Removed rpms ============ - libixion-0_16-0 - libopenh264-6 - liborcus-0_16-0 - libserf-1-1 - mozilla-openh264 Added rpms ========== - abseil-cpp - libixion-0_17-0 - liborcus-0_17-0 Package Source Changes ====================== Mesa +- revert previous change, since it resulted in Xorg and Mesa no + longer being able to load "i965" driver at all! This affects many + if not almost all Intel GPU users. I can't tell why this happens, + but I'm afraid we need to act immediately (boo#1202850); reopened + boo#1200965 for now ... + +- change default driver from 'iris' back to 'i965' for Intel + Gen8-11 hardware; that way we also use the same driver used by X + and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 + Mesa-drivers +- revert previous change, since it resulted in Xorg and Mesa no + longer being able to load "i965" driver at all! This affects many + if not almost all Intel GPU users. I can't tell why this happens, + but I'm afraid we need to act immediately (boo#1202850); reopened + boo#1200965 for now ... + +- change default driver from 'iris' back to 'i965' for Intel + Gen8-11 hardware; that way we also use the same driver used by X + and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 + audit-secondary +- Update audit-secondary.spec: create symbolic link from + /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519). + btrfsprogs +- Upstream behavior of btrfs compression=none (JSC#PED-1711) + * btrfs-progs_props_dont_translate_value_of_compression_none.patch + dracut +- Update to version 055+suse.294.gc5bc4bb5: + Missing network-manager module fixes (bsc#1201975): + * fix(network-manager): avoid calling unavailable dracut-logger functions + * fix(network-manager): skip non-directories in /sys/class/net + * fix(network-manager): disable tty output if the console is not usable + * fix(network-manager): show output on console only with rd.debug enabled + * fix(network-manager): write DHCP filename option to dhcpopts file + * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts + * fix(network-manager): include nm-daemon-helper binary + * fix(network-manager): don't pull in systemd-udev-settle + * fix(network-manager): support teaming under NM+systemd + * fix(network-manager): pull in network.target in nm-initrd.service + +- Update to version 055+suse.283.ge98ece25: + * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975) + * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709) + emacs-apel +- Add emacs-apel-fix-build-error.patch: fix emacs-apel build error + on SLE-15-SP4 (bsc#1197714). + -- Add suse-start-apel.el. - gnutls +- Security fix: [bsc#1202020, CVE-2022-2509] + * Fixed double free during verification of pkcs7 signatures + * Add gnutls-CVE-2022-2509.patch + +- FIPS: + * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] + - gnutls_fips140_run_self_tests now properly releases fips_context + +- FIPS: + * Add gnutls_ECDSA_signing.patch [bsc#1190698] + - Check minimum keylength for symmetric key generation + - Only allows ECDSA signature with valid set of hashes + (SHA2 and SHA3) + * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] + - Provides interface for running library self tests on-demand + - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598 + libixion +- Fix build on SLE-12-SP5 +- Remove unneeded vulkan dependency + +- Added patch: + * libixion-boost-system.patch + + fix missing symbols from boost_system library + +- update to 0.17.0: + * set the baseline C++ version to 17. + * mdds has been internalized so that the public header no longer contains + references to mdds. With this change, the users can use different API + versions of mdds between the ixion build and run-time use. + * cleaned up public API to make use of std::string_view and std::variant + where appropriate. + * implemented built-in LEFT() function in the formula interpreter. + * it is no longer required to set the size of void* at build time to ensure + the binaries to be fully functional. + * fixed a bug where named expressions with names containing invalid + characters were still allowed in. + +- Define conditionally make_build to fix build on systems that do + not have that macro + libnettle +- update to 3.8.1: + * Avoid non-posix m4 argument references in the chacha + implementation for arm64, powerpc64 and s390x. Reported by + Christian Weisgerber, fix contributed by Mamone Tarsha. + * Use explicit .machine pseudo-ops where needed in s390x + assembly files. Bug report by Andreas K. Huettel, fix + contributed by Mamone Tarsha. + +- update to 3.8: + This release includes a couple of new features, and many + performance improvements. It adds assembly code for two more + architectures: ARM64 and S390x. + The new version is intended to be fully source and binary + compatible with Nettle-3.6. The shared library names are + libnettle.so.8.5 and libhogweed.so.6.5, with sonames + libnettle.so.8 and libhogweed.so.6. + New features: + * AES keywrap (RFC 3394), contributed by Nicolas Mora. + * SM3 hash function, contributed by Tianjia Zhang. + * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, + cbc_aes256_encrypt. + On processors where AES is fast enough, e.g., x86_64 with + aesni instructions, the overhead of using Nettle's general + cbc_encrypt can be significant. The new functions can be + implemented in assembly, to do multiple blocks with reduced + per-block overhead. + Note that there's no corresponding new decrypt functions, + since the general cbc_decrypt doesn't suffer from the same + performance problem. + Bug fixes: + * Fix fat builds for x86_64 windows, these appear to never + have worked. + Optimizations: + * New ARM64 implementation of AES, GCM, Chacha, SHA1 and + SHA256, for processors supporting crypto extensions. Great + speedups, and fat builds are supported. Contributed by + Mamone Tarsha. + * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, + SHA256, SHA512 and SHA3. Great speedups, and fat builds are + supported. Contributed by Mamone Tarsha. + * New PPC64 assembly for ecc modulo/redc operations, + contributed by Amitay Isaacs, Martin Schwenke and Alastair + DĀ“Silva. + * The x86_64 AES implementation using aesni instructions has + been reorganized with one separate function per key size, + each interleaving the processing of two blocks at a time + (when the caller processes multiple blocks with each call). + This gives a modest performance improvement on some + processors. + * Rewritten and faster x86_64 poly1305 assembly. +- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) + +- Make shared libraries executable + liborcus +- Added patch: + * no-std-filesystem.patch + + use boost::filesystem instead of std::filesystem, in order to + allow building with older compilers + +- Update to 0.17.2: + * fixed a bug where the state of style:cell-protect="none" was not + explicitly pushed, thereby having had the same effect as not having this + attribute. After the fix, style:cell-protect="none" will explicitly push + the hidden state to false, locked state to false, and the formula-hidden + state to false. +- Update to 0.17.1: + * addressed a number of coverity issues. + * removed a variety of compiler warnings. + * re-generated sax parser tokens from ODF v1.3. + * revised the style import code to only push style attributes that are + actually specified in the XML. + * revised the XML structure validation strategy to ignore any mis-placed + elements and their sub structures rather than aborting the import. + +- Update to 0.17.0: + * set the baseline C++ version to 17. + * cleaned up the public API to replace pstring with std::string_view, union + with std::variant, and boost::optional with std::optional. With this + change, the public API no longer has dependency on boost. + * switched to using ixion::model_iterator for horizontal iteration of cells + instead of using mdds::mtv::collection. + * fixed a bug where exporting a spreadsheet document containing adjacent + merged cells regions to html incorrectly exported the merged cell areas. + * cached cell values are now correctly loaded from the xlsx file. + * utf-8 names are now allowed as element and attribute names in the sax parser. + * unquoted utf-8 property values are now allowed in the css parser. + * added yaml output option in orcus-json. + * fixed a bug where mapping of an XML document with namespace aliases + sometimes corrupts the alias values. + * added orcus.FormulaTokenOp enum type in python which describes type formula token + operator types in a more finer grained manner. + * added notes to how to use orcus-xml and orcus-json to map XML and JSON + documents to spreadsheet documents. +- Drop GCC11_build_fixes.patch + +- Define conditionally make_build to fix build on systems that do + not have that macro + libreoffice +- Update to 7.3.3.1 (jsc#SLE-23447): + You can read the release notes for major version 7.3 here: + https://wiki.documentfoundation.org/ReleaseNotes/7.3 + Release notes for minor releases: + https://wiki.documentfoundation.org/Releases/7.3.3/RC1 + https://wiki.documentfoundation.org/Releases/7.3.2/RC2 + https://wiki.documentfoundation.org/Releases/7.3.2/RC1 + https://wiki.documentfoundation.org/Releases/7.3.1/RC3 + https://wiki.documentfoundation.org/Releases/7.3.1/RC2 + https://wiki.documentfoundation.org/Releases/7.3.1/RC1 + https://wiki.documentfoundation.org/Releases/7.3.0/RC3 + https://wiki.documentfoundation.org/Releases/7.3.0/RC2 + https://wiki.documentfoundation.org/Releases/7.3.0/RC1 + https://wiki.documentfoundation.org/Releases/7.3.0/Beta1 +- Update bundled dependencies: + * boost_1_75_0.tar.xz -> boost_1_77_0.tar.xz + * curl-7.79.1.tar.xz + * gpgme-1.13.1.tar.bz2 -> gpgme-1.16.0.tar.bz2 + * icu4c-69_1-data.zip -> icu4c-70_1-data.zip + * icu4c-69_1-src.tgz -> icu4c-70_1-src.tgz + * libassuan-2.5.3.tar.bz2 -> libassuan-2.5.5.tar.bz2 + * libgpg-error-1.37.tar.bz2 -> libgpg-error-1.43.tar.bz2 + * pdfium-4500.tar.bz2 -> pdfium-4699.tar.bz2 + * skia-m90-45c57e116ee0ce214bdf78405a4762722e4507d9.tar.xz -> + skia-m97-a7230803d64ae9d44f4e1282444801119a3ae967.tar.xz +- Added patches: + * bsc1192616.patch +- Refreshed patches: + * 0001-Revert-java-9-changes.patch + * fix_gtk_popover_on_3.20.patch + * fix-wayland-scaling-in-plasma.patch +- Deleted patches: + * bsc1183308.patch +- This package contain the fixes for the following bugs: + * bsc#1196212 + * bsc#1195881 +- This package is not affected by the following bugs: + * bsc#1196017 + * bsc#1196499 +- Enable gtk3_kde5. The gtk3 interface is more stable than the + qt5/kf5 one, this option makes it possible to use gtk3 in kde + with the kde filepicker (bsc#1197017) +- Add system_curl build condition + libslirp +- security update +- added patches + fix CVE-2021-3593 [bsc#1187365], invalid pointer initialization may lead to information disclosure (udp6) + + libslirp-CVE-2021-3593.patch + +- Add patch to fix the version header (bsc#1201551): + * 0001-meson-remove-meson-dist-script.patch + mozilla-nss +- update to NSS 3.79.1 (bsc#1202645) + * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier. + * bmo#1771498 - Uninitialized value in cert_ComputeCertType. + * bmo#1759794 - protect SFTKSlot needLogin with slotLock. + * bmo#1760998 - avoid data race on primary password change. + * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state. + +- Update nss-fips-approved-crypto-non-ec.patch to unapprove the + rest of the DSA ciphers, keeping signature verification only + (bsc#1201298). +- Update nss-fips-constructor-self-tests.patch to fix compiler + warning. + openldap2 +- bsc#1198341 - Prevent memory reuse which may lead to instability + * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch + osinfo-db +- bsc#1197958 - request support for SLE15-SP4 in the osinfo database +- Add support for SUSE linux Enterprise Micro 5.2 + add-slem5.2-support.patch + +- bsc#1196965 - openSUSE Tumbleweed unattended installation with + libvirt fails + opensuse-autoyast-desktop.patch + +- Update to database version 20220214 + osinfo-db-20220214.tar.xz + perl-HTTP-Daemon +- Fix request smuggling in HTTP::Daemon + (CVE-2022-31081, bsc#1201157) + * CVE-2022-31081.patch + * CVE-2022-31081-2.patch + * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch + procps +- Add the patches + * procps-3.3.17-library-bsc1181475.patch + * procps-3.3.17-top-bsc1181475.patch + which are backports of current newlib tree to solve bug bsc#1181475 + * 'free' command reports misleading "used" value + python-lxml +- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309) + raptor +- add CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch (bsc#1178903, CVE-2020-25713) + -- Update to v2.0.7 - * CVE-2012-0037 fixed (bnc#745298) - * Removed Expat support - * Removed internal Unicode NFC code for better and optional ICU - * Added options for denying file requests and XML entity loading - * Added options for SSL certificate verifying - systemd +- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one + pointing to /usr/lib/systemd/ (bsc#1201795) + +- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944) + To decrease log level of messages about use of KillMode=none from warning to + debug. SAP still uses this deprecated option and the warnings emitted by PID1 + confuse both SAP customers and support. + +- Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12) + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0 + +- Import commit 4949659dd6ce81845e13034504fe06b85a02f08b + 0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent + 82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call + 2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059) + systemd-presets-common-SUSE +- enable ignition-delete-config by default (bsc#1199524) + +- Modify branding-preset-states to fix systemd-presets-common-SUSE + not enabling new user systemd service preset configuration just + as it handles system service presets. By passing an (optional) + second parameter "user", the save/apply-changes commands now + work with user services instead of system ones (boo#1200485) + +- Add the wireplumber user service preset to enable it by default + in SLE15-SP4 where it replaced pipewire-media-session, but keep + pipewire-media-session preset so we don't have to branch the + systemd-presets-common-SUSE package for SP4 (boo#1200485) + timezone +- Update to reflect new Chile DST change, bsc#1202310 + * bsc1202310.patch + timezone-java +- Update to reflect new Chile DST change, bsc#1202310 + * bsc1202310.patch + transactional-update +- Version 4.0.1 + - create_dirs_from_rpmdb: Just warn if no default SELinux context found + [gh#openSUSE/transactional-update#88], [bsc#1188215] + - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure + [gh#openSUSE/transactional-update#88] + - Handle directories owned by multiple packages + [gh#openSUSE/transactional-update#90], [bsc#1188215] + u-boot +Fix out-of-bounds write in sqfs_readdir() may lead to arbitrary code execution CVE-2022-33103 (bsc#1201213) + Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4 + * Patches added: + 0022-fs-squashfs-sqfs_read-Prevent-arbit.patch + util-linux +- agetty: Resolve tty name even if stdin is specified (bsc#1197178, + util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). +- libmount: When moving a mount point, update all sub mount entries + in utab (bsc#1198731, + util-linux-libmount-moving-mount-point-sub-mounts.patch, + util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). + util-linux-systemd +- agetty: Resolve tty name even if stdin is specified (bsc#1197178, + util-linux-agetty-resolve-tty-if-stdin-is-specified.patch). +- libmount: When moving a mount point, update all sub mount entries + in utab (bsc#1198731, + util-linux-libmount-moving-mount-point-sub-mounts.patch, + util-linux-libmount-fix-and-improve-utab-on-ms_move.patch). + yast2 +- On transactional systems, inform the user that packages are + required to be installed manually (related to bsc#1199840) +- 4.5.11 + yast2-security +- Do not crash when reading active LSM modules returns nil + (related to jsc#SLE-22069) +- 4.5.1 + yast2-tune +- Added runtime dependency on hwinfo (bsc#1202651) +- 4.5.1 + yast2-users +- AY: Fix writing ssh keys for user without specified home + (bsc#1201185) +- 4.5.2 + zlib +- Fix heap-based buffer over-read or buffer overflow in inflate via + large gzip header extra field (bsc#1202175, CVE-2022-37434, + CVE-2022-37434-extra-header-1.patch, + CVE-2022-37434-extra-header-2.patch). +