Removed rpms ============ - busybox - busybox-coreutils - busybox-findutils - busybox-grep - busybox-gzip - busybox-psmisc - busybox-sed - busybox-util-linux - busybox-xz Added rpms ========== Package Source Changes ====================== alsa-oss -- Add upstream patch to fix build with current glibc: - * alsa-drop-libio.patch +- use https for urls + +- Drop the superfluous buildreq alsa-topology-devel again; + it's no longer mandatory + +- Fix build breakage by the new alsa update; now it requires + alsa-topology-devel + +- Avoid repetition of name in summary. Update description. + +- Update to alsa-oss 1.1.8 (bsc#1181571): + Fix the build with the recent glibc +- Remove obsoleted patch: + remove-libio.patch: + +- remove-libio.patch: don't use obsolete + +- Remove old kludges +- Run spec-cleaner + +- Update to alsa-oss 1.1.6: + * Change FSF address (Franklin Street) +- Use %license file tag -- Revert 0001-Fix-path-to-libaoss.so.patch, as this causes - regressions on multi-arch (bnc#874331) - -- Backport upstream fixes: - 0001-Fix-path-to-libaoss.so.patch - 0002-Add-AM_MAINTAINER_MODE-enable-to-configure.in.patch - -- stop recommending alsa-oss-32bit - -- updated to version 1.0.25; - pcm: check for XRUN state for GETxSPACE and GETxPTR ioctls - select: better check for null bit arrays - -- add libtool as buildrequire to make the spec file more reliable - -- Remove redundant tags/sections from specfile -- Use %_smp_mflags for parallel build - -- package baselibs.conf - btrfsprogs +- Ignore multipath devices when probing devices for a btrfs filesystem (bsc#1192983) + * 0001-btrfs-progs-Add-optional-dependency-on-libudev.patch + * 0002-btrfs-progs-Ignore-devices-representing-paths-in-mul.patch + * 0003-btrfs-progs-Add-fallback-code-for-path-device-ignore.patch + chrony +- Fix config file handling in the spec file and remove "ntsdumpdir" + from default config, because augeas-lenses cannot parse it during + installation of SLE Micro on SLE-15-SP3 (bsc#1194220). + expat +- Security fixes: + * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 + breaks biboumi, ClairMeta, jxmlease, libwbxml, + openleadr-python, rnv, xmltodict + - Added expat-CVE-2022-25236-relax-fix.patch + +- Security fixes: + * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows + attackers to insert namespace-separator characters into + namespace URIs + - Added expat-CVE-2022-25236.patch + * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before + 2.4.5 does not check whether a UTF-8 character is valid in a + certain context. + - Added expat-CVE-2022-25235.patch + * (CVE-2022-25313, bsc#1196168) Stack exhaustion in + build_model() via uncontrolled recursion + - Added expat-CVE-2022-25313.patch + - The fix upstream introduced a regression that was later + amended in 2.4.6 version + + Added expat-CVE-2022-25313-fix-regression.patch + * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString + - Added expat-CVE-2022-25314.patch + * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames + - Added expat-CVE-2022-25315.patch + firewalld +- Provide dummy firewalld-prometheus-config package (bsc#1197042) + +- Add patch which fixes the zone configuration (bsc#1191837) + * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch + gstreamer +- Update to version 1.20.1: + + deinterlace: various bug fixes for yadif, greedy and scalerbob + methods + + gtk video sink: Fix rotation not being applied when paused + + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + + jpegdec: fix RGB conversion handling + + matroskademux: improved ProRes video handling + + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio + caps fields correctly when checking caps equality on input caps + changes + + videoaggregator fixes (negative rate handling, current position + rounding) + + soup http plugin: Lookup libsoup dylib files on Apple + platforms; fix Cerbero static build on Android and iOS + + Support build against libfreeaptx in openaptx plugin + + Fix linking issues on Illumos distros + + GstPlay: Fix new error + warning parsing API (was unusuable + before) + + mpegtsmux: VBR muxing fixes + + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + + Support build against libfreeaptx in openaptx plugin + + webrtc: Various fixes to the webrtc-sendrecv python example + + macOS: support a relocatable `GStreamer.framework` on macOS + + macOS: fix applemedia plugin failing to load on ARM64 macOS + + windows: ship wavpack library + + gst-python: Fix build with Python 3.11 + + various bug fixes, memory leak fixes, and other stability and + reliability improvements + + plugin loader: show the reason when spawning of + gst-plugin-scanner fails + + registry, plugin loading: fix dynamic relocation if + GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; + improve GST_PLUGIN_SUBDIR handling + + context: fix transfer annotation on + gst_context_writable_structure() for bindings + + baseparse: Don't truncate the duration to milliseconds in + gst_base_parse_convert_default() + + bufferpool: Deactivate pool and get rid of references to other + objects from dispose instead of finalize + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Use ldconfig_scriptlets macro for post(un) handling where + possible. +- Update Source url. + gstreamer-plugins-base +- Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink: + Complete reconfiguration on pad release. +- Use ldconfig_scriptlets macro for post(un) handling. + +- Update to version 1.20.1: + + typefindfunctions: Fix WebVTT format detection for very short + files + + gldisplay: Reorder GST_GL_WINDOW check for egl-device + + rtpbasepayload: Copy all buffer metadata instead of just + GstMetas for the input meta buffer + + codec-utils: Avoid out-of-bounds error + + navigation: Fix Since markers for mouse scroll events + + videoaggregator: Fix for unhandled negative rate + + videoaggregator: Use floor() to calculate current position + + video-color: Fix for missing clipping in PQ EOTF function + + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + + audiovisualizer: shader: Fix out of bound write + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Rebase add_wayland_dep_to_tests.patch. +- Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream +- Stop using service due to upstreams new mono-repo, just use + tarballs for now. + kernel-default +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + libsolv +- reworked choice rule generation to cover more usecases +- support SOLVABLE_PREREQ_IGNOREINST in the ordering code + [bsc#1196514] +- support parsing of Debian's Multi-Arch indicator +- bump version to 0.7.22 + libzypp -- Fix package signature check (bsc#184501) +- ZConfig: Update solver settings if target changes (bsc#1196368) +- version 17.30.0 (22) + +- Fix possible hang in singletrans mode (bsc#1197134) +- Do 2 retries if mount is still busy. +- version 17.29.7 (22) + +- Fix package signature check (bsc#1184501) nvme-cli +- Fix install conflict caused by new bash completion script + location (bsc#1197365). + openssl-1_1 +- FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] + * The IG 10.3.A and SP800-132 require some minimum parameters for + the salt length, password length and iteration count. These + parameters should be also used in the KAT. + * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch + +- Security Fix: [bsc#1196877, CVE-2022-0778] + * Infinite loop in BN_mod_sqrt() reachable when parsing certificates + * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch + +- Added openssl-1_1-use-include-directive.patch so that the default + /etc/ssl/openssl.cnf file will include any configuration files that + other packages might place into /etc/ssl/engines.d/ and + /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was + being used to modify the openssl.cnf file. The scripting would fail + if either the default openssl.cnf file, or the sample openssl-ibmca + configuration file would be changed by upstream. +- Updated spec file to create the two new necessary directores for + the above patch. [bsc#1194187, bsc#1004463] + +- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch + * bsc#1190652 - Provide a service to output module name/identifier + and version + +- Security fix: [bsc#1192820, CVE-2002-20001] + * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows + remote attackers (from the client side) to send arbitrary + numbers that are actually not public keys, and trigger + expensive server-side DHE calculation. + * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST + * Rebase openssl-DEFAULT_SUSE_cipher.patch + +- FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch + that were removed in the update to 1.1.1l [bsc#1185313] + +- FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num + * Rebase openssl-DH.patch [bsc#1194327] +- Merge openssl-keep_EVP_KDF_functions_version.patch into + openssl-1.1.1-evp-kdf.patch +- Add function codes for pbkdf2, hkdf, tls and ssh selftests. + Rebase patches: + * openssl-fips-kdf-hkdf-selftest.patch + * openssl-kdf-selftest.patch + * openssl-kdf-ssh-selftest.patch + * openssl-kdf-tls-selftest.patch + +- Pull libopenssl-1_1 when updating openssl-1_1 with the same + version. [bsc#1195792] + +- FIPS: Fix function and reason error codes [bsc#1182959] + * Add openssl-1_1-FIPS-fix-error-reason-codes.patch + +- Enable zlib compression support [bsc#1195149] + +- Remove the openssl-has-RSA_get0_pss_params provides as it is + now fixed in the nodejs16 side [bsc#1192489] + +- FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] + * Add openssl-FIPS-KAT-before-integrity-tests.patch + +- FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] + * Add openssl-fips-kdf-hkdf-selftest.patch + pam +- Between allocating the variable "ai" and free'ing them, there are + two "return NO" were we don't free this variable. This patch + inserts freaddrinfo() calls before the "return NO;"s. + [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] + +- Define _pam_vendordir as "/%{_sysconfdir}/pam.d" + The variable is needed by systemd and others. + [bsc#1196093, macros.pam] + protobuf +- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, + bsc#1195258 + * Add protobuf-CVE-2021-22570.patch + python-rpm -- Add no-hardocded-python2.diff to avoid hardcoding of python2 - (jsc#SLE-16747) - +- update to rpm-4.11.1 + rpm +- Revert unwanted /usr/bin/python -> /usr/bin/python2 change we + got with the update to 4.14.3 [bsc#1194968] + new patch: no-python2.diff + +- Backport header check changes so that old rpms get no longer + rejected [bsc#1190824] + updated patch: headerchk3.diff + +- Add explicit requirement on python-rpm-macros to avoid widespread + breakage by package mistakenly ignoring their requirement of + python-rpm-macros (bsc#1180125, bsc#1193711). + +- backport zstd detection fix [bsc#1187670] + new patch: zstddetection.diff +- backport ndb rofs support [bsc#1188548] + new patch: ndbrofs.diff +- backport pgp hardening changes from upstream [bsc#1185299] + new patch: pgpharden.diff +- fix deadlock when multiple rpm processes try tp acquire the + database lock [bsc#1183659] + new patch: deadlock.diff + sudo +- Add sudo-1.9.9-honor-T_opt.patch + * the -T option of sudo does nothing even when + 'Defaults user_command_timeouts' is present in the configuration. + * [bsc#1193446] + * Credit to Jaroslav Jindrak + +- Restrict use of sudo -U other -l to people who have permission + to run commands as that user (bsc#1181703, jsc#SLE-22569) + * feature-upstream-restrict-sudo-U-other-l.patch + zlib +- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459 + * bsc1197459.patch +