' to be able to adjust the sense used + when writing bilevel TIFF images. + * TIFF: Require that TIFFTAG_EXTRASAMPLES be used appropriately to + indicate the intention of extra channels. + * utilities/tests/gen-tiff-images/genimages: Script for writing (and + then reading) thousands (5568 permutations) of TIFF format variants. + * EXIF and PNG: Retrieve image orientation from EXIF (if present) and + store in image. + * HEIF: Retrieve image orientation from EXIF and store in image. + Behavior Changes: + * The ability to extend existing image attribute text by calling + SetImageAttribute() multiple times with the same key is now + deprecated, and will soon be removed. In the mean time, the + annoying message "SetImageAttribute: Extending attribute value text + is deprecated!" is printed to the standard error output to help + expose code which is using this feature. +- modified patches + % GraphicsMagick-disable-insecure-coders.patch (refreshed) +- deleted patches + - strlcpy-wrong-sizing.patch (upstreamed) + +- add strlcpy-wrong-sizing.patch: fix incorrect usages of + strlcpy and strlcat detected by glibc 2.38's fortify + +- clean up old conditionals + +- version update to 1.3.40 + * GetMagickGeometry(): Fix a scaling issue where dimensions could be + scaled down to zero. + * PCD: Handle writing image with a dimension of 1. + * PNG: When writing, use lower-case raw profile identifiers (e.g. 'Raw + profile type xmp') because exiftool expects that. + * SUN: The sense of monochrome images was inverted. Fix scanline size + calculation. + * WPG: Fix 20-year old bug in WPG header reading. + New Features: + * JXL: Decode and log extra channel information. This information is + not yet used. + * PCX and DCX: Support writing uncompressed format (use -compress none + for no compression). + * Added IM1, IM8, and IM24 magick aliases for the Sun Raster format + since those are the historically correct extensions. + API Updates: + * AppendImageToList() now updates the image list pointer to be the + image which was just added. Use GetFirstImageInList() when the + pointer to the first image in the list is needed. + +- version update to 1.3.39 + Special Issues: + * GraphicsMagick really does need some additional productive + volunteers. For several years now, the burden has entirely been on + me (Bob Friesenhahn). I have been sheparding the project for 20 + years already (and contributed to ImageMagick and GraphicsMagick + combined for 26 years already). It is not reasonable to expect + someone with a full time job (and expecting to retire in a few + years) to do all of the work. + Security Fixes: + * GraphicsMagick is participating in Google's oss-fuzz project since + February 4 2018 due to the contributions and assistance of Alex + Gaynor and Paul Kehrer. The issues list is available at + https://bugs.chromium.org/p/oss-fuzz/issues/list under search term + "graphicsmagick". Issues are available for anyone to view and + duplicate if they have been in "Verified" status for 30 days, or if + they have been in "New" status for 90 days. Please consult the + GraphicsMagick ChangeLog file, Mercurial repository commit log, and + the oss-fuzz issues list for details. + Security Fixes: + * oss-fuzz: Several security fixes originating from oss-fuzz testing. + * ALL: Replace strcpy() with strlcpy(), replace strcat() with + strlcat(), replace sprintf() with snprintf(). Prefer using bounded + string functions. This change is made for the purpose of increasing + safety than to address any existing demonstrated concern. + Bug fixes: + * Coverity: Several fixes for issues found by Coverity to reduce the + number of reported issues back down to zero. + * Clang Analyzer 12: Fix most discovered issues. + * PNG: Fix possible use of uninitialized 'ping_num_trans' value in + ReadOnePNGImage(). + * MinGW: Eliminate overwrite of existing _MSC_VER value in MinGW compile. + * MNG: Fix heap-use-after-free in CloseBlob. + * MNG: Fix indirect leak in MagickMallocCleared(). + * PS: Assure that 'bounds' structure is initialized. + * EPT: Assure that 'bounds' structure is initialized. + * HEIF: If heif_image_handle_get_metadata_size() returns 0, then + carrying on with reading image data. + * configure.ac: Fix Bashism in maintainer-mode check. + * TGA: Remove a defective validation of comment length, which blocked + reading some sample TGA files from the "Encyclopedia Of Graphics + File Formats" book. Monochromatic bilevel TGA can now be read and + written. TGA "Footers" are now read and used when logging as well + as converted to Image attributes. + * WebP: Add configure.ac updates to check for libsharpyuv so that + builds with the development version work again. + * Visual Studio Build (VisualMagick): Fix project file generation. + Improve portability of code for configure.exe. + * Fixed mixed encoding (non-UTF-8) errors in text and source files. + * DrawPrimitive(): Fix composition using "0,0" for image size. This + became broken in GraphicsMagick 1.3.36. + * Blob API: Fixed SEEK_END validation. SEEK_END was not used before, + but now it is. + New Features: + * AVIF: Support reading AVIF via libheif if it supports decoding AVIF + (still no writer support). + * LOG: Added function IsEventLogged() to report if a particular event + will be logged. Us this as much as possible throughout the software + to replace use of IsEventLogging(). This avoids a possible + performance hit if any logging is enabled at all and logging + statements are executed which are filtered and produce no output. + * FITS: Support storing multiple scenes in one file (non-standard + extension). + * JPEG: Optionally enable arithmetic coder in JPG images using + '-define jpeg:arithmetic-coding=true'. + * JPEG: Add support for reading deep gray images. + * HEIF: Support reading ICC color profiles. + * Produce ASCII armored ".asc" format GPG signature files. + * Support reading directly from .bz2, .gz, .svgz, and .Z files + (without creating a temporary file), if possible. + API Updates: + * Magick++: Provide a version of Image::colorMapSize() which is a + 'const' method. Continue to provide the non-const version in order + to avoid an ABI change. The compiler should choose the appropriate + version. + Feature improvements: + * HTML documentation generation based on Docutils is significantly + updated and improved. + * PerlMagick: Added more sample input files and changed many reader + tests to use hash signature rather than comparison to reduce the + distribution size. + * Blob: The ReadBlobString() function has been re-written to perform + better when reading from files. + * JXL: The JXL coder is updated to compile with what will likely + become JXL 0.8.0. Support for 16-bit 'short' samples, 16-bit + 'float' samples, and 32-bit float samples added. Support for + reading and writing ICC, EXIF, and XMP profiles added. + * MIME: GM "magick" to MIME mappings have been added for apng, avif, + bmp, ico, and webp (regardless of if they are supported). + * XPM: The XPM reader performance is dramatically improved and is + observed to be 32x faster when reading a medium-sized XPM file + (e.g. the GraphicsMagick logo). + * XPM: Support reading "deep" images with more pallete entries than + the maximum colormap size. + Windows Delegate Updates/Additions: + * Update bundled libjasper to version 1.900.26. Please note that 4.0.0 + is the latest version at this time and fixes a great many security + and stability issues which are present in 1.900.26. + * Update bundled libjpeg to version 9e. + * Update bundled libtiff to version 4.5.0. + Build Changes: + * MSVC: Added porting function to emulate C'99 snprintf for MSVC older + than 2015. + * MSVC: Successfully compiles using Visual Studio 2008 and 2019. + Compiles successfully using Visual Studio 2022 if optimization is + disabled (otherwise there is an internal compiler error in effect.c). +- Enable JPEG-XL on Tumbleweed. + +- version update to 1.3.38 + Special Issues: + * The FTP site ftp.graphicsmagick.org is now shut down due to a lack + of bandwith, extremely abusive users (including from Google and + customers of Amazon Web Services), and a lack of support from the + user community. Another factor is that FTP support has been removed + from popular web browsers. This is very unfortunate since the site + served multiple usages, including providing a lot of historical data + (e.g. related to PNG) which may not be available elsewhere. + * GraphicsMagick really does need some additional productive + volunteers. For several years now, the burden has entirely been on + me (Bob Friesenhahn). I have been sheparding the project for 20 + years already (and contributed to ImageMagick and GraphicsMagick + combined for 26 years already). It is not reasonable to expect + someone with a full time job (and expecting to retire in a few + years) to do all of the work. + Security Fixes: + * GraphicsMagick is participating in Google's oss-fuzz project due to + the contributions and assistance of Alex Gaynor. Since February 4 + 2018, ??? issues have been opened by oss-fuzz and ?? issues remain + open. The issues list is available at + https://bugs.chromium.org/p/oss-fuzz/issues/list under search term + "graphicsmagick". Issues are available for anyone to view and + duplicate if they have been in "Verified" status for 30 days, or if + they have been in "New" status for 90 days. Please consult the + GraphicsMagick ChangeLog file, Mercurial repository commit log, and + the oss-fuzz issues list for details. + Bug fixes: + * Documentation: Generator scripts in 'doc' directory now produce + similar results using GNU sed and Solaris/Illumos sed and don't + produce warnings. + * JNG: Fixes to error handling to avoid temporary file leaks and + avoiding returning a broken image. + * JPEG: Always store embedded profiles in image, even if in 'ping' + mode. + * MAT: Change from using 'int' for sizes/offsets to using 'size_t' and + check all related calculations for overload. + * MIFF: Fix heap buffer overflow which may be provoked in builds with + BZLIB support. + * MogrifyImage() and Magick::Image::trim(): Trim requires + NorthWestGravity. + * PICT: Fixed a heap overflow. + * PerlMagick: Fix issue that image fill attribute had its opacity + reset to transparent so it could not be usefully set at image scope. + * Test Suite: Fixed portability issue related to 'sed' which broke + utilities/tests/convert.tap test script. + * WPG: Fix incorrect TrX and TrY elements in CTM. + New Features: + * Added support for a 'Read' resource limit (e.g. '-limit read 5mb'). + This allows the user to specify a hard limit for how much data may + be read from a file, read from a pipe, or decompressed from a file + (e.g gzip or bzip2) before a hard error is reported. This resource + limit is a useful alternative to completely disabling support for + compressed files using the --disable-compressed-files option and it + provides more protections as well. + * Added support for reading HEIF/HEIC format. + * Added support for reading and writing JPEG XL format. + * Support for JasPer 3.0.0 is completed. Upgrading to JasPer 3.0.0 is + strongly recommended due to its many security fixes and integration + with GraphicsMagick's resource-limited memory allocator. + * PNG: Support the define png:chunk-malloc-max=limit in order to allow + reading PNG files which report "chunk data is too large" or to + reduce the default limit. + * compare: Added support for the '-compress' option. + * compare: Added support for the '-auto-orient' option. This tries to + assure that the two images are right-side up before comparing. + API Updates: + * Magick++: Support the new 'ReadResource' enumeration. + Feature improvements: + * JPEG: Implement more efficient way to append JPEG profile chunks. + * Resource Limited Memory: The resource limited memory allocator now + maintains useful statistics such as a tally of the total number of + octets moved by realloc. + Windows Delegate Updates/Additions: + * None + Build Changes: + * In maintainer mode, the configure script searches for a GnuPG 'gpg' + program to use for signing snapshot releases and uses this to + support PGP-signed development snapshots. + Behavior Changes: + * None + * fixes CVE-2022-1270 [bsc#1198351] +- modified patches + % GraphicsMagick-disable-insecure-coders.patch (refreshed) + +- version update to 1.3.37 + * bug fix release, see NEWS.txt +- modified patches + % GraphicsMagick-disable-insecure-coders.patch (refreshed) +- added sources + + GraphicsMagick-1.3.37.tar.xz.sig + +- version update to 1.3.36 + Security Fixes: + * fix issues found by oss-fuzz project + * WPG: Fixes for heap buffer overflow. + Bug fixes: + * ConstituteImage(): Set image depth appropriately based on the + storage size specified by StorageType and QuantumDepth. + * GetImageBoundingBox(): Fix problem that MagickTrimImage with extreme + fuzz values could produce an image with negative width. + * ImageToFile(): Improve error handling to avoid possible deferred + deletion of temporary files, causing unexpected excessive use of + temporary file space. + * JNG: Add validations for alpha compression method values and use + this information to enforce decoding using the appropriate + sub-format (rather than auto-detecting the format). Also, address + memory leaks which may occur if the sub-decoder does something other + than was expected. + * MagickCondSignal(): Improvements to conditional signal handler + registration (which avoids over-riding signal handlers previously + registered by an API user). + * ModifyCache(): Fix memory leak. + * ReadCacheIndexes(): Don't blunder into accessing a null pointer if + the using code has ignored a previous error report bubled-up from + SetNexus(). + * MNG: When doing image scaling and the image width or height is 1 + then always use simple pixel replication as per the MNG + specification. + * MVG: Fixes to 'push clip-path foo' and 'pop clip-path foo' parsing + to eliminate a class of malign behavior. + * MVG: Place an aribrary limit on stroke dash polygon unit maximum + length in order to avoid possibly rendering "forever". + * PCL: No longer attempt to handle reading HP PCL format via the + external 'hp2xx' program since it seems worthless for that task. + * PS: Fix corrupt image when writing PseudoClass image with a colormap + larger than two entries as bilevel. + * SVG: Memory leak fixes. + * SVG reader: Now support 'ping' support so the identify command works + as expected. + * TIFF: WEBP compression only supports a depth of 8 so force that + value. + * Wand MagickSetSamplingFactors(): Correct formatting of sampling + factors string. + New Features: + * Logging is now fully programmable. + * DPX format: Support dpx:swap-samples-read define which behaves + similar to dpx:swap-samples, but is only applied when reading, as + well as dpx:swap-samples-write, which is only applied when + writing. This provides for use when there is both reading and + writing in the same operation (otherwise the final result was no + effect!). + API Updates: + * magick/api.h: Add "magick/enum_strings.h" to API headers. + * New log settings accessor C functions: SetLogDefaultFileName(), + SetLogDefaultFormat(), SetLogDefaultOutputType(), + SetLogDefaultLogMethod(), SetLogDefaultLimit(), + SetLogDefaultGenerations(), SetLogDefaultEventType(). These + functions allow a program to set the same parameters which may be + set by loading a "log.mgk" function. If a default logging callback + was provided via SetLogDefaultLogMethod() such that MethodOutput is + used, then the search for a "log.mgk" is avoided entirely. + * New log settings accessor C++ functions: SetLogDefaultFileName(), + SetLogDefaultFormat(), SetLogDefaultOutputType(), + SetLogDefaultLogMethod(), SetLogDefaultLimit(), + SetLogDefaultGenerations(), SetLogDefaultEventType(). These C++ + functions just pass through to the equivalent C functions and + provide the same benefits. + * A simple resource-limit respecting memory allocator has been + developed for internal use wherever arbitrarily-large amounts of + memory might be requested. This will gradually be added wherever it + appears to be needed. The memory resource limits are at the overall + process level. The MVG/SVG rendering code is updated to use this + new allocator. Almost all of the coders (image format + readers/writers) have now been updated to use this new allocator. + This means that '-limit memory 300MB' would be more complete and + meaningful now. Temporary allocations by the image processing + algorithms (other than for the images themselves) are still not + accounted for in the resource limiting. + * MVG Renderer / DrawImage(): Use resource-limit respecting memory + allocators for remaining large memory allocations. + * PNG writer: Don't skip optional Exif identifier code if it isn't present. + * DPX reader/writer: decode/encode of 10-bit packed DPX is now twice + as fast due to code simplification. + * TIFF reader: Apply the same resource limits to TIFF tile sizes as + apply to the image itself. +- deleted patches + - GraphicsMagick-CVE-2020-12672.patch (upstreamed) LibVNCServer +- version update to 0.9.14 + [#]# Overall changes: + * Added more documentation (build system integration, repeater setup) and a legal FAQ. + * Added [contribution guidelines](CONTRIBUTING.md). + * Ported the TravisCI continous integration machinery to GitHub workflows. + [#]# LibVNCServer/LibVNCClient: + * Added [qemu extended key event]. + * Fixed several potential multiplication overflows. + [#]# LibVNCClient: + * Fixes of several memory leaks and buffer overflows. + * Added UltraVNC's MSLogonII authentication scheme. + * Fixed TLS interoperability with GnuTLS servers. + * Fixed detection of newer UltraVNC and TightVNC servers. + * Added support for [SetDesktopSize]. + * Added SSH tunneling example using libssh2. + * Added some extensions to VeNCrypt in order to be compatible with a wider range of servers. + [#]# LibVNCServer: + * Fixes to the multi-threaded server implementation which should be a lot more sound now. + * Fixed TightVNC-filetransfer file upload for 64-bit systems. + * Fixes of crashes in the zlib compression. + * Added support for [UTF8 clipboard data]. + * Fixed visual artifacts in framebuffer on ARM platforms. + * Fixed several WebSockets bugs. + * Fixed the UltraVNC-style repeater example. + * Added support for larger framebuffers (two 4k screens possible now). + * Added support for timeouts for outbound connections (to repeaters for instance). + * Fixed out-of-bounds memory access in Tight encoding. +- modified patches + % 0001-libvncserver-Add-API-to-add-custom-I-O-entry-points.patch (refreshed) + % 0002-libvncserver-Add-channel-security-handlers.patch (refreshed) +- deleted patches + - 0001-libvncserver-don-t-NULL-out-internal-of-the-default-.patch (upstreamed) + - 0003-libvncserver-auth-don-t-keep-security-handlers-from-.patch (upstreamed) + - 0004-zlib-Clear-buffer-pointers-on-cleanup-444.patch (upstreamed) + - LibVNCServer-CVE-2020-29260.patch (upstreamed) + MozillaFirefox +- Mozilla Firefox ESR 115.3.1 ESR + MFSA 2023-44 (bsc#1215814) + * CVE-2023-5217: Heap buffer overflow in libvpx + +- Firefox Extended Support Release 115.3.0 ESR + Placeholder changelog-entry +- Mozilla Firefox ESR 115.3 + MFSA 2023-42 (bsc#1215575) + * CVE-2023-5168: (bmo#1846683) + Out-of-bounds write in FilterNodeD2D1 + * CVE-2023-5169: (bmo#1846685) + Out-of-bounds write in PathOps + * CVE-2023-5171: (bmo#1851599) + Use-after-free in Ion Compiler + * CVE-2023-5174: (bmo#1848454) + Double-free in process spawning on Windows + * CVE-2023-5176: (bmo#1836353, bmo#1842674, bmo#1843824, + bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, + bmo#1851195) + Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, + and Thunderbird 115.3 +- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build + with newer binutils (bsc#1215309) + alsa +- More upstream fix for incosistent compile conditions: + 0004-reshuffle-included-files-to-include-config.h-as-firs.patch + +- Upstream fix backport: + 0002-global.h-move-__STRING-macro-outside-PIC-ifdef-block.patch +- Upstream fix for PCM segfault regression (bsc#1215167): + 0003-pcm-Fix-segfault-with-32bit-libs.patch + +- Update to version 1.2.10 (jsc#PED-6566): + * MIDI 2.0 feature support + * build fixes for various platforms + * various documentation fixes + * misc topology fixes + * ucm fixes and cleanups + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-lib +- Took upstream fix for possible build errors: + 0001-control.h-Fix-ump-header-file-detection.patch + +- Update to version 1.2.9: + * Versioned symbol updates + * Various fixes for building on *BSD and Android + * Fixes and enhancements of auto silencing and playback drain + * Add SND_CTL_EINTR open mode at PCM + * Avoid endless loop in snd_pcm_sw_params_default() + * Fixes in PCM rate, route/softvol plugins + * Fixes in topology API parser, cleanups + * Enhancements in latency test program + * Minor code cleanup and memory leak fixes in UCM API + * emu10k1 config cleanup + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-lib + alsa-tools +- Add tarball signature and keyring + +- Update to version 1.2.5 (jsc#PED-6566): + * hdspmixer: add output loopback buttons + * hdspmixer: enhance saving of presets + alsa-topology-conf +- Update to version 1.2.5.1 (jsc#PED-6566): + * Version bump, source archive name fixed + alsa-ucm-conf +- Update to version 1.2.10 (jsc#PED-6566): + * updates / fixes for various devices: mtk-rt5650, usb-audio, tegra + es8316, sof-essx8336, pinephone, Steinberg UR44C, AMD ACP RPL, + ACP63, sof-hda-dsp, etc + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-ucm-conf +- Upstream regression fix: + 0001-SplitPCM-Device-argument-may-not-be-set.patch + +- Update to version 1.2.9: + various profile updates for USB-audio, SOF and others. + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-ucm-conf + alsa-utils +- Update to alsa-utils 1.2.10 (jsc#PED-6566): + * MIDI 2.0 / UMP support for sequencer programs + * nhlt: add nhlt-dmic-info utility + * Build fixes and cleanups + * speaker-test: allow large buffer and period time setup - up to 100 seconds + * various topology fixes + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.9_v1.2.10#alsa-utils +- Fix the builds with old gcc: + 0001-axfer-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch + 0002-amidi-use-ATTRIBUTE_UNUSED-instead-remove-argument-n.patch + 0003-alsaloop-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch + 0004-bat-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch + 0005-seq-use-ATTRIBUTE_UNUSED-instead-remove-argument-nam.patch + 0006-alsaucm-use-ATTRIBUTE_UNUSED-instead-remove-argument.patch + 0007-topology-use-ATTRIBUTE_UNUSED-instead-remove-argumen.patch + +- Update to alsa-utils 1.2.9: + BSD build fix, and various updates for alsactl, amidi, axfer, + alsa-info.sh, alsaloop, alsatplg, alsaucm, aplay, abat. + For details, see: + https://www.alsa-project.org/wiki/Changes_v1.2.8_v1.2.9#alsa-utils + apparmor +- Fix pam_apparmor %post and %postun scripts to handle pam-config errors + (bsc#1215596) + apparmor:libapparmor +- Fix pam_apparmor %post and %postun scripts to handle pam-config errors + (bsc#1215596) + attica-qt5 +- Update to 5.110.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.110.0 +- No code change since 5.109.0 + +- Update to 5.109.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.109.0 +- Changes since 5.108.0: + * Add explicit moc includes to sources for moc-covered headers + +- Update to 5.108.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.108.0 +- Changes since 5.107.0: + * Remove qt6 CI builds + +- Update to 5.107.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.107.0 +- No code change since 5.106.0 + +- Update to 5.106.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.106.0 +- No code change since 5.105.0 + +- Update to 5.105.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.105.0 +- No code change since 5.104.0 + +- Update to 5.104.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.104.0 +- No code change since 5.103.0 + bind +- Update to release 9.16.44 + Bug Fixes: + * Processing already-queued queries received over TCP could cause + an assertion failure, when the server was reconfigured at the + same time or the cache was being flushed. This has been fixed. + Security Fixes: + * Previously, sending a specially crafted message over the + control channel could cause the packet-parsing code to run out + of available stack memory, causing named to terminate + unexpectedly. This has been fixed. (CVE-2023-3341) + [bsc#1215472] +- Switch to pkgconfig(libprotobuf-c) since this now contains the + required protobuf-c binary + binutils +- Update to version 2.41 [PED-5778]: + * The MIPS port now supports the Sony Interactive Entertainment Allegrex + processor, used with the PlayStation Portable, which implements the MIPS + II ISA along with a single-precision FPU and a few implementation-specific + integer instructions. + * Objdump's --private option can now be used on PE format files to display the + fields in the file header and section headers. + * New versioned release of libsframe: libsframe.so.1. This release introduces + versioned symbols with version node name LIBSFRAME_1.0. This release also + updates the ABI in an incompatible way: this includes removal of + sframe_get_funcdesc_with_addr API, change in the behavior of + sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs. + * SFrame Version 2 is now the default (and only) format version supported by + gas, ld, readelf and objdump. + * Add command-line option, --strip-section-headers, to objcopy and strip to + remove ELF section header from ELF file. + * The RISC-V port now supports the following new standard extensions: + - Zicond (conditional zero instructions) + - Zfa (additional floating-point instructions) + - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng, + Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions) + * The RISC-V port now supports the following vendor-defined extensions: + - XVentanaCondOps + * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions. + * A new .insn directive is recognized by x86 gas. + * Add SME2 support to the AArch64 port. + * The linker now accepts a command line option of --remap-inputs + = to relace any input file that matches with + . In addition the option --remap-inputs-file= can be used to + specify a file containing any number of these remapping directives. + * The linker command line option --print-map-locals can be used to include + local symbols in a linker map. (ELF targets only). + * For most ELF based targets, if the --enable-linker-version option is used + then the version of the linker will be inserted as a string into the .comment + section. + * The linker script syntax has a new command for output sections: ASCIZ "string" + This will insert a zero-terminated string at the current location. + * Add command-line option, -z nosectionheader, to omit ELF section + header. +- Removed obsolete patches: binutils-2.40-branch.diff.gz, + riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch, + extensa-gcc-4_3-fix.diff . +- Add binutils-2.41-branch.diff.gz . +- Add binutils-old-makeinfo.diff for SLE-12 and older. +- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff . +- Contains fixes for these non-CVEs (not security bugs per upstreams + SECURITY.md): + * bsc#1209642 aka CVE-2023-1579 aka PR29988 + * bsc#1210297 aka CVE-2023-1972 aka PR30285 + * bsc#1210733 aka CVE-2023-2222 aka PR29936 + * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc) + * bsc#1214565 aka CVE-2020-19726 aka PR26240 + * bsc#1214567 aka CVE-2022-35206 aka PR29290 + * bsc#1214579 aka CVE-2022-35205 aka PR29289 + * bsc#1214580 aka CVE-2022-44840 aka PR29732 + * bsc#1214604 aka CVE-2022-45703 aka PR29799 + * bsc#1214611 aka CVE-2022-48065 aka PR29925 + * bsc#1214619 aka CVE-2022-48064 aka PR29922 + * bsc#1214620 aka CVE-2022-48063 aka PR29924 + * bsc#1214623 aka CVE-2022-47696 aka PR29677 + * bsc#1214624 aka CVE-2022-47695 aka PR29846 + * bsc#1214625 aka CVE-2022-47673 aka PR29876 + +- This only existed only for a very short while in SLE-15, as the main + variant in devel:gcc subsumed this in binutils-revert-rela.diff. + Hence: +- Remove binutils-disable-dt-relr.sh as subsumed. + +- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR + ld/25694 +- riscv-pr22263-1.patch: Backport for PR ld/22263 + +- Rebase branch patch (includes fix for PR30281). + +- Document fixed CVEs: + * bnc#1208037 aka CVE-2023-25588 aka PR29677 + * bnc#1208038 aka CVE-2023-25587 aka PR29846 + * bnc#1208040 aka CVE-2023-25585 aka PR29892 + * bnc#1208409 aka CVE-2023-0687 aka PR29444 + +- Enable bpf-none cross target and add bpf-none to the multitarget + set of supported targets. + +- Disable packed-relative-relocs for old codestreams. They generate + buggy relocations when binutils-revert-rela.diff is active. + [bsc#1206556] + +- Disable ZSTD debug section compress by default. + +- Enable zstd compression algorithm (instead of zlib) + for debug info sections by default. + +- Pack libgprofng only for supported platforms. + +- Remove upstreamed patch binutils-maxpagesize.diff. + +- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043. +- Move libgprofng-related libraries to the proper locations (packages). +- Add --without=bootstrap for skipping of bootstrap (faster testing + of the package). + +- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515] + +- Update to version 2.40: + * Objdump has a new command line option --show-all-symbols which will make it + display all symbols that match a given address when disassembling. (Normally + only the first symbol that matches an address is shown). + * Add --enable-colored-disassembly configure time option to enable colored + disassembly output by default, if the output device is a terminal. Note, + this configure option is disabled by default. + * DCO signed contributions are now accepted. + * objcopy --decompress-debug-sections now supports zstd compressed debug + sections. The new option --compress-debug-sections=zstd compresses debug + sections with zstd. + * addr2line and objdump --dwarf now support zstd compressed debug sections. + * The dlltool program now accepts --deterministic-libraries and + - -non-deterministic-libraries as command line options to control whether or + not it generates deterministic output libraries. If neither of these options + are used the default is whatever was set when the binutils were configured. + * readelf and objdump now have a newly added option --sframe which dumps the + SFrame section. + * Add support for Intel RAO-INT instructions. + * Add support for Intel AVX-NE-CONVERT instructions. + * Add support for Intel MSRLIST instructions. + * Add support for Intel WRMSRNS instructions. + * Add support for Intel CMPccXADD instructions. + * Add support for Intel AVX-VNNI-INT8 instructions. + * Add support for Intel AVX-IFMA instructions. + * Add support for Intel PREFETCHI instructions. + * Add support for Intel AMX-FP16 instructions. + * gas now supports --compress-debug-sections=zstd to compress + debug sections with zstd. + * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} + that selects the default compression algorithm + for --enable-compressed-debug-sections. + * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs, + XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx, + XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head + ISA manual, which are implemented in the Allwinner D1. + * Add support for the RISC-V Zawrs extension, version 1.0-rc4. + * Add support for Cortex-X1C for Arm. + * New command line option --gsframe to generate SFrame unwind information + on x86_64 and aarch64 targets. + * The linker has a new command line option to suppress the generation of any + warning or error messages. This can be useful when there is a need to create + a known non-working binary. The option is -w or --no-warnings. + * ld now supports zstd compressed debug sections. The new option + - -compress-debug-sections=zstd compresses debug sections with zstd. + * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd} + that selects the default compression algorithm + for --enable-compressed-debug-sections. + * Remove support for -z bndplt (MPX prefix instructions). +- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff, + cross-avr-size.patch. +- Removed patch: binutils-pr29482.diff. +- New patch: extensa-gcc-4_3-fix.diff. +- Includes fixes for these CVEs: + * bnc#1206080 aka CVE-2022-4285 aka PR29699 +- Enable by default: --enable-colored-disassembly. + +- fix build on x86_64_vX platforms +- add arm32-avoid-copyreloc.patch for PR16177 (bsc#1200962) + bogofilter -- Remove redundant tags/sections from specfile -- Use %_smp_mflags for parallel build - -- Fix a heap corruption in base64 decoder on invalid input; CVE-2010-2494; - (bnc#619847). - -- fix build on non-arm - -- Update to version 1.2.1. - + Update configure to use "host" rather than "target", to match the - newer autotools cross-build semantics. Untested. - Developers changing the build system and users who build from SVN - will now need automake 1.9 and autoconf 2.60. - + Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad Bug - [#320829]. As a side effect, also fixes misattribution of MIME bodies - as MIME headers with mime: tag. Original bug report: - https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829 - Before this fix, bogofilter did not properly MIME-decode the first - line in a body. This was especially bad with Christian's samples - where the whole body was only one long base64 line. - + Removed two scripts that are auto-built. - + Added test case for Stephen Davies' Q-P EOL problem (see below). - + Fixed EOL problem in quoted_printable text. Problem reported by - Stephen Davies and identified by Pavel Kankovsky - + Promoted to "stable" - -- Update to version 1.2.0. - + Flex-2.5.35 has fix for memory allocation problem in 2.5.4, 2.5.31, and - 2.5.33, making bogofilter's flex patch obsolete. - + Bogofilter now uses listsort in place of qsort. - + Added token-count=n, token-count-min=n, and token-count-max=n options. - + Minor code cleanups. - + spamitarium.pl updated to version 0.3.0 - + update bf_compact documentation by removing explicit Berkeley DB - references, as it has been fixed to work with other database drivers in - March 2008. - + bf_compact, bf_copy and bf_tar now support transformed program names - + Update sqlite3 adaptor to take advantage of sqlite3_prepare_v2() API - function that appeared in SQLite 3.3.9. The new _v2 interface allows for - more specific error messages when executing SQL statements. Also enable - extended result codes for more precise error reporting. - + Update doc/integrating-with-postfix: the script now suggests sendmail -G - - i (where -G will be ignored by Postfix before 2.3) to tell Postfix it's a - gateway submission, not an original injection; the filter pipe(8) magic - for master.cf now suggests flags=Rq (was flags=R), as per Postfix's - FILTER_README. - + Drop support for systems that reverse setvbuf arguments. The last systems - to do that are reported to be shipped in 1987 by the autoconf manual, so - ditch them. - busybox +- Add ash-fix-segfault-d417193cf.patch: fix stack overflow vulnerability + in ash (CVE-2022-48174, bsc#1214538) + clamav-database +- database refresh on 2023-10-02 (bsc#1084929) + combustion +- Update to version 1.2+git7: + * Try the KIWI selfinstall .iso as fallback config source (jsc#PED-6587, jsc#SMO-271) + +- Update to version 1.2+git6: + * Fix failure if /sysroot not mounted and no config provided + +- Update to version 1.2+git5: + * Run combustion-prepare.service before ignition-enable-network.service + * Revert "Remove now obsolete workaround for ignition-mount.service ExecStop" + * Only attempt firstboot check on devices + +- Update to version 1.2+git2: + * Don't consider /var/lib/YaST2/reconfig_system for firstboot detection + * Use improved x-initrd.mount code in firstboot-detect as well + +- Update to version 1.2: + * Don't remove YaST reconfig_system marker if called from ignition + * Remove now obsolete workaround for ignition-mount.service ExecStop + * Set dasd_mod.dasd=autodetect in modprobe.d + * Omit combustion module in initrds for already configured systems + * New module to handle firstboot detection in the initrd (poo#127196, + jsc#PED-5843) + * Fixes for use with ignition-kargs-helper + * Improve x-initrd.mount handling + * Work around systemd issue with emergency.target at the root + +- Update to version 1.1+git0: + * Add option to run the script in the prepare phase as well + * Add compatibility for ignition-kargs-helper + * Populate /dev/shm/combustion/ in the --prepare stage + * Small README.md improvements + * combustion.rules: Match /module/qemu_fw_cfg instead of the namespace within + +- Update to version 1.0+git4: + * Handle uppercase filesystem labels in combustion.rules as well + * Update README.md to explain the current mechanism of firstboot_happened + cracklib +- version update to 2.9.11 + * Merge fedora patches and man pages + * Fix missing files in dist tarball, other automake fixes (Leandro Nini) + * Fix error handling during build of dictionary (yixiangzhike) + * Fix to localization support (A. Wilcox, nekopsykose) + * Fix to test utilities (Alexander Kanavin) + * Translation updates from weblate + * python: adjust include path for builddir by @thesamesam in #61 + * Make buffer static and avoid returning stack-allocated memory by @drfiemost in #63 +- modified patches + % 0002-cracklib-2.9.2-visibility.patch (refreshed) + +- update to 2.9.8: + * rules: Drop using register keyword + * add exec perms + * translation updates + * Use what's in the build environment and use a current autoconf + * util/Makefile.am: fix link with lintl + * Force grep to treat the input as text when formatting word files + +- Drop --with-pic, as it has no effect with --disable-static. + curl +- Security fix: [bsc#1215026, CVE-2023-38039] + * http: return error when receiving too large header + * Add curl-CVE-2023-38039.patch + double-conversion +- update to 3.3.0: + * Fix some compile warnings in Visual Studio + * Set permissions for github workflows + * Add flags to control trailing decimal and zero in exponent + form when input has one significant digit + +- update to 3.2.1 + * Disable quiet nan test on windows + * Test on all platforms. + * Fix warnings on Windows + * Run ctests first. + * Give shared-lib option and test install + * Install Windows debbuger (pdb) files. + * Add a cast to silence a signedness conversion warning. + * Issue #184 : Fixed all -Wzero-as-null-pointer-constant warnings + +- update to 3.2.0: + * Fix quiet NANs on MIPS* and PA-RISC architectures. + +- update to 3.1.7: + * Reintroduce macros, if DOUBLE_CONVERSION_NON_PREFIXED_MACROS is set + * Also add support for Synopsys ARC64 architecture + +- update to 3.1.6: + * Features some code cleanups. + * Adds the following new architectures: loongarch, xtensa, nios2, e2k. + -- Initial package, version 2.0.1 - dtb-aarch64 +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + duperemove -- Update to v0.11.3 (jsc#SLE-11306) - * Remove patch v0.11.beta4_to_git_f95e429.patch as the affected code has been - removed in the mean time. +- build for 15 + +- Update to 0.12: + * Duplication lookup is now based on extents. This leads to a + massive increase of the performances. Block-based lookup is + still possible via --dedupe-options=partial. + * Following that change, a new hashfile format has been introduced. + Previous hashfile format is still supported when extents lookup + are disabled, this is not recommended. + * Batching has been implemented. When enabled with the -B + option, duperemove will run the deduplication phase every + scanned files. This is meant to help running duperemove on large + dataset, with small blocksize, or on memory-constrained systems. + * All hash algorithm has been removed and replaced by xxh128. This + variant is as robust as murmur3 while being faster. Choosing a + hash function via the --hash option has been removed. Hashfiles + built with other algorithm must be removed. + +- Update to 0.11.3: + * Increase open file limit. (#269) + * Create hash database file with 600 permission for improved + security. (#262) + * Read more data per pread, for v2 hashfile format this reduces + the overall number of syscalls made which in turns results + in better performance. + * Fix truncated file handling, eliminating a an infinite + loop case. (#255) + +- Update to v0.11.2 + - Improved detection of hyperthreading + - Multiple minor fixes and cleanups + - Updated xxhash algorithm to latest release + - Fixed extent collision handling + - Fix overflow scanning in extents + +- Fix building with gcc10 + +- Use source tarball from github + +- Update to v0.11.1 + - Add 'quiet' mode - duperemove will only print errors and a + short summary of any dedupe. + - Revert block dedupe default, it is causing excessive + fragmentation on users systems. + +- Update to v0.11 + - Fix a minor fd leak in hyperthreading detection code + - Clean up some typos in documentation + - Some build fixes + - Removed patch: v0.11.beta4_to_git_f95e429.patch evolution +- Add evolution-height-miscalculation.patch: fix rendering of + calendar changes with WebKitGTK 2.40+ (boo#1213858 + glgo#GNOME/evolution#2204). + +- Add evolution-frame-flattening.patch: handle frame flattening + change in WebKitGTK 2.40 (boo#1213858). + exempi +- Add CVE-2020-18651.patch: fix a buffer overflow in ID3 support + (boo#1214486 CVE-2020-18651). + -- Update to version 2.2.0: - + New 'exempi' command line tool. - + Upgrade XMPCore to Adobe XMP 5.1.2 - - Quicktime support now works without Quicktime. - - Reconciliation with ID3v2. - - "Blessed" 64-bits support (we already had it in exempi). - - Slight change in the way XMP are written for MWG compliance. - - Fixed a serious bug with RIFF. - - Change in the way local text encoding is dealt with. - - Alternative languages behave slightly differently by changing - how the default language property is managed. - - Probably a bunch of bugs fixed that I don't know about. - + Update unit tests. - - Refactor the fixtures. - + Use automake silent rules instead of shave. (build only) - + "make dist" generate a bzip2 archive as well. (build only) - + Remove some obsolete warning flags. (build only) - + Build xmpcommandtool - + Several new APIs. - + Bug fixes: fdo#37747. -- Drop exempi-no-shave.patch: shave is not used upstream anymore. -- Drop libtool BuildRequires, autoreconf call and - - -disable-silent-rules that were used because of patch above. -- Create a tools subpackage for new exempi command line tool. -- Change group of libexempi3 from "Development/Libraries/C and C++" - to System/Libraries. -- Use V=1 during the build to get a verbose build. - extra-cmake-modules +- Update to 5.110.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.110.0 +- Changes since 5.109.0: + * ECMSetupVersion: do not handle SOVERSION value "0" as not set at all + * Drop outdated check for POLICY CMP0048 + * No longer explicitly include CMakeParseArguments + * KDEInstallDirs6: use kxmlgui5 subdir as before, not implementation specific + +- Update to 5.109.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.109.0 +- Changes since 5.108.0: + * KDEInstallDirs: fix description of KXMLGUIDIR & LOCALEDIR + * KDEGitCommitHooks: Allow passing in of custom scripts (kde#472361) + * qml-plasmoid techbase.kde.org/Projects/Plasma does not exist + +- Update to 5.108.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.108.0 +- Changes since 5.107.0: + * Remove qt6 CI builds + +- Update to 5.107.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.107.0 +- No code change since 5.106.0 + +- Update to 5.106.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.106.0 +- Changes since 5.105.0: + * Query gradle plugin version from Qt + * ecm_process_po_files_as_qm: use own subdir ECMPoQm/ for build artifacts + * Fix generate_export_header tests failures with parallel jobs (kde#464348) + * ECMGenerateExportHeader: add USE_VERSION_HEADER arg (& related tune args) + * ECMGenerateExportHeader: avoid helper C++ macro shared across gen. headers + +- Update to 5.105.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.105.0 +- Changes since 5.104.0: + * KDE_INSTALL_TARGETS_DEFAULT_ARGS (KF6): drop KDE_INSTALL_INCLUDEDIR + * KF_INSTALL_TARGETS_DEFAULT_ARGS: drop KDE_INSTALL_INCLUDEDIR_KF + +- Update to 5.104.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.104.0 +- Changes since 5.103.0: + * Load translations for application-specific language also on Win and Mac + * ECMGenerateExportHeader: fix duplicated addition of deprecation macros code + * Find wayland.xml from wayland-scanner.pc + extra-cmake-modules:doc +- Update to 5.110.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.110.0 +- Changes since 5.109.0: + * ECMSetupVersion: do not handle SOVERSION value "0" as not set at all + * Drop outdated check for POLICY CMP0048 + * No longer explicitly include CMakeParseArguments + * KDEInstallDirs6: use kxmlgui5 subdir as before, not implementation specific + +- Update to 5.109.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.109.0 +- Changes since 5.108.0: + * KDEInstallDirs: fix description of KXMLGUIDIR & LOCALEDIR + * KDEGitCommitHooks: Allow passing in of custom scripts (kde#472361) + * qml-plasmoid techbase.kde.org/Projects/Plasma does not exist + +- Update to 5.108.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.108.0 +- Changes since 5.107.0: + * Remove qt6 CI builds + +- Update to 5.107.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.107.0 +- No code change since 5.106.0 + +- Update to 5.106.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.106.0 +- Changes since 5.105.0: + * Query gradle plugin version from Qt + * ecm_process_po_files_as_qm: use own subdir ECMPoQm/ for build artifacts + * Fix generate_export_header tests failures with parallel jobs (kde#464348) + * ECMGenerateExportHeader: add USE_VERSION_HEADER arg (& related tune args) + * ECMGenerateExportHeader: avoid helper C++ macro shared across gen. headers + +- Update to 5.105.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.105.0 +- Changes since 5.104.0: + * KDE_INSTALL_TARGETS_DEFAULT_ARGS (KF6): drop KDE_INSTALL_INCLUDEDIR + * KF_INSTALL_TARGETS_DEFAULT_ARGS: drop KDE_INSTALL_INCLUDEDIR_KF + +- Update to 5.104.0 + * New feature release + * For more details please see: + * https://kde.org/announcements/frameworks/5/5.104.0 +- Changes since 5.103.0: + * Load translations for application-specific language also on Win and Mac + * ECMGenerateExportHeader: fix duplicated addition of deprecation macros code + * Find wayland.xml from wayland-scanner.pc + ffmpeg +- Add ffmpeg-CVE-2021-28429.patch: Fix Integer overflow + vulnerability in av_timecode_make_string in libavutil/timecode.c + (bsc#1214246, CVE-2021-28429). + freetds +- version update to 1.3.20 + * Allows to specify separate date and/or time format. + * Add "date only format" and "time only format" to locales.conf + configuration. + * Better logs for iconv initialization + * Report more verbose and helpful logs if tds_iconv_init fails. + +- version update to 1.3.18 + * Fix redirect with Azure +- modified patches + % configure-return-void-fix.patch (refreshed) + +- update to 1.3.17: + * Update dblib.c - _get_printable_size + * Added more types to _get_printable_size based on /misc/types.csv + +- update to 1.3.16: + * tds_close_socket and tds_connection_close could have been called + while reading/writing TLS sockets so calling tds_ssl_deinit + cause some used structure to be released while used. + +- update to 1.3.15: + * odbc: Fix some issues with SQLCopyDesc + * Do not change sql_desc_alloc_type copying descriptors. + * odbc: Return size from SQLGetDescField for integers + +- update to 1.3.13: + - Generic: + - Support UTF-8 columns using MSSQL 2019; + - Do not accept TDS protocol versions "4.6" (never really supported) and + "8.0"; + - Minor portability issues; + - Fix log elision for login; + - Detect some possible minor memory failure in application; + - Support long (more than 64k) SSPI packets (never encountered but you + never know); + - Fix unicode columns for ASA database; + - Avoid using BCP with old protocols; + - (*) Fix bulk copy using big endian machines; + - (*) Fix Sybase uni(var)char and unsigned types for big endian machines; + - (*) Do not send nullable data during bulk copy if type is not nullable; + - ODBC: + - Added "Timeout" setting; + - Applications: + - Improve defncopy utility: + - Fix some declaration; + - Fix Sybase support; + - (*) Fix datacopy and freebcp logging; + - CT-Library: + - Minor fix for variant type; + - Better support for timeout setting; + - (*) Support some missing types (like nullable unsigned integers) for + Sybase; + - DB-library: + - Unify date format (all systems can use the same syntax); + - (*) Allows to pass 0 as type for bcp_bind; + - (*) Fix DBSETLSERVERPRINCIPAL macro; + - (*) Do not limit queries length for bcp using Sybase; + - (*) Add KEEP_NULLS to BCP hints. + +- remove stale _service and fix Source url + +- update to 1.2.21: + * minor bug fixes + * Support some missing types like nullable unsigned smallint +- add baselibs.conf to allow building of i586 libraries (necessary + to use the driver for programs running under wine) + +- update to 1.2.18: +- Sybase server: + - All strings are now converted as MSSQL; + - Support kerberos login; + - DB-Library: add DBSETNETWORKAUTH, DBSETMUTUALAUTH, DBSETDELEGATION and + DBSETSERVERPRINCIPAL; + - CT-Library: add CS_SEC_NETWORKAUTH, CS_SEC_NETWORKAUTH, + CS_SEC_NETWORKAUTH and CS_SEC_NETWORKAUTH; +- Bulk copies: + - DB-Library: fix trim of unicode fields; + - Apply character conversion for Sybase, like MSSQL; + - Ignore computed columns; + - Properly support multibyte strings in column names; + - DB-Library: stop correctly on BCPMAXERRS setting; + - DB-Library: do not try to convert skipped rows reading file allowing + for instance to load CVS files; +- CT-Library: added CS_DATABASE property to allows to connect correctly + to Azure servers; +- Improve support for MS XML columns for both DB-Library and CT-Library; +- Fix some issues with MSSQL server redirection (used for instance in + Azure); +- Change SQL_DESC_OCTET_LENGTH value for wise character columns; +- Better support for SQL_VARIANT: + - Better column checks; + - CT-Library: now supported, columns are returned as CS_CHAR_TYPE; +- Some updates to server part: + - Set correctly initial state; + - IPv6 support; + - Fix TDS 7.2 logins; +- Support extended character using domain logins under Unix; +- Improve MARS: + - Less memory copies; + - Remove possible deadlock; + - Handle wrapping sequence/window numbers; + - Make sure we sent the wanted packet; +- Support UTF-16 surrogate pairs in odbc_wide2utf and odbc_set_string_flag + fixing some character encoding support; +- Fix multiple queries, used by ODBC to optimize data load; +- Improve emulated parameter queries, fixing minor issues and reducing + memory usage; +- Support DBVERSION_UNKNOWN in dbsetlversion (will use automatic detection); +- CT-Library: define CS_MIN_SYBTYPE and CS_MAX_SYBTYPE; +- CT-Library: fix cs_will_convert accepting library constants, not libTDS. + gfs2-utils +- Update to version 3.5.1 (jsc#PED-6362) + * Don't use char arrays as temporary buffers + * libgfs2: Separate gfs and gfs2 code in lgfs2_sb_out() + * Re-enable -Wstrict-aliasing + * gfs2_convert: Clean up strict-aliasing warnings + * libgfs2: Fix strict-aliasing warning in lgfs2_rgrp_bitbuf_alloc + * gfs2_jadd: Fix format string warnings on 32-bit + * gfs2_edit: Fix savemeta test failures in 32-bit environments +- Back port bugfix patch after tag 3.5.1 + + 0001-fsck.gfs2-Tighten-offset-check-in-check_eattr_entrie.patch + + 0002-fsck.gfs2-Fix-max-xattr-record-length-check.patch + + 0003-fsck.gfs2-Fix-xattr-offset-checks-in-p1_check_eattr_.patch +- Update rpm build file + * _service + * _servicedata + +- Update to version 3.5.0: + * Update translation template + * Fix uninitialized memory coverity warnings + * gfs2_grow: Don't free rgs when it's NULL + * libgfs2: Fix potential NULL deref in lgfs2_lookupi() + * libgfs2: Add lgfs2_bfree(), lgfs2_inode_free() + * Free per_node in build_per_node error paths + * fsck.gfs2: Fix wrong entry used in dentry comparison + * added unit tests + * Remove lgfs2_breadm() + * libgfs2: Make sure block_alloc() fails when out of space + * Remove dependency on linux/limits.h + * mkfs.gfs2: Improve journal write error reporting + * mkfs.gfs2: Add -U UUID option + ghostscript +- CVE-2023-43115.patch is derived for Ghostscript-9.52 from + https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + that fixes CVE-2023-43115 "remote code execution + via crafted PostScript documents in gdevijs.c" + see https://bugs.ghostscript.com/show_bug.cgi?id=707051 + (bsc#1215466) + git +- Downgrade openssh dependency to recommends (bsc#1215533) + glibc +- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) + +- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache + invalidation if epoll is used (bsc#1212910, BZ #29415) + +- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses + in files database (bsc#1212819, BZ #25457) + +- remove-excessive-p-align-check.patch: elf: Remove excessive p_align + check on PT_LOAD segments (bsc#1211829, BZ #28688) +- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829, + BZ #28676) +- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the + first segment (BZ #30452) + golang-github-lusitaniae-apache_exporter +- Fix apparmor profile for SLE 12 + +- Do not build with apparmor profile for SLE 12 + +- Upgrade to version 1.0.0 (jsc#PED-5405) + * Improved flag parsing + * Added support for custom headers +- Build with Go 1.19 +- Build using promu +- Add _service file +- Fix sandboxing options +- Upgrade to version 0.13.4 + * Fix denial of service vulnerability + (CVE-2022-32149, bsc#1204501) +- Upgrade to version 0.13.3 + * Fix uncontrolled resource consumption + (CVE-2022-41723, bsc#1208270) +- Upgrade to version 0.13.1 + * Fix panic caused by missing flagConfig options +- Upgrade to version 0.13.0 + * Fix authentication bypass vulnarability + (CVE-2022-46146, bsc#1208046) + +- corrected comment in AppArmor profile + +- added AppArmor profile +- added sandboxing options to systemd service unit + +- Exclude s390 architecture (gh#SUSE/spacewalk#19050) + +- Add support for RedHat 8 + + Adjust dependencies on spec file + + Disable dwarf compression in go build + +- Add support for Red Hat + gsl +- module package must not be noarch, so that %{_lib} is expanded + correctly + +- update to gsl 2.6: (jsc#SLE-8495) + * add BLAS calls for multiple functions + * Algorithm and implementation updates + * deprecation of multiple functions + * removal of multiple previously deprecated functions + * add binary search tree module (gsl_bst); based on GNU libavl + * remove -u flag to gsl-histogram + * updated spmatrix module + * add routines for banded Cholesky decomposition +- drop upstreamed patches: + * gsl-1.6-initvars.diff + * gsl-wrap.diff + * gsl-fsf_address.patch + +- gsl 2.5: + * doc bug fix in binomial distribution figure + * added Wishart distribution + * added new module for digital filtering (gsl_filter); current + filters include: + Gaussian filter + median filter + recursive median filter + impulse detection filter + * added new module for moving window statistics (gsl_movstat) + * added statistics functions: + gsl_stats_median() + gsl_stats_select() + gsl_stats_mad() + gsl_stats_mad0() + gsl_stats_Sn_from_sorted_data() + gsl_stats_Qn_from_sorted_data() + gsl_stats_gastwirth_from_sorted_data() + gsl_stats_trmean_from_sorted_data() + * added Romberg integration (gsl_integration_romberg) + * bug fix in deprecated functions gsl_multifit_wlinear_svd and + gsl_multifit_wlinear_usvd (reported by Vlad Koli) + * documention corrected to state that gsl_sf_legendre functions + do not include Condon-Shortley phase by default + * bug fix in exponential fitting example when using larger number + of points + * changed internal workspace inside gsl_spmatrix to a union to + avoid casting + * bug fixes in ode-initval2 for very rare solver crashing cases + * add histogram2d figure to manual + * bug fix in gsl_spmatrix_add for duplicate input arguments + * add support for negative arguments nu in gsl_sf_bessel_Jnu and + gsl_sf_bessel_Ynu (Konrad Griessinger) + * better texinfo documentation for gsl_sf_hyperg functions + * fix vector and matrix fread/fwrite testing on windows systems + when tmpfile() fails +- drop rstat_test.patch, is upstream + iperf -- add CVE-2023-38403.patch (bsc#1213430, CVE-2023-38403): - * integer overflow leading to heap buffer overflow +- update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002): + * Several bugs that could allow the iperf3 server to hang waiting + for input on the control connection has been fixed + (ESnet Software Security Advisory ESNET-SECADV-2023-0002) + * A bug that caused garbled output with UDP tests on 32-bit hosts + has been fixed (PR #1554, PR #1556). This bug was introduced in + iperf-3.14. + * A bug in counting UDP messages has been fixed + +- update to 3.14 (bsc#1213430, CVE-2023-38403): + * fixes a memory allocation hazard that allowed a remote user to + crash an iperf3 process + * see + https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc + * obsoletes CVE-2023-38403.patch in older dists + +- update to 3.13: + * Added missing bind_dev getter and setter. + * a fix for A resource leak bug in function iperf_create_pidfile (#1443) + * doc: Fix copy-and-paste error leading to wrong error message + * Fix crash on rcv-timeout with JSON logfile + +- update to 3.12: + * cJSON has been updated to version 1.7.15 (#1383). + * The --bind % option syntax now works properly (#1360 / + * A server-side file descriptor leak with the --logfile option has + been fixed (#1369 / #1360 / #1369 / #1389 / #1393). + * A bug that caused some large values from TCP_INFO to be misprinted + as negative numbers has been fixed (#1372). + * Using the -k or -n flags with --reverse no longer leak into future + tests (#1363 / #1364). + * There are now various debug level options available with the + - -debug option. These can be used to adjust the amount of + debugging output (#1327). + * A new --snd-timeout option has been added to set a termination + timeout for idle TCP connections (#1215 / #1282). + * iperf3 is slightly more robust to out-of-order packets during UDP + connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 / + * iperf3 will now use different ports for each direction when the + - -cport and --bdir options are set (#1249 / #1259). + * The iperf3 server will now exit if it can't open its log file + * Various help message and output fixes have been made (#1299 / + * Various compiler warnings have been fixed (#1211 / #1316). + * Operation of bootstrap.sh has been fixed and simplified (#1335 / + * Flow label support / compatibility under Linux has been improved + * Various minor memory leaks have been fixed (#1332 / #1333). + * A getter/setter has been added for the bind_port parameter + (--cport option). (#1303, #1305) + * Various internal documentation improvements (#1265 / #1285 / #1304). + +- update to 3.11: + * Update links to Discussions in documentation + * Fix DSCP so that TOS = DSCP * 4 (#1162) + * Fix --bind-dev for TCP streams (#1153) + * Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B (#1157, #1180) + * Add get/set test_unit_format function declaration to iperf_api.h + * Auto adjustment of test-end condition for file transfers (-F), if no end condition is set, it will automatically adjust it to file size in bytes + * Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197) + * Support zerocopy by reverse mode (#1204) + * Update help and manpage text for #1157, support bind device + * Consistently print target_bandwidth in JSON start section (#1177) + * Test bitrate added to JSON output (#1168) + * Remove fsync call after every write to receiving --file (#1176, #1159) + * Update documentation for -w (#1175) + * Fix for #952, different JSON object names for bidir reverse channel + +- update to 3.10.1: + * Fixed a problem with autoconf scripts that made builds fail in + some environments (#1154 / #1155). + * GNU autoconf 2.71 or newer is now required to regenerate iperf3's + configure scripts. + +- update to 3.10: + * Fix a bug where some --reverse tests didn't terminate (#982 / + [#1054]). + * Responsiveness of control connections is slightly improved (#1045 + / #1046 / #1063). + * The allowable clock skew when doing authentication between client + and server is now configurable with the new --time-skew-threshold + (#1065 / #1070). + * Bitrate throttling using the -b option now works when a burst size + is specified (#1090). + * A bug with calculating CPU utilization has been fixed (#1076 / + [#1077]). + * A --bind-dev option to support binding sockets to a given network + interface has been added to make iperf3 work better with + multi-homed machines and/or VRFs (#817 / #1089 / #1097). + * --pidfile now works with --client mode (#1110). + * The server is now less likely to get stuck due to network errors + (#1101, #1125), controlled by the new --rcv-timeout option. + * Fixed a few bugs in termination conditions for byte or + block-limited tests (#1113, #1114, #1115). + * Added tcp_info.snd_wnd to JSON output (#1148). + * Some bugs with garbled JSON output have been fixed (#1086, #1118, + [#1143] / #1146). + * Support for setting the IPv4 don't-fragment (DF) bit has been + added with the new --dont-fragment option (#1119). + * A failure with not being able to read the congestion control + algorithm under WSL1 has been fixed (#1061 / #1126). + * Error handling and error messages now make more sense in cases + where sockets were not successfully opened (#1129 / #1132 / + [#1136], #1135 / #1138, #1128 / #1139). + * Some buffer overflow hazards were fixed (#1134). + * It is now possible to use the API to set/get the congestion + control algorithm (#1036 / #1112). + +- update to 3.9: + * A --timestamps flag has been added, which prepends a timestamp to + each output line. An optional argument to this flag, which is a + format specification to strftime(3), allows for custom timestamp + formats (#909, #1028). + * A --server-bitrate-limit flag has been added as a server-side + command-line argument. It allows a server to enforce a maximum + throughput rate; client connections that specify a higher bitrate + or exceed this bitrate during a test will be terminated. The + bitrate is expressed in bits per second, with an optional trailing + slash and integer count that specifies an averaging interval over + which to enforce the limit (#999). + * A bug that caused increased CPU usage with the --bidir option has + been fixed (#1011). + * Fixed various minor memory leaks (#1023). + +- update to 3.8.1 + * Minor bugfixes and enhancements +- don't apply the profiling patch any more + (removed iperf-disable-profiling.patch) + +- update to 3.7 + * Support for simultaneous bidirectional tests with the --bidir flag + * Use POSIX standard clock_gettime(3) interface for timekeeping where + available + * Passwords for authentication can be provided via environment + variable + * Specifying --repeating-payload and --reverse now works + * Failed authentication doesn't count for --one-off + * Several memory leaks related to authenticated use were fixed + * The delay for tearing down the control connection for the default + timed tests has been increased, to more gracefully handle + high-delay paths + * Various improvements to the libiperf APIs + * Fixed build behavior when OpenSSL is absent + * Portability fixes +- spec file cleanup + +- update to 3.6 + * A new --extra-data option can be used to fill in a user-defined + string field that appears in JSON output. + * A new --repeating-payload option makes iperf3 use a payload pattern + similar to that used by iperf2, which could help in recreating + results that might be affected by payload entropy (for example, + compression). + * -B now works properly with SCTP tests. + * A compile fix for Solaris 10 was added. + * Some minor bug fixes for JSON output. In particular, warnings for + debug and/or verbose modes with --json output and a fix for + JSON output on CentOS 6 kernel-64kb +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-debug +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-default +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-docs +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-kvmsmall +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-obs-build +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-obs-qa +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-rt +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit 1e4ccee + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit c753869 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit 988a527 + +- Rename colliding patches before merging SLE15-SP4 +- commit 6493f7c + +- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"' +- commit 501bd2e + +- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device' +- commit bfaaaff + +- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()' +- commit 30a9db6 + +- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init' +- commit 9eb45cc + +- ata: libata: disallow dev-initiated LPM transitions to + unsupported states (git-fixes). +- i2c: aspeed: Reset the i2c controller when timeout occurs + (git-fixes). +- selftests: tracing: Fix to unmount tracefs for recovering + environment (git-fixes). +- drm/amd/display: fix the white screen issue when >= 64GB DRAM + (git-fixes). +- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() + (git-fixes). +- commit 1f4e814 + +- btrfs: don't hold CPU for too long when defragging a file + (bsc#1214988). +- commit 9b89645 + +- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due + to race condition (bsc#1215206, CVE-2023-1859). +- commit f333aa7 + +- netfilter: nftables: exthdr: fix 4-byte stack OOB write + (CVE-2023-4881 bsc#1215221). +- commit 0de26c1 + +- sctp: leave the err path free in sctp_stream_init to + sctp_stream_free (CVE-2023-2177 bsc#1210643). +- commit 337b7d8 + +- s390/ipl: add loadparm parameter to eckd ipl/reipl data + (jsc#PED-2023). +- commit 364a30d + +- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). +- commit cd6d27a + +- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). +- commit db2ef83 + +- kabi: hide changes in enum ipl_type and struct sclp_info + (jsc#PED-2023 jsc#PED-2025). +- commit b6fb6b6 + +- s390/ipl: add eckd dump support (jsc#PED-2025). +- commit 0961d1f + +- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events + (git-fixes). +- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows + (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more + descriptors (git-fixes). +- kselftest/runner.sh: Propagate SIGTERM to runner child + (git-fixes). +- commit 495d04f + +- s390/ipl: add eckd support (jsc#PED-2023). +- commit 21b5156 + +- Delete patches.suse/genksyms-add-override-flag.diff. + Unncessary after KBUILD_OVERRIDE removed. +- commit 870adc7 + +- s390/dasd: fix command reject error on ESE devices (LTC#203630 + bsc#1215123 git-fixes). +- commit 5862ca2 + +- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). +- commit 5daff0f + +- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1 + Genksyms has functionality to specify an override for each type in + a symtypes reference file. This override is then used instead of an + actual type and allows to preserve modversions (CRCs) of symbols that + reference the type. It is kind of an alternative to doing kABI fix-ups + with '#ifndef __GENKSYMS__'. The functionality is hidden behind the + genksyms --preserve option which primarily tells the tool to strictly + verify modversions against a given reference file or fail. + Downstream patch patches.suse/genksyms-add-override-flag.diff which is + present in various kernel-source branches separates the override logic. + It allows it to be enabled with a new --override flag and used without + specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec + file is then a way how the build is told that --override should be + passed to all invocations of genksyms. This was needed for SUSE kernels + because their build doesn't use --preserve but instead resulting CRCs + are later checked by scripts/kabi.pl. + However, this override functionality was not utilized much in practice + and the only use currently to be found is in SLE11-SP1-LTSS. It means + that no one should miss this option and KBUILD_OVERRIDE=1 together with + patches.suse/genksyms-add-override-flag.diff can be removed. + Notes for maintainers merging this commit to their branches: + * Downstream patch patches.suse/genksyms-add-override-flag.diff can be + dropped after merging this commit. + * Branch SLE11-SP1-LTSS uses the mentioned override functionality and + this commit should not be merged to it, or needs to be reverted + afterwards. +- commit 4aa02b8 + +- s390/dasd: fix hanging device after request requeue (git-fixes + LTC#203629 bsc#1215124). +- commit 96b18bb + +- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables") +- commit 78179fa + +- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses + (bsc#1065729). +- powerpc/xics: Remove unnecessary endian conversion + (bsc#1065729). +- word-at-a-time: use the same return type for has_zero regardless + of endianness (bsc#1065729). +- commit bde8063 + +- mlx4: Delete custom device management logic (bsc#1187236). +- mlx4: Connect the infiniband part to the auxiliary bus + (bsc#1187236). +- mlx4: Connect the ethernet part to the auxiliary bus + (bsc#1187236). +- mlx4: Register mlx4 devices to an auxiliary virtual bus + (bsc#1187236). +- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver + (bsc#1187236). +- mlx4: Move the bond work to the core driver (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.activate callback + (bsc#1187236). +- mlx4: Replace the mlx4_interface.event callback with a notifier + (bsc#1187236). +- commit 0aba257 + +- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() + (bsc#1187236). +- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.get_dev callback + (bsc#1187236). +- net/mlx4: Remove many unnecessary NULL values (bsc#1187236). +- kabi/severities: ignore mlx4 internal symbols +- tracing: Fix race issue between cpu buffer write and swap + (git-fixes). +- tracing: Remove extra space at the end of hwlat_detector/mode + (git-fixes). +- tracing: Remove unnecessary copying of tr->current_trace + (git-fixes). +- bpf: Clear the probe_addr for uprobe (git-fixes). +- commit 47e9584 + +- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). +- commit 74c2613 + +- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). +- commit a8877f3 + +- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). +- commit 670fb4d + +- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). +- commit 9871c87 + +- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). +- commit 3949a2b + +- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). +- commit 4534667 + +- x86/sgx: Reduce delay and interference of enclave release (git-fixes). +- commit ef6d157 + +- x86/rtc: Remove __init for runtime functions (git-fixes). +- commit 4511d93 + +- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). +- commit cb39678 + +- x86/mce: Retrieve poison range from hardware (git-fixes). +- commit c9f1ddb + +- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). +- commit 96d9365 + +- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). +- commit 12a2933 + +- x86/resctl: fix scheduler confusion with 'current' (git-fixes). +- commit 0d855b9 + +- x86/purgatory: remove PGO flags (git-fixes). +- commit 9d8ada6 + +- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes). +- commit ea0772f + +- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). +- commit c1031f1 + +- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). +- commit bbfad26 + +- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). +- commit bf6d064 + +- x86/cpu: Add Lunar Lake M (git-fixes). +- commit 7ecc64d + +- x86/bugs: Reset speculation control settings on init (git-fixes). +- commit 2a6dd8e + +- x86/boot/e820: Fix typo in e820.c comment (git-fixes). +- commit ac06968 + +- x86/alternative: Fix race in try_get_desc() (git-fixes). +- commit d841323 + +- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). +- commit 11f0960 + +- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). +- commit cae635f + +- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). +- commit 2a03ef8 + +- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" + (git-fixes). +- PCI: Free released resource after coalescing (git-fixes). +- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). +- ntb: Drop packets when qp link is down (git-fixes). +- ntb: Clean up tx tail index on link down (git-fixes). +- idr: fix param name in idr_alloc_cyclic() doc (git-fixes). +- commit a1c9c68 + +- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). +- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). +- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). +- commit 665fc14 + +- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 + codecs (git-fixes). +- arm64: csum: Fix OoB access in IP checksum code for negative + lengths (git-fixes). +- commit f43b75b + +- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes). +- commit daa1815 + +- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873 + git-fixes). +- commit b0dc76c + +- s390/zcrypt: don't leak memory if dev_set_name() fails + (git-fixes bsc#1215148). +- commit 62bce52 + +- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy + gamma (git-fixes). +- drm/amd/display: Remove wait while locked (git-fixes). +- drm/amd/display: Add smu write msg id fail retry process + (git-fixes). +- drm/amd/display: register edp_backlight_control() for DCN301 + (git-fixes). +- drm/i915/gvt: Put the page reference obtained by KVM's + gfn_to_pfn() (git-fixes). +- drm/i915/gvt: Verify pfn is "valid" before dereferencing + "struct page" (git-fixes). +- commit 5618424 + +- drm/amd/display: prevent potential division by zero errors + (git-fixes). +- drm/i915: mark requests for GuC virtual engines to avoid + use-after-free (git-fixes). +- net: phy: micrel: Correct bit assignments for phy_device flags + (git-fixes). +- pwm: lpc32xx: Remove handling of PWM channels (git-fixes). +- i3c: master: svc: fix probe failure when no i3c device exist + (git-fixes). +- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() + (git-fixes). +- commit 3aa0807 + +- blacklist.conf: kABI +- commit fe6afec + +- blacklist.conf: kABI +- commit b1fabe7 + +- blacklist.conf: kABI +- commit c50e08f + +- Input: tca6416-keypad - fix interrupt enable disbalance + (git-fixes). +- commit de27518 + +- fs: do not update freeing inode i_io_list (bsc#1214813). +- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE + (bsc#1214813). +- commit 2c1c38b + +- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load + (git-fixes). +- backlight: gpio_backlight: Drop output GPIO direction check + for initial power state (git-fixes). +- USB: serial: option: add FOXCONN T99W368/T99W373 product + (git-fixes). +- USB: serial: option: add Quectel EM05G variant (0x030e) + (git-fixes). +- tcpm: Avoid soft reset when partner does not support get_status + (git-fixes). +- usb: typec: tcpci: clear the fault status bit (git-fixes). +- ARM: pxa: remove use of symbol_get() (git-fixes). +- Bluetooth: btsdio: fix use after free bug in btsdio_remove + due to race condition (git-fixes). +- usb: typec: tcpci: move tcpci.h to include/linux/usb/ + (git-fixes). +- commit 72d5b0f + +- blacklist.conf: add git-fix to ignore + this one removes unused kABI functions, but + just leave them in +- commit 8007015 + +- scsi: snic: Fix double free in snic_tgt_create() (git-fixes). +- commit 1ed2b1b + +- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of + EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug. +- commit 550f5fc + +- Move upstreamed pinctrl patch into sorted section +- commit 38f70f2 + +- Update References tag + patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch + (git-fixes bsc#1214233 CVE-2023-40283). +- commit 731b49d + +- ata: pata_falcon: fix IO base selection for Q40 (git-fixes). +- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). +- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). +- kconfig: fix possible buffer overflow (git-fixes). +- commit 4a140a1 + +- scsi: qedf: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: qedi: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: snic: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix legacy /proc parsing buffer overflow + (git-fixes). +- scsi: 53c700: Check that command slot is not NULL (git-fixes). +- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() + (git-fixes). +- scsi: scsi_debug: Remove dead code (git-fixes). +- scsi: 3w-xxxx: Add error handling for initialization failure + in tw_probe() (git-fixes). +- scsi: qedf: Fix NULL dereference in error handling (git-fixes). +- commit f8c12c2 + +- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995 + CVE-2023-1192). +- commit 542332a + +- blacklist.conf: add git-fix that breaks kabi +- commit 8b9578b + +- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE + (git-fixes). +- scsi: lpfc: Modify when a node should be put in device recovery + mode during RSCN (git-fixes). +- scsi: lpfc: Remove reftag check in DIF paths (git-fixes). +- commit 8c191d2 + +- scsi: qla2xxx: Remove unused variables in + qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). +- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). +- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). +- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() + (bsc#1214928). +- scsi: qla2xxx: Remove unsupported ql2xenabledif option + (bsc#1214928). +- scsi: qla2xxx: Error code did not return to upper layer + (bsc#1214928). +- scsi: qla2xxx: Add logs for SFP temperature monitoring + (bsc#1214928). +- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). +- scsi: qla2xxx: Flush mailbox commands on chip reset + (bsc#1214928). +- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). +- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). +- scsi: qla2xxx: Remove unused declarations (bsc#1214928). +- commit 1dd6a86 + +- series: update meta data + Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section. +- commit b5aafc0 + kernel-rt_debug +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit 1e4ccee + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit c753869 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit 988a527 + +- Rename colliding patches before merging SLE15-SP4 +- commit 6493f7c + +- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"' +- commit 501bd2e + +- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device' +- commit bfaaaff + +- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()' +- commit 30a9db6 + +- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init' +- commit 9eb45cc + +- ata: libata: disallow dev-initiated LPM transitions to + unsupported states (git-fixes). +- i2c: aspeed: Reset the i2c controller when timeout occurs + (git-fixes). +- selftests: tracing: Fix to unmount tracefs for recovering + environment (git-fixes). +- drm/amd/display: fix the white screen issue when >= 64GB DRAM + (git-fixes). +- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() + (git-fixes). +- commit 1f4e814 + +- btrfs: don't hold CPU for too long when defragging a file + (bsc#1214988). +- commit 9b89645 + +- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due + to race condition (bsc#1215206, CVE-2023-1859). +- commit f333aa7 + +- netfilter: nftables: exthdr: fix 4-byte stack OOB write + (CVE-2023-4881 bsc#1215221). +- commit 0de26c1 + +- sctp: leave the err path free in sctp_stream_init to + sctp_stream_free (CVE-2023-2177 bsc#1210643). +- commit 337b7d8 + +- s390/ipl: add loadparm parameter to eckd ipl/reipl data + (jsc#PED-2023). +- commit 364a30d + +- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). +- commit cd6d27a + +- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). +- commit db2ef83 + +- kabi: hide changes in enum ipl_type and struct sclp_info + (jsc#PED-2023 jsc#PED-2025). +- commit b6fb6b6 + +- s390/ipl: add eckd dump support (jsc#PED-2025). +- commit 0961d1f + +- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events + (git-fixes). +- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows + (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more + descriptors (git-fixes). +- kselftest/runner.sh: Propagate SIGTERM to runner child + (git-fixes). +- commit 495d04f + +- s390/ipl: add eckd support (jsc#PED-2023). +- commit 21b5156 + +- Delete patches.suse/genksyms-add-override-flag.diff. + Unncessary after KBUILD_OVERRIDE removed. +- commit 870adc7 + +- s390/dasd: fix command reject error on ESE devices (LTC#203630 + bsc#1215123 git-fixes). +- commit 5862ca2 + +- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). +- commit 5daff0f + +- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1 + Genksyms has functionality to specify an override for each type in + a symtypes reference file. This override is then used instead of an + actual type and allows to preserve modversions (CRCs) of symbols that + reference the type. It is kind of an alternative to doing kABI fix-ups + with '#ifndef __GENKSYMS__'. The functionality is hidden behind the + genksyms --preserve option which primarily tells the tool to strictly + verify modversions against a given reference file or fail. + Downstream patch patches.suse/genksyms-add-override-flag.diff which is + present in various kernel-source branches separates the override logic. + It allows it to be enabled with a new --override flag and used without + specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec + file is then a way how the build is told that --override should be + passed to all invocations of genksyms. This was needed for SUSE kernels + because their build doesn't use --preserve but instead resulting CRCs + are later checked by scripts/kabi.pl. + However, this override functionality was not utilized much in practice + and the only use currently to be found is in SLE11-SP1-LTSS. It means + that no one should miss this option and KBUILD_OVERRIDE=1 together with + patches.suse/genksyms-add-override-flag.diff can be removed. + Notes for maintainers merging this commit to their branches: + * Downstream patch patches.suse/genksyms-add-override-flag.diff can be + dropped after merging this commit. + * Branch SLE11-SP1-LTSS uses the mentioned override functionality and + this commit should not be merged to it, or needs to be reverted + afterwards. +- commit 4aa02b8 + +- s390/dasd: fix hanging device after request requeue (git-fixes + LTC#203629 bsc#1215124). +- commit 96b18bb + +- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables") +- commit 78179fa + +- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses + (bsc#1065729). +- powerpc/xics: Remove unnecessary endian conversion + (bsc#1065729). +- word-at-a-time: use the same return type for has_zero regardless + of endianness (bsc#1065729). +- commit bde8063 + +- mlx4: Delete custom device management logic (bsc#1187236). +- mlx4: Connect the infiniband part to the auxiliary bus + (bsc#1187236). +- mlx4: Connect the ethernet part to the auxiliary bus + (bsc#1187236). +- mlx4: Register mlx4 devices to an auxiliary virtual bus + (bsc#1187236). +- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver + (bsc#1187236). +- mlx4: Move the bond work to the core driver (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.activate callback + (bsc#1187236). +- mlx4: Replace the mlx4_interface.event callback with a notifier + (bsc#1187236). +- commit 0aba257 + +- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() + (bsc#1187236). +- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.get_dev callback + (bsc#1187236). +- net/mlx4: Remove many unnecessary NULL values (bsc#1187236). +- kabi/severities: ignore mlx4 internal symbols +- tracing: Fix race issue between cpu buffer write and swap + (git-fixes). +- tracing: Remove extra space at the end of hwlat_detector/mode + (git-fixes). +- tracing: Remove unnecessary copying of tr->current_trace + (git-fixes). +- bpf: Clear the probe_addr for uprobe (git-fixes). +- commit 47e9584 + +- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). +- commit 74c2613 + +- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). +- commit a8877f3 + +- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). +- commit 670fb4d + +- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). +- commit 9871c87 + +- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). +- commit 3949a2b + +- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). +- commit 4534667 + +- x86/sgx: Reduce delay and interference of enclave release (git-fixes). +- commit ef6d157 + +- x86/rtc: Remove __init for runtime functions (git-fixes). +- commit 4511d93 + +- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). +- commit cb39678 + +- x86/mce: Retrieve poison range from hardware (git-fixes). +- commit c9f1ddb + +- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). +- commit 96d9365 + +- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). +- commit 12a2933 + +- x86/resctl: fix scheduler confusion with 'current' (git-fixes). +- commit 0d855b9 + +- x86/purgatory: remove PGO flags (git-fixes). +- commit 9d8ada6 + +- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes). +- commit ea0772f + +- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). +- commit c1031f1 + +- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). +- commit bbfad26 + +- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). +- commit bf6d064 + +- x86/cpu: Add Lunar Lake M (git-fixes). +- commit 7ecc64d + +- x86/bugs: Reset speculation control settings on init (git-fixes). +- commit 2a6dd8e + +- x86/boot/e820: Fix typo in e820.c comment (git-fixes). +- commit ac06968 + +- x86/alternative: Fix race in try_get_desc() (git-fixes). +- commit d841323 + +- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). +- commit 11f0960 + +- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). +- commit cae635f + +- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). +- commit 2a03ef8 + +- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" + (git-fixes). +- PCI: Free released resource after coalescing (git-fixes). +- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). +- ntb: Drop packets when qp link is down (git-fixes). +- ntb: Clean up tx tail index on link down (git-fixes). +- idr: fix param name in idr_alloc_cyclic() doc (git-fixes). +- commit a1c9c68 + +- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). +- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). +- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). +- commit 665fc14 + +- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 + codecs (git-fixes). +- arm64: csum: Fix OoB access in IP checksum code for negative + lengths (git-fixes). +- commit f43b75b + +- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes). +- commit daa1815 + +- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873 + git-fixes). +- commit b0dc76c + +- s390/zcrypt: don't leak memory if dev_set_name() fails + (git-fixes bsc#1215148). +- commit 62bce52 + +- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy + gamma (git-fixes). +- drm/amd/display: Remove wait while locked (git-fixes). +- drm/amd/display: Add smu write msg id fail retry process + (git-fixes). +- drm/amd/display: register edp_backlight_control() for DCN301 + (git-fixes). +- drm/i915/gvt: Put the page reference obtained by KVM's + gfn_to_pfn() (git-fixes). +- drm/i915/gvt: Verify pfn is "valid" before dereferencing + "struct page" (git-fixes). +- commit 5618424 + +- drm/amd/display: prevent potential division by zero errors + (git-fixes). +- drm/i915: mark requests for GuC virtual engines to avoid + use-after-free (git-fixes). +- net: phy: micrel: Correct bit assignments for phy_device flags + (git-fixes). +- pwm: lpc32xx: Remove handling of PWM channels (git-fixes). +- i3c: master: svc: fix probe failure when no i3c device exist + (git-fixes). +- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() + (git-fixes). +- commit 3aa0807 + +- blacklist.conf: kABI +- commit fe6afec + +- blacklist.conf: kABI +- commit b1fabe7 + +- blacklist.conf: kABI +- commit c50e08f + +- Input: tca6416-keypad - fix interrupt enable disbalance + (git-fixes). +- commit de27518 + +- fs: do not update freeing inode i_io_list (bsc#1214813). +- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE + (bsc#1214813). +- commit 2c1c38b + +- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load + (git-fixes). +- backlight: gpio_backlight: Drop output GPIO direction check + for initial power state (git-fixes). +- USB: serial: option: add FOXCONN T99W368/T99W373 product + (git-fixes). +- USB: serial: option: add Quectel EM05G variant (0x030e) + (git-fixes). +- tcpm: Avoid soft reset when partner does not support get_status + (git-fixes). +- usb: typec: tcpci: clear the fault status bit (git-fixes). +- ARM: pxa: remove use of symbol_get() (git-fixes). +- Bluetooth: btsdio: fix use after free bug in btsdio_remove + due to race condition (git-fixes). +- usb: typec: tcpci: move tcpci.h to include/linux/usb/ + (git-fixes). +- commit 72d5b0f + +- blacklist.conf: add git-fix to ignore + this one removes unused kABI functions, but + just leave them in +- commit 8007015 + +- scsi: snic: Fix double free in snic_tgt_create() (git-fixes). +- commit 1ed2b1b + +- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of + EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug. +- commit 550f5fc + +- Move upstreamed pinctrl patch into sorted section +- commit 38f70f2 + +- Update References tag + patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch + (git-fixes bsc#1214233 CVE-2023-40283). +- commit 731b49d + +- ata: pata_falcon: fix IO base selection for Q40 (git-fixes). +- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). +- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). +- kconfig: fix possible buffer overflow (git-fixes). +- commit 4a140a1 + +- scsi: qedf: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: qedi: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: snic: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix legacy /proc parsing buffer overflow + (git-fixes). +- scsi: 53c700: Check that command slot is not NULL (git-fixes). +- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() + (git-fixes). +- scsi: scsi_debug: Remove dead code (git-fixes). +- scsi: 3w-xxxx: Add error handling for initialization failure + in tw_probe() (git-fixes). +- scsi: qedf: Fix NULL dereference in error handling (git-fixes). +- commit f8c12c2 + +- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995 + CVE-2023-1192). +- commit 542332a + +- blacklist.conf: add git-fix that breaks kabi +- commit 8b9578b + +- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE + (git-fixes). +- scsi: lpfc: Modify when a node should be put in device recovery + mode during RSCN (git-fixes). +- scsi: lpfc: Remove reftag check in DIF paths (git-fixes). +- commit 8c191d2 + +- scsi: qla2xxx: Remove unused variables in + qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). +- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). +- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). +- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() + (bsc#1214928). +- scsi: qla2xxx: Remove unsupported ql2xenabledif option + (bsc#1214928). +- scsi: qla2xxx: Error code did not return to upper layer + (bsc#1214928). +- scsi: qla2xxx: Add logs for SFP temperature monitoring + (bsc#1214928). +- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). +- scsi: qla2xxx: Flush mailbox commands on chip reset + (bsc#1214928). +- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). +- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). +- scsi: qla2xxx: Remove unused declarations (bsc#1214928). +- commit 1dd6a86 + +- series: update meta data + Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section. +- commit b5aafc0 + kernel-source +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-source-rt +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit 1e4ccee + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit c753869 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit 988a527 + +- Rename colliding patches before merging SLE15-SP4 +- commit 6493f7c + +- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"' +- commit 501bd2e + +- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device' +- commit bfaaaff + +- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()' +- commit 30a9db6 + +- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init' +- commit 9eb45cc + +- ata: libata: disallow dev-initiated LPM transitions to + unsupported states (git-fixes). +- i2c: aspeed: Reset the i2c controller when timeout occurs + (git-fixes). +- selftests: tracing: Fix to unmount tracefs for recovering + environment (git-fixes). +- drm/amd/display: fix the white screen issue when >= 64GB DRAM + (git-fixes). +- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() + (git-fixes). +- commit 1f4e814 + +- btrfs: don't hold CPU for too long when defragging a file + (bsc#1214988). +- commit 9b89645 + +- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due + to race condition (bsc#1215206, CVE-2023-1859). +- commit f333aa7 + +- netfilter: nftables: exthdr: fix 4-byte stack OOB write + (CVE-2023-4881 bsc#1215221). +- commit 0de26c1 + +- sctp: leave the err path free in sctp_stream_init to + sctp_stream_free (CVE-2023-2177 bsc#1210643). +- commit 337b7d8 + +- s390/ipl: add loadparm parameter to eckd ipl/reipl data + (jsc#PED-2023). +- commit 364a30d + +- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). +- commit cd6d27a + +- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). +- commit db2ef83 + +- kabi: hide changes in enum ipl_type and struct sclp_info + (jsc#PED-2023 jsc#PED-2025). +- commit b6fb6b6 + +- s390/ipl: add eckd dump support (jsc#PED-2025). +- commit 0961d1f + +- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events + (git-fixes). +- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows + (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more + descriptors (git-fixes). +- kselftest/runner.sh: Propagate SIGTERM to runner child + (git-fixes). +- commit 495d04f + +- s390/ipl: add eckd support (jsc#PED-2023). +- commit 21b5156 + +- Delete patches.suse/genksyms-add-override-flag.diff. + Unncessary after KBUILD_OVERRIDE removed. +- commit 870adc7 + +- s390/dasd: fix command reject error on ESE devices (LTC#203630 + bsc#1215123 git-fixes). +- commit 5862ca2 + +- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). +- commit 5daff0f + +- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1 + Genksyms has functionality to specify an override for each type in + a symtypes reference file. This override is then used instead of an + actual type and allows to preserve modversions (CRCs) of symbols that + reference the type. It is kind of an alternative to doing kABI fix-ups + with '#ifndef __GENKSYMS__'. The functionality is hidden behind the + genksyms --preserve option which primarily tells the tool to strictly + verify modversions against a given reference file or fail. + Downstream patch patches.suse/genksyms-add-override-flag.diff which is + present in various kernel-source branches separates the override logic. + It allows it to be enabled with a new --override flag and used without + specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec + file is then a way how the build is told that --override should be + passed to all invocations of genksyms. This was needed for SUSE kernels + because their build doesn't use --preserve but instead resulting CRCs + are later checked by scripts/kabi.pl. + However, this override functionality was not utilized much in practice + and the only use currently to be found is in SLE11-SP1-LTSS. It means + that no one should miss this option and KBUILD_OVERRIDE=1 together with + patches.suse/genksyms-add-override-flag.diff can be removed. + Notes for maintainers merging this commit to their branches: + * Downstream patch patches.suse/genksyms-add-override-flag.diff can be + dropped after merging this commit. + * Branch SLE11-SP1-LTSS uses the mentioned override functionality and + this commit should not be merged to it, or needs to be reverted + afterwards. +- commit 4aa02b8 + +- s390/dasd: fix hanging device after request requeue (git-fixes + LTC#203629 bsc#1215124). +- commit 96b18bb + +- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables") +- commit 78179fa + +- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses + (bsc#1065729). +- powerpc/xics: Remove unnecessary endian conversion + (bsc#1065729). +- word-at-a-time: use the same return type for has_zero regardless + of endianness (bsc#1065729). +- commit bde8063 + +- mlx4: Delete custom device management logic (bsc#1187236). +- mlx4: Connect the infiniband part to the auxiliary bus + (bsc#1187236). +- mlx4: Connect the ethernet part to the auxiliary bus + (bsc#1187236). +- mlx4: Register mlx4 devices to an auxiliary virtual bus + (bsc#1187236). +- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver + (bsc#1187236). +- mlx4: Move the bond work to the core driver (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.activate callback + (bsc#1187236). +- mlx4: Replace the mlx4_interface.event callback with a notifier + (bsc#1187236). +- commit 0aba257 + +- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() + (bsc#1187236). +- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.get_dev callback + (bsc#1187236). +- net/mlx4: Remove many unnecessary NULL values (bsc#1187236). +- kabi/severities: ignore mlx4 internal symbols +- tracing: Fix race issue between cpu buffer write and swap + (git-fixes). +- tracing: Remove extra space at the end of hwlat_detector/mode + (git-fixes). +- tracing: Remove unnecessary copying of tr->current_trace + (git-fixes). +- bpf: Clear the probe_addr for uprobe (git-fixes). +- commit 47e9584 + +- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). +- commit 74c2613 + +- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). +- commit a8877f3 + +- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). +- commit 670fb4d + +- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). +- commit 9871c87 + +- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). +- commit 3949a2b + +- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). +- commit 4534667 + +- x86/sgx: Reduce delay and interference of enclave release (git-fixes). +- commit ef6d157 + +- x86/rtc: Remove __init for runtime functions (git-fixes). +- commit 4511d93 + +- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). +- commit cb39678 + +- x86/mce: Retrieve poison range from hardware (git-fixes). +- commit c9f1ddb + +- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). +- commit 96d9365 + +- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). +- commit 12a2933 + +- x86/resctl: fix scheduler confusion with 'current' (git-fixes). +- commit 0d855b9 + +- x86/purgatory: remove PGO flags (git-fixes). +- commit 9d8ada6 + +- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes). +- commit ea0772f + +- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). +- commit c1031f1 + +- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). +- commit bbfad26 + +- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). +- commit bf6d064 + +- x86/cpu: Add Lunar Lake M (git-fixes). +- commit 7ecc64d + +- x86/bugs: Reset speculation control settings on init (git-fixes). +- commit 2a6dd8e + +- x86/boot/e820: Fix typo in e820.c comment (git-fixes). +- commit ac06968 + +- x86/alternative: Fix race in try_get_desc() (git-fixes). +- commit d841323 + +- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). +- commit 11f0960 + +- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). +- commit cae635f + +- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). +- commit 2a03ef8 + +- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" + (git-fixes). +- PCI: Free released resource after coalescing (git-fixes). +- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). +- ntb: Drop packets when qp link is down (git-fixes). +- ntb: Clean up tx tail index on link down (git-fixes). +- idr: fix param name in idr_alloc_cyclic() doc (git-fixes). +- commit a1c9c68 + +- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). +- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). +- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). +- commit 665fc14 + +- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 + codecs (git-fixes). +- arm64: csum: Fix OoB access in IP checksum code for negative + lengths (git-fixes). +- commit f43b75b + +- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes). +- commit daa1815 + +- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873 + git-fixes). +- commit b0dc76c + +- s390/zcrypt: don't leak memory if dev_set_name() fails + (git-fixes bsc#1215148). +- commit 62bce52 + +- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy + gamma (git-fixes). +- drm/amd/display: Remove wait while locked (git-fixes). +- drm/amd/display: Add smu write msg id fail retry process + (git-fixes). +- drm/amd/display: register edp_backlight_control() for DCN301 + (git-fixes). +- drm/i915/gvt: Put the page reference obtained by KVM's + gfn_to_pfn() (git-fixes). +- drm/i915/gvt: Verify pfn is "valid" before dereferencing + "struct page" (git-fixes). +- commit 5618424 + +- drm/amd/display: prevent potential division by zero errors + (git-fixes). +- drm/i915: mark requests for GuC virtual engines to avoid + use-after-free (git-fixes). +- net: phy: micrel: Correct bit assignments for phy_device flags + (git-fixes). +- pwm: lpc32xx: Remove handling of PWM channels (git-fixes). +- i3c: master: svc: fix probe failure when no i3c device exist + (git-fixes). +- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() + (git-fixes). +- commit 3aa0807 + +- blacklist.conf: kABI +- commit fe6afec + +- blacklist.conf: kABI +- commit b1fabe7 + +- blacklist.conf: kABI +- commit c50e08f + +- Input: tca6416-keypad - fix interrupt enable disbalance + (git-fixes). +- commit de27518 + +- fs: do not update freeing inode i_io_list (bsc#1214813). +- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE + (bsc#1214813). +- commit 2c1c38b + +- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load + (git-fixes). +- backlight: gpio_backlight: Drop output GPIO direction check + for initial power state (git-fixes). +- USB: serial: option: add FOXCONN T99W368/T99W373 product + (git-fixes). +- USB: serial: option: add Quectel EM05G variant (0x030e) + (git-fixes). +- tcpm: Avoid soft reset when partner does not support get_status + (git-fixes). +- usb: typec: tcpci: clear the fault status bit (git-fixes). +- ARM: pxa: remove use of symbol_get() (git-fixes). +- Bluetooth: btsdio: fix use after free bug in btsdio_remove + due to race condition (git-fixes). +- usb: typec: tcpci: move tcpci.h to include/linux/usb/ + (git-fixes). +- commit 72d5b0f + +- blacklist.conf: add git-fix to ignore + this one removes unused kABI functions, but + just leave them in +- commit 8007015 + +- scsi: snic: Fix double free in snic_tgt_create() (git-fixes). +- commit 1ed2b1b + +- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of + EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug. +- commit 550f5fc + +- Move upstreamed pinctrl patch into sorted section +- commit 38f70f2 + +- Update References tag + patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch + (git-fixes bsc#1214233 CVE-2023-40283). +- commit 731b49d + +- ata: pata_falcon: fix IO base selection for Q40 (git-fixes). +- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). +- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). +- kconfig: fix possible buffer overflow (git-fixes). +- commit 4a140a1 + +- scsi: qedf: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: qedi: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: snic: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix legacy /proc parsing buffer overflow + (git-fixes). +- scsi: 53c700: Check that command slot is not NULL (git-fixes). +- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() + (git-fixes). +- scsi: scsi_debug: Remove dead code (git-fixes). +- scsi: 3w-xxxx: Add error handling for initialization failure + in tw_probe() (git-fixes). +- scsi: qedf: Fix NULL dereference in error handling (git-fixes). +- commit f8c12c2 + +- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995 + CVE-2023-1192). +- commit 542332a + +- blacklist.conf: add git-fix that breaks kabi +- commit 8b9578b + +- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE + (git-fixes). +- scsi: lpfc: Modify when a node should be put in device recovery + mode during RSCN (git-fixes). +- scsi: lpfc: Remove reftag check in DIF paths (git-fixes). +- commit 8c191d2 + +- scsi: qla2xxx: Remove unused variables in + qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). +- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). +- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). +- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() + (bsc#1214928). +- scsi: qla2xxx: Remove unsupported ql2xenabledif option + (bsc#1214928). +- scsi: qla2xxx: Error code did not return to upper layer + (bsc#1214928). +- scsi: qla2xxx: Add logs for SFP temperature monitoring + (bsc#1214928). +- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). +- scsi: qla2xxx: Flush mailbox commands on chip reset + (bsc#1214928). +- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). +- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). +- scsi: qla2xxx: Remove unused declarations (bsc#1214928). +- commit 1dd6a86 + +- series: update meta data + Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section. +- commit b5aafc0 + kernel-syms +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + kernel-syms-rt +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit 1e4ccee + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit c753869 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit 988a527 + +- Rename colliding patches before merging SLE15-SP4 +- commit 6493f7c + +- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"' +- commit 501bd2e + +- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device' +- commit bfaaaff + +- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()' +- commit 30a9db6 + +- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init' +- commit 9eb45cc + +- ata: libata: disallow dev-initiated LPM transitions to + unsupported states (git-fixes). +- i2c: aspeed: Reset the i2c controller when timeout occurs + (git-fixes). +- selftests: tracing: Fix to unmount tracefs for recovering + environment (git-fixes). +- drm/amd/display: fix the white screen issue when >= 64GB DRAM + (git-fixes). +- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() + (git-fixes). +- commit 1f4e814 + +- btrfs: don't hold CPU for too long when defragging a file + (bsc#1214988). +- commit 9b89645 + +- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due + to race condition (bsc#1215206, CVE-2023-1859). +- commit f333aa7 + +- netfilter: nftables: exthdr: fix 4-byte stack OOB write + (CVE-2023-4881 bsc#1215221). +- commit 0de26c1 + +- sctp: leave the err path free in sctp_stream_init to + sctp_stream_free (CVE-2023-2177 bsc#1210643). +- commit 337b7d8 + +- s390/ipl: add loadparm parameter to eckd ipl/reipl data + (jsc#PED-2023). +- commit 364a30d + +- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023). +- commit cd6d27a + +- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023). +- commit db2ef83 + +- kabi: hide changes in enum ipl_type and struct sclp_info + (jsc#PED-2023 jsc#PED-2025). +- commit b6fb6b6 + +- s390/ipl: add eckd dump support (jsc#PED-2025). +- commit 0961d1f + +- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events + (git-fixes). +- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows + (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes). +- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more + descriptors (git-fixes). +- kselftest/runner.sh: Propagate SIGTERM to runner child + (git-fixes). +- commit 495d04f + +- s390/ipl: add eckd support (jsc#PED-2023). +- commit 21b5156 + +- Delete patches.suse/genksyms-add-override-flag.diff. + Unncessary after KBUILD_OVERRIDE removed. +- commit 870adc7 + +- s390/dasd: fix command reject error on ESE devices (LTC#203630 + bsc#1215123 git-fixes). +- commit 5862ca2 + +- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635). +- commit 5daff0f + +- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1 + Genksyms has functionality to specify an override for each type in + a symtypes reference file. This override is then used instead of an + actual type and allows to preserve modversions (CRCs) of symbols that + reference the type. It is kind of an alternative to doing kABI fix-ups + with '#ifndef __GENKSYMS__'. The functionality is hidden behind the + genksyms --preserve option which primarily tells the tool to strictly + verify modversions against a given reference file or fail. + Downstream patch patches.suse/genksyms-add-override-flag.diff which is + present in various kernel-source branches separates the override logic. + It allows it to be enabled with a new --override flag and used without + specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec + file is then a way how the build is told that --override should be + passed to all invocations of genksyms. This was needed for SUSE kernels + because their build doesn't use --preserve but instead resulting CRCs + are later checked by scripts/kabi.pl. + However, this override functionality was not utilized much in practice + and the only use currently to be found is in SLE11-SP1-LTSS. It means + that no one should miss this option and KBUILD_OVERRIDE=1 together with + patches.suse/genksyms-add-override-flag.diff can be removed. + Notes for maintainers merging this commit to their branches: + * Downstream patch patches.suse/genksyms-add-override-flag.diff can be + dropped after merging this commit. + * Branch SLE11-SP1-LTSS uses the mentioned override functionality and + this commit should not be merged to it, or needs to be reverted + afterwards. +- commit 4aa02b8 + +- s390/dasd: fix hanging device after request requeue (git-fixes + LTC#203629 bsc#1215124). +- commit 96b18bb + +- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables") +- commit 78179fa + +- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses + (bsc#1065729). +- powerpc/xics: Remove unnecessary endian conversion + (bsc#1065729). +- word-at-a-time: use the same return type for has_zero regardless + of endianness (bsc#1065729). +- commit bde8063 + +- mlx4: Delete custom device management logic (bsc#1187236). +- mlx4: Connect the infiniband part to the auxiliary bus + (bsc#1187236). +- mlx4: Connect the ethernet part to the auxiliary bus + (bsc#1187236). +- mlx4: Register mlx4 devices to an auxiliary virtual bus + (bsc#1187236). +- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver + (bsc#1187236). +- mlx4: Move the bond work to the core driver (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.activate callback + (bsc#1187236). +- mlx4: Replace the mlx4_interface.event callback with a notifier + (bsc#1187236). +- commit 0aba257 + +- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() + (bsc#1187236). +- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236). +- mlx4: Get rid of the mlx4_interface.get_dev callback + (bsc#1187236). +- net/mlx4: Remove many unnecessary NULL values (bsc#1187236). +- kabi/severities: ignore mlx4 internal symbols +- tracing: Fix race issue between cpu buffer write and swap + (git-fixes). +- tracing: Remove extra space at the end of hwlat_detector/mode + (git-fixes). +- tracing: Remove unnecessary copying of tr->current_trace + (git-fixes). +- bpf: Clear the probe_addr for uprobe (git-fixes). +- commit 47e9584 + +- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes). +- commit 74c2613 + +- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes). +- commit a8877f3 + +- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes). +- commit 670fb4d + +- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes). +- commit 9871c87 + +- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes). +- commit 3949a2b + +- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes). +- commit 4534667 + +- x86/sgx: Reduce delay and interference of enclave release (git-fixes). +- commit ef6d157 + +- x86/rtc: Remove __init for runtime functions (git-fixes). +- commit 4511d93 + +- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes). +- commit cb39678 + +- x86/mce: Retrieve poison range from hardware (git-fixes). +- commit c9f1ddb + +- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes). +- commit 96d9365 + +- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes). +- commit 12a2933 + +- x86/resctl: fix scheduler confusion with 'current' (git-fixes). +- commit 0d855b9 + +- x86/purgatory: remove PGO flags (git-fixes). +- commit 9d8ada6 + +- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes). +- commit ea0772f + +- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes). +- commit c1031f1 + +- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes). +- commit bbfad26 + +- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes). +- commit bf6d064 + +- x86/cpu: Add Lunar Lake M (git-fixes). +- commit 7ecc64d + +- x86/bugs: Reset speculation control settings on init (git-fixes). +- commit 2a6dd8e + +- x86/boot/e820: Fix typo in e820.c comment (git-fixes). +- commit ac06968 + +- x86/alternative: Fix race in try_get_desc() (git-fixes). +- commit d841323 + +- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes). +- commit 11f0960 + +- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes). +- commit cae635f + +- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes). +- commit 2a03ef8 + +- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" + (git-fixes). +- PCI: Free released resource after coalescing (git-fixes). +- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes). +- ntb: Drop packets when qp link is down (git-fixes). +- ntb: Clean up tx tail index on link down (git-fixes). +- idr: fix param name in idr_alloc_cyclic() doc (git-fixes). +- commit a1c9c68 + +- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453). +- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453). +- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453). +- commit 665fc14 + +- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 + codecs (git-fixes). +- arm64: csum: Fix OoB access in IP checksum code for negative + lengths (git-fixes). +- commit f43b75b + +- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes). +- commit daa1815 + +- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873 + git-fixes). +- commit b0dc76c + +- s390/zcrypt: don't leak memory if dev_set_name() fails + (git-fixes bsc#1215148). +- commit 62bce52 + +- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy + gamma (git-fixes). +- drm/amd/display: Remove wait while locked (git-fixes). +- drm/amd/display: Add smu write msg id fail retry process + (git-fixes). +- drm/amd/display: register edp_backlight_control() for DCN301 + (git-fixes). +- drm/i915/gvt: Put the page reference obtained by KVM's + gfn_to_pfn() (git-fixes). +- drm/i915/gvt: Verify pfn is "valid" before dereferencing + "struct page" (git-fixes). +- commit 5618424 + +- drm/amd/display: prevent potential division by zero errors + (git-fixes). +- drm/i915: mark requests for GuC virtual engines to avoid + use-after-free (git-fixes). +- net: phy: micrel: Correct bit assignments for phy_device flags + (git-fixes). +- pwm: lpc32xx: Remove handling of PWM channels (git-fixes). +- i3c: master: svc: fix probe failure when no i3c device exist + (git-fixes). +- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() + (git-fixes). +- commit 3aa0807 + +- blacklist.conf: kABI +- commit fe6afec + +- blacklist.conf: kABI +- commit b1fabe7 + +- blacklist.conf: kABI +- commit c50e08f + +- Input: tca6416-keypad - fix interrupt enable disbalance + (git-fixes). +- commit de27518 + +- fs: do not update freeing inode i_io_list (bsc#1214813). +- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE + (bsc#1214813). +- commit 2c1c38b + +- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load + (git-fixes). +- backlight: gpio_backlight: Drop output GPIO direction check + for initial power state (git-fixes). +- USB: serial: option: add FOXCONN T99W368/T99W373 product + (git-fixes). +- USB: serial: option: add Quectel EM05G variant (0x030e) + (git-fixes). +- tcpm: Avoid soft reset when partner does not support get_status + (git-fixes). +- usb: typec: tcpci: clear the fault status bit (git-fixes). +- ARM: pxa: remove use of symbol_get() (git-fixes). +- Bluetooth: btsdio: fix use after free bug in btsdio_remove + due to race condition (git-fixes). +- usb: typec: tcpci: move tcpci.h to include/linux/usb/ + (git-fixes). +- commit 72d5b0f + +- blacklist.conf: add git-fix to ignore + this one removes unused kABI functions, but + just leave them in +- commit 8007015 + +- scsi: snic: Fix double free in snic_tgt_create() (git-fixes). +- commit 1ed2b1b + +- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of + EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug. +- commit 550f5fc + +- Move upstreamed pinctrl patch into sorted section +- commit 38f70f2 + +- Update References tag + patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch + (git-fixes bsc#1214233 CVE-2023-40283). +- commit 731b49d + +- ata: pata_falcon: fix IO base selection for Q40 (git-fixes). +- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes). +- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes). +- kconfig: fix possible buffer overflow (git-fixes). +- commit 4a140a1 + +- scsi: qedf: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: qedi: Fix firmware halt over suspend and resume + (git-fixes). +- scsi: snic: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix possible memory leak if device_add() fails + (git-fixes). +- scsi: core: Fix legacy /proc parsing buffer overflow + (git-fixes). +- scsi: 53c700: Check that command slot is not NULL (git-fixes). +- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() + (git-fixes). +- scsi: scsi_debug: Remove dead code (git-fixes). +- scsi: 3w-xxxx: Add error handling for initialization failure + in tw_probe() (git-fixes). +- scsi: qedf: Fix NULL dereference in error handling (git-fixes). +- commit f8c12c2 + +- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995 + CVE-2023-1192). +- commit 542332a + +- blacklist.conf: add git-fix that breaks kabi +- commit 8b9578b + +- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE + (git-fixes). +- scsi: lpfc: Modify when a node should be put in device recovery + mode during RSCN (git-fixes). +- scsi: lpfc: Remove reftag check in DIF paths (git-fixes). +- commit 8c191d2 + +- scsi: qla2xxx: Remove unused variables in + qla24xx_build_scsi_type_6_iocbs() (bsc#1214928). +- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928). +- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928). +- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() + (bsc#1214928). +- scsi: qla2xxx: Remove unsupported ql2xenabledif option + (bsc#1214928). +- scsi: qla2xxx: Error code did not return to upper layer + (bsc#1214928). +- scsi: qla2xxx: Add logs for SFP temperature monitoring + (bsc#1214928). +- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928). +- scsi: qla2xxx: Flush mailbox commands on chip reset + (bsc#1214928). +- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928). +- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928). +- scsi: qla2xxx: Remove unused declarations (bsc#1214928). +- commit 1dd6a86 + +- series: update meta data + Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section. +- commit b5aafc0 + kernel-zfcpdump +- x86/sev: Make enc_dec_hypercall() accept a size instead of + npages (bsc#1214635). +- commit c11336f + +- Drop amdgpu patch causing spamming (bsc#1215523) + Deleted: + patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch. +- commit 2351f50 + +- USB: core: Change usb_get_device_descriptor() API (bsc#1213123 + CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552). + Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk) + Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context) +- commit be6100d + latex2html +- version update to 2023.2 + * DONT_INCLUDE now affects \usepackage but not \input + * support \usepackage[xindy]{imakeidx} for sorting accents + * support babel main language option + * support hyphenat package + +- update to 2023: + * update for latest pdftocairo + +- update to 2022.2: + * spacing of eqnarray and align + * check for preview.sty in config.pl + * check for failure of pdflatex run + * newline after footnote should give space + * fix ref to label inside float + * add sidewaysfigure, sidewaystable + * fix eqnarray* +- drop latex2html-binmode.diff. + latex2html-dest-dir.diff, latex2html-perl-bindir.diff + +- Update to version 2022 + * fix cropped figures + * revert PreviewBorder to 0.5bp + * support download attribute for tag + * remove meta tags for distribution, etc + * allow input filename with no extension +- Remove outdated manual latex2html-manual.tar.bz2, + build up-to-date manual from source as part of the build process. +- Drop latex2html-backref-workaround.diff, was a workaround for + perl 5.18 not used in any supported openSUSE version anymore. + +- do not package test logs (WARNINGS in this case) [bsc#1188918] + +- update to 2021.2: + * latex2html -long_titles fix duplicate file names + * latex2html -long_titles 5 -title "Title" + * correct link from index.html + * pnmquant -norandom for reproducible builds + * treat cygwin as unix + * $WORDS_IN_INDEX configurable + * fix image size for multline, subequations + * remove extra after subequations + * equation numbering for multline + * close bold, etc, at end of environment + * implement memoir document class + * fix scanning of latex comments + * fix subequation numbering + * babel should not set character encoding of input file + * package nomencl.sty + * package nameref.sty + * options -cut_ref_num -add_ref_name + +- update to 2021: + * implement listings package + * support for \hyperref (hyperref.sty and html.sty syntax) + * \multirow with automatic width (*) + * support for length units em and ex in &convert_length + * support for font-, page- and minipage-relative length units + * support for specifying image size in wrapfigure + * support for commands: \; \, \quad \qquad inside \textsc + * \itemize[], \enumerate[], \description[] (discard argument) + * &convert_to_unicode in style ” for chars > 255 + * correct several special symbols for koi8-r encoding + * repair \htmladdimg and user scaling in \includegraphics + * repair scaling for undefined environments in use_dvipng mode + * correct placement of the $\degree$ symbol in use_dvipng mode + * repair scaling in nouse_dvipng mode + * 256-color gif dithering via png16m followed by ppmquant + * correct transparent color specification (for the $\_$ symbol) + * correct Makefile for building manual + * adjust spacing for eqnarray + * fix alignment of eq numbers for safari + * fix infinite loop on empty itemize env + * make link to correct bibliography if there is more than one + * "References" by default, "Bibliography" for book + +- update to 2020.2: + - gs 9.50: -dNOSAFER to write to tmp dir + - css fix: put caption below figure + - fix bug with gif with >256 colors + - fix eqnarray* + - fix "make test" + - fix false matches when reusing images for long environments. + - fork on \include, not on \input + - fix figure size with png + - allow verbatim in figure + - output height with displaymath, center displaymath + - enable -nouse_pdftex -image_type svg + - fall back to unicode combining characters for accents + - generate higher numbered UTF8 chars + +- fix url + +- texlive-preview was mistakenly added as build dependency, it + should have been runtime dependency [bsc#1150208] + +- Drop log files to make package build reproducible (boo#1047218) + +- version update to 2019.2 + * format author block consistently + https://bugs.debian.org/223565 + * simplify build of manual + https://bugs.debian.org/639708 + * convert -- to – and --- to — + If you want "--", use "-{}-", even inside \texttt{} + Behavior of \textt{--} in latex depends on font encoding. + https://bugs.debian.org/75416 + * fix unicode in -html_version 5.0,math + * fix -notop_navigation (had no effect) + * remove obsolete "table" option + https://bugs.debian.org/276037 + * fix "make test" + * ppmtopng syntax works with all versions of ppmtopng + * respect ./configure --with-perl=/bin/perl + * fallback for unknown column types, such as those + introduced by \newcolumntype. + https://bugs.debian.org/899306 + * fix \sffamily + https://bugs.debian.org/111441 + * produce svg images using pdftocairo + * use latex preview package to produce cropped images.pdf + * pdflatex by default + * dvipng by default + * html 5 + * unicode input and output by default + * Support for packages luainputenc and polyglossia + * Support for picture generation via pdflatex, lualatex + or dvilualatex (options -use_pdftex, -use_luatex, + * use_luadvi correspondingly) + * perl 5.26: unescaped brace + * polski.perl: no translation until \prefixing command +- use native `make test` +- use latex2html.1 from tarball +- deleted patches + - latex2html-perl526.patch (upstreamed) +- deleted sources + - latex2html-README.SUSE (not needed) + - local.pm (not needed) + - testfile.tex (not needed) +- added required texlive-preview + +- updated to 2018 + * config: avoid warning "untie attempted" + * Handle . not in @INC for images.pl and internals.pl + * fix \graphicspath with relative path in preamble + https://github.com/latex2html/latex2html/issues/40 + * \providecommand should not redefine existing command + * Picture generation via dvipng + * KOI8-R, CP1251 and UTF-8 support for Russian + * default to white background for rendering images. + if $LATEX_COLOR set, pass as transparency color to pstoimg. + https://bugs.debian.org/188024 + * usepackage xcolor. uses rgb black rather than cmyk black. + fixes eqns appearing as dark grey rather than black. + * Fix stray comment mark: Issue #19 +- altered patches + % latex2html-perl-bindir.diff + % latex2html-perl526.patch + -- Remove BuildRequires on xorg-x11-*, noarch package - does not require devel headers/libraries. - -- fixed url - -- updated to version 2012: - * fix warnings in perl 5.14 - * build fixes -- latex2html-2008.diff was split to share-dir.patch, local.pm - (source) and latex2html.1 (source) -- buildroot.diff was renamed to dest-dir.diff and that was extended - to install icons properly -- fix-defined.patch was removed (upstreamed) -- manual.ps.gz was removed - -- Use kpsepath to determine texmf main location - -- use \g syntax for \8 and \9 regexp backrefs to work around - a bug in perl-5.18 - -- add latex2html-fix-defined.patch from debian bug tracker to avoid - a warning -- add apparmor's tex docu for better %check: testfile.tex - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -- update license to new format - -- stopped using deprecated multiline matching (bnc#417982) - -- updated patches to apply with fuzz=0 - libX11 +- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch + U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch + U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch + U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch + U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch + * CVE-2023-43785 libX11: out-of-bounds memory access in + _XkbReadKeySyms() (boo#1215683) + * CVE-2023-43786 libX11: stack exhaustion from infinite recursion + in PutSubImage() (boo#1215684) + * CVE-2023-43787 libX11: integer overflow in XCreateImage() + leading to a heap overflow (boo#1215685) + libXpm +- U_0000-test-Add-unit-tests-using-glib-framework.patch + U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch + U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch + U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch + * fixes CVE-2023-43788 libXpm: out of bounds read in + XpmCreateXpmImageFromBuffer() (boo#1215686) + * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with + corrupted colormap (boo#1215687) +- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch + U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch + U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch + U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch + * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684, + boo#1215685); see changelog in libX11 update ... + -- bumped version number to 7.6 - libcacard +- Update to version 2.8.1 + * Unbreak RAW deciphering emulation using RSA-PKCS1 method + * Use g_memdup2 to avoid deprecation warnings with new glib2 + +- Update to v2.8.0. Changes include: + * Improve project documentation + * Bump minimal glib version to 2.32 and remove old compatibility functions + * Introduce meson build system in addition to existing autotools + * Create and run fuzzer drivers to improve stability + * Introduce a new API vcard_emul_finalize() to clean up allocated resources + * Remove key caching to avoid issues with some PKCS #11 modules + * Prevent logging critical errors on unknown instruction +- Remove empty libcacard package, and also drop the rpm provided + symbol qemu-tools:/usr/bin/vscclient, both assumed unused by now + +- Update to v2.7.0. Changes include: + * Improve compatibility with Windows guests, particularly with + ActivClient Windows drivers. + * Implement Microsoft PnP applet used by Windows for card detection + * Fill several structures returned by Global Platform applet to + mimic behavior of real cards. + * Implement API for creation of serial number used to uniquely + identify a emulated card. + * More verbose debug logs + * Fix the VERIFY semantics, which can be used for login status + check + * Add clang and csbuild CI targets + * Use ATR from official CAC card to improve card detection under + Windows + +- Update to v2.6.1 + * various bug fixes (memory corruption issues which would cause + crashes in spice-gtk) + +- Update to v2.6.0 + * provides implementation of GSC-IS 2.1 (aka CAC version 2) to improve + interoperability with guest software using the emulated or shared + smart cards. The previously implemented CACv1 specification is no + longer supported by any other application so the old code is gone + and any application depending on this old standard will not work + anymore. + * vscclient is no longer installed, as it is not an end-user supported + solution + * various bug & leak fixes + libeconf +- Additional info for version 0.5.2: + * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" + function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078) + * Fixed a stack-buffer-overflow vulnerability in "read_file" + function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078) + +- Update to version 0.5.2: + * Fixed build for aarch64 and gcc13. + * Making the output verbose when a test fails. + * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile" + function. + * Fixed a stack-buffer-overflow vulnerability in "read_file" + function. + * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list) + Sets a list of directory structures (with order) which describes + the directories in which the files have to be parsed. + E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following + directories will be parsed: + "/..d/" + "//conf.d/" + "/.d/" + "//" + The entry "/..d/" will be added + automatically. + * General code cleanup. + +- Update to version 0.5.1: + * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless + there is a /etc/_example_._suffix_ file. (#175) + +- Update to version 0.5.0: + * API calls econf_read*WithCallback supporting a general (void *) + argument for user defined data with which the callback function is + called. + * Tagged following functions deprecated: + econf_requireOwner, econf_requireGroup, econf_requirePermissions, + econf_followSymlinks, econf_reset_security_settings + Use one of the econf_read*WithCallback functions instead. + +- Update to version 0.4.9: + * libeconf.h: added missing sys/types.h header (#171) + * new API calls: econf_readFileWithCallback, + econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172) + * Checking NULL comment parameter in the parsing functions. + +- Update to version 0.4.8+git20221114.7ff7704: + * Parsing files which are containing keys only (#170) + All delimiters are allowed now : "", " =", " ", "=". But the + user should use "" in order to be distinct. + * /usr/etc/shells.d/ will not be parsed if + /etc/shells.d/ is defined too. + * Lto build fixed (#168) + * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag, + econf_set_delimiter_tag + * Checking UID,GroupID, permissions,... of the parsed files (#165) + New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions, + econf_followSymlinks + * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164) + * Error handling improved for nums and booleans (#163) + libjpeg-turbo +- merge two spec files into one + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +- Build AVX2 enabled hwcaps library for x86_64-v3 + +- update to 2.1.5.1: + * Fixed a regression introduced by 2.0 beta1[15] that caused a buffer + overrun in the progressive Huffman encoder when attempting to transform + a specially-crafted malformed 12-bit-per-component JPEG image into a + progressive 12-bit-per-component JPEG image using a 12-bit-per-component + build of libjpeg-turbo. + * Fixed an issue whereby, when using a 12-bit-per-component build of + libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095 + or less than 0 to jpeg_write_scanlines() caused a buffer overrun or + underrun in the RGB-to-YCbCr color converter. + * Fixed a floating point exception that occurred when attempting to use + the jpegtran -drop and -trim options to losslessly transform a + specially-crafted malformed JPEG image. + * Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result, + rather than throwing an error, if the align parameter was not a power of 2. + * Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt + JPEG image in certain cases, rather than throwing an error, + if the align parameter was not a power of 2. + * Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for + tjDecompressToYUVPlanes(), used the desired YUV image dimensions + rather than the actual scaled image dimensions when computing the plane + pointers and strides to pass to tjDecompressToYUVPlanes(). + This caused a buffer overrun and subsequent segfault if the desired + image dimensions exceeded the scaled image dimensions. + * Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG + image (-DWITH_12BIT=1) using an alpha-enabled output color space such as + JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095. + * Fixed an issue whereby the Java version of TJBench did not accept a range + of quality values. + * Fixed an issue whereby, when -progressive was passed to TJBench, + the JPEG input image was not transformed into a progressive JPEG image + prior to decompression. + +- Add explicit provides for jpegtran, so it can be installed easier + +- update to 2.1.4: + * Fixed a regression introduced in 2.1.3 that caused build failures with + Visual Studio 2010. + * The tjDecompressHeader3() function in the TurboJPEG C API and the + TJDecompressor.setSourceImage() method in the TurboJPEG Java API now + accept "abbreviated table specification" (AKA "tables-only") datastreams, + which can be used to prime the decompressor with quantization and Huffman + tables that can be used when decompressing subsequent "abbreviated image" + datastreams. + * libjpeg-turbo now performs run-time detection of AltiVec instructions on + OS X/PowerPC systems if AltiVec instructions are not enabled at compile + time. This allows both AltiVec-equipped (PowerPC G4 and G5) and + non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same + build of libjpeg-turbo. + * Fixed an error ("Bogus virtual array access") that occurred when + attempting to decompress a progressive JPEG image with a height less than + or equal to one iMCU (8 * the vertical sampling factor) using + buffered-image mode with interblock smoothing enabled. This was a + regression introduced by 2.1 beta1[6(b)]. + * Fixed two issues that prevented partial image decompression from working + properly with buffered-image mode: + * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() + but before jpeg_start_output() resulted in an error ("Improper call to + JPEG library in state 207".) + * Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus + virtual array access") under certain circumstances. + +- Add requires between baselibs + +- Use nasm instead of yasm, the latter has not released any update + in 7 years. + +- update to 2.1.3: + * Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM + input files into full-color JPEG images unless the `-grayscale` option was + used. + * cjpeg now automatically compresses GIF and 8-bit BMP input files into + grayscale JPEG images if the input files contain only shades of gray. + * The build system now enables the intrinsics implementation of the AArch64 + (Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later. + * Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using + the merged (non-fancy) upsampling algorithms (that is, with + `cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`. + Specifically, the segfault occurred if the number of bytes remaining in the + output buffer was less than the number of bytes required to represent one + uncropped scanline of the output image. For that reason, the issue could only + be reproduced using the libjpeg API, not using djpeg. + +- update to 2.1.2: + * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining + GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used + by default with GCC for performance reasons) to be placed in the `.rodata` + section rather than in the `.text` section. This caused the GNU linker to + automatically place the `.rodata` section in an executable segment, which + prevented libjpeg-turbo from working properly with other linkers and also + represented a potential security risk. + * Fixed an issue whereby the `tjTransform()` function incorrectly computed the + MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus + unduly rejected some cropping regions, even though those regions aligned with + 8x8 MCU block boundaries. + * Fixed a regression introduced by 2.1 beta1[13] that caused the build system + to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy + architectures that do not support Neon instructions. + * libjpeg-turbo now performs run-time detection of AltiVec instructions on + FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile + time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be + supported using the same build of libjpeg-turbo. + * cjpeg now accepts a `-strict` argument similar to that of djpeg and + jpegtran, which causes the compressor to abort if an LZW-compressed GIF input + image contains incomplete or corrupt image data. + libostree +- Add patch from upstream to fix corrupted files when using a large + fs with 64-bit inodes (boo#1214708): + * 0001-commit-fix-ostree-deployment-on-64-bit-inode-fs.patch + libqb +- log: Fix potential overflow with long log messages (CVE-2023-39976, bsc#1214066) + * bsc#1214066-0001-fix-potential-overflow-with-long-log-messages.patch + libraw + fix CVE-2020-22628 [bsc#1215308], stretch() function in libraw/src/postprocessing/aspect_ratio.cpp + + libraw-CVE-2020-22628.patch + +- security update +- added patches libvpx +- Fixing CVE-2023-5217 heap buffer overflow (boo#1215778) + added CVE-2023-5217.patch + libzip +- version update to 1.10.1 + * Add `ZIP_LENGTH_TO_END` and `ZIP_LENGTH_UNCHECKED`. Unless + `ZIP_LENGTH_UNCHECKED` is used as `length`, it is an error + for a file to shrink between the time when the source is + created and when its data is read. + +- version update to 1.10.0 + * Make support for layered sources public. + * Add `zip_source_zip_file` and `zip_source_zip_file_create`, deprecate `zip_source_zip` and `zip_source_zip_create`. + * Allow reading changed file data. + * Fix handling of files of size 4294967295. + * `zipmerge`: copy extra fields. + * `zipmerge`: add option to keep files uncompressed. + * Switch test framework to use nihtest instead of Perl. + * Fix reading/writing compressed data with buffers > 4GiB. + * Restore support for torrentzip. + * Add warnings when using deprecated functions. + * Allow keeping files for empty archives. + * Support mbedTLS>=3.3.0. + * Support OpenSSL 3. + * Use ISO C secure library functions, if available. + +- libzip 1.9.2: + * Fix version number in header file. + * Fix zip_file_is_seekable(). + * Add zip_file_is_seekable(). + * Improve compatibility with WinAES. + * Fix encoding handling in zip_name_locate(). + * Add option to zipcmp to output summary of changes. + * Various bug fixes and documentation improvements. + lz4 +- Build AVX2 enabled hwcaps library for x86_64-v3 + +- Update to release 1.9.4 + * Decompression speed on high-end ARM64 platform is improved, + by ~+20%. + * For the specific scenario of data compressed with -BD4 + setting (small blocks, <= 64 KB, linked) decompressed + block-by-block into a flush buffer (like lz4 CLI does), + decompression speed is improved ~+70%. + * For compressed data employing the lz4frame format (native + format of lz4 CLI), it's possible to ignore checksum + validation during decompression, resulting in speed + improvements of ~+40% . This capability is exposed at both + CLI (see --no-crc) and library levels. + man-pages -- install kernel_lockdown.7 man page [bsc#1185534] -- added sources - + kernel_lockdown.7 +- update to 6.04: + * Newly documented interfaces in existing pages + * proc.5 + KPF_PGTABLE (Linux 4.18) + * landlock.7 + LANDLOCK_ACCESS_FS_REFER (Linux 5.19) + * udp.7 + UDP_GRO (Linux 5.0) + UDP_SEGMENT (Linux 4.18) + * Changes to individual pages + +- Update to version 6.00 + * Updated manual pages and interface documentation + * Move definitions of types to separate pages in man2type/ and + man3type/. Previously, they were spread (and duplicated) in other + pages, or in system_data_types.7 (with links in man3/). + * Add man3head/ for pages that document header files. + * Add man3const/ for pages that document constants. + * Improve consistency of man(7) source + * Manual pages sections: + * Title (.TH): + * Remove 5th argument to TH (middle-header). + * Specify "Linux man-pages" and the version in the 4th argument + (left-footer). + * Add the LIBRARY section. This section standardizes a way to + document the library that provides a given interface. + * Add the CAVEATS section. BUGS and NOTES were serving that purpose + before, but CAVEATS is more appropriate. + * Rename the CONFORMING TO section to STANDARDS for consistency with + other projects, such as the BSDs. + * SYNOPSIS: Add the ISO C2X [[deprecated]] attribute for functions + that have been deprecated or removed. + * EXAMPLES: Improve consistency of C source code. Also, reduce the + number of warnings that several linting tools emit. + * COLOPHON: Remove section (its purpose is now served by the title). +- Update to version 6.01 + * Updated interface documentation + * Manual pages' sections: + * Title (.TH): + * Remove the hardcoded date (TH 3rd argument), and replace it by a + placeholder that should be changed when creating the tarball. + This removes the need for a tstamp commit before each release. +- Update to version 6.02 + * Updated manual pages and interface documentation, noteable: + * copy_file_range.2: Fix wrong kernel version information + * process_madvise.2: Fix capability and ptrace requirements + * madvise.2: Update Transparent Huge Pages file/shmem documentation + for Linux 5.4+. + * Use correct letter case in manual page titles, instead of uppercase. + * Use \" t comments when appropriate (Lintian needs this). + * SYNOPSIS: + * Add _Nullable for functions that receive NULL as a meaningful + input. + * Use VLA syntax to clarify the meaning of size parameters, rather + than hiding it in possibly-confusing text. + * Use [[noreturn]] instead of noreturn, which will be deprecated + soon. +- Rebased man-pages-tcp_fack.patch +- Added keyring and signed source + +- version update to 5.13 [bsc#1189908] + http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html + +- do not package man5/motd.5, it is provided by pam package + [bsc#1188724] + +- version update to 5.12 + http://linux-man-pages.blogspot.com/2021/06/man-pages-512-released.html +- deleted patches + - man-pages-tty_ioctl.patch (upstreamed) + +- version update to 5.11 + http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html +- modified patches + % man-pages-tty_ioctl.patch (refreshed) + +- version update to 5.10 + * added documentation of the faccessat2() system call + * added a new subsection to the signal(7) manual page that provides + a "big picture" of what happens when a signal handler is executed +- deleted patches + - man-pages-openat2.h-location.patch (upstreamed) + +- version update to 5.09 + http://linux-man-pages.blogspot.com/2020/11/man-pages-509-is-released.html +- modified patches + % man-pages-openat2.h-location.patch (refreshed) +- [bsc#1185534] + +- version update to 5.08 + Newly documented interfaces in existing pages + - -------------------------------------------- + prctl.2 + Dave Martin + Add SVE prctls (arm64) + Add documentation for the the PR_SVE_SET_VL and PR_SVE_GET_VL + prctls added in Linux 4.15 for arm64. + Dave Martin [Catalin Marinas] + Add tagged address ABI control prctls (arm64) + Add documentation for the the PR_SET_TAGGED_ADDR_CTRL and + PR_GET_TAGGED_ADDR_CTRL prctls added in Linux 5.4 for arm64. + setns.2 + Michael Kerrisk + Document the use of PID file descriptors with setns() + Starting with Linux 5.8, setns() can take a PID file descriptor as + an argument, and move the caller into or more of the namespaces of + the thread referred to by that descriptor. + capabilities.7 + Michael Kerrisk + Document CAP_BPF + Michael Kerrisk + Add CAP_PERFMON + symlink.7 + Aleksa Sarai + Document magic links more completely + etc. see Changes +- modified patches + % man-pages-openat2.h-location.patch (refreshed) + +- added patches + fix [bsc#1173382] + + man-pages-openat2.h-location.patch + +- version update to 5.07 + New and rewritten pages + - ---------------------- + ioctl_fslabel.2 + New page documenting filesystem get/set label ioctl(2) operations + Removed pages + - ------------ + ioctl_list.2 + This page was first added more than 20 years ago. Since + that time it has seen hardly any update, and is by now + very much out of date, as reported by Heinrich Schuchardt + and confirmed by Eugene Syromyatnikov. + Newly documented interfaces in existing pages + - -------------------------------------------- + adjtimex.2 + Document clock_adjtime(2) + clock_getres.2 + Explain dynamic clocks + clone.2 + Document the clone3() CLONE_INTO_CGROUP flag + mremap.2 + Document MREMAP_DONTUNMAP + open.2 + Document fs.protected_fifos and fs.protected_regular + prctl.2 + Add PR_SPEC_INDIRECT_BRANCH for SPECULATION_CTRL prctls + Add PR_SPEC_DISABLE_NOEXEC for SPECULATION_CTRL prctls + Add PR_PAC_RESET_KEYS (arm64) + ptrace.2 + Document PTRACE_SET_SYSCALL + proc.5 + Document /proc/sys/fs/protected_regular + Document /proc/sys/fs/protected_fifos + Document /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr +- deleted patches + - man-pages-remove-ioctl_list-reference.patch (upstreamed) +- jsc#SLE-16566 jsc#SLE-15188 + +- version update to 5.06 + New and rewritten pages + - ---------------------- + * openat2.2 + * pidfd_getfd.2 + * select.2 + * select_tut.2 + * sysvipc.7 + * time_namespaces.7 + Newly documented interfaces in existing pages + - -------------------------------------------- + arch_prctl.2 + Add ARCH_SET_CPUID subcommand + clock_getres.2 + Document CLOCK_TAI + Add CLOCK_REALTIME_ALARM and CLOCK_BOOTTIME_ALARM + prctl.2 + Document PR_SETIO_FLUSHER/GET_IO_FLUSHER + setns.2 + Document CLONE_NEWTIME + statx.2 + Document STATX_ATTR_VERITY + unshare.2 + Document CLONE_NEWTIME + socket.7 + Add description of SO_SELECT_ERR_QUEUE + Document SO_TIMESTAMPNS + etc., see Changes + +- version update to 5.05 + * Newly documented interfaces in existing pages + clone.2 + Add clone3() set_tid information + Document CLONE_CLEAR_SIGHAND + fcntl.2 + Update manpage with new memfd F_SEAL_FUTURE_WRITE seal + memfd_create.2 + Update manpage with new memfd F_SEAL_FUTURE_WRITE seal + loop.4 + Document LOOP_SET_BLOCK_SIZE + Document LOOP_SET_DIRECT_IO + proc.5 + Document /proc/sys/vm/unprivileged_userfaultfd +- deleted patches + - man-pages-somaxconn-default-value.patch (upstreamed) -- Add PR_PAC_RESET_KEYS for arm64 (jsc#SLE-16566 jsc#SLE-15188). - + prctl.2-Add-PR_PAC_RESET_KEYS-arm64.patch - + prctl.2-Fixes-to-Dave-Martin-s-patch.patch + [bsc#1162464] + + man-pages-somaxconn-default-value.patch + +- do not install man7/bpf-helpers.7 as it is already part of + bpftool package + +- don't use alternatives for man.7, just move it to a different directory + (boo#1160568) +- use packageand to supplement the documentation pattern instead of + unconditionally hooking on man. -- move man.7 man mdoc.7 to a separate directory to avoid conflicts - with mandoc which is a light-weight man alternative for small - systems (boo#1160568). +- Set up %{_mandir}/man7/man.7%{?ext_man} as an alternative for + the man-page specific document. The other package providing + this man page is mandoc, which is meant as an alternative + lightweight faster replacement for man-pages package. It does + not have that many dependencies, it is written in C, see + http://mandoc.bsd.lv/ for more. -- correct documentation of tcp_fack, document tcp_recovery +- version update to 5.04 + * clone.2 + Document clone3() + * wait.2 + Add P_PIDFD for waiting on a child referred to by a PID file descriptor + * bpf-helpers.7 + Refresh against kernel v5.4-rc7 + * see Changes for other changes + +- tcp.7: correct documentation of tcp_fack, document tcp_recovery +- version update to 5.03 + * New and rewritten pages + pidfd_open.2 + pidfd_send_signal.2 + pivot_root.2 + ipc_namespaces.7 + uts_namespaces.7 + * Newly documented interfaces in existing pages + clone.2 + Document CLONE_PIDFD + fanotify_mark.2 + Document FAN_MOVE_SELF + ptrace.2 + Document PTRACE_GET_SYSCALL_INFO + regex.3 + Document REG_STARTEND + * see Changes for other changes + +- version update to 5.02 + * Newly documented interfaces in existing pages + fanotify.7 + fanotify_init.2 + fanotify_mark.2 + Matthew Bobrowski [Amir Goldstein, Jan Kara] + Document FAN_REPORT_FID and directory modification events + vdso.7 + Tobias Klauser [Palmer Dabbelt] + Document vDSO for RISCV + * see Changes for more details + +- version update to 5.01 + * Newly documented interfaces in existing pages + tsearch.3 + Document the twalk_r() function added in glibc 2.30 + * see Changes for more details + +- update to 5.00: + * new or rewritten pages: + s390_guarded_storage.2 + address_families.7 + bpf-helpers.7 + * newly documented interfaces: + fanotify_init.2 + fanotify.7 + Document FAN_REPORT_TID + fanotify_init.2: add new flag FAN_REPORT_TID + fanotify.7: update description of member pid in + struct fanotify_event_metadata + Document FAN_MARK_FILESYSTEM + Monitor fanotify events on the entire filesystem. + Document FAN_OPEN_EXEC and FAN_OPEN_EXEC_PERM + io_submit.2 + Document IOCB_FLAG_IOPRIO + msgctl.2 + semctl.2 + shmctl.2 + Document STAT_ANY commands + prctl.2 + Document PR_SET_SPECULATION_CTRL and PR_GET_SPECULATION_CTRL + sched_setattr.2 + Document SCHED_FLAG_DL_OVERRUN and SCHED_FLAG_RECLAIM + socket.2 + Document AF_XDP + Document AF_XDP added in Linux 4.18. + inotify.7 + Document IN_MASK_CREATE + unix.7 + Document SO_PASSSEC + Document SCM_SECURITY ancillary data + mcelog +- This contains following features: + PED-6122 + [GNR] RAS: mcelog Add support for Granite Rapids (ALP) + PED-6102 + [GNR] RAS: mcelog Add support for Granite Rapids (SLE 15 SP6) + PED-6021 + [SRF] RAS: mcelog support for Sierra Forest (SLE 15 SP6) + PED-6050 + [SRF] RAS: mcelog support for Sierra Forest (ALP) +- Change git repo in _service file from git to https url +- Update to version 195: + * mcelog: Wire up model-specific decoding for Sierra Forest + * mcelog: Add model-specific decoding for Granite Rapids + * client.c: fix build w/ musl libc + * mcelog: New model number for Arrowlake + * mcelog: Don't overwrite model number when lookup fails + * mcelog: Add Graniterapids, Grandridge and Sierraforest + * mcelog: New model number for Lunarlake + * mcelog: Add Emerald Rapids + * Update PFA_test_howto +- Adopt to mainline: + M email.patch + mtools +- update to 4.0.43: + * Fix root directory test in mattrib + * -b BiosDisk flag for mformat to allow setting physdrive to + a user-specified value + * Clearer error message in mformat when trying to mformat a + disk whose total size is not known + * Make recursive copy more consistent + * Trailing slash now always implies target should be a directory + +- update to 4.0.42: + * Added postcmd attribute in drive description to allow to + execute "device release" code automatically at end of + command + * Code cleanup, signedness cleanup about directory entries + +- update to 4.0.41: + * Support FAT32 with less than 0xfff5 clusters + * Make FAT32 entries 0 and 1 match what what Windows 10 does + +- fix build +- deleted patches + - mtools-prototypes.diff (not needed) + +- update to 4.0.40: + * Better compatibility with legacy platforms + +- update to 4.0.39: + * Rename strtoi to strosi (string to signed int). The strtoi + function on BSD does something else (returns an intmax, not + an int) + +- update to 4.0.38: + * Make sure case byte is cleared when making the special + directory entries "." and ".." + * In mattrib man page, replace "attribute flags" with "attribute + bits" + +- update to 4.0.37: + * Removed mclasserase commands, which doesn't fit the coding + structure of the rest of mtools + * Add support to -i option to mcd + * Document -i in mtools.1 + * Fix a missing commad error in floppyd_io.c + +- update to 4.0.36: + * Fix error status of recursive listing of empty root directory + * If recursive listing, also show matched files at level one + * Use "seekless" reads & write internally, where possible + * Text mode conversion refactoring + * Misc refactoring +- remove mtools-aliasing.diff (obsolete) + mutt +- Add upstream commits as patches + * CVE-2023-4874-part1.patch (bsc#1215189 for CVE-2023-4874) + * CVE-2023-4874-part2.patch (bsc#1215189 for CVE-2023-4874) + * CVE-2023-4875.patch (bsc#1215191 for CVE-2023-4875) + nethogs +- update to 0.8.7: + * Adding ppc64le architecture support on travis-ci by @kishorkunal-raj in #198 + * Issue: #62 - UDP support by @takeoverjp in #199 + * Update man page with the latest help message. by @takeoverjp in #200 + * Issue: #102 - Show screenshot in README. by @takeoverjp in #201 + * Add links to other network traffic monitoring tools. by @takeoverjp in #202 + * Issue: #96 - Garbage collect inodeproc on each ui refresh. by @takeoverjp in #203 + * Fix compilation error with [-Werror=format-security] by @kretcheu in #210 + * Added BusyTasks link to the list by @unknown-spirit in #212 + * Add bandwhich and sniffer links by @chenjiandongx in #213 + * Disable capability check, handle failure better by @ncfavier in #215 + * feat: Add basename support #155 by @sgtcortez in #216 + * Use "--tags" parameter to get the correct git-tag by @schuellerf in #221 + * Add process filter by @sgtcortez in #218 + * Add python bindings by @jimmylomro in #222 + * Improve performance with many connections by @CyberShadow in #223 + +- update to 0.8.6: + * fix: Expose to_ms / packet buffer timeout to libnethogs + * Add MB/s and GB/s view modes + * Fix libnethogs handle memory leak + * add support for pcap capture filters + * Add "how to run without root" (capabilities note) to README + * Remove confusing 'waiting for first packet' message + nfs-utils +- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch + Inconsistencies in /etc/exports shouldn't be fatal. + (bsc#1212594) + +- Add 0030-systemd-use-correct-modprobe-d-directory + SLE15-SP5 an earlier don't use /usr/lib/modprobe.d + (bsc#1200710) +- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch + Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed + +- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch + boo#1157881 +- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch + bsc#1209859 +- Allow scope to be set in sysconfig: NFSD_SCOPE + nghttp2 +- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be + sent, and nghttp2_on_stream_close_callback fails with a fatal error. + [CVE-2023-35945 bsc#1215713] + + nghttp2-CVE-2023-35945.patch + nodejs20 +- Update to 20.7.0: + * src: support multiple --env-file declarations + * deps: upgrade npm to 10.1.0 + * doc: move and rename loaders section + * lib: add api to detect whether source-maps are enabled + * src,permission: add multiple allow-fs-* flags + * test_runner: expose location of tests +- z13.patch: upstreamed + +- Update to 20.6.1: + * f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: removed, upstreamed + +- f0ff63fbc32ea55f3d92c5c89fdb91ec47786859.patch: fixes issues with + Angular and other software that tries to load ECM modules in + somewhat circular fashion ending up with multiple executions. + +- Update to 20.6.0: + * add support for .env files to configure envrionment variables + * import.meta.resolve unflagged + * deps: npm updated to 9.8.1 +- nodejs.keyring: updated to include current upstream releasers + ocfs2-tools +- Update from 1.8.7 to 1.8.8 (jsc#PED-6362) + * Upstream only marked a new tag, there is no new feature in this upgrade. + * remove patch + - ocfs2-tools-kernel33.patch + - fixed-mounted.ocfs2-output-when-some-devices-are-Not.patch + - update-mounted.ocfs2-mounted.c.patch + - libocfs2-roll-back-when-dir_index-creation-fails.patch + - fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch + - bug-1203166-dump_fs_locks-support-v4.patch + open-vm-tools +- Update to 12.3.0 (build 22234872) (boo#1214850) + - There are no new features in the open-vm-tools 12.3.0 release. This is + primarily a maintenance release that addresses a few critical problems, + including: + - This release integrates CVE-2023-20900 without the need for a patch. + For more information on this vulnerability and its impact on VMware + products, see + https://www.vmware.com/security/advisories/VMSA-2023-0019.html. + - A tools.conf configuration setting is available to temporaily direct + Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior + of ignoring file systems already frozen. + - Building of the VMware Guest Authentication Service (VGAuth) using + "xml-security-c" and "xerces-c" is being deprecated. + - A number of Coverity reported issues have been addressed. + - A number of GitHub issues and pull requests have been handled. + Please see the Resolves Issues section of the Release Notes. + - For issues resolved in this release, see the Resolved Issues section + of the Release Notes. + - For complete details, see: + https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0 + - Release Notes are available at + https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md + - The granular changes that have gone into the 12.3.0 release are in the + ChangeLog at + https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog +- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests +- jsc-PED-1344 - reinable building containerinfo plugin for SLES 15 SP4. +- Drop patch now contained in 12.3.0: + + 0001-build-put-l-specifiers-into-LIBADD-not-LDFLAGS.patch + + 0002-build-use-grpc-pkgconfig-to-retrieve-flags-libraries.patch + + 2023-20867-Remove-some-dead-code.patch + + CVE-20230-20900.patch + +- limit to protobuf < 22 for now until build failures have been fixed + php-composer2 -- security update -- added patches - fix CVE-2022-24828 [bsc#1198494], Code injection vulnerability - + php-composer2-CVE-2022-24828.patch +- Update to version 2.5.8 + * Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495) + * Fixed EventDispatcher on windows picking bat files when using "@php binary" (#11490) + * Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492) + * Fixed type declarations on ClassLoader (#11500) +- Update to version 2.5.7 + * Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481) +- Update to version 2.5.6 + * BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455) + * Fixed metapackages showing their install path as the root package's path instead of empty (#11455) + * Fixed lock file verification on install to deal better with replace/provide (#11475) + * Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405) + * Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08) + * Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454) + * Fixed support for plugin classes being marked as readonly (#11404) + * Fixed getmypid being required as it is not always available (#11401) + * Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464) + +- Update to version 2.5.5 + * Fixed basic auth failures resulting in infinite retry loop (#11320) + * Fixed GitHub rate limit reporting (#11366) + * Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304) + * Fixed issue displaying solver problems with branch names containing `%` signs (#11359) + * Fixed race condition in cache validity detection when running Composer highly concurrently (#11375) + * Fixed various minor config command issues (#11353, #11302) + +- Update to version 2.5.4 + * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318) +- Update to version 2.5.3 + * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315) + +- Update to version 2.5.2 + * Added warning when `require` auto-selects a feature branch as that is probably not desired (#11270) + * Fixed `self.version` requirements reporting lock file integrity errors when changing branches (#11283) + * Fixed `require` regression which broke the --fixed flag (#11247) + * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281) + * Fixed autoloading regression on PHP 5.6 (#11285) + * Fixed archive command including an existing archive into itself if run repeatedly (#11239) + * Fixed dev package prompt in `require` not appearing in some conditions (#11287) + +- Update to version 2.5.1 + * Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237) + * Fixed preg type error in svn version guessing (#11231) + +- Update to version 2.5.0 + * BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015) + * Improved version guessing of `require` command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160) + * Improved version selection in `archive` command (#11230) + * Added autocompletion of config option names in the `config` command (#11130) + * Added support for writing [custom commands as Command classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-commands) (#11151) + * Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195) + * Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113) + * Added support for `bump` command to bump `>=x` to `>=installed-version` (#11179) + * Added `--download-only` flag to `install` command to only download and prime the cache with the package archives (#11041) + * Added autoconfiguration of `github-domains`/`gitlab-domains` when GitHub/GitLab credentials are configured for a custom domain (#11062) + * Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085) + * Added interactive prompt to `run-script` and `exec` commands if run without any argument (#11157) + * Added interactive prompt where to store credentials when a project-local auth.json exists (#11188) + * Fixed full disk warning to be shown when less than 100MiB is available (#11190) + * Fixed cache keys to allow `_` to avoid conflicts between package names like `a-b` and `a_b` (#11229) + * Fixed docker compatibility by making paths more portable even if the project is installed at `/` (#11169) + +- Update to version 2.4.4 + * Added extra debug output when a zip extraction fails while on + GitHub Actions (#11148) + * Fixed cache write failures when the cache dir gets removed during + a composer run (#11076) + * Fixed 2.4.3 regression in loading Composer on SMB/network shares + (#11077) + * Fixed --dry-run flag missing from bump command (#11047) + * Fixed status command reporting differences when the source ref is + a tag (#11155) + * Fixed outdated command outputting legend on stdout instead of stderr + * Fixed URL sanitizer to handle new GitHub personal access tokens + format (#11137) +- Update to version 2.4.3 + * BC Break: The json format of audit command now has reportedAt as an + RFC3339 string instead of an object which was a mistake (#11120) + * Fixed json format of audit command which was missing affectedVersions + (#11120) + * Fixed plugin commands not being loaded during bash completions + (#11074) + * Fixed parsing of inline aliases within complex constraints with + || or , (#11086) + * Fixed min-php version check in autoload.php to avoid crashing sites + running on PHP 5.5 or below silently with a 200 (#11091) + * Fixed JsonFile reading files without checking if they are readable + first (#11077) + * Fixed require command with --dry-run failing when requiring a package + requiring stability flag extraction (#11112) + +- Update to version 2.4.2 + * Fixed bash completion hanging when running as root without + COMPOSER_ALLOW_SUPERUSER set (#11024) + * Fixed handling of plugin activation when running as root without + COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, + or does not happen if input is non-interactive + * Fixed package filter on bump command (#11053) + * Fixed handling of --ignore-platform-req with upper-bound ignores + to not apply to conflict rules (#11037) + * Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0 + * Fixed handling of zero-major versions in outdated command with + - -major-only (#11032) + * Fixed show --platform regression since 2.4.0 when running in a + directory without composer.json (#11046) + * Fixed a few strict type errors +- Update to version 2.4.1 + * Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit + flag in CI (#10998) + * Fixed show command showing packages in two sections, this was only + meant for the outdated command (#11000) + * Fixed local git repos being copied to cache unnecessarily (#11001) + * Fixed git cache invalidation issue when a git tag gets created after + the cache has loaded a given reference (#11004) +- Update to version 2.4.0 + * Added bash completions for Composer commands, package names, etc + (see how to setup) (#10320) + * Added bump command to bump requirements to the currently installed + version (#10829) + * Added audit command to check for known security vulnerabilities in + installed packages (#10798, #10898) + * Added automatic auditing of security vulnerabilities after update + is done, can be overridden with --no-audit (#10798, #10898) + * Added --audit to install command to also do an audit (#10798, #10898) + * Added json format output to the check-platform-reqs command (#10979) + * Added GitLab 15+ token refresh support (#10988) + * Added r alias to require command (#10953) + * Added composer/class-map-generator dependency to replace + Composer\Autoload\ClassMapGenerator which is now deprecated (#10885) + * Added --locked to depends/prohibits commands (#10834) + * Added --strict-psr flag to dump-autoload command to fail the process + if PSR violations were detected, useful for CI (#10886) + * Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars + to turn on --prefer-stable/--prefer-lowest on update and require + command, useful for CI (#10919) + * Added support for temporary update constraints on all packages + (now also including non-root dependencies) (#10773) + * Added --major-only flag to the outdated command to show only + packages with major version updates (#10827) + * Added sections for direct and transitive deps in outdated command + output (#10779) + * Added ability for cache GC to clean up vcs and repo caches (#10826) + * Added --gc flag to clear-cache to only trigger a garbage collection + instead of clearing everything (#10826) + * Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait + for the child process to exit before Composer exits to avoid + dropping output (#10958) + * Added prompt suggesting using --dev when requiring packages with + dev/testing/static analysis keywords present (#10960) + * Added warning in require, init and create-project commands when + the latest version of a package cannot be used due to platform + requirements (#10896) + * Fixed COMPOSER_NO_DEV so it also works with require and remove's + - -update-no-dev (#10995) + +- Update to version 2.3.10 + * Fixed plugins from CWD/vendor being loaded in some cases like + create-project or validate even though the target directory is + outside of CWD (#10935) + * Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) + plugins which will not warn/error anymore if not in allow-plugins, + as they are anyway not loaded (#10928) + * Fixed pre-install check for allowed plugins not taking --no-plugins + into account (#10925) + * Fixed support for disable_functions containing disk_free_space + (#10936) + * Fixed RootPackageRepository usages to always clone the root package + to avoid interoperability issues with plugins (#10940) +- Update to version 2.3.9 + * Fixed non-interactive behavior of allow-plugins to throw instead + of continue with a warning to avoid broken installs (#10920) + * Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 + can be installed with only a warning but plugins fully loaded (#10920) + * Fixed deprecation notice (#10921) + * Fixed type errors (#10924) + +- Update to version 2.3.8 + * Fixed support for cache-read-only where the filesystem is not writable (#10906) + * Fixed type error when using allow-plugins: true (#10909) + * Fixed @putenv scripts receiving arguments passed to the command (#10846) + * Fixed support for spaces in paths with binary proxies on Windows (#10836) + * Fixed type error in GitDownloader if branches cannot be listed (#10888) + * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895) + * Fixed type errors (#10904, #10897) + +- Update to version 2.3.7 + * Fixed a few PHPStan ConfigReturnTypeExtension bugs + * Fixed Config default for auth configs to be empty arrays instead + of null, fixes issues with diagnose command (#10814) + * Fixed handling of broken symlinks when checking whether a package + is still installed (#6708) + * Fixed bin proxies to allow a proxy to include another one safely + (#10823) + * Fixed openssl 3.x version parsing as it is now semver compliant + * Fixed type error when a json file cannot be read (#10818) + * Fixed parsing of multi-line arrays in funding.yml (#10784) + +- Update to version 2.3.6 + * Added Composer\PHPStan\ConfigReturnTypeExtension to improve return + types of Config::get() which you can also use in plugins CI (#10635) + * Fixed name validation regex in schema causing issues with JS IDEs + like VS Code (#10811) + * Fixed unnecessary HTTP request in BitbucketDriver (#10729) + * Fixed invalid credentials loop when setting up GitLab token (#10748) + * Fixed PHP 8.2 deprecations (#10766) + * Fixed lock file changes being output even when the lock file creation + is disabled + * Fixed race condition when multiple requests asking for auth on the + same hostname fired concurrently (#10763) + * Fixed quoting of commas on Windows (#10775) + * Fixed issue installing path repos with a disabled symlink function + (#10786) + * Fixed various type errors (#10753, #10739, #10751) + +- Update to version 2.3.5 + * Security: Fixed command injection vulnerability in + HgDriver/GitDriver: CVE-2022-24828 + * Added warning when downloading a file with verify_peer[_name] disabled + * Fixed curl downloader not retrying when a DNS resolution failure occurs + * Fixed composer.lock file still being used/read when the lock + config option is disabled + * Fixed validate command checking the lock file even if the lock + option is disabled + * Fixed detection of default branch name when it changed since a + git repo was mirrored in cache dir +- Update to version 2.3.4 + * Fixed the generated autoload.php to support running on PHP 5.6+ + (down from 7.0+) and warn clearly on older PHP versions + * Fixed run-script --list flag regression + * Fixed curl downloader handling of DNS resolution failures to do + an automatic retry + * Fixed various type errors + * [bsc#1198494] + +- Update to version 2.3.3 + * Added --2.2 flag to `self-update` to pin the Composer version to + the 2.2 LTS range (#10682) + * Added missing config.bitbucket-oauth in composer-schema.json + * Fixed type errors in SvnDriver (#10681) + * Fixed --version output to match the pre-2.3 one (#10684) + * Fixed config/auth.json files not being validated against the + composer-schema.json (#10685) + * Fixed generation of autoload crashing if a package has a broken + path (#10688) + * Fixed GitDriver state issue when reusing old cache dirs and the + default branch was renamed (#10687) + * Updated semver, jsonlint deps for minor fixes + * Removed dev-master=>dev-main alias from #10372 as it does not + work when reloading from lock file and extracting dev deps (#10651) +- Update to version 2.3.2 + * Fixed type error when running `exec` command (#10672) + * Fixed endless loop in plugin activation prompt when input is not + fully interactive yet appears to be (#10648) + * Fixed type error in ComposerRepository (#10675) + * Fixed issues loading platform packages where the version of a + library cannot be established (#10631) +- Update to version 2.3.1 + * Fixed type error when HOME env var is not set (#10670) +- Update to version 2.3.0 + * Fixed many strict types errors (#10646, #10642, #10647, #10658, + [#10656], #10665, #10660, #10663, #10662) + * Fixed invalid return value in ComposerRepository::findPackage + (#10622) + * Fixed many `show` command issues due to a flipped condition + (#10623) + * Fixed `phpversion()` handling when it returns false due to an + extension defining no version (#10631) + * Fixed `remove` command failing when no `allow-plugin` is defined + in config (#10629) + * Performance improvement in Composer bootstrapping (version guessing) + when on a feature branch (#10632) + * BC Break: the minimum PHP version is now 7.2.5+, use the + [Composer 2.2 LTS](https://github.com/composer/composer/issues/10340) + if you are stuck with an older PHP (#10343) + * BC Break: added native parameter & return types to many internal + APIs, we explicitly left the most extended/implemented symbols + untouched but if this causes problems nonetheless please report + it ASAP (#10547, #10561) + * BC Break: added visibility to all constants, a few internal ones + have been made private/protected, if this causes problems please + report it ASAP (#10550) + * BC Break: the minimum supported Symfony components version is + now 5.4, this only affects you if you are requiring composer/ + composer directly however, which is generally frowned upon + * Bumped `composer-plugin-api` to `2.3.0` + * Bumped bundled Symfony components from 2.8 to 5.4 🥳 + * Added `declare(strict_types=1)` to all the classes, which for + sure could cause regressions in edge cases, please report with + stack traces (#10567) + * Added `--patch-only` to the `outdated` command to only show + updates to patch versions and ignore new major/minor versions + (#10589) + * Added clickable links to various commands for terminals which + support it (#10430) + * Added ProcessExecutor ability to receive commands as arrays by + (internals/plugin change only) (#10435) + * Added abandoned flag to `show`/`outdated` commands JSON-formatted + output (#10485) + * Added config.reference option to `path` repositories to configure + the way the reference is generated, and possibly reduce composer.lock + conflicts (#10488) + * Added automatic removal of allow-plugins rules when removing a + plugin via the `remove` command (#10615) + * Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS + env vars to configure the equivalent flags (#10616) + * Added support for Symfony 6.0 components + * Added support for psr/log 3.x (#10454) + * Fixed symlink creation in linux VM guest filesystems to be + recognized by Windows (#10592) + * Performance improvement in pool optimization step (#10585) + +- Update to version 2.2.7 + * Fixed support for packages with no licenses in licenses + command output + * Fixed handling of allow-plugins: false which kept warning + * Fixed enum parsing in classmap generation when the enum keyword + is not lowercased + * Fixed author parsing in init command requiring an email whereas + the schema allows a name only + * Fixed issues in require command when requiring packages which + do not exist (but are provided by something else you require) + * Performance improvement in pool optimization step + +- Update to version 2.2.6 + * BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for + binaries added in Composer 2.2.2 had to be renamed to + COMPOSER_RUNTIME_BIN_DIR (#10512) + * Fixed enum parsing in classmap generation with syntax like enum + foo:string without space after : (#10498) + * Fixed package search not urlencoding the input (#10500) + * Fixed reinstall command not firing pre-install-cmd/post-install-cmd + events (#10514) + * Fixed edge case in path repositories where a symlink: true option + would be ignored on old Windows and old PHP combos (#10482) + * Fixed test suite compatibility with latest symfony/console + releases (#10499) + * Fixed some error reporting edge cases (#10484, #10451, #10493) +- Update to version 2.2.5 + * Disabled composer/package-versions-deprecated by default as it + can function using Composer\InstalledVersions at runtime (#10458) + * Fixed artifact repositories crashing if a phar file was present + in the directory (#10406) + * Fixed binary proxy issue on PHP <8 when fseek is used on the + proxied binary path (#10468) + * Fixed handling of non-string versions in package repositories + metadata (#10470) +- Update to version 2.2.4 + * Fixed handling of process timeout when running async processes + during installation + * Fixed GitLab API handling when projects have a repository + disabled (#10440) + * Fixed reading of environment variables (e.g. APPDATA) containing + unicode characters to workaround a PHP bug on Windows (#10434) + * Fixed partial update issues with path repos missing if a path + repo is required by a path repo (#10431) + * Fixed support for sourcing binaries via the new bin proxies (#10389) + * Fixed messaging when GitHub tokens need SSO authorization (#10432) + +- PHP Composer 2 requires PHP 7.2.5 at least + +- php is not required for build pmix +- Fix a potential vulnerability where a `chown` may follow a + user-created link: + Fix-a-potential-vulnerability-which-allows-chown-on-user-created-links.patch + (CVE-2023-41915, bsc#1215190). + +- Install pmix-plugin-munge if munge is installed. +- Use correct prerequisite name: pmix-plugin-munge not pmix-plugins-munge postfix +- postfix: config.postfix causes too tight permission on main.cf + (bsc#1215372) + postfix-bdb +- postfix: config.postfix causes too tight permission on main.cf + (bsc#1215372) + python-brotlipy +- Fix CVE-2020-8927, integer overflow when input chunk is larger than 2GiB, + bsc#1175825 + * CVE-2020-8927.patch + python-linux-procfs +- update to 0.7.1: + * Correct VERSION number in procfs.py + * Use f-strings + * Add missing open in with statement + * Use sys.exit and add some docstrings + * Add tar.xz and asc files to gitignore + * Fix traceback with non-utf8 chars in the /proc/PID/cmdline + * Propagate error to user if a pid is completed + * pflags: Handle pids that completed + * Makefile: Add ctags + * Remove procfs/sysctl.py + * Various clean-ups + * Fix UnicodeDecodeError + * Fix more spacing problems with procfs.py + * procfs.py: Simplify is_s390 + * procfs.py: Fix a few more style problems + * clean-ups for recent python formating regarding spacing, tabs, etc + * Fix to parse the number of cpus correctly on s390(x) + +- %python3_only -> %python_alternative + python-minidb +- Update to 2.0.7 + Test against Python 3.10 + YAML syntax and me + Only pass special keyword args to model __init__ + Add delete_all() and count_rows() + +- Update to minidb 2.0.6 + * Add vacuum_on_close option and Store.vacuum() + +- Use GitHub tarball (for tests and README.md). + +- Update to 2.0.5 + * Clean up things and set up CI (#16) + * Don't use ported_eq function +- Drop patches for issues fixed upstream + * no_ported_eq.patch +- Rename README to README.md in %files section + +- Update to 2.0.4: + - switch to pytest +- Rename 0001-switch-to-pytest.patch to no_ported_eq.patch as the + previous patch was upstreamed, and now is just a small cleanup + (gh#thp/minidb#15). + python-reportlab +- (CVE-2019-19450, bsc#1215560) Add + CVE-2019-19450-code-inj-paraparser.patch to avoid code + injection in paraparser.py allowing code execution. + python3 +- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing + gh#python/cpython#108310, backport from upstream patch + gh#python/cpython#108315 + (bsc#1214692, CVE-2023-40217) + python311 +- Update to 3.11.5 (bsc#1214692): + - Security + - gh-108310: Fixed an issue where instances of ssl.SSLSocket were + vulnerable to a bypass of the TLS handshake and included + protections (like certificate verification) and treating sent + unencrypted data as if it were post-handshake TLS encrypted data. + Security issue reported as CVE-2023-40217 by Aapo Oksman. Patch by + Gregory P. Smith. + - Core and Builtins + - gh-104432: Fix potential unaligned memory access on C APIs + involving returned sequences of char * pointers within the grp + and socket modules. These were revealed using a + - fsaniziter=alignment build on ARM macOS. Patch by Christopher + Chavez. + - gh-77377: Ensure that multiprocessing synchronization objects + created in a fork context are not sent to a different process + created in a spawn context. This changes a segfault into an + actionable RuntimeError in the parent process. + - gh-106092: Fix a segmentation fault caused by a use-after-free + bug in frame_dealloc when the trashcan delays the deallocation + of a PyFrameObject. + - gh-106719: No longer suppress arbitrary errors in the + __annotations__ getter and setter in the type and module types. + - gh-106723: Propagate frozen_modules to multiprocessing spawned + process interpreters. + - gh-105979: Fix crash in _imp.get_frozen_object() due to improper + exception handling. + - gh-105840: Fix possible crashes when specializing function calls + with too many __defaults__. + - gh-105588: Fix an issue that could result in crashes when + compiling malformed ast nodes. + - gh-105375: Fix bugs in the builtins module where exceptions + could end up being overwritten. + - gh-105375: Fix bug in the compiler where an exception could end + up being overwritten. + - gh-105375: Improve error handling in + PyUnicode_BuildEncodingMap() where an exception could end up + being overwritten. + - gh-105235: Prevent out-of-bounds memory access during + mmap.find() calls. + - gh-101006: Improve error handling when read marshal data. + - Library + - gh-105736: Harmonized the pure Python version of OrderedDict + with the C version. Now, both versions set up their internal + state in __new__. Formerly, the pure Python version did the set + up in __init__. + - gh-107963: Fix multiprocessing.set_forkserver_preload() to check + the given list of modules names. Patch by Dong-hee Na. + - gh-106242: Fixes os.path.normpath() to handle embedded null + characters without truncating the path (bsc#1214693, + CVE-2023-41105). + - gh-107845: tarfile.data_filter() now takes the location of + symlinks into account when determining their target, so it will + no longer reject some valid tarballs with + LinkOutsideDestinationError. + - gh-107715: Fix doctest.DocTestFinder.find() in presence of class + names with special characters. Patch by Gertjan van Zwieten. + - gh-100814: Passing a callable object as an option value to a + Tkinter image now raises the expected TclError instead of an + AttributeError. + - gh-106684: Close asyncio.StreamWriter when it is not closed by + application leading to memory leaks. Patch by Kumar Aditya. + - gh-107077: Seems that in some conditions, OpenSSL will return + SSL_ERROR_SYSCALL instead of SSL_ERROR_SSL when a certification + verification has failed, but the error parameters will still + contain ERR_LIB_SSL and SSL_R_CERTIFICATE_VERIFY_FAILED. We are + now detecting this situation and raising the appropiate + ssl.SSLCertVerificationError. Patch by Pablo Galindo + - gh-107396: tarfiles; Fixed use before assignment of + self.exception for gzip decompression + - gh-62519: Make gettext.pgettext() search plural definitions when + translation is not found. + - gh-83006: Document behavior of shutil.disk_usage() for + non-mounted filesystems on Unix. + - gh-106186: Do not report MultipartInvariantViolationDefect + defect when the email.parser.Parser class is used to parse + emails with headersonly=True. + - gh-106831: Fix potential missing NULL check of d2i_SSL_SESSION + result in _ssl.c. + - gh-106774: Update the bundled copy of pip to version 23.2.1. + - gh-106752: Fixed several bug in zipfile.Path in + name/suffix/suffixes/stem operations when no filename is present + and the Path is not at the root of the zipfile. + - gh-106602: Add __copy__ and __deepcopy__ in enum + - gh-106530: Revert a change to colorsys.rgb_to_hls() that caused + division by zero for certain almost-white inputs. Patch by Terry + Jan Reedy. + - gh-106052: re module: fix the matching of possessive quantifiers + in the case of a subpattern containing backtracking. + - gh-106510: Improve debug output for atomic groups in regular + expressions. + - gh-105497: Fix flag mask inversion when unnamed flags exist. + - gh-90876: Prevent multiprocessing.spawn from failing to import + in environments where sys.executable is None. This regressed in + 3.11 with the addition of support for path-like objects in + multiprocessing. + - gh-106350: Detect possible memory allocation failure in the + libtommath function mp_init() used by the _tkinter module. + - gh-102541: Make pydoc.doc catch bad module ImportError when + output stream is not None. + - gh-106263: Fix crash when calling repr with a manually + constructed SignalDict object. Patch by Charlie Zhao. + - gh-105375: Fix a bug in _Unpickler_SetInputStream() where an + exception could end up being overwritten in case of failure. + - gh-105375: Fix bugs in sys where exceptions could end up being + overwritten because of deferred error handling. + - gh-105605: Harden pyexpat error handling during module + initialisation to prevent exceptions from possibly being + overwritten, and objects from being dereferenced twice. + - gh-105375: Fix bug in decimal where an exception could end up + being overwritten. + - gh-105375: Fix bugs in _datetime where exceptions could be + overwritten in case of module initialisation failure. + - gh-105375: Fix bugs in _ssl initialisation which could lead to + leaked references and overwritten exceptions. + - gh-105375: Fix a bug in array.array where an exception could end + up being overwritten. + - gh-105375: Fix bugs in _ctypes where exceptions could end up + being overwritten. + - gh-105375: Fix a bug in the posix module where an exception + could be overwritten. + - gh-105375: Fix bugs in _elementtree where exceptions could be + overwritten. + - gh-105375: Fix bugs in zoneinfo where exceptions could be + overwritten. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-105497: Fix flag inversion when alias/mask members exist. + - gh-105375: Fix bugs in pickle where exceptions could be + overwritten. + - gh-103171: Revert undocumented behaviour change with + runtime-checkable protocols decorated with typing.final() in + Python 3.11. The behaviour change had meant that objects would + not be considered instances of these protocols at runtime unless + they had a __final__ attribute. Patch by Alex Waygood. + - gh-105375: Fix a bug in sqlite3 where an exception could be + overwritten in the collation callback. + - gh-105332: Revert pickling method from by-name back to by-value. + - gh-104554: Add RTSPS scheme support in urllib.parse + - gh-100061: Fix a bug that causes wrong matches for regular + expressions with possessive qualifier. + - gh-102541: Hide traceback in help() prompt, when import failed. + - gh-99203: Restore following CPython <= 3.10.5 behavior of + shutil.make_archive(): do not create an empty archive if + root_dir is not a directory, and, in that case, raise + FileNotFoundError or NotADirectoryError regardless of format + choice. Beyond the brought-back behavior, the function may now + also raise these exceptions in dry_run mode. + - gh-94777: Fix hanging multiprocessing ProcessPoolExecutor when a + child process crashes while data is being written in the call + queue. + - bpo-18319: Ensure gettext(msg) retrieve translations even if a + plural form exists. In other words: gettext(msg) == + ngettext(msg, '', 1). + - Documentation + - gh-107008: Document the curses module variables LINES and COLS. + - gh-106948: Add a number of standard external names to + nitpick_ignore. + - gh-54738: Add documentation on how to localize the argparse + module. + - Tests + - gh-105776: Fix test_cppext when the C compiler command -std=c11 + option: remove -std= options from the compiler command. Patch by + Victor Stinner. + - gh-107237: test_logging: Fix test_udp_reconnection() by + increasing the timeout from 100 ms to 5 minutes (LONG_TIMEOUT). + Patch by Victor Stinner. + - gh-101634: When running the Python test suite with -jN option, + if a worker stdout cannot be decoded from the locale encoding + report a failed testn so the exitcode is non-zero. Patch by + Victor Stinner. + - Build + - gh-107814: When calling find_python.bat with -q it did not + properly silence the output of nuget. That is now fixed. + - gh-106881: Check for linux/limits.h before including it in + Modules/posixmodule.c. + - gh-104692: Include commoninstall as a prerequisite for + bininstall + - This ensures that commoninstall is completed before bininstall + is started when parallel builds are used (make -j install), and + so the python3 symlink is only installed after all standard + library modules are installed. + - gh-100340: Allows -Wno-int-conversion for wasm-sdk 17 and + onwards, thus enables building WASI builds once against the + latest sdk. + - Windows + - gh-106242: Fixes realpath() to behave consistently when passed a + path containing an embedded null character on Windows. In strict + mode, it now raises OSError instead of the unexpected + ValueError, and in non-strict mode will make the path absolute. + - gh-106844: Fix integer overflow in _winapi.LCMapStringEx() which + affects ntpath.normcase(). + - gh-99079: Update Windows build to use OpenSSL 3.0.9 + - gh-105436: Ensure that an empty environment block is terminated + by two null characters, as is required by Windows. + - macOS + - gh-107565: Update macOS installer to use OpenSSL 3.0.10. + - gh-99079: Update macOS installer to use OpenSSL 3.0.9. + - Tools/Demos + - gh-107565: Update multissltests and GitHub CI workflows to use + OpenSSL 1.1.1v, 3.0.10, and 3.1.2. + - gh-95065: Argument Clinic now supports overriding automatically + generated signature by using directive @text_signature. See How + to override the generated signature. + - gh-106970: Fix bugs in the Argument Clinic destination + clear command; the destination buffers would never be cleared, + and the destination directive parser would simply continue to + the fault handler after processing the command. Patch by Erlend + E. Aasland. + - C API + - gh-107916: C API functions PyErr_SetFromErrnoWithFilename(), + PyErr_SetExcFromWindowsErrWithFilename() and + PyErr_SetFromWindowsErrWithFilename() save now the error code + before calling PyUnicode_DecodeFSDefault(). + - gh-107915: Such C API functions as PyErr_SetString(), + PyErr_Format(), PyErr_SetFromErrnoWithFilename() and many others + no longer crash or ignore errors if it failed to format the + error message or decode the filename. Instead, they keep a + corresponding error. + - gh-107226: PyModule_AddObjectRef() is now only available in the + limited API version 3.10 or later. + - gh-105375: Fix a bug in PyErr_WarnExplicit() where an exception + could end up being overwritten if the API failed internally. + - gh-99612: Fix PyUnicode_DecodeUTF8Stateful() for ASCII-only + data: *consumed was not set. + +- restrict PEP668 to ALP/Tumbleweed + +- add externally_managed.in to label this build as PEP-668 managed + +- IT MEANS THAT bsc#1210638 STILL HAS NOT BEEN FIXED! +- Add Revert-gh105127-left-tests.patch (gh#python/cpython!106941) + partially reverting CVE-2023-27043-email-parsing-errors.patch, + because of the regression in gh#python/cpython#106669. +- (bsc#1210638, CVE-2023-27043) Add + CVE-2023-27043-email-parsing-errors.patch, which detects email + address parsing errors and returns empty tuple to indicate the + parsing error (old API). (The patch is faulty, + gh#python/cpython#106669, but upstream decided not to just + revert it). + qemu -- Fix bsc#1215311: - * roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311) - -- Fix the build for SLE/Leap: - * [openSUSE][RPM] Make the package buildable on SLE/Leap 15.x - -- Fix bsc#1211000: - * [openSUSE] block: Add a thread-pool version of fstat (bsc#1211000) - * [openSUSE] block: Convert qmp_query_block() to coroutine_fn (bsc#1211000) - * [openSUSE] block: Don't query all block devices at hmp_nbd_server_start (bsc#1211000) - * [openSUSE] block: Convert qmp_query_named_block_nodes to coroutine (bsc#1211000) - * [openSUSE] block: Convert bdrv_block_device_info into co_wrapper (bsc#1211000) - * [openSUSE] block: Convert bdrv_query_block_graph_info to coroutine (bsc#1211000) - * [openSUSE] block: Temporarily mark bdrv_co_get_allocated_file_size as mixed (bsc#1211000) - * [openSUSE] block: Allow the wrapper script to see functions declared in qapi.h (bsc#1211000) - * [openSUSE] block: Remove unnecessary variable in bdrv_block_device_info (bsc#1211000) - * [openSUSE] block: Remove bdrv_query_block_node_info (bsc#1211000) -- Fix bsc#1213210: - * target/s390x: Fix the "ignored match" case in VSTRS (bsc#1213210) - -- Update to version 8.1.0. Full list of changes are available at: - https://wiki.qemu.org/ChangeLog/8.1 - Highlights: - * VFIO: improved live migration support, no longer an experimental feature - * GTK GUI now supports multi-touch events - * ARM, PowerPC, and RISC-V can now use AES acceleration on host processor - * PCIe: new QMP commands to inject CXL General Media events, DRAM - events and Memory Module events - * ARM: KVM VMs on a host which supports MTE (the Memory Tagging Extension) - can now use MTE in the guest - * ARM: emulation support for bpim2u (Banana Pi BPI-M2 Ultra) board and - neoverse-v1 (Cortex Neoverse-V1) CPU - * ARM: new architectural feature support for: FEAT_PAN3 (SCTLR_ELx.EPAN), - FEAT_LSE2 (Large System Extensions v2), and experimental support for - FEAT_RME (Realm Management Extensions) - * Hexagon: new instruction support for v68/v73 scalar, and v68/v69 HVX - * Hexagon: gdbstub support for HVX - * MIPS: emulation support for Ingenic XBurstR1/XBurstR2 CPUs, and MXU - instructions - * PowerPC: TCG SMT support, allowing pseries and powernv to run with up - to 8 threads per core - * PowerPC: emulation support for Power9 DD2.2 CPU model, and perf - sampling support for POWER CPUs - * RISC-V: ISA extension support for BF16/Zfa, and disassembly support - for Zcm*/Z*inx/XVentanaCondOps/Xthead - * RISC-V: CPU emulation support for Veyron V1 - * RISC-V: numerous KVM/emulation fixes and enhancements - * s390: instruction emulation fixes for LDER, LCBB, LOCFHR, MXDB, MXDBR, - EPSW, MDEB, MDEBR, MVCRL, LRA, CKSM, CLM, ICM, MC, STIDP, EXECUTE, and - CLGEBR(A) - * SPARC: updated target/sparc to use tcg_gen_lookup_and_goto_ptr() for - improved performance - * Tricore: emulation support for TC37x CPU that supports ISA v1.6.2 - instructions - * Tricore: instruction emulation of POPCNT.W, LHA, CRC32L.W, CRC32.B, - SHUFFLE, SYSCALL, and DISABLE - * x86: CPU model support for GraniteRapids - * and lots more... -- This also (automatically) fixes: - * bsc#1212850 (CVE-2023-3354) - * bsc#1213001 (CVE-2023-3255) - * bsc#1213925 (CVE-2023-3180) - * bsc#1213414 (CVE-2023-3301) - * bsc#1207205 (CVE-2023-0330) - * bsc#1212968 (CVE-2023-2861) - * bsc#1179993, bsc#1181740, bsc#1211697 - -- perl-Text-Markdown is not available in all distros and for all - arch-es. Use discount instead -- Patches added: - * [openSUSE][spec] Use discount instead of perl-Text-Markdown - -- Update to version 8.0.4: - * Official changelog not released on the mailing list yet - * Security issues fixed: - - bsc#1212850 (CVE-2023-3354) - - bsc#1213001 (CVE-2023-3255) - - bsc#1213925 (CVE-2023-3180) - - bsc#1207205 (CVE-2023-0330) - -- Fix bsc#1179993, bsc#1181740, bsc#1213001 -- Patches added: +- Fix bsc#1213414, bsc#1207205, bsc#1212968, bsc#1179993, + bsc#1181740, bsc#1213001 + * vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present (CVE-2023-3301) + * hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI controller (CVE-2023-0330) + * 9pfs: prevent opening special files (CVE-2023-2861) + * [openSUSE][OBS] Refine the OBS workflow for 15-SP5 -- Update to version 8.0.3: - * See full log: https://lists.nongnu.org/archive/html/qemu-stable/2023-07/msg00086.html - * Security issues fixed: - - 9pfs: prevent opening special files (CVE-2023-2861) - - vhost-vdpa (CVE-2023-3301) - * Use the official xkb name for Arabic layout, not the - legacy synonym (bsc#1212966) - * [openSUSE][RPM] Update to version 8.0.3 - -- Patches added (first one is relevant for boo#1197298 and bsc#1212768): - * [openSUSE][RPM] Use --preserve-argv0 in qemu-linux-user (#32) - * [openSUSE][RPM] Split qemu-tools package (#31) - -- Update to version 8.0.2: - * Stability, security and bug fixes -- Patch added: - * [openSUSE][RPM] Update to version 8.0.2 - -- Patch added: - [openSUSE][RPM] Fix deps for virtiofsd and improve spec files - -- Update the _constraints file: - * the qemu-testsuite package does not exist any longer, but some - of the tests are done in the qemu package (so "transfer" some of - the constraints to that one) - - some of the builds are failing with OOM, happening while the RPM - is actually put together, at the end of the process. Try to give - them more RAM - -- Patch added: - [openSUSE][RPM] spec: require virtiofsd, now that it is a sep package (#27) - -- Update to version 8.0.0 (https://wiki.qemu.org/ChangeLog/8.0) - * Removed features: https://qemu-project.gitlab.io/qemu/about/removed-features.html - * Deprecated features: https://qemu-project.gitlab.io/qemu/about/deprecated.html - * Some notable changes: - - ARM: - - New emulated CPU types: - - Cortex-A55 CPU - - Cortex-R52 CPU - - x86 - - Add support for Xen guests under KVM with Linux v5.12+ - - New CPU model "SapphireRapids" - - VFIO - - Experimental migration support has been updated to the v2 VFIO migration protocol - - virtio - - virtio-mem now fully supports combining preallocation with migration - - vDPA - - Support live migration of vhost-vdpa net devices without CVQ, with no need of x-svq - - virtiofs - - The old C virtiofsd has been removed, use the new Rust implementation instead. - * Patches added: - [openSUSE][RPM] Try to avoid recommending too many packages (bsc#1205680) - [openSUSE][RPM] Move documentation to a subpackage and fix qemu-headless (bsc#1209629) - roms: add back edk2-basetools target - async: Suppress GCC13 false positive in aio_bh_poll() - [openSUSE][OBS] Limit the workflow runs to the factory branch (#25) - [openSUSE][RPM] Spec file adjustments for 8.0.0 +- Fix bsc#1211000 +- Patches added: + * Run fstat asynchronously inside coroutines (bsc#1211000) + * Allow bdrv_get_allocated_file_size to run in bdrv context (bsc#1211000) + * Convert query-named-block-nodes to coroutine (bsc#1211000) + * Convert query-block/info_block to coroutine (bsc#1211000) + * block: Convert bdrv_get_allocated_file_size() to co_wrapper (bsc#1211000) + * block-coroutine-wrapper.py: support also basic return types (bsc#1211000) + * [openSUSE][RPM] Backport some spec-file improvements from Factory -- (Radical!) Change of packaging workflow. Now pretty much everything - happens via git, and interacting with https://github.com/openSUSE/qemu.git. - See README.PACKAGING for details +- Fix bsc#bsc#1211697 - linux-user: Add pidfd_open(), pidfd_send_signal() and pidfd_getfd() syscalls + smbios: sanitize type from external type before checking have_fields_bitmap (bsc#1211697) + hw/smbios: fix field corruption in type 4 table (bsc#1211697) - linux-user: Emulate CLONE_PIDFD flag in clone() - * Patches transformed in git commits: + test-vmstate: fix bad GTree usage, use-after-free + qemu/osdep: Switch position of "extern" and "G_NORETURN" + +- Switch the packaging workflow to git, like the one we have in place + already for Factory. + * Patches no longer present as patch files, but applied as commits: - acpi-cpuhp-fix-guest-visible-maximum-acc.patch - qemu-osdep-Switch-position-of-extern-and.patch - test-vmstate-fix-bad-GTree-usage-use-aft.patch -- Enable again LTO for x86_64 target (boo#1133281). - -- Further fixes for bsc#1209546 - * Patches added: - test-vmstate-fix-bad-GTree-usage-use-aft.patch - -- Fix bsc#1209546 - * Patches added: - qemu-osdep-Switch-position-of-extern-and.patch - -- Backport the "acpi: cpuhp: fix guest-visible maximum access size - to the legacy reg block" patch, as it makes developing and - testing OVMF/EDK2 easier - acpi-cpuhp-fix-guest-visible-maximum-acc.patch -- Disable -Werror as it is very sensitive when one - updates a new compiler. -Werror is fine for upstream development, - but not when it comes to stability of a package build. - quagga +- Applied backport fix for bgpd: Use treat-as-withdraw for tunnel + encapsulation and also other malformed attributes instead of a + session reset (CVE-2023-38802,bsc#1213284) + [+ Quagga-CVE-2023-38802-bgpd-withdraw.bsc1213284.patch] +- Applied backport fix for bgpd: Do not process NLRIs if the + attribute length is zero (CVE-2023-41358,bsc#1214735, + https://github.com/FRRouting/frr/pull/14260) + [+ Quagga-CVE-2023-41358-bgpd-NLRIs.bsc1214735.patch] + rabbitmq-c -- security update -- added patches - fix CVE-2023-35789 [bsc#1212499], Insecure credentials submission - + rabbitmq-c-CVE-2023-35789.patch +- version update to 0.13.0 + [#]# v0.13.0 - 2023-02-05 + [#]# Fixed + - Fixed missing option to not install static library (#665) + - Missing pkgconfig version in v0.12.0 output (#755, #751) + - Correct return value from amqp_ssl_socket_set_key_buffer (#723) + [#]# Changed + - Remove OpenSSL code no longer needed when used with OpenSSL >= 1.1.0. (Fixed: #715, #737) + [#]# Added + - Integration with OSS-Fuzz (#736) + [#]# v0.12.0 - 2023-01-31 + [#]# Changed + - rabbitmq-c now compiles as C99 + - CMake 3.12 is new minimum required version + - CMake -DBUILD_TESTS renamed to -DBUILD_TESTING + - CMake -DBUILD_EXAMPLES now defaults to OFF + - CMake -DBUILD_TOOLS now defaults to OFF + - Unix library version now matches the release version, SONAME remains the same. + - Modernized CMake scripts to better adopt modern standards + - Public headers have moved to rabbitmq-c/ directory + - Dropped support for MSVC older than VS 2010 + - Dropped support for OpenSSL v1.1.0 and older + - Minimum SSL version set to TLSv1.2 + - Updated to RabbitMQ framing to v3.8.19 +- fixes CVE-2023-35789 [bsc#1212499] +- %check: fix testsuite run + +- Update to version 0.11.0 + * Added rabbitmq-c-config.cmake + * Add amqp_set_ssl_engine API to allow setting OpenSSL engine + * Add amqp_ssl_socket_set_key_engine API to allow setting OpenSSL + engine + * Add support use of password-protected SSL keys + * Update OpenSSL library initialization to current best practices + * Updates to OpenSSL to support v3.0.0 + * Restore correct non-blocking behavior using OpenSSL v1.1.1 + * Fix invalid format in generated pkg-config file + * Fix invalid AMQP_STATUS_HEARTBEAT_TIMEOUT + * Fix incorrect port when using --server flag in CLI tools +- Drop upstream merged reproducible.patch + raspberrypi-firmware +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +- Update to 543692d23 (2023-04-25): + * firmware: arm_loader: Set local-bd-address if 6 zeroes found + * firmware: arm_loader: Really check for a zero local-bd-address + See: raspberrypi/linux#5437 + * firmware: arm_dt: Don't overwrite existing i2c aliases + See: raspberrypi/linux#5428 + * firmware: arm_loader: Reduce CMA warning severity + See: #1807 + +- Update to c4122b870 (2023-03-22): + * firmware: gencmd: Add a fallback to mailbox interface if vchiq is not available + * firmware: Handle 64-bitness of named kernels + See: #1792 + * firmware: bootloader: Fix automatic 64bit selection on Pi3s + See: https://forums.raspberrypi.com/viewtopic.php?p=2089764#p2089764 + * firmware: bootloader: Raise CMA cap to 512MB on a 64-bit Pi4 + * firmware: bootloader: Prefer 64-bit kernels on Pi 4s + See: https://forums.raspberrypi.com/viewtopic.php?p=2088935#p2088935 + * firmware: platform: clocks: Replace m2mc with hdmi for state machine clock on 2711 + +- Update to 489d3e2d0 (2023-02-22): + * firmware: video_decode: Convert the active lines, not the padded buffer + * firmware: il isp: Correct histogram masks for updated group + 2 regions + +- Update to 2578acb89 (2023-01-18): + * kernel: overlays: i2c-sensor: Add mpu6050 and mpu9250 + See: raspberrypi/linux#5325 + * firmware: arm_dispmanx: Correct support for NV21, and add support for YV16 + See: #1767 + * firmware: arm_dispmanx: Fix FKMS to adopt pre-multiplied alpha + See: #1773 + * firmware: hdmi_2711: Make some clock setup unconditional so booting + without hdmi setup is possible + See: https://forums.raspberrypi.com/viewtopic.php?t=345362 + * firmware: Actually rebuild firmware described in previous commit + * firmware: Add D flag to video= cmdline option when hotplug is forced + See: https://forums.raspberrypi.com/viewtopic.php?p=2067109#p2067109 + +- Update to 0a7ea702 (2022-12-12): + * firmware: arm_loader: PWM1 is not available on GPIO 45 + * firmware: power: Always read the uncached voltage for AIN and USB_PD + See: https://forums.raspberrypi.com/viewtopic.php?p=2059832#p2059832 + * firmware: Use new SDHCI controller instead of legacy arasan + See: #1763 + +- Update to b8a7365 (2022-11-18): + * firmware: arm_loader: Improvements to Compute Module audio + See: https://forums.raspberrypi.com/viewtopic.php?p=2052680 + * firmware: arm_loader: Fix GPIO bank 1 support + See: #1756 + +- Update to 13691cee9 (2022-10-26): + * firmware: arm_loader: Add vcmailbox support for 256bit OTP + customer device key + See: raspberrypi/usbboot#163 + * firmware: il: video_encode: MJPEG is not conditional on + being RASPBERRYPI_FULL + +- Update to ab37ef59f (2022-10-18): + * firmware: ldconfig: Add all, none, tryboot section support + to autoboot.txt for start.elf + * firmware: arm-dt: bootloader: Pass the original partition + number when booting a ramdisk + * firmware: arm_loader: HAT EEPROM support for GPIO bank 1 + See: #1756 + +- Update to bfbd42ef2 (2022-10-14): + * firmware: isp: Run ISP without hi-res output buffer + * firmware: arm_dt: Export the bootloader EEPROM RSA public + key via device-tree + * firmware: Add tryboot A_B mode + * firmware: il: isp: Correct order buffers were returned in + * firmware: board_info: Fix Pi 400 PHY addresses + See: #1754 + +- Update to 2b3cef2f4 (2022-09-30): + * firmware: isp: Workaround for very unpleasant artifacts in the + sharpening block + * firmware: arm_loader: Raise maximum gzipped kernel size + * firmware: arm-loader: Indicate tryboot status via /proc/device-tree/chosen/bootloader/tryboot + * firmware: arm_loader: Increase TFTP block size to 1468 bytes + See: raspberrypi/rpi-eeprom#375 + * firmware: Add kernel= logging + * firmware: camera_auto_detect changes + See: #1750 + * firmware: Fix USB boot + See: #1744 + * firmware: video decode/MJPEG fixes + See: http://git/vc4/vc4/-/merge_requests/1548 + * firmware: power: Restore VEC and PIXEL clocks after HDMI domain power cycle + See: raspberrypi/linux#4962 + * firmware: arm_loader: Never set warranty bit + See: #1741 + * firmware: vcfw: camera_subsystem: Fix loop counter for powering up devices + See: https://forums.raspberrypi.com/viewtopic.php?t=338917 + * firmware: ldconfig: Add [cm4s] conditional + * firmware: platform: Set min_frequency for HDMI SM clock on Pi0-3 + * firmware: power: Fix failover to secondary PMIC interface functions + See: https://forums.raspberrypi.com/viewtopic.php?t=338429 + * firmware: arm_loader: Correct GPIO expander initial state via SET_GPIO_CONFIG + See: raspberrypi/linux#5107 + * firmware: Disable BT flow control pins for Pi3 rev1.3 + * firmware: arm_loader: initramfs over NVME fix + See: #1731 + * firmware: arm-dt: Export log buffer addresses to /proc/chosen/log + * firmware: arm_loader: Fix GET_CLOCKS to not overwrite client buffer + See: #1688 + * firmware: arm_loader: Declare program_sdhost_use_dma + +- Update to df569e0 (2022-07-04): + * firmware: video_decode: Stop decode on a colourspace change + See: raspberrypi/linux#5059 + * firmware: video_encode: Fix subsample image alignment assert + * firmware: tc358762_DSI: Don't start the PV and DSI before the HVS + * firmware: hello_pi: Fix some build issues + See: #1728 + * firmware: arm_dt: camera_auto_detect cam0 flag needs to + look at Unicam instance, not port + * firmware: platform: over-voltage Zero 2 W by two pips + See: #1723 + * firmware: arm_loader_dvfs: Only add clocks to boostable list + when they have been boosted + See: #1726 + * firmware: arm_dt: Try upstream DTB files if downstream absent + * firmware: arm_loader: Delay the USB controller switchover + * firmware: Fix for vc_image YUYV family to YUV422 planar conversion function + * firmware: vcgencmd display_power and camera_auto_detect fixes + * firmware: variants: Add mjpg_encode to the standard firmware image + * firmware: arm_loader_dvfs: Support CLOCK_HDMI as boostable clock + See: raspberrypi/linux#5016 + * firmware: dtblob: Use a cached alias to reduce boot time + * firmware: hdmi: Reduce the number of EDID retries if hotplug is not detected + * firmware: arm_loader: Support longer file paths + See: #1720 + * firmware: arm_loader_dvfs: Make arm only see its own boosts, + fixed and min clocks + * firmware: dtoverlay: Fix path rebasing and exports + * firmware: dtoverlay: Fix clang warnings + * firmware: dtoverlay: Add support for string escape sequences + See: https://forums.raspberrypi.com/viewtopic.php?t=330792 + * firmware: isp: R and B order must be swapped when reading + VC_IMAGE_RGBA32 into the ISP + See: http://git/vc4/vc4/-/merge_requests/1430 + +- Update to 231daece7c (2022-03-01): + * firmware: board_info: Handle misprogrammed 3B rev 1.2s + * firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param + * firmware: Handle overlay parameters embedded in overlay_map.dtb + See: raspberrypi/linux#4860 + * firmware: firmware: Add HDMI_PORTS trait + * firmware: arm_dt: Fix rpi-poe overlay parameters + See: #1689 + * firmware: jpeghw: Skip APP0 AVI1 headers, regardless of length + See: https://forums.raspberrypi.com/viewtopic.php?p=1975448 + * firmware: camera_subsystem: Report ignored interfaces due to libcamera + See: #1679 + * firmware: Export os_prefix, overlay_prefix, rsts and boot-mode on all models + * firmware: vcfw/hdmi_i2c: Initialise all instances from hdmi_i2c_init + * firmware: mmal: Add mapping for IL OMX_IndexParamBrcmEnableIJGTableScaling param + See: raspberrypi/linux#4669 + +- Update to 9c04ed2c1a (2022-01-24): + * firmware: platform: Limit max clock-id to CLOCK_VEC for now + See: #1688 + +- Update to 827fdd0736 (2022-01-20): + * firmware: dtoverlay: Don't mix non-fatal errors and offsets + See: #1686 + * firmware: arm_loader: Load vl805 overlay on CM4 + See: https://forums.raspberrypi.com/viewtopic.php?t=326088 + * firmware: gencmdserv: Add mailbox interface to gencmd + * firmware: improve firmware camera detection + * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 + See: #1671 + * firmware: ldconfig: Discard subsequent chunks from a truncated line + See: #1669 + * firmware: cec: Fail set_passive_mode when running with kms + * firmware: Firmware: Remove PWM/audio traits for CM4 + * firmware: usb: Fix non-BCM2711 MSD support + See: raspberrypi/usbboot#102 + +- Update to 1a0297bfbf (2021-12-01): + * firmware: board_info: Add upstream dtb names for cm1 & 3 + * firmware: board_info: Add upstream dtb name for cm4 + See: #1660 + * firmware: platform: Allow users to disable camera boot HMAC check + See: #1657 + * firmware: clock: 2711: Fix potential API issue in 2711 VCO setup + * firmware: arm_loader: Enable USB MSD boot mode on Zero 2 W + * firmware: isp: Fix Rec.709 colour space problems + +- Fix deps for raspberrypi-firmware-config and raspberrypi-firmware-config-camera + +- Add raspberrypi-firmware-config-camera flavor - boo#1192047 + +- Update to 12bc6e3677 (2021-11-16): + * firmware: dtoverlay: Rebase aliases in overlays like labels + * firmware: isp: Set core/vpu min clock to 320Mhz during ISP operation + * firmware: arm_loader: Enable watchdog early if wanted + See: #1651 + * firmware: hello_fft: Update outdated link to V3D spec + * firmware: hello_fft: Remove unused function declaration + See: #1645 + See: raspberrypi/userland#710 + * firmware: platform: Declare CM4's SIO_1V8_SEL and SD_PWR_ON + See: raspberrypi/Raspberry-Pi-OS-64bit#188 + * firmware: platform: Fix incorrect turbo voltage scaling on Pi0 + See: raspberrypi/documentation#2255 + * firmware: ISP: Fix magenta colour in right hand image of stereo pair + See: https://forums.raspberrypi.com/viewtopic.php?t=321089 + * firmware: platform: Remove licence on VP6, VP8, Theora, and FLAC + See: raspberrypi/linux#4661 + * firmware: arm_loader: Allow VEC clock to be controlled by arm + * firmware: userland: Reduce debug_sym error messages + See: https://forums.raspberrypi.com/viewtopic.php?f=98&t=322238 + * firmware: arm_dt: Increase maximum line length to 98 + See: raspberrypi/linux#4638 + * firmware: video_decode: i/p port enable/disable without o/p active could stall + See: RPi-Distro/vlc#48 + See: Hexxeh/rpi-firmware#272 + See: #1637 + * firmware: clock-2711: Limit PLLB VCO frequency to the high range + * firmware: arm_dt: Export the boot-mode, partition and usb state via device-tree + See: #1621 + raspberrypi-firmware-dt +- Update 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch description + - * ARM-dts-bcm27xx-Use-better-name-for-spidev.patch- + * 0001-ARM-dts-bcm27xx-Use-better-name-for-spidev.patch + +- Enable 3.5mm jack socket stereo audio (bsc#1209314): + * 0001-ARM-dts-bcm2711-rpi-Reuse-bcm2836-vchiq-driver.patch + +- Update to 870c0a313b18 (2023-05-02): + * switch to 6.3 branch + +- Update to d3cab1cb1b6d (2023-03-02): + * switch to 6.2 branch + +- Update to 194f76d49a89 (2023-01-20) + +- Update to 696dcc735044 (2022-12-21): + * switch to 6.1 branch + +- Update to 692039799e78 (2022-10-26) + +- Update to 896b8da17ad1 (2022-10-03): + * switch to 6.0 branch + +- Update to a26d9d4da299 (2022-09-27): + * switch to 5.19 branch + +- Update to 82c39f3914 (2022-07-06): + * switch to 5.18 branch + +- Use last patch commit date instead patch creation date when creating + device tree archive and package version. Patch creation date could be + much earlier than patch commit date, which could mislead which patches + are included inside the package. + For example: + commit 7e72dd813a175ea7bf166655217ce60fbd7d4a21 + Author: Dom Cobley + AuthorDate: Tue Oct 19 14:15:45 2021 +0100 + Commit: Dom Cobley + CommitDate: Mon Nov 29 16:26:09 2021 +0000 + dt: Move VEC clock to clk-raspberrypi + Package which contain this commit was named 2021.11.19 while obviously it + has changes from 2021.11.29. +- Update to da91801ca1 (2022-04-24) + * overlays: Fix pitft28/35-resistive rotate params + * ARM: dts: Add i2c0mux node to Model B rev 1 + * overlays: Add "drm" parameter to pitft28-resistive + * overlays: mipi-dbi-spi: width-mm and height-mm are mandatory + * Add support for the AudioInjector.net bare i2s sound card + * dtoverlays: Add overlay for Sony IMX258 image sensor + * ARM: dts: Enable PMU on Cortex-A72 in AArch32 state + * overlays/rpi-display: Add support for DRM driver + * Revert "update rpi-display-overlay.dts pins for 5.10+" + * overlays: Add overlay for MIPI DBI displays + * dtoverlays: Connect the backlight to the pitft35 display + * overlays: iqs550: Enable interrupt pull-down + * CM1&3 cam1_reg and cam1_reg_gpio fix + * dtoverlay: Add VCM option to ov5647 overlay + * dtoverlays: Add VCM option to imx219 + * ARM: dts: bcm2711-rpi-ds: Disable the BCM2835 STC + +- Update to 8dd9f663bd7c (2022-02-25): + * Add GPIO names + * Add overlays: + - spi0-0cs + - vc4-kms-dpi-hyperpixel2r + - vc4-kms-dpi-hyperpixel4 + - vc4-kms-dpi-hyperpixel4sq + - vc4-kms-dpi-panel + - waveshare-can-fd-hat-mode-a + - waveshare-can-fd-hat-mode-b -- Switch back to platform driver until upstream gain support for - VEC clock in clk-raspberrypi driver. Add following patch to fix - immediate issue described in bsc#1198061. - Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch - -- With recent Linux kernel gpio-ranges Device Tree property is now - required. Add following patches to fix immediate issue described - in bsc#1197578. - ARM-dts-gpio-ranges-property-is-now-required.patch - ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch - We do not update whole package because this will create new - issues like the one described in comment#12 in bsc#1193434 - and comment#2 in bsc#1196632. Once patches referenced in - bsc#1196632 are accepted upstream. _This_ package could be - upgraded too. +- Switch to 5.16 branch - boo#1194423 +- Update to ffd6c6dc4dbf (2022-01-19) -Enable RaspberryPi Zero 2 (jsc#SLE-23131). rpmlint +- backport systemd v254 whitelistings for SLE-15-SP6 (bsc#1215346) + rubygem-actionview-5_1 +- security update +- added patches + fix CVE-2023-23913 [bsc#1209826], DOM Based Cross-site Scripting in rails-ujs + + rubygem-actionview-5_1-CVE-2023-23913.patch + rubygem-puma +- Add CVE-2023-40175.patch (bsc#1214425, CVE-2023-40175.patch) + Reject empty string for Content-Length + rust1 +- bsc#1215834 - update to use gcc12 + +Version 1.72.1 (2023-09-19) +- [Adjust codegen change to improve LLVM codegen](https://github.com/rust-lang/rust/pull/115236) +- [rustdoc: Fix self ty params in objects with lifetimes](https://github.com/rust-lang/rust/pull/115276) +- [Fix regression in compile times](https://github.com/rust-lang/rust/pull/114948) +- Resolve some ICE regressions in the compiler: + - [#115215](https://github.com/rust-lang/rust/pull/115215) + - [#115559](https://github.com/rust-lang/rust/pull/115559) + salt +- Fix inconsistency in reported version by egg-info metadata (bsc#1215489) +- Added: + * write-salt-version-before-building-when-using-with-s.patch + +- Revert usage of long running REQ channel to prevent possible + missing responses on requests and dublicated responses + (bsc#1213960, bsc#1213630, bsc#1213257) +- Fix gitfs cachedir basename to avoid hash collisions + (bsc#1193948, bsc#1214797, CVE-2023-20898) +- Added: + * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch + * revert-usage-of-long-running-req-channel-bsc-1213960.patch + +- Make sure configured user is properly set by Salt (bsc#1210994) +- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897) +- Fix broken tests to make them running in the testsuite +- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794) +- Create minion_id with reproducible mtime +- Fix detection of Salt codename by "salt_version" execution module +- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844) +- Fix the regression of user.present state when group is unset (bsc#1212855) +- Fix zypper repositories always being reconfigured +- Fix utf8 handling in 'pass' renderer and make it more robust +- Added: + * make-sure-configured-user-is-properly-set-by-salt-bs.patch + * prevent-possible-exceptions-on-salt.utils.user.get_g.patch + * mark-salt-3006-as-released-586.patch + * fix-the-regression-of-user.present-state-when-group-.patch + * fix-tests-to-make-them-running-with-salt-testsuite.patch + * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch + * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch + * zypper-pkgrepo-alreadyconfigured-585.patch + * fix-regression-multiple-values-for-keyword-argument-.patch + spacecmd +- version 4.3.23-1 + * Update translation strings + spack +- Update to version 0.20.1 with the following changes: + * Bug fixes: + + Fix spec removed from an environment where not actually + removed if `--force` was not given. + + Hotfix for a few recipes that treat CMake as a link + dependency. + + Fix re-running stand-alone test a second time, which was + getting a trailing spurious failure. + + Fix reading JSON manifest on Cray, reporting non-concrete + specs. + + Fix a few bugs when generating Dockerfiles from Spack. + + Fix a few long-standing bugs when generating module files. + + Fix issues with building Python extensions when using an + external Python. + + Fix `spack compiler remove`: remove from command line even + if they appear in different scopes. + * Features: + + Speed-up module file generation. + + Show external status as `[e]`. + + Backport `archspec` fixes. + + Improve a few error messages. + +- Fix SPACK_ROOT setting in /etc/profile.d/spack.[c]sh (bsc#1214222). +- Don't source /etc/os-release directly, use a subshell. + +- Add hwloc-devel and sqlite3 to the packages that trigger a + `spack external find`. +- Change /usr/bin to %{_bindir}. +- Make sure, libhwloc and hwloc are installed together when + spack is installed. + supportutils +- Changes in version 3.1.26 + + powerpc plugin to collect the slots and active memory (bsc#1210950) + + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + + supportconfig: collect BPF information (pr#154) + + Added additional iscsi information (pr#155) + +- Added run time detection (bsc#1213127) + +- ha_info sle15 uses /var/log/pacemaker/ (pq#153) + +- Changes for supportutils version 3.1.25 + + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + + powerpc: collect invscout logs (pr#150) + + powerpc: collect RMC status logs (pr#151) + + Added missing nvme nbft commands (bsc#1211599) + + Fixed invalid nvme commands (bsc#1211598) + + Added missing podman information (PED-1703, bsc#1181477) + + Removed dependency on sysfstools + + Check for systool use (bsc#1210015) + + Added selinux checking (bsc#1209979) + + Updated SLES_VER matrix + +- Fixed missing status detail for apparmor (bsc#1196933) +- Corrected invalid argument list in docker.txt (bsc#1206608) +- Applies limit equally to sar data and text files (bsc#1207543) +- Collects hwinfo hardware logs (bsc#1208928) +- Collects lparnumascore logs (issue#148) + +- Add dependency to `numactl` on ppc64le and `s390x`, this enforces + that `numactl --hardware` data is provided in supportconfigs + +- Changes to supportconfig.rc version 3.1.11-35 + + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) + +- Changes to supportconfig version 3.1.11-46.4 + + Added plymouth_info + +- Changes to getappcore version 1.53.02 + + The location of chkbin was updated earlier. This documents that + change (bsc#1205533, bsc#1204942) + utf8proc +- update to 2.8.0: + * Unicode 15 support + +- update to 2.7.0: + - Unicode 14 support + - Support `GNUInstallDirs` in CMake build + - `cmake` build now installs `pkg-config` file + - Various build and portability improvements. + -- Initial package, version 1.1.6 - xen +- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional + execution leak via division by zero (XSA-439) + xsa439-00.patch + xsa439-01.patch + xsa439-02.patch + xsa439-03.patch + xsa439-04.patch + xsa439-05.patch + xsa439-06.patch + xsa439-07.patch + xsa439-08.patch + xsa439-09.patch + +- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow + reference dropped too early for 64-bit PV guests (XSA-438) + xsa438.patch + +- Handle potential unaligned access to bitmap in + libxc-sr-restore-hvm-legacy-superpage.patch + If setting BITS_PER_LONG at once, the initial bit must be aligned + xrdp +- xrdp-CVE-2023-40184.patch (bsc#1214805) + + restriction bypass via improper session handling + yq +- update to 4.35.2 (bsc#1215808): + * Fix various typos #1798 + * Fixed number parsing as float bug in JSON #1756 + * Fixed string, null concatenation consistency #1712 + * Fixed expression parsing issue #1711 + * Bumped dependencies +- update to 4.35.1: + * Added Lua output support + * Added BSD checksum format + * Bumped dependencies + +- update to 4.34.2: + * Bumped depedencies +- update to 4.34.1: + * Added shell output format + * Fixed nil pointer dereference + * Bumped dependency versions + +- update to 4.33.3: + * Fixed bug when splatting empty array #1613 + * Added scalar output for TOML (#1617) + * Fixed passing of read-only context in pipe (partial fix for + [#1631]) + * Bumped dependency versions + +- update to 4.33.2: + * Add ``--nul-output|-0`` flag to separate element with NUL + character (#1550) Thanks @vaab! + * Add removable-media interface plug declaration to the snap + packaging(#1618) Thanks @brlin-tw! + * Scalar output now handled in csv, tsv and property files + * Bumped dependency versions + +- update to 4.33.1: + * Added read-only TOML support! #1364. Thanks @pelletier for + making your API available in your toml lib :) + * Added warning when auto detect by file type is outputs JSON + +- update to 4.32.2: + * Fixes parsing terraform tfstate files results in "unknown" + format + * Added divide and modulo operators (#1593) + * Add support for decoding base64 strings without padding + * Add filter operation (#1588) - thanks @rbren! + * Detect input format based on file name extension (#1582) + * Auto output format when input format is automatically + detected + * Fixed npe in log #1596 + * Improved binary file size! + * Bumped dependency versions + +- update to 4.31.2: + * Fixed merged anchor reference problem #1482 + * Fixed xml encoding of ProcInst #1563, improved XML + comment handling + * Allow build without json and xml support (#1556) Thanks + * Bumped dependencies + +- update to 4.31.1: + * Added shuffle command #1503 + * Added ability to sort by multiple fields #1541 + * Added @sh encoder #1526 + * Added @uri/@urid encoder/decoder #1529 + * Fixed date comparison with string date #1537 + * Added from_unix/to_unix Operators + * Bumped dependency versions + zypper -- Changed location of bash-complication (bsc#1213854). +- Fix name of the bash completion script (bsc#1215007) + In 1.14.63 the location of the bash completion script was changed + to /usr/share/bash-completion/completions/. But the patch failed + to also rename the completion script. The original script name + zypper.sh is not recognized at the new location. +- Update notes about failing signature checks (bsc#1214395) + It might be a transient issue if the server is in the midst of + receiving new data. Retry after a few minutes might work. +- Improve the SIGINT handler to be signal safe (bsc#1214292) + This patch updates the SIGINT handling strategy to be signal + safe. Meaning the signal handler will do not much more than + setting a flag, which we are going to check in the normal program + flow as much as possible. +- version 1.14.64 + +- Changed location of bash completion script (bsc#1213854).