Removed rpms ============ - dhcp - dhcp-client - libLLVM11 - libatm1 - libdmx1 - libnotify4 - libpcap1 - libsnmp30 - libteamdctl0 - p11-kit-nss-trust - ppp - rp-pppoe Added rpms ========== - NetworkManager-bluetooth - NetworkManager-tui - NetworkManager-wwan - busybox - busybox-ed - libLLVM15 - libnvme-mi1 - libqrtr-glib0 - libsnmp40 - libxcvt0 - mozilla-nss-certs - xorg-x11-server-Xvfb Package Source Changes ====================== Mesa -- changing default driver from 'iris' to 'i965' for Intel Gen8-11 - hardware again, but this time the correct way; "-Dprefer-iris=false" - needs to be set for both builds - Mesa-drivers *and* Mesa - (boo#1202850, comment#29) - -- revert previous change, since it resulted in Xorg and Mesa no - longer being able to load "i965" driver at all! This affects many - if not almost all Intel GPU users. I can't tell why this happens, - but I'm afraid we need to act immediately (boo#1202850); reopened - boo#1200965 for now ... - -- change default driver from 'iris' back to 'i965' for Intel - Gen8-11 hardware; that way we also use the same driver used by X - and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046 +- update to 22.2.4: + * clover: windows: library filename has \`-1` suffix and a \`lib` prefix + when built with mingw + * radv, dxvk: Rendering errors in World of Tanks after "Switch to dynamic + rendering only" + * gen9 gt3e/gt4e skus fail dEQP-VK.pipeline.multisample.sample_locations_ext.* + * v3d: Wrong colors (pink) in videos in Firefox (likely YUV->RGB shader issue) + * panfrost t860 glmark-es2 regression + * radv: Flickering in Spider-Man Remastered (Regression) (Bisected) + * radv: Hitman 2 using Direct3D 12 has discolored squares on RDNA2 with DCC + enabled + * panfrost/midgard - on Duckstation PSX emulator: segfault on GLES 3.0 and + bad shader compilations on 3.3 + +- try to fix build on ppc64le due to running OOM (boo#1205441) + * let's request 20G of physical memory via _constraints file + +- third bugfix release + * some regressions in CI worked out + * a bit of everything, and nothing too crazy +- supersedes u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch +- supersedes u_nouveau-corrupted-colors-boo1203949.patch +- get rid of Mesa-libVulkan-devel(-32bit) package, which is no + longer needed at all by providing/obsoleting it by + libvulkan_intel + +- Release 22.2.2 covers bugfixes for bsc#1197045,bsc#1197046,bsc#1200965,bsc#1202850 + +- build against llvm15/clang15 on sle15-sp5/Leap 15.5 + +- u_nouveau-corrupted-colors-boo1203949.patch + * fixes corrupted colors in videos on nouveau with Kepler in + Firefox (boo#1203949, issue#7416) + +- moved drirc.d config snippets from Mesa to Mea-dri package; + radv driver specific conf was missing completely (boo#1204866) + +- Add patch to fix LLVM optimization to avoid failure on armv7 + (https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19217, + boo#1204267): + * u_0001-gallivm-Fix-LLVM-optimization-with-the-new-pass-mana.patch + +- update to 22.2.2 + * This is the second bug fix release, back on the regular + schedule. There's a lot here: nir, panfrost, gallium video, + freedreno, nouveau, turnip, r300, gallium core, r600, virgl, + core vulkan, anv, clover, d3d12, utils, radv, and plenty of + zink. + +- update to 22.2.1 + * lots of stuff here: llvmpipe, lavapipe, freedreno, aco, mesa, + turnip, virgl, r600, zink, radv, core gallium, and nir. All in + all, lots of good fixes all over the tree. + +- Add build_orig conditional switch for video codecs define. + +- re-disable video codecs + https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 + +- Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to + meson, keep support for hardware codecs inside vaapi, vdpau and + vulkan. These were previously enabled automatically. +- enabled "swrast" and "amd" Vulkan drivers on riscv64, which is + upstream default anyway ... + +- update to 22.2.0 + * AMD RDNA3 Prep, Intel Arc Graphics, Many Vulkan Improvements; + more details on Phoronix: + https://www.phoronix.com/news/Mesa-22.2-Released +- supersedes llvm15.patch +- refreshed n_no-sse2-on-ix86-except-for-intel-drivers.patch + +- llvm15.patch: backport of commits 2037c34f245, 301bcbac0e5, 6983c8580a2 + to support LLVM 15 + +- update to 22.1.7: + * fixes and cleanups all over the tree + * most of the fixes are for zink + * nice batch of fixes for the gallium dx9 frontend + * some other fixes across the board + +- update to 22.1.6: + * llvmpipe: make last_fence a screen/rast object not a context one. llvmpipe: + keep context list and use to track resource usage. + * Revert "pan/bi: Require ATEST coverage mask input in R60" + * intel/dev: drop warning for unhandled hwconfig keys + * anv: Use sampleLocationsEnable for sample locations + +- Enable zink driver build on x86_64 + +- update to 22.1.5: + * radv: dynamic vertex input failure + * anv: KHR-GL46.tessellation_shader.single.xfb_captures_data_from_correct_stage fails on TGL + * anv: GTF-GL46.gtf32.GL3Tests.packed_pixels.packed_pixels_pbo failure + * anv: ICL hiz issue + * Error compiling gallium-nine on i686 using musl libc + * dEQP-VK.memory.mapping.dedicated_alloc failing on bsw and gen9atom + +- update to 22.1.4: + * anv: disable non uniform indexing of UBOs + * anv: use the right helper to invalidate memory + * intel/fs: ray query fix for global address + * isl: add new helper for format component compatibility + * radeonsi: fix random PS wave size + * r300: Keep rc_rename_regs() from overflowing + * aco/ra: update register file when updating phi definition + * radv: Fix vkCmdCopyQueryResults -> vkCmdResetPool hazard + +- let Mesa ignore Mesa-dri as dep to resolve a build cycle + (related to boo#1201474 + +- Update to 22.1.3 + * a lot of zink fixes + * There's a bit of everything else here, including some + performance fixes for wsi/x11. + +- Update to 22.1.2 + " There's a lot of zink here, thanks to Mike for help with manually + backporting parts of it! We've als got a bunch of fixes for panfrost, + and some for intel, radeon, llvmpip, dzn, broadcom, nir, core gallium, + the va state tracker, and freedren." + +- let Mesa-libGL-devel require libX11-devel via pkgconfig(x11) + (boo#1200559) + +- removed libkms BuildRequires, since it has been dropped from + libdrm + +- Update to 22.1.1 + * first bugfix release +- supersedes U_llvmpipe-flush-resources-for-kms-swrast-path.patch + +- Add patch to fix glitches with KMS (boo#1199885): + * U_llvmpipe-flush-resources-for-kms-swrast-path.patch + +- buildrequire DirectX-Headers only on %{ix86} x86_64, since it's + only relevant on these platforms + +- Calling patch with '-p1' (as the others are) so 'git show' + .patch output works. + +- Generating 'n_stop-iris-flicker.patch' from 'git format-patch' vs. + a standard diff. + +- Fixing up 'stop-iris-flicker.patch' patch name to follow standards. + +- Update to 22.1.0 + * lot of great featurres, including (since rc5) additional + kopper backports for zink, and support for Intel's Alchemist + DG2 platform. + +- autoselect libvdpau_r300/libvdpau_r600/libvdpau_radeonsi packages + via hardware supplements on AMD GPUs + +- Update to 22.0.3 + * bugfix release with fixes for most of the major drivers +- Switching out 'directx-headers' for 'DirectX-Headers'. + +- Update to 22.0.2 + * bugfix release with almost all nominated patches + +- Adding changes I need for iris to not flicker and have d3d12 + available for use in WSL. + +- use _multibuild + +- Update to 22.0.1 + * fixes in lavapipe and zink, maintainer scripts and panfrost +- supersedes U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch + +- get rid of Mesa-libVulkan-devel(-32bit) package, which no longer + makes sense since Mesa 21.1.0 + * https://gitlab.freedesktop.org/mesa/mesa/-/commit/5e6db1916860ec217eac60903e0a9d10189d1c53 + +- U_meson-restore-private-requires-to-libdrm-in-dri.pc-f.patch + * Due to a typo the private requires to libdrm were lost in dri.pc. + Fixed another typo (only comment). + +- enabled "i915" Gallium-based Intel Gen3 driver + +- fixed llvm/clang buildrequires for sle15-sp4/Leap 15.4 + +- no longer try to build classic non-Gallium OpenGL drivers + i915, i965, nouveau, r100 and r200, which have been dropped with + Mesa 22.0.0; see also some documentation on Phoronix + https://www.phoronix.com/scan.php?page=news_item&px=Mesa-Classic-Retired + +- update to 22.0.0 + * lavapipe,radv,anv KHR_dynamic_rendering + * radv EXT_image_view_min_lod + * VK_KHR_synchronization2 on RADV. + * OpenSWR has been moved to the Amber branch + * radeonsi, zink ARB_sparse_texture + * d3d12 GLES3.1 (shader storage buffers, images, compute, indirect draw, draw params, + ARB_framebuffer_no_attachments, ARB_sample_shading, and GLSL400) + * radeonsi, zink ARB_sparse_texture2 + * zink EXT_memory_object, EXT_memory_object_fd, EXT_semaphore, EXT_semaphore_fd + * anv VK_VALVE_mutable_descriptor_type + * Vulkan 1.3 on RADV,Anv. + * radeonsi, zink ARB_sparse_texture_clamp + +- raise memory limit to 1024 in the hope of avoiding OOM on ppc64 + (boo#1196640) + +- update to 21.3.7 + * sixth bugfix release + +- update to 21.3.6 + * sixth bugfix release + +- update to 21.3.5 + * bugfix release: mostly Zink fixes + +- using memory-constraints on ppc64 for trying to avoid OOM during + build (boo#1194739) + +- update to 21.3.4 + * bugfix release + +- rename n_no-sse2-on-ix86.patch to + n_no-sse2-on-ix86-except-for-intel-drivers.patch + * no longer disable sse2 support for intel drivers, since this + breaks build, which is probably unresolvable (boo1190409) + +- Adding 'stop-iris-flicker.patch'. + +- n_no-sse2-on-ix86.patch + * disabled sse2 support on %ix86 (boo#1190409) + +- update to 21.3.3 + * Bug fixes + * Assassin’s Creed Syndicate crashes with Mesa 21.3.0+ ACO + * [21.3 regression] swr: Build failure with MSVC + * anv: dEQP-VK.graphicsfuzz.spv-stable-pillars-volatile-nontemporal-store fails + +- update to 21.3.1 + * mostly AMD, Intel & Zink fixes. + +- n_buildfix-21.3.0.patch + * fixes Mesa-drivers build + +- update to 21.3.0 + * Panfrost is now officially GLES 3.1 conformant + * RADV has (experimental) ray tracing support + * Iris gained threaded shader compilation + * Zink has seen an enormous amount of work, and now supports GLES 3.2 + * Lavapipe has a bunch of new extensions, and now supports Vulkan 1.2 + * LLVMpipe got 2-3 times faster for 2D workloads, and gained support for + the compatibility profile on GL 4.5 + * VA-API gained support for AV1 videos + * EGL now works on Windows + * Wayland got a workaround for games making bad assumption (alpha means + transparency? who could have known) + * VK_EXT_color_write_enable on lavapipe + * GL_ARB_texture_filter_anisotropic in llvmpipe + * Anisotropic texture filtering in lavapipe + * VK_EXT_shader_atomic_float2 on Intel and RADV. + * VK_EXT_vertex_input_dynamic_state on RADV. + * VK_KHR_timeline_semaphore on lavapipe + * VK_EXT_external_memory_host on lavapipe + * GL_AMD_pinned_memory on llvmpipe + * GL 4.5 compatibility on llvmpipe + * VK_EXT_primitive_topology_list_restart on RADV and lavapipe. + * ES 3.2 on zink + * VK_KHR_depth_stencil_resolve on lavapipe + * VK_KHR_shader_integer_dot_product on RADV. + * OpenGL FP16 support on llvmpipe + * VK_KHR_shader_float16_int8 on lavapipe + * VK_KHR_shader_subgroup_extended_types on lavapipe + * VK_KHR_spirv_1_4 on lavapipe + * Experimental raytracing support on RADV + * VK_KHR_synchronization2 on Intel + * NGG shader based culling is now enabled by default on GFX10.3 on RADV. + * VK_KHR_maintenance4 on RADV + * VK_KHR_format_feature_flags2 on RADV. + * EGL_EXT_present_opaque on wayland + +- update to 21.2.5 + * bit of everything: general vulkan, panfrost, and zink are the + biggest changes. + ModemManager +- Update to version 1.18.10: + + Build: Require libqmi 1.30.8. + + FCC unlock: Updated SDX55 unlock script to handle the new + method introduced in the latest firmware releases. + + Modem interface: + - Set signal quality to 0% on shutdown. + - Set signal quality as recent on init. + + MBIM: + - Fix task completion when peeking device fails. + - Fix several GError double-frees. + + mmcli: Don't print signal quality until modem is enabled. + + Plugins: foxconn: remove carrier mapping table for T99W175. + + Several other minor improvements and fixes. +- Changes from version 1.18.8: + + A new connection status dispatcher setup is provided, where + users can provide custom scripts that will be called on bearer + connect/disconnect events. This dispatcher will make the netifd + integration in openwrt work much better, as we'll be able to + report network-initiated disconnections cleanly to netifd. + There are no default connection status dispatcher scripts + installed, but it's suggested distributions make sure the + following directories exist: + - ${sysconfdir}/ModemManager/connection.d/ + - ${libdir}/ModemManager/connection.d/ + + API: Add missing Simple interface definitions in + ModemManager-names.h. + + Build: + - meson: + . fix daemon enums dependencies. + . fix port enums includes. + . fix 'export_packages' in GIR setup. + . fix simtech plugin module name. + - systemd: don't run ModemManager in containers. + + Core: + - serial: ensure the port object is valid after BUFFER_FULL + handling. + - netlink: + . use unaligned netlink attribute length. + . only change IFF_UP flag. + - bearer: match unknown auth to chap in loose comparisons. + - charsets: return error if UTF-8 validation fails. + - fcc-unlock: make scripts POSIX shell compatible. + - modem-helpers: + . consider minimum ID when choosing best profile. + . fix reading given in COPS=? responses. + - sms: prevent crash if date is out of range. + - profile-manager: fix copy-paste error on tags for quarks. + + QMI: + - Ignore slot status indications until initial status is known. + - Return error when loading capabilities if none is found. + + MBIM: + - Default initial EPS bearer's auth to chap when unknown. + - Update default error when network error is out of range. + + mmcli: Fix key length when printing list of items. + + Plugins: + - linktop: new port type hints. + - cinterion: add support for PLSx3w modems. + - huawei: disable +CPOL based features in Huawei E226. + + Several other minor improvements and fixes. + +- Enable QRTR support + * Add BR pkgconfig(qrtr-glib) + +- Update to version 1.18.6: + + The ModemManager.service file for systemd integration provided + in the sources is updated as follows: + ++ 'CAP_NET_ADMIN' is now required in the + 'CapabilityBoundingSet' field. + ++ 'AF_NETLINK' and 'AF_QIPCRTR' are now required in the + 'RestrictAddressFamilies' field. + + The LEGACY and PARANOID filter types that were allowed + options in the '--filter-policy' option in the ModemManager + daemon were deprecated in version 1.16.0 and have now been + completely removed, along with the vid:pid blacklist of + devices and the vid:pid greylist of RS232<->USB adapters. + + The ModemManager daemon can run now in a 'quick suspend/resume' + mode, in which no explicit data disconnection is triggered on + suspend, and no explicit device re-probing from scratch is + launched on resume. Instead, the daemon will try to refresh + the state of all interfaces upon suspend, e.g. to see if the + module keeps registered to the same operator, to see if it is + still connected, and so on. + + core: added support for the new 'WWAN' subsystem in Linux kernel + 5.13, enabling PCIe-only modules. + + core: The charset conversion methods rework, including the + avoiding of the iconv() + + qmi: the logic managing allowed/preferred modes was fixed for + multimode devices like the MC7304, making sure the acquisition + order preference always had the same items. + + serial: when modem is connected with AT+PPP, ignore forced + disconnections, so that we don't take ownership of the PPP + port before pppd has released it. + + foxconn: added support for the T99W175 (SDX55) module, + including built-in FCC unlock procedure. + + foxconn: added new MBIM QDU firmware update method. +- Move the dbus-1 system.d file to /usr (bsc#1196170) +- Use source verification +- Update Supplements to new format +- Add BRs needed for new tests: + * python3-gobject-Gdk + * python3-dbus-python + MozillaFirefox -- Firefox 102.4.0esr ESR - Placeholder changelog-entry (bsc#1204421) +- Firefox Extended Support Release 102.5.0 ESR + Placeholder changelog-entry (bsc#1205270) + +- Firefox Extended Support Release 102.4.0 ESR + * Fixed: Various stability, functionality, and security fixes. + MFSA 2022-45 (bsc#1204421) + * CVE-2022-42927 (bmo#1789128) + Same-origin policy violation could have leaked cross-origin + URLs + * CVE-2022-42928 (bmo#1791520) + Memory Corruption in JS Engine + * CVE-2022-42929 (bmo#1789439) + Denial of Service via window.print + * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) + Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 MozillaThunderbird +- Mozilla Thunderbird 102.5 + * changed: `Ctrl+N` shortcut to create new contacts from + address book restored (bmo#1751288) + * fixed: Account Settings UI did not update to reflect default + identity changes (bmo#1782646) + * fixed: New POP mail notifications were incorrectly shown for + messages marked by filters as read or junk (bmo#1787531) + * fixed: Connecting to an IMAP server configured to use + `PREAUTH` caused Thunderbird to hang (bmo#1798161) + * fixed: Error responses received in greeting header from NNTP + servers did not display error message (bmo#1792281) + * fixed: News messages sent using "Send Later" failed to send + after going back online (bmo#1794997) + * fixed: "Download/Sync Now..." did not completely sync all + newsgroups before going offline (bmo#1795547) + * fixed: Username was missing from error dialog on failed login + to news server (bmo#1796964) + * fixed: Thunderbird can now fetch RSS channel feeds with + incomplete channel URL (bmo#1794775) + * fixed: Add-on "Contribute" button in Add-ons Manager did not + work (bmo#1795751) + * fixed: Help text for `/part` Matrix command was incorrect + (bmo#1795578) + * fixed: Invite Attendees dialog did not fetch free/busy info + for attendees with encoded characters in their name + (bmo#1797927) + * fixed: Various security fixes + MFSA 2022-49 (bsc#1205270) + * CVE-2022-45403 (bmo#1762078) + Service Workers might have learned size of cross-origin media + files + * CVE-2022-45404 (bmo#1790815) + Fullscreen notification bypass + * CVE-2022-45405 (bmo#1791314) + Use-after-free in InputStream implementation + * CVE-2022-45406 (bmo#1791975) + Use-after-free of a JavaScript Realm + * CVE-2022-45408 (bmo#1793829) + Fullscreen notification bypass via windowName + * CVE-2022-45409 (bmo#1796901) + Use-after-free in Garbage Collection + * CVE-2022-45410 (bmo#1658869) + ServiceWorker-intercepted requests bypassed SameSite cookie + policy + * CVE-2022-45411 (bmo#1790311) + Cross-Site Tracing was possible via non-standard override + headers + * CVE-2022-45412 (bmo#1791029) + Symlinks may resolve to partially uninitialized buffers + * CVE-2022-45416 (bmo#1793676) + Keystroke Side-Channel Leakage + * CVE-2022-45418 (bmo#1795815) + Custom mouse cursor could have been drawn over browser UI + * CVE-2022-45420 (bmo#1792643) + Iframe contents could be rendered outside the iframe + * CVE-2022-45421 (bmo#1767920, bmo#1789808, bmo#1794061) + Memory safety bugs fixed in Thunderbird 102.5 + +- Mozilla Thunderbird 102.4.2 + * changed: "Address Book" button in Account Central will now + create a CardDAV address book instead of a local address book + (bmo#1793903) + * fixed: Messages fetched from POP server in `Fetch headers + only` mode disappeared when moved to different folder by + filter action (bmo#1793374) + * fixed: Thunderbird re-downloaded locally deleted messages + from a POP server when "Leave messages on server" and "Until + I delete them" were enabled (bmo#1796903) + * fixed: Multiple password prompts for the same POP account + could be displayed (bmo#1786920) + * fixed: IMAP authentication failed on next startup if ImapMail + folder was deleted by user (bmo#1793599) + * fixed: Retrieving passwords for authenticated NNTP accounts + could fail due to obsolete preferences in a users profile on + every startup (bmo#1770594) + * fixed: `Get Next n Messages` did not consistently fetch all + messages requested from NNTP server (bmo#1794185) + * fixed: `Get Messages` button unable to fetch messages from + NNTP server if root folder not selected (bmo#1792362) + * fixed: Thunderbird text branding did not always match locale + of localized build (bmo#1786199) + * fixed: Thunderbird installer and Thunderbird updater created + Windows shortcuts with different names (bmo#1787264) + * fixed: LDAP search filters unable to work with non-ASCII + characters (bmo#1794306) + * fixed: "Today" highlighting in Calendar Month view did not + update after date change at midnight (bmo#1795176) + +- Mozilla Thunderbird 102.4.1 + * new: Thunderbird will now catch and report errors parsing + vCards that contain incorrectly formatted dates (bmo#1793415) + * fixed: Dynamic language switching did not update interface + when switched to right-to-left languages (bmo#1794289) + * fixed: Custom header data was discarded after messages were + saved as draft and reopened (bmo#195716) + * fixed: `-remote` command line argument did not work, + affecting integration with various applications such as + LibreOffice (bmo#1793323) + * fixed: Messages received via some SMS-to-email services could + not display images (bmo#1774805) + * fixed: VCards with nickname field set could not be edited + (bmo#1793877) + * fixed: Some recurring events were missing from Agenda on + first load (bmo#1771168) + * fixed: Download requests for remote ICS calendars incorrectly + set "Accept" header to text/xml (bmo#1793757) + * fixed: Monthly events created on the 31st of a month with <30 + days placed first occurrence 1-2 days after the beginning of + the following month (bmo#1266797) + * fixed: Various visual and UX improvements + (bmo#1781437,bmo#1785314,bmo#1794139,bmo#1794155,bmo#1794399) + - Placeholder changelog-entry (bsc#1204421) + * changed: Thunderbird will automatically detect and repair + OpenPGP key storage corruption caused by using the profile + import tool in Thunderbird 102 (bmo#1790610) + * fixed: POP message download into a large folder (~13000 + messages) caused Thunderbird to temporarily freeze + (bmo#1792675) + * fixed: Forwarding messages with special characters in Subject + failed on Windows (bmo#1782173) + * fixed: Links for FileLink attachments were not added when + attachment filename contained Unicode characters + (bmo#1789589) + * fixed: Address Book display pane continued to show contacts + after deletion (bmo#1777808) + * fixed: Printing address book did not include all contact + details (bmo#1782076) + * fixed: CardDAV contacts without a Name property did not save + to Google Contacts (bmo#1792101) + * fixed: "Publish Calendar" did not work (bmo#1794471) + * fixed: Calendar database storage improvements (bmo#1792124) + * fixed: Incorrectly handled error responses from CalDAV + servers sometimes caused events to disappear from calendar + (bmo#1792923) + * fixed: Various visual and UX improvements (bmo#1776093,bmo#17 + 80040,bmo#1780425,bmo#1792876,bmo#1792872,bmo#1793466,bmo#179 + 3543) + * fixed: Various security fixes + MFSA 2022-46 (bsc#1204421) + * CVE-2022-42927 (bmo#1789128) + Same-origin policy violation could have leaked cross-origin + URLs + * CVE-2022-42928 (bmo#1791520) + Memory Corruption in JS Engine + * CVE-2022-42929 (bmo#1789439) + Denial of Service via window.print + * CVE-2022-42932 (bmo#1789729, bmo#1791363, bmo#1792041) + Memory safety bugs fixed in Thunderbird 102.4 NetworkManager +- Bring back /sbin/netconfig as build option since the netconfig + in SLE is not ready for usrmerge. + +- Update to version 1.38.2: + + Fix race condition with pppd that caused failures when + activating PPPoE connections. + + Unbreak DHCPv6 over PPP. + + Don't ignore IPv6 DNS servers received from PPP. + + Fix crash while checking WEP capability of Wi-Fi interfaces. + + Ensure DHCP is restarted every time the link goes up. + + Fix struct alignment issues seen on some architectures. + + Various other bugfixes and improvements. + +- Fold NetworkManager-wifi back into the main package: The dep + chain is not really different and it causes too many problems for + users having that split. Not worth the pain (boo#1199710, + boo#1199706). +- As a consequence, also drop the recommends fro the main package + to -wifi. + +- Update to version 1.38.0: + + Add support for route type "throw". + + Fix bug setting priority for IP addresses. + + Static IPv6 addresses from "ipv6.addresses" are now preferred + over addresses from DHCPv6, which are preferred over addresses + from autoconf. This affects IPv6 source address selection, if + the rules from RFC 6724, section 5 don't give a exhaustive + match. + + Static IPv6 addresses from "ipv6.addresses" are now interpreted + with first address being preferred. Their order got inverted. + This is now consistent with IPv4. + + Wi-Fi hotspots will use a (stable) random channel number unless + one is chosen manually. + + Don't use unsupported SAE/WPA3 mode for AP mode. + + NetworkManager will no longer advertise frequencies as + supported when they're disallowed in configured regulatory + domain. + + Attempt to connect to WEP-encrypted Wi-Fi network will now fail + gracefully with a recent version of wpa_supplicant when built + without WEP support. As long as wpa_supplicant supports WEP, + NetworkManager will continue to work. + + Disable WPA3 transition mode for wifi.key-mgmt=wpa-psk if the + NIC does not support PMF. This is known to cause problems in + some setups. It is still possible to explicitly configure + wifi.key-mgmt=sae for WPA3. + + Add new dummy crypto backend "null" that does nothing. + NetworkManager uses the crypto library when handling + certificates for 802.1x profiles. + + Veth devices with name "eth*" are now managed by default via + the udev rule. This is to support managing the network in LXD + containers. + + The hostname received from DHCP is now shortened to the first + dot (or to 64 characters, whatever comes first) if it's too + long. + + As the insecure WEP encryption for Wi-Fi network is phased out, + nmcli now discourages its use when activating or modifying a + profile. + + Fix connectivity checks in case the check endpoint address + resolves to multiple addresses. + + Workaround libcurl blocking NetworkManager while resolving DNS + names. + + nmcli: indicate missing Wi-Fi hardware when showing rfkill + setting. + + nmcli: add connection migrate command to move a profile to a + specified settings plugin. This allows to convert profiles in + the deprecated ifcfg-rh format to keyfile. + + Set "src" attribute for routes from DHCPv4 to the leased + address. This helps with source address selection. + + Various bugfixes and internal improvements. + + Updated translations. +- Recommend NetworkNanager-wifi from the main package: after the + split, there is currently nothing pulling in NM-wifi. Preferably + this would happen based on wifi chips prsence, but that is not + yet done (boo#1199550). + +- Modify NetworkManager.spec: Split into a few small subpackages + (bsc#1198128). + +- Install nfs dispatcher script in /usr/lib/NetworkManager, not /etc + +- Update to version 1.36.4: + + The internal DHCPv4 client now discards NAKs packets coming + from servers different from the one that sent the offer. + + Fix activation of PPPoE connections with "pppoe.parent" unset. + + Fix potential libnm crash when the client object initialization + gets canceled. + + Other various fixes and improvements. + +- Do not requires dhcp-client, NM is using its internal client + by default for a long time now. +- Convert iproute2 and iputils requires to recommends, they + should not be hard requires. + +- Update to version 1.36.2: + + When the list of plugins is not specified via "main.plugins" in + NetworkManager.conf and no build-time default is set with + "--with-config-plugins-default" configure argument, now all + known plugins found in the plugin directory are loaded (and the + built-in "keyfile" plugin is preferred over others). + + Preserve external ports during checkpoint rollback. + + Fix removal of ovsdb entry when an OVS interface goes away. + + Fix DNS configuration for WWAN connections. + +- Update to version 1.36.0: + + The handling of Layer 3 configurations has been substantially + reworked. While this is mostly internal change, it results in + more robust behavior when addressing information from multiple + sources (DHCP, manually configured, VPN) need to be applied + simultaneously. Overall performance and memory use have also + slightly improved. + + Manually configured addresses can no longer expire even if the + same addresses are also obtained dynamically. + + Code for systemd-based DHCP and DHCPv6 clients has been updated + from upstream. + + NTP servers obtained via DHCPv6 are now exposed on the DBus + API, visible in nmcli and available for use by dispatcher + scripts. + + 5G NR (New Radio) modems are now supported. + + The "rd.znet_ifnames" kernel command line option is now honored + on network bootups on an IBM s390 platform. + + Wi-Fi P2P support does now work with the IWD backend, in + addition to wpa_supplicant backend. + + Support for special route types have been added: "prohibit", + "blackhole" and "unreachable". + + Routes managed by routing daemons are now ignored. This is done + to address a performance bottleneck on specialized routers. + + Handling of IP addressing and routing information is now + slightly more efficient and uses less memory. This is apparent + on systems with large amount of IP configuration information. + + It is now possible to start NetworkManager without root user + privileges. This is experimental doesn't necessarily result in + a working daemon. NetworkManager service already drops many of + capabilities available to the root user. + + WPA3 Wi-FI network security have been improved by enabling new + H2E (hash to element) method for generating SAE password + element. + + It is now possible to select the default Wi-Fi backend + (wpa_supplicant or IWD) at build-time. + + Replies from broken DHCP servers that send duplicate address or + mask options are now handled gracefully. + + Bridge support has gained the possibility of turning off MAC + ageing. + + "configure-and-quit" mode and nm-iface-helper have been + removed. + + A number of bugs that could cause NetworkManager to crash in + rare conditions have been fixed. +- Drop pkgconfig(libteam) BuildRequires and stop passing + teamdctl=true to meson: No longer build teamdctl support. +- Drop patches fixed upstream: + + 4685651e7671e064b911a3a05f096908e5ef0580.patch + + 471e987add98b36520ece72ee493176fc7bc863c.patch + + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch + + 634e023e72d4729788a022ea1fae665af28d1b0f.patch + + aadf0fb64f491f94b2771058621dc140c562b62b.patch +- Drop nm-dhcp-use-valid-lease-on-timeout.patch: Patch was rejected + upstream. +- Rebase patches with quilt. + +- Add upstream bug fix patches: + + 4685651e7671e064b911a3a05f096908e5ef0580.patch: glib-aux: fix + nm_ref_string_equal_str() Fix comparison with a NULL string + + 6329f1db5ac75ee3b7d2f7ce062e951a598625fe.patch: libnm/tests: + fix maybe-uninitialized warning in "test-setting" + + aadf0fb64f491f94b2771058621dc140c562b62b.patch: libnm/tests: + fix maybe-uninitialized warning in "test-libnmc-setting" + + 471e987add98b36520ece72ee493176fc7bc863c.patch: device: + initialize nm_auto variable in _ethtool_features_reset() + + 634e023e72d4729788a022ea1fae665af28d1b0f.patch: glib-aux: + workaround maybe-uninitialized warning with LTO in + nm_uuid_generate_from_string_str() + +- Use meson LTO setup as NM makes changes to CFLAGS + +- Packaging additions with Autotools replacement: + + Add Meson build requirement and replace Automake macros with + Meson equivalent ones as autotools will be deprecated in the + future. + + Options passed to Meson to mimmic our default preferences: + systemdsystemunitdir=%{_unitdir}, udev_dir=%{_udevdir}, + dbus_conf_dir=%{_dbusconfdir}, iptables=%{_sbindir}/iptables, + dnsmasq=%{_sbindir}/dnsmasq, dnssec_trigger=%{_libexecdir}\ + /dnssec-trigger-script, dist_version=%{version}, + polkit_agent_helper_1=%{_libexecdir}/polkit-1\ + /polkit-agent-helper-1, hostname_persist=suse, switchable + libaudit=%{libaudit_meson_opt}, iwd=true, pppd=%{_sbindir}\ + /pppd, pppd_plugin_dir=%{_pppddir}, nm_cloud_setup=true, + bluez5_dun=true, netconfig=%{_sbindir}/netconfig, + dhclient=%{_sbindir}/dhclient, docs=true, switchable + tests=%{tests_meson_opt}, more_asserts=0, more_logging=false, + qt=false, and switchable teamdctl=true (teamctl is about to be + deprecated). + + Add conditionalized audit pkgconfig module build requirement to + allow easier feature testing, and pass + 'yes-disabled-by-default' to 'libaudit' Meson option. As an + observation: Meson defaults passing 'yes' to this feature. + + Add explicit c++_compiler build requirement to avoid build + abortion. + + Add explicit libselinux pkgconfig module build requirement + checked by Meson and was already being pulled in by some other + package. + + Add polkit-gobject-1 pkgconfig module build requirement checked + by Meson and needed for user auth-polkit support. + + Add mobile-broadband-provider-info pkgconfig module build + requirement checked by Meson and needed for ModemManager1 + interface support. + + Add sed command to fix server.conf config file location from + defaultdocdir/NetworkManager/examples to + defaultdocdir/NetworkManager. + + Add useful %{_pppddir} and %{_dbusconfdir} macros to spec file, + while dropping no longed needed pppddir shell variable + definition and 'test -n "$pppddir" || exit 1' construct. + + Add "< 1.21" version to libnm-glib-vpn1, libnm-glib4, and + libnm-util2 < 1.21 to main package's Obsoletes tags, following + packaging good practices to avoid future unwated behavior + regarding versioning schemes. + + Replace %version macro with hardcoded "0.9.1" version to the + devel subpackage's %name-doc Obsoletes tag following packaging + good practices to avoid future unwanted behaviors regarding + versioning schemes (the doc subpackage was merged with the + devel one in the 0.9.0 release). + + Pass "%{?no_lang_C}" to %find_lang macro to avoid stripping + any English translations (the default language) from main + package. +- Packaging deletions with Autotools replacement: + + Remove data/server.conf from %doc macro in files section as it + no longer works with Meson. + + Remove "rm" command on server.conf file following sed command + addition to fix the right location of the file. + + Remove no longer useful conditional build abortion depending + whether or not netconfig support was found + 'grep "with_netconfig='no'" config.log' since this file isn't + generated by Meson. + + Remove no longer needed "find" command for GNU Libtool LA files + deletion. + + Drop no longer needed libtool build requirement as Meson does + not use it. + + Drop redundant sysconfig-netconfig build requirement as it does + not add anything to the build anymore. + + Drop comment about suse-release build requirement not being + needed anymore, it's been deprecated for almost a decade now. + + Drop setBadness for 'dbus-file-unauthorized' in the rpmlintrc: + the new dbus file has been whitelisted already (bsc#1194799). + +- Split out NetworkManager-pppoe, needed to configure regular PPPoE + connections (Not very common, as most users have PPPoE routers + for the DSL connections). + +- Update to version 1.34.0: + + initrd: wait for both IPv4 and IPv6 with "ip=dhcp,dhcp6" + + core: better handle sd-resolved errors when resolving hostnames + + nmcli: fix import WireGuard profile with DNS domain and address + family disabled + + ndisc: send router solicitations before expiry + + policy: send earlier the ip configs to the DNS manager + + core: support linking with LLD 13 + + wireguard: importing wg-quick configuration files with nmcli + no longer sets a negative, exclusive "dns-priority". This plays + better with common split DNS setups that use systemd-resolved. + Adjust the "dns-priority" to your liking after import yourself. + + NetworkManager no longer listens for netlink events for traffic + control objects (qdiscs and filters). + + core: add internal nm-priv-helper service for separating + privileges and have a way to drop capabilities from + NetworkManager daemon. + + bond: add support for setting queue-id of bond port. + + dns: support configuring DNS over TLS (DoT) with + systemd-resolved. + + nmtui: add support for WireGuard profiles. + + nmcli: add aliases `nmcli device up|down` beside + connect|disconnect. + + conscious language: Deprecate 'Device.Slaves' D-Bus property in + favor of new 'Device.Ports' property. Depracate + 'nm_device_*_get_slaves()' in favor of 'nm_device_get_ports()' + in libnm. + + nmcli: invoking nmcli command without arguments will now show + 'default' instead of null address in route4 or route6 section. +- Refresh patches with quilt. +- Replace addFilter("suse-branding-unversioned-requires*") from + rpmlintrc, with the current branding-requires-unversioned. +- Update our Supplements to current standard. +- Add the new internal nm-priv-helper.service to pre(un)/post(un) + handling. + apparmor +- add profiles-permit-php-fpm-pid-files-directly-under-run.patch + https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) + autoyast2 +- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871) +- 4.5.10 + +- Add needed packages for kdump even when kdump section is not + defined if product enable kdump by default (bsc#1204180) +- 4.5.9 + +- Add support for security policies validation (jsc#SLE-24764). + binutils +- Add binutils-maxpagesize.diff for a problem on old code + streams, where we would generate too large binaries. + +- s390-pic-dso.diff: use %pB instead of %B + +- SLE toolchain update of binutils. Update to 2.39 from 2.37, + which means obsoleting and hence removing these patches: + binutils-add-efi-aarch64-1.diff, binutils-add-efi-aarch64-2.diff, + binutils-add-efi-aarch64-3.diff, binutils-fix-keepdebug.diff, + binutils-add-z16-name.diff. + Implements [jsc#SLE-25046, jsc#PED-2029, jsc#PED-2035, jsc#PED-2033, + jsc#PED-2030, jsc#PED-2038, jsc#PED-2032, jsc#PED-2034, jsc#PED-2031, + jsc#SLE-25047] +- This fixes these CVEs relative to 2.37: + [bsc#1188374, bsc#1185597] aka (GCC) PR99935 aka CVE-2021-3648 + [bsc#1193929] aka PR28694 aka CVE-2021-45078 + [bsc#1194783] aka (GCC) PR98886 aka CVE-2021-46195 + [bsc#1197592] aka (GCC) PR105039 aka CVE-2022-27943 + [bsc#1202966] aka PR29289 aka CVE-2022-38126 + [bsc#1202967] aka PR29290 aka CVE-2022-38127 + [bsc#1202969] aka CVE-2021-3826 + +- Add binutils-pr29482.diff for PR29482, aka CVE-2022-38533 + [bsc#1202816] + +- Rebase binutils-2.39-branch.diff.gz that contains fix for PR29451. + +- Add binutils-2.39-branch.diff.gz. +- Explicitly enable --enable-warn-execstack=yes and --enable-warn-rwx-segments=yes. +- Add gprofng subpackage. + +- Update to binutils 2.39: + * The ELF linker will now generate a warning message if the stack is made + executable. Similarly it will warn if the output binary contains a + segment with all three of the read, write and execute permission + bits set. These warnings are intended to help developers identify + programs which might be vulnerable to attack via these executable + memory regions. + The warnings are enabled by default but can be disabled via a command + line option. It is also possible to build a linker with the warnings + disabled, should that be necessary. + * The ELF linker now supports a --package-metadata option that allows + embedding a JSON payload in accordance to the Package Metadata + specification. + * In linker scripts it is now possible to use TYPE= in an output + section description to set the section type value. + * The objdump program now supports coloured/colored syntax + highlighting of its disassembler output for some architectures. + (Currently: AVR, RiscV, s390, x86, x86_64). + * The nm program now supports a --no-weak/-W option to make it ignore + weak symbols. + * The readelf and objdump programs now support a -wE option to prevent + them from attempting to access debuginfod servers when following + links. + * The objcopy program's --weaken, --weaken-symbol, and + - -weaken-symbols options now works with unique symbols as well. +- Rebase binutils-compat-old-behaviour.diff, binutils-revert-hlasm-insns.diff, + binutils-revert-plt32-in-branches.diff and remove binutils-2.38-branch.diff.gz. +- For now use --disable-gprofng. +- Includes fixes for these CVEs: + bnc#1142579 aka CVE-2019-1010204 aka PR23765 + +(Fake entry from SLE for tracking purposes:) +- Use https for variosu links. + +- Update binutils-2.38-branch.diff.gz (to 93054037f1e304e) + in order to include PR29087. + +- Enable multitarget build on riscv64 +- On SLE15 and later, use make -Oline to synchronize configure output by + lines + +(Fake entry from SLE for tracking purposes:) +- Renumber Sources. + +- Fix ExcludeArch for ppc. + +- Make multibuild utilize only the main binutils.spec file. +- Remove not needed README.First-for.SUSE.packagers, pre_checkin.sh. + +- Start using _multibuild for cross binutils. + + (forward port from SLE) +- Update binutils-2.38-branch.diff.gz (to c210342d7f5) to include + recognition of 'z16' name for 'arch14' on s390. [bsc#1198237] + +(Fake entry from SLE for tracking purposes:) +- Add usage of a SUSE_ZNOW environment variable which allows switching + on "-z now" by default using "export SUSE_ZNOW=1", similar to + the SUSE_ASNEEDED variable. Adds binutils-znow.patch. + +- Update binutils-skip-rpaths.patch: add back fix for boo#1191473, + which got lost in the update to 2.38. + +- Update binutils-2.38-branch.diff.gz in order to include PR28879. + +- From Stefan Brüns : + * Install symlinks for all target specific tools on + arm-eabi-none [bsc#1185712] + +- Do not re-generate ld/ldlex.c, ld/ldgram.c, ld/ldgram.h and verify + that corresponding flex/bison files are not modified by a patch. + +- Use verbose mode for make for cross compilers. + +- Make it build on SLE-11 again. + +- Use verbose mode for make. + +- Update to binutils 2.38: + * elfedit: Add --output-abiversion option to update ABIVERSION. + * Add support for the LoongArch instruction set. + * Tools which display symbols or strings (readelf, strings, nm, objdump) + have a new command line option which controls how unicode characters are + handled. By default they are treated as normal for the tool. Using + - -unicode=locale will display them according to the current locale. + Using --unicode=hex will display them as hex byte values, whilst + - -unicode=escape will display them as escape sequences. In addition + using --unicode=highlight will display them as unicode escape sequences + highlighted in red (if supported by the output device). + * readelf -r dumps RELR relative relocations now. + * Support for efi-app-aarch64, efi-rtdrv-aarch64 and efi-bsdrv-aarch64 has been + added to objcopy in order to enable UEFI development using binutils. + * ar: Add --thin for creating thin archives. -T is a deprecated alias without + diagnostics. In many ar implementations -T has a different meaning, as + specified by X/Open System Interface. + * Add support for AArch64 system registers that were missing in previous + releases. + * Add support for the LoongArch instruction set. + * Add a command-line option, -muse-unaligned-vector-move, for x86 target + to encode aligned vector move as unaligned vector move. + * Add support for Cortex-R52+ for Arm. + * Add support for Cortex-A510, Cortex-A710, Cortex-X2 for AArch64. + * Add support for Cortex-A710 for Arm. + * Add support for Scalable Matrix Extension (SME) for AArch64. + * The --multibyte-handling=[allow|warn|warn-sym-only] option tells the + assembler what to when it encoutners multibyte characters in the input. The + default is to allow them. Setting the option to "warn" will generate a + warning message whenever any multibyte character is encountered. Using the + option to "warn-sym-only" will make the assembler generate a warning whenever a + symbol is defined containing multibyte characters. (References to undefined + symbols will not generate warnings). + * Outputs of .ds.x directive and .tfloat directive with hex input from + x86 assembler have been reduced from 12 bytes to 10 bytes to match the + output of .tfloat directive. + * Add support for 'armv8.8-a', 'armv9-a', 'armv9.1-a', 'armv9.2-a' and + 'armv9.3-a' for -march in AArch64 GAS. + * Add support for 'armv8.7-a', 'armv8.8-a', 'armv9-a', 'armv9.1-a', + 'armv9.2-a' and 'armv9.3-a' for -march in Arm GAS. + * Add support for Intel AVX512_FP16 instructions. + * Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF + linker to pack relative relocations in the DT_RELR section. + * Add support for the LoongArch architecture. + * Add -z indirect-extern-access/-z noindirect-extern-access to x86 ELF + linker to control canonical function pointers and copy relocation. + * Add --max-cache-size=SIZE to set the the maximum cache size to SIZE + bytes. +- Add binutils-2.38-branch.diff.gz. +- Removed deletion of man pages as they should be properly packages + in tarball. +- Rebased patches: aarch64-common-pagesize.patch, add-ulp-section.diff, + binutils-bfd_h.patch, binutils-revert-nm-symversion.diff, + binutils-revert-plt32-in-branches.diff, binutils-skip-rpaths.patch + and binutils-compat-old-behaviour.diff. + +- Enable PRU architecture for AM335x CPU (Beagle Bone Black board) + +- use fdupes on datadir +- remove RPM_BUILD_ROOT usage and other cleanups + +- Rebase binutils-2.37-branch.diff: fixes PR28494. + busybox +- Fix build under SLE-12 + +- Annotate CVEs already fixed in upstream, but not mentioned in .changes: + * CVE-2014-9645 (bsc#914660): strips of / in module names that can lead to loading unwanted modules + +- prepare spec file for rpmbuild --build-in-place --noprep +- use bcond for static and ww3 subpackages +- fix verbose flag + +- Enable switch_root + With this change virtme --force-initramfs works as expected. + +- Enable udhcpc + +- BuildRequire hostname: the test suite wants to compare the output + of 'hostname' against 'busybox hostname'. We should not rely + hostname to be present in the build environment. + +- Update to 1.35.0 + - awk: fix printf %%, fix read beyond end of buffer + - chrt: silence analyzer warning + - libarchive: remove duplicate forward declaration + - mount: "mount -o rw ...." should not fall back to RO mount + - ps: fix -o pid=PID,args interpreting entire "PID,args" as header + - tar: prevent malicious archives with long name sizes causing OOM + - udhcpc6: fix udhcp_find_option to actually find DHCP6 options + - xxd: fix -p -r + - support for new optoins added to basename, cpio, date, find, + mktemp, wget and others +- Adjust busybox.config for new features in find, date and cpio + +- Annotate CVEs already fixed in upstream, but not mentioned in .changes: + * CVE-2017-16544 (bsc#1069412): Insufficient sanitization of filenames when autocompleting + * CVE-2015-9261 (bsc#1102912): huft_build misuses a pointer, causing segfaults + * CVE-2016-2147 (bsc#970663): out of bounds write (heap) due to integer underflow in udhcpc + * CVE-2016-2148 (bsc#970662): heap-based buffer overflow in OPTION_6RD parsing + * CVE-2016-6301 (bsc#991940): NTP server denial of service flaw + * CVE-2017-15873 (bsc#1064976): The get_next_block function in archival/libarchive/decompress_bunzip2.c has an Integer Overflow + * CVE-2017-15874 (bsc#1064978): archival/libarchive/decompress_unlzma.c has an Integer Underflow + * CVE-2019-5747 (bsc#1121428): out of bounds read in udhcp components + * CVE-2021-42373, CVE-2021-42374, CVE-2021-42375, CVE-2021-42376, + CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, + CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, + CVE-2021-42385, CVE-2021-42386 (bsc#1192869) : v1.34.0 bugfixes + - CVE-2021-28831 (bsc#1184522): invalid free or segmentation fault via malformed gzip data + - CVE-2018-20679 (bsc#1121426): out of bounds read in udhcp + - CVE-2018-1000517 (bsc#1099260): Heap-based buffer overflow in the retrieve_file_data() + - CVE-2011-5325 (bsc#951562): tar directory traversal + - CVE-2018-1000500 (bsc#1099263): wget: Missing SSL certificate validation + cpupower +- Update to latest intel-speed-select package version from 1.10 to 1.13 + (jsc#PED-2137): + 1.13: + * Fix build failure when using gcc options -Wl,--as-needed + * Fix warning for perf_cap.cpu may be uninitialized + * Fix off by one check for MAX_DIE_PER_PACKAGE + * Fix issue with use of get_physical_die_id instead of + get_physical_die_id + * Warn if turbo is disabled and SST turbo-freq feature is requested + 1.12: + * Allows out of band SST support, where some remote agent + changes SST profiles via some Board Management Controller. + * HFI support to process config level changes in oob mode + 1.11: + * Update max performance when BIOS disabled turbo + - jsc#PED-394 + jsc#PED-1028 - jsc#PED-393 + jsc#PED-1027 - jsc#PED-391 + jsc#PED-1029 + Add RPL-S platform to Turbostat + jsc#PED-1026 - jsc#PED-2065 + jsc#PED-2066 dconf +- Bring back 0001-gvdb-Restore-permissions-on-changed-files.patch + since the useful fix was never merged to upstream (bsc#971074 + bgo#758066 bsc#1203344). + duktape +- duktape-link-m.patch: link against libm for sin() and related functions, + in case the compiler with -Os creates external references. bsc#1205805 + emacs +- Add upstream commit as patch d48bb487.patch (bsc#1205822, CVE-2022-45939) + * shell command injection via source code files when using ctags + hwdata +- update to 0.363: + + Updated pci, usb and vendor ids. + +- update to 0.362: + + Updated pci, usb and vendor ids. + +- update to 0.361: + + Updated pci, usb and vendor ids. + issue-generator +- Update to version 1.13 + - SELinux: Do not call agetty --reload [bsc#1186178] + +- Update to version 1.12 + - Update manual page + - Use python3 instead of python 2.x + +- Update to version 1.11 + - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891] + - Ignore /run/issue.d in issue-generator.path, else issue-generator will + be called too fast too often [bsc#1177865] + - Ignore *.bak, *~ and *.rpm* files [bsc#1118862] + +- Handle the .path unit in scriptlets as well + +- Update to version 1.10 + - Display wlan interfaces [bsc#1169070] + +- Update to version 1.9 + - Fix path for systemd files + +- Update to version 1.8 + - Handle network interface renames + krb5 +- Fix integer overflows in PAC parsing; (CVE-2022-42898); + (bso#15203), (bsc#1205126). +- Added patches: + * 0010-Fix-integer-overflows-in-PAC-parsing.patch + libX11 +- U_fix-a-memory-leak-in-XRegisterIMInstantiateCallback.patch + * security update for CVE-2022-3554 (bsc#1204422) +- U_Fix-two-memory-leaks-in-_XFreeX11XCBStructure.patch + * security update for CVE-2022-3555 (bsc#1204425) + libapparmor +- add profiles-permit-php-fpm-pid-files-directly-under-run.patch + https://gitlab.com/apparmor/apparmor/-/merge_requests/914 (bsc#1202344) + libarchive +- Fix CVE-2022-36227, Handle a calloc returning NULL + (CVE-2022-36227, bsc#1205629) + * CVE-2022-36227.patch + libdb-4_8 +- Security fix: [bsc#1174414, CVE-2019-2708] + * libdb: Data store execution leads to partial DoS + * Backport the upsteam commits: + - Fixed several possible crashes when running db_verify + on a corrupted database. [#27864] + - Fixed several possible hangs when running db_verify + on a corrupted database. [#27864] + - Added a warning message when attempting to verify a queue + database which has many extent files. Verification will take + a long time if there are many extent files. [#27864] + * Add libdb-4_8-CVE-2019-2708.patch + -- Explicit add a conflict to other providers of /usr/lib/libdb.so - and /usr/lib/libdb-4.so - libdrm +- Apply n_libdrm-drop-valgrind-dep-generic.patch and + n_libdrm-drop-valgrind-dep-intel.patch only when the build uses + meson < 0.64. With meson 0.64, we don't get the dependency on + valgraind added. + +- split n_libdrm-drop-valgrind-dep.patch into + n_libdrm-drop-valgrind-dep-generic.patch and + n_libdrm-drop-valgrind-dep-intel.patch to fix build on s390 and + armv7l + +- Only apply libdrm-drop-valgrind-dep.patch if valgrnid_support is + enabled (fix build on e.g. aarch64). + +- renamed libdrm-drop-valgrind-dep.patch to + n_libdrm-drop-valgrind-dep.patch in order to mark it as 'never + to be upstreamed' + +- Add libdrm-drop-valgrind-dep.patch (as source): drop dependency + on valgrind on generated pkgconfig files. The .pc files are + auto-generated by meson and are 'technically' correct, but we do + not want to inject valgrind here (we can get away with this hack + as it's only relevant when using pkg-config --static, and we + do not provide static libs anyway). + +- Update to 2.4.114 + * amdgpu.ids: use consistent formatting for RID + * amdgpu.ids: sort the file + * amdgpu.ids: update to the latest marketing name + * amdgpu_ids: add MI marketing names + * amdgpu: Add a default marketing name if none is found + * meson: fast-fail on unsupported OSes + * include/drm/drm_fourcc.h: Update from Linux v6.0-rc7 + * include/drm/i915_drm.h: Update from Linux v6.0-rc7 + * tests/util: add imx-lcdif driver + * intel: move declarations to top in drm_intel_gem_bo_unreference() + * build: automatically disable Intel if pciaccess is not found + * xf86drm: handle DRM_FORMAT_BIG_ENDIAN in drmGetFormatName() + * amdgpu: silence uninitialized variable warning + * xf86drmMode: add helpers for dumb buffers + * modetest: drop unused offset field in struct bo + * modetest: use sized integers in struct bo + * modetest: use dumb buffer helpers + +- disabled intel driver on s390x + +- update to 2.4.113: + * amdgpu: update marketing names + * sync i915_pciids with kernel + * atomic: fix atomic_add_unless() fallback's return value + * intel: Avoid aliasing violation + * intel: Hook up new platforms IDs + * meson: auto-enable etnaviv on arm, arc, mips and loongarch architectures + * modetest: use drmGetFormatName() + * lots of testsuite and CI improvements +- enable intel support everywhere as there are now discrete intel GPUs +- enable vc4 support on armv7/aarch64 +- simplify valgrind support ifdefery + +- update to 2.4.112: + * xf86drmMode: introduce drmModeConnectorGetPossibleCrtcs + * xf86drmMode: introduce drmModeGetConnectorTypeName + * xf86drmMode: constify drmModeAtomicReq functions + * gen_table_fourcc: strip _MODIFIER suffix for INVALID + * testsuite fixes + +- update to 2.4.111 + * bugfixes + * drops libkms +- added tegra-* tools on aarch64 to spefile + +- update to 2.4.110: + * build system updates + * amdgpu: implement new CTX OP to set/get stable pstates + * amdgpu: update_drm for new CTX OP to set/get stable pstates + * intel: Add support for ADL-N + * intel: Add support for RPLS platform + * intel: sync pciids with Linux kernel + * update to tests + +- update to 2.4.109: + * amdgpu: add new function to get fd + * radeon: remove duplicate struct declaration + * xf86drm: fix compiler warnings + * ci fixes + +- update to 2.4.108: + * amdgpu: add amdgpu_stress utility v2 + * amdgpu: add marketing names from 21.30 + * amdgpu: add new marketing name + * amdgpu: Make marketing names consistent + * amdgpu: use drmCloseBufferHandle + * build: bump version to 2.4.108 + * drm_fourcc: sync drm_fourcc with latest drm-next kernel + * etnaviv: use drmCloseBufferHandle + * exynos: use drmCloseBufferHandle + * Fix -Werror=format build errors on FreeBSD + * freedreno: use drmCloseBufferHandle + * headers: drm: Sync with drm-next + * intel: Do not assert on unknown chips in drm_intel_decode_context_alloc + * intel: Drop legacy execbuffer support + * intel: sync ADL-S PCI IDs with kernel + * intel: Sync pci ids + * intel: use drmCloseBufferHandle + * man: refer to drmCloseBufferHandle instead of DRM_IOCTL_GEM_CLOSE + * meson: Build libdrm.so as an unversioned lib on Android. + * meson: Don't build libkms for Android. + * nouveau: print bo address in the GPU/CPU vm and its size + * nouveau: use drmCloseBufferHandle + * omap: use drmCloseBufferHandle + * radeon: use drmCloseBufferHandle + * tegra: use drmCloseBufferHandle + * test/amdgpu: Bob to Alice copy should be TMZ in secure bounce test + * tests/amdgpu: Fix TMZ secure bounce test + * xf86drm: add GEM_CLOSE ioctl wrapper + * xf86drm: add iterator API for DRM/KMS IN_FORMATS blobs + * xf86drm: fix mem leak in drm_usb_dev_path() + * xf86drmMode: make drm_property_type_is arg const + * xf86drmMode: simplify drm_property_type_is + * xf86drmMode: switch to standard inline qualifier + * xf86drm: Update drmGetFormatModifierNameFromArm to handle AFRC + libeconf +- Update to version 0.4.6+git20220427.3016f4e: + * econftool: + * * Parsing error: Reporting file and line nr. + * * --delimeters=spaces Taking all kind of spaces for delimiter + * libeconf: + Fixed bsc#1198165: Parsing files correctly which have space characters + AND none space characters as delimiters. + +- Update to version 0.4.5+git20220406.c9658f2: + * econftool: + * * New call "syntax" for checking the configuration files only. + Returns an error string with line number if an error occurs. + * * New options "--comment" and "--delimeters" + * * Parsing one file only if needed. + libepoxy +- needed by jira#PED-1174 (Mesa needs sync with Xserver, which + then needs updated libepoxy) + +- Update to version 1.5.10: + + Fix for building with MSVC on non-English locale. + + Fix build on Android. + + Add the right include paths for EGL and X11 headers. +- Upstream tarball url changed, probably by mistake, so leave old + url in place, but disabled. + libglvnd +- update to 1.5.0: + * Add BTI landing pads for aarch64 + * Set current thread state to NULL in teardown + * Moving setspecific to before DestroyThreadState + * Fix a memory leak in libGLdispatch + * Use assembly stubs on armv6 +- drop libglvnd-add-bti.patch (upstream) + +- let libglvnd require Mesa-dri so GL drivers are available on + Wayland-only desktop installations (boo#1201474) + +- Update libglvnd-add-bti.patch from latest upstream submission + +- Re-enable asm on aarch64 +- Add patch to fix run with BTI enabled on aarch64: + * libglvnd-add-bti.patch - boo#1188928 + +- update to 1.4.0: + * tests cleanups + * Update bin/symbols-check.py from mesa/mesa@6f854145 + * Remove extra paragraph from license text. + * Add one more missing dep_x11_headers + * Update uthash to v2.3.0 + * EGL: Add support for eglQueryDisplayAttribKHR and NV. + libinput -- Update to version 1.19.4 (boo#1198111): - * This release includes a fix for CVE-2022-1215, a format string - vulnerability in the evdev device handling. +- Update to release 1.21 + * This version includes a new configuration option that, + similarly to its touchpad counterpart, allows disabling the + trackpoint while typing. + * The flat acceleration profile has been improved in this + version. + +- Enable building libinput-replay [boo#1190065] + +- Update to release 1.20.1 + * Format string issue resolved [CVE-2022-1215 bsc#1198111] + +- Update to release 1.20.0 + * High-resolution scroll is more reliable thanks to the + inclusion of new heuristics. + * Better handling of BTN_TOOL_PEN on top of BTN_TOOL_RUBBER on + graphics tablets that trigger a kernel bug. + * libinput does not handle joysticks and gamepads. The + detection algorithm has been improved to avoid tagging some + of those devices as keyboards. + * Improved clickpad detection + * New quirks and bug fixing libnvme +- Update to version 1.2 (jsc#PED-553): + * 64-bit Reference Tags and TP-4068 changes + * Add more details for return code of MI admin cmds + * Fix poll.h includes + * Parse dhchap_host_key on controller level + * Regenerate all documentation + * Update json config schema for missing dhchap host key + * build: Add support to build against LibreSSL + * build: Drop -nostdinc for LibreSSL header checks + * fabrics: Add new TP8010 definitions + * fabrics: Add nvmf_get_discovery_wargs() + * fabrics: Duplicate strings when merging configs + * fabrics: Filter out empty strings in add_argument() + * fabrics: Fix build_options() return values + * fabrics: Use fallthrough statement + * fabrics: sanitize dump-config output + * ioctl: Honor rae in nvme_get_nsid_log + * ioctl: Set log page offset for nvme_get_log_telemetry_host + * json-schema: add dhchap_key details to host section + * json: Enforce correctly formatted JSON config files + * json: Verify JSON config file starts with an array + * json: fixup dhchap_ctrl_key definitions + * libnvme-mi: Introduce NVMe Managament Interface library + * mi-mctp: Add timeout support to MCTP transport + * mi: Add Get Log Page helpers + * mi: Add Identify function for secondary controller list + * mi: Add Identify helper for ns-descs and primary-ctrl-caps + * mi: Add endpoint get/set timeout API + * mi: Add firmware download and commit commands + * mi: Add identify helper for nsid-capable Controller List + * mi: Add identify helpers for namespace lists + * mi: Add identify helpers for namespaces + * mi: Add maximum More Processing Required limit API + * mi: Allow Admin-message sized More Processing Required responses + * mi: Distinguish MI status from NVMe (CDW3) status + * mi: Fix C++ compiler errors + * mi: Implement Format NVM command + * mi: Implement Get & Set Features Admin commands + * mi: Implement NS attach command and helpers + * mi: Implement Namespace Management command and create/delete helpers + * mi: Implement Sanitize command + * mi: Init ctrl_id within xfer + * mi: Introduce a helper for response status, unify values with ioctls + * mi: Set log page offset for nvme_get_log_telemetry_host + * mi: add nvme_mi_status_to_string() + * mi: fix a memory leak in nvme_mi_open_mctp() + * mi: fix get_log_page chunked offset check + * mi: unify MI Get Log Page function with ioctl API + * nvme-tree: avoid segfault if auth keys are unavailable + * python: Use nvmf_get_discovery_wargs() + * python: add missing ctrl attrs to Python bindings + * rpmbuild: Enable 'make rpm' to build rpm pkgs #408 + * tree: rename controller 'dhchap_key' to 'dhchap_ctrl_key' + * types: Move enum nvme_data_tfr to types + * update/cleanup of documentation + * util: Add LINE_MAX define + * util: Add get feature length 2 API to support direction parameter + * util: Add simple UUID type + * util: Do not expose fallthrough defines + * various build fixes + * various fixes reported by coverity +- Drop upstream patches + * remove 0001-fabrics-Lower-log-level-in-__nvmf_add_ctrl.patch + * remove 0002-fabrics-Remove-double-connection-error-logging.patch + * remove 0003-fabrics-Introduce-connection-connect-error-mapping.patch + * remove 0004-libnvme-Export-nvme_ctrl_get_config.patch + * remove 0005-tree-Factor-lookup-code-for-controller.patch + * remove 0006-fabrics-Consider-config-from-file-when-adding-new-co.patch + * remove 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch + * remove 0008-libnvme-accessors-for-dhchap_key-variables.patch + * remove 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch + * remove 0010-json-fixup-dhchap_ctrl_key-definitions.patch + * remove 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch + * remove 0012-Parse-dhchap_host_key-on-controller-level.patch + * remove 0013-json-schema-add-dhchap_key-details-to-host-section.patch + * remove 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch + * remove 0015-fabrics-restructrure-nvmf_get_discovery_log.patch + * remove 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch + * remove 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch + * remove 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch + * remove 0019-Fix-llx-lx-build-warnings-on-powerpc.patch + * remove 0020-fabrics-sanitize-dump-config-output.patch + * remove 0021-fabrics-Fix-build_options-return-values.patch +- Make man page build conditiional. Install man page location has been + fixed upstream. +- Mark the Python directory own by the libnvme3-python package +- Use fixed manpage build date (boo#1047218) +- Fix installation of manual pages to make them accessible + +- Fixes for controller authentication (bsc#1201501 bsc#1201700 bsc#1201701 bsc#1201717) + * add 0007-python-add-missing-ctrl-attrs-to-Python-bindings.patch + * add 0008-libnvme-accessors-for-dhchap_key-variables.patch + * add 0009-fabrics-Update-controller-authentication-in-nvmf_add.patch + * add 0010-json-fixup-dhchap_ctrl_key-definitions.patch + * add 0011-tree-rename-controller-dhchap_key-to-dhchap_ctrl_key.patch + * add 0012-Parse-dhchap_host_key-on-controller-level.patch + * add 0013-json-schema-add-dhchap_key-details-to-host-section.patch + * add 0014-nvme-tree-avoid-segfault-if-auth-keys-are-unavailabl.patch + * add 0015-fabrics-restructrure-nvmf_get_discovery_log.patch +- Subsystem scanning logic fixes + * add 0016-tree-simplifiy-nvme_subsystem_lookup_namespace.patch + * add 0017-tree-make-nvme_subsystem_scan_namespace-idempotent.patch + * add 0018-tree-make-nvme_ctrl_scan_namespace-idempotent.patch +- Fix PowerPC build warnings + * add 0019-Fix-llx-lx-build-warnings-on-powerpc.patch +- Fabrics fixes + * add 0020-fabrics-sanitize-dump-config-output.patch + * add 0021-fabrics-Fix-build_options-return-values.patch + libqmi +- update to 1.30.8: + * dms: new 'Foxconn FCC authentication v2' request/response. + +- Enable QRTR support + +- Update to 1.30.6 + * meson: fix 'export_packages' in GIR setup. + * net-port-manager: use unaligned netlink attribute length. +- Drop the unneeded rpmlintrc file + +- update to 1.30.4: + * * meson: switch to use the new python module in meson. + * * meson: added a new boolean 'man' option in the meson setup to explicitly + enable or disable building the man pages. + * * meson: removed the option to detect if rmnet is supported. + * * meson: multiple updates to use newer meson features like install_dir(), + install_mode() or summary(). + * * meson: options 'mbim_qmux' and 'qrtr' are enabled by default and must be + explicitly disabled if they're not needed, there is no attempt to + autodetect whether they can be enabled or not. + * qmi-proxy: + * * Remove assert when attempting to close ghost device. + * qmi-firmware-update: + * * Use defaults if FLASH variables not reported, enabling support to flash + the new Sierra Wireless EM9190 and EM9191 modules. + * Several other minor improvements and fixes. + libstorage-ng +- merge gh#openSUSE/libstorage-ng#905 +- read filters for udev links from config file +- limit allowed by-id links for NVMEs (bsc#1205352) +- make integration-tests subpackage noarch +- cleanup +- 4.5.53 + +- Translated using Weblate (Macedonian) (bsc#1149754) +- 4.5.52 + +- merge gh#openSUSE/libstorage-ng#904 +- added examples +- 4.5.51 + +- merge gh#openSUSE/libstorage-ng#903 +- fixed typo +- 4.5.50 + +- merge gh#openSUSE/libstorage-ng#902 +- ignore chunk size for RAID1 (bsc#1205172) +- 4.5.49 + libusb-1_0 +- Added 0002-gracefully-handle-buggy-config0-devices.patch + * Fix regression where some buggy devices no longer work + if they have a configuration value of 0. + * [bsc#1201590] + libuv +- Remove epoll syscall wrappers; (bsc#1199062); Add + * 0001-linux-remove-epoll-syscall-wrappers.patch + * 0002-linux-drop-code-path-for-epoll_pwait-less-kernels.patch + -- update to v0.11.29 - -- update to v0.11.28 - -- update to 0.11.24 -- install pkg-config file - -- Update to version 0.11.23 - * bug fixes - -- update to v0.11.21 - -- initial packaging of v0.11.19 - libxml2 +- Add W3C conformance tests to the testsuite (bsc#1204585): + * Added file xmlts20080827.tar.gz + lvm2 +- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) + - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch + lvm2:devicemapper +- killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) + - bug-1203216_lvmlockd-purge-the-lock-resources-left-in-previous-l.patch + mdadm +- mdadm.spec: add EXTRAVERSION string to make command line + (jsc#SLE-24761, bsc#1193566) + mozilla-nss +- Require libjitter only for SLE15-SP4 and greater + +- update to NSS 3.79.2 (bsc#1204729) + * bmo#1785846 - Bump minimum NSPR version to 4.34.1. + * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. + +- Add nss-allow-slow-tests.patch, which allows a timed test to run + longer than 1s. This avoids turning slow builds into broken + builds. + +- Update nss-fips-approved-crypto-non-ec.patch to allow the use of + DSA keys (verification only) (bsc#1201298). +- Update nss-fips-constructor-self-tests.patch to add + sftk_FIPSRepeatIntegrityCheck() to softoken's .def file + (bsc#1198980). + +- Update nss-fips-approved-crypto-non-ec.patch to allow the use of + longer symmetric keys via the service level indicator + (bsc#1191546). +- Update nss-fips-constructor-self-tests.patch to hopefully export + sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). + +- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions + from getting flagged as non-FIPS (bsc#1191546). +- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). +- Enable nss-fips-drbg-libjitter.patch now that we have a patched + libjitter to build with (bsc#1202870). + +- Update nss-fips-approved-crypto-non-ec.patch to prevent keys + from getting flagged as non-FIPS and add remaining TLS mechanisms. +- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for + entropy. This is disabled until we can avoid the inline assembler + in the latter's header file that relies on GNU extensions. +- Update nss-fips-constructor-self-tests.patch to fix an abort() + when both NSS_FIPS and /proc FIPS mode are enabled. + nano +- update to 7.0: + * String binds may contain bindable function names between braces + * Unicode codes can be entered (via M-V) without leading zeroes, + by finishing short codes with or + * Word completion (^]) looks for candidates in all open buffers + * No regular expression matches the final empty line any more + net-snmp +- update to 5.9.3 (bsc#1201103, jsc#SLE-11203): + - security: + - These two CVEs can be exploited by a user with read-only credentials: + - CVE-2022-24805 A buffer overflow in the handling of the INDEX of + NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. + - CVE-2022-24809 A malformed OID in a GET-NEXT to the nsVacmAccessTable + can cause a NULL pointer dereference. + - These CVEs can be exploited by a user with read-write credentials: + - CVE-2022-24806 Improper Input Validation when SETing malformed + OIDs in master agent and subagent simultaneously + - CVE-2022-24807 A malformed OID in a SET request to + SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an + out-of-bounds memory access. + - CVE-2022-24808 A malformed OID in a SET request to + NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference + - CVE-2022-24810 A malformed OID in a SET to the nsVacmAccessTable + can cause a NULL pointer dereference. + - Fixed library versioning bug found in 5.9.2. + - Library version change to libsnmp40. +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. +- Fixed python2 backward compability. + add: + * net-snmp-5.9.3-fixed-python2-bindings.patch +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. +- Change to use systemd service files directly from net-snmp package. + add: + * net-snmp-5.9.1-suse-systemd-service-files.patch + * net-snmp-5.9.1-harden_snmpd.service.patch + * net-snmp-5.9.1-harden_snmptrapd.service.patch + remove: + * snmpd.service + * snmptrapd.service + * harden_snmpd.service.patch + * harden_snmptrapd.service.patch +- Refactor and remove obsolete patches to work with version number 5.9.3: + add: + * net-snmp-5.9.3-pie.patch + * net-snmp-5.9.3-fix-create-v3-user-outfile.patch + * net-snmp-5.9.1-add-lustre-fs-support.patch + * net-snmp-5.9.1-fix-Makefile.PL.patch + * net-snmp-5.9.1-modern-rpm-api.patch + * net-snmp-5.9.1-net-snmp-config-headercheck.patch + * net-snmp-5.9.1-perl-tk-warning.patch + * net-snmp-5.9.1-snmpstatus-suppress-output.patch + * net-snmp-5.9.1-socket-path.patch + * net-snmp-5.9.1-subagent-set-response.patch + * net-snmp-5.9.1-testing-empty-arptable.patch + * net-snmp-5.9.1-velocity-mib.patch + remove: + * net-snmp-5.9.1-pie.patch + * net-snmp-5.9.1-fix-create-v3-user-outfile.patch + * net-snmp-5.7.3-add-lustre-fs-support.patch + * net-snmp-5.7.3-Fix-Makefile.PL.patch + * net-snmp-5.7.3-modern-rpm-api.patch + * net-snmp-5.7.3-net-snmp-config-headercheck.patch + * net-snmp-5.7.3-perl-tk-warning.patch + * net-snmp-5.7.3-snmpstatus-suppress-output.patch + * net-snmp-5.7.3-socket-path.patch + * net-snmp-5.7.3-subagent-set-response.patch + * net-snmp-5.7.3-testing-empty-arptable.patch + * net-snmp-5.7.3-velocity-mib.patch + * net-snmp-5.7.3-fix-create-v3-user-outfile.patch + * net-snmp-5.7.3-pie.patch + * net-snmp-4.7.2-systemd.patch + * net-snmp-5.7.3-build-with-openssl-1.1.patch + * net-snmp-5.7.3-fix-agentx-freezing-on-timeout.patch + * net-snmp-5.7.3-fix-missing-mib-hrStorage-indexes.patch + * net-snmp-5.7.3-fix-snmpd-crashing-when-an-agentx-disconnects.patch + * net-snmp-5.7.3-fix-snmp_pdu_parse-incomplete.patch + * net-snmp-5.7.3-fix-subagent-data-corruption.patch + * net-snmp-5.7.3-helpers-table-skip-if-next-handler-called.patch + * net-snmp-5.7.3-host-mib-skip-autofs-entries.patch + * net-snmp-5.7.3-make-extended-mib-read-only.patch + * net-snmp-5.7.3-netgroups.patch + * net-snmp-5.7.3-Remove-U64-typedef.patch + * net-snmp-5.7.3-snmptrapd-add-forwarder-info.patch + * net-snmp-5.7.3-swintst_rpm-Protect-against-unspecified-Group-name.patch + * net-snmp-5.7.3-ucd-snmp-mib-add-64-bit-mem-obj.patch + * net-snmp-python3.patch + nfs-utils +- add 0025-nfsdcltrack-getopt_long-fails-on-a-non-x86_64-archs.patch + Fix nfsdcltrack bug that affected non-x86 archs. + (bsc#1202627) + +- 0024-systemd-Apply-all-sysctl-settings-when-NFS-related-m.patch + Ensure sysctl setting work (bsc#1199856) + nfsidmap +- 0001-Removed-some-unused-and-set-but-not-used-warnings.patch + 0002-Handle-NULL-names-better.patch + 0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch + 0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch + 0005-nss.c-wrong-check-of-return-value.patch + 0006-Fixed-a-memory-leak-nss_name_to_gid.patch + Various bugfixes and improvemes from upstream + In particular, 0001 fixes a crash that can happen when + a 'static' mapping is configured. + (bnc#1200901) + -- add libtool as buildrequire to avoid implicit dependency - -- libnfsidmap-0.24 - * Added autogen.sh which runs all the autoconfig scripts - * Added nfs4_owner interfaces which are used by the - new nfsidmap program - -- include manpage again bnc#689009 - -- revert the last change that exported only public symbols - breaks loadable modules. - -- libnfsidmap: export only public symbols nfs4_*, in particular - this avoids exporting strlcpy to calling applications.. -- openldap2-devel is not required in -devel package - -- use %_smp_mflags - -- disable the idmapd.conf manpage inclusion, it is in nfs-utils. - -- also remove .la files from the libnfsidmap subdir -- fixed missing ctype.h header include - -- updated to 0.23 - * Allows mappings to be correct "right out of the box" when DNS is - set up correctly and stops idmapper from dying when there is - no domain name set. - * Move the default processing for the "Local-Realm" config option - into the main config file processing function and adds missing - documentation for the previously added configuration option. - * Print a debug log message "when the krb5 realm can not be used since - it does not match the DNS domain name or the 'Local-Realm' variable - defined in /etc/idmad.conf" - * Move the idmapd.conf manpage from nfs-utils and update it to match - the current functionality. - * Changes to install, and look for, the plugin libraries in a separate - libnfsidmap directory. - -- move plugins .so files to main package, to make it work again - bnc#495665, bnc#497209 -- disable versioning of those plugin libs - -- remove static libraries and "la" files - -- upgraded to 0.21 - - The main library has been changed to load "plugin" libraries to - perform the mappings. This decouples the main library from any ldap - (and sasl, etc.) dependencies. - - Several translation methods (plugins) may now be specified in the - idmapd.conf file. While a plugin returns -ENOENT, the next is called - until a mapping is found, or there are no more plugins to try. - - A "static" mapping plugin from David Härdeman has - been added. - - A "gums" mapping plugin from Olga Kornievskaia - has been added. - nvme-cli +- Update to version 2.2.1 (jsc#PED-553): + * Added parsing for Solidigm telemetry observable data. + * Revert "udev: re-read the discovery log page when a discovery controller reconnected" + * add item ddr_ecc_err_cnt in smart-log-add + * build and install fixes/improvements + * build: Add minimum build requirement on libnvme + * build: Drop dependency on libuuid + * build: Extend release script to support micro version releases + * build: Fix endian check for cross build + * build: Remove unused uuid.wrap file + * build: Remove unusned uuid.h include + * build: Update release version rules + * build: Update version before regenerating docs + * completions: Add show-topology tab completion + * documentation fixes + * fabrics: Avoid nvme_scan_ctrl when disconnecting + * fabrics: Honor JSON config file in connect-all command + * fabrics: Remove dhchap-ctrl-secret from discover/connect-all + * fabrics: Trigger auto connect if config.json exists + * fabrics: fix 'persistent' handling during connect-all with JSON file + * fabrics: nvme config --modify depends on -n and -t argument + * fabrics: re-read the discovery log page when a discovery controller reconnected + * json: Support uint64 types serialization for older json-c versions + * meson: we don't need a c++ compiler + * new solidigm plugin + * nvme, plugins: fix __u64 -> unsigned long long assumptions + * nvme-print: Add missing values in id-ctrl for JSON output + * nvme-print: Handle NULL hostid in JSON output + * nvme-print: Output 128bit values as uint128 type instead of double + * nvme-print: Print fguid as a UUID + * nvme-print: Use uint128 JSON function for media_units_written + * nvme-print: decode MI status values + * nvme-print: decode status types + * nvme-print: fix wrong json key + * nvme-print: sanitize the get-feature async event config output + * nvme: Add helper function to parse 16-bit comma separated list + * nvme: Add nvme_cmd wrapper for get_features + * nvme: Add show-topology command + * nvme: Add wrapper for Format NVM + * nvme: Add wrapper for Sanitize NVM + * nvme: Add wrappers for Get Log page helpers + * nvme: Add wrappers for Identify controller lists + * nvme: Add wrappers for NS attach/detach + * nvme: Add wrappers for NS management functions + * nvme: Add wrappers for basic NS identify + * nvme: Add wrappers for firmware commands + * nvme: Do not print error message in collect_effects_log helper + * nvme: Fix set feature command to get feature identifier 0Dh length as zero + * nvme: Introduce a union in struct nvme_dev for different transport types + * nvme: Introduce nvme_cli_ wrappers, wrap identify and identify_ctrl + * nvme: Make static nvme_dev private to open_dev(), use locals elsewhere + * nvme: Masks SSTAT in sanize-log output + * nvme: Remove static nvme_dev, allocate on open instead + * nvme: Set default rae value for nvme_get_nsid_log users + * nvme: Simplify ns list identify + * nvme: Use correct print format specifier for sizeof arguments + * nvme: Use local struct nvme_dev for show_registers & map_registers + * nvme: check if cfg.metadata is NULL before passing it to strlen() + * nvme: use helpers for checking status types + * plugins/innogrit: Include timer.h + * plugins/innogrit: add smart items for smart-log-add + * plugins/micron-nvme: Use correct print format specifier for sizeof arguments + * plugins/ocp: Include timer.h + * plugins/ocp: Output 128bit values as uint128 type instead of double + * plugins/ocp: drop unused fd argument + * plugins/ocp: pass struct nvme_dev to internal functions + * plugins/seagate: Add support for OCP + * plugins/solidigm: fix return value on format parse failure + * plugins/toshiba: pass struct nvme_dev rather than fd + name + * plugins/virtium: Output 128bit values as uint128 type instead of double + * plugins/wdc: Add support for SN660 drive + * plugins/wdc: Add type case for feature id + * plugins/wdc: Output 128bit values as uint128 type instead of double + * plugins/wdc: fix memset() on the address of a pointer + * plugins/wdc: pass a struct nvme_dev around rather than a fd + * plugins/wdc: pass struct nvme_dev rather than using global nvme_dev + * plugins/wdc: prevent duplicate close on NVMe device + * plugins/wdc: remove fd argument from print functions + * plugins/ytmc: pass struct nvme_dev rather than fd + name + * plugins: Use PRIu64 format specifier for 64bit types + * print: Add Controller Ready Timeout Exceeded HW error code + * print: Fix nvme_id_uuid_list + * solidgm: fix initialization warning + * solidigm: Added parsing for telemetry customer screenable data + * solidigm: Fix printf format for size_t variable + * solidigm: Updated Telemetry parsing code to MIT license. + * subprojects/libnvme: update for MI admin command coverage + * tests: Update license to GPL-2.0-or-later + * tree: Add NVMe-MI support + * tree: Add dev_fd() helper + * tree: Change nvme_dev from global to static + * tree: Combine NVMe file descriptor into struct nvme_dev + * tree: Move global device info to a single struct + * tree: fail on non-negative return values from parse_and_open + * udev: Add HOST_IFACE to udev rule + * util/json.h: Add json_object_get_uint64 fallback implementation + * util/json: Add 128 bit JSON helpers + * util/types: Add 128 bit conversion helpers + * util: Fix le128_to_cpu on big-endian + * util: Fix le128_to_cpu on little-endian + * util: Move common type conversion helpers into util section + * utils/json: Add json_object_new_uint64 for json-c < 0.14 + * utils: Fix uint128_t usage + * various fixes reported by coverity + * version reporting includes library version + * wdc: OCP Log page updates and fixes + * wrapper: Add weak nvme_init_copy_range_f1 symbol + * wrapper: Call library version of nvme_init_copy_range_f1 + * wrapper: Update SPDIX license + * zns.c: report zones should be started after retrieved zone +- Drop upsreamp patches + * remove 0001-fabrics-Already-connected-uses-a-different-error-cod.patch + * remove 0002-fabrics-skip-connect-if-the-transport-types-don-t-ma.patch + * remove 0003-nvme-print-Show-paths-from-the-first-namespace-only.patch + * remove 0004-nvme-print-Show-ANA-state-only-for-one-namespace.patch + * remove 0005-fabrics-Honor-config-file-for-connect-all.patch + * remove 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch + * remove 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch + * remove 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch + * remove 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch + * remove 0010-nvme-Return-status-error-code-for-effects-log-comman.patch + * remove 0011-nvme-fix-nvme-get-feature-with-H-option.patch + * remove 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch + * remove 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch + * remove 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch + * remove 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch +- Handle suse-missing-rclink lint warnings by providing the symlinks +- Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) +- Mark no binaries rpms as noarch + +- Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) +- fabrics: Remove dhchap-ctrl-secret from discover/connect-all (bsc#1201701) + * add 0006-fabrics-Remove-dhchap-ctrl-secret-from-discover-conn.patch +- Fabrics related bug fixes + * add 0007-fabrics-error-message-for-nvme-discover-connect-all-.patch + * add 0008-fabrics-avoid-segfault-when-nvme-discover-fails-with.patch + * add 0009-fabrics-avoid-segfault-if-transport-type-is-omitted.patch + * add 0010-nvme-Return-status-error-code-for-effects-log-comman.patch + * add 0011-nvme-fix-nvme-get-feature-with-H-option.patch + * add 0012-fabrics-Avoid-nvme_scan_ctrl-when-disconnecting.patch + * add 0013-nvme-Do-not-print-error-message-in-collect_effects_l.patch + * add 0014-nvme-print-Handle-NULL-hostid-in-JSON-output.patch + * add 0015-nvme-print-sanitize-the-get-feature-async-event-conf.patch + openssl-1_1 +- FIPS: Service-level indicator [bsc#1190651] + * Mark PBKDF2 with key shorter than 112 bits as non-approved + * Add openssl-1_1-ossl-sli-007-pbkdf2-keylen.patch + +- FIPS: Service-level indicator [bsc#1190651] + * Consider RSA siggen/sigver with PKCS1 padding also approved + * Add openssl-1_1-ossl-sli-006-rsa_pkcs1_padding.patch + +- FIPS: Service-level indicator [bsc#1190651] + * Return the correct indicator for a given EC group order bits + * Add openssl-1_1-ossl-sli-005-EC_group_order_bits.patch + perl-Cpanel-JSON-XS +- updated to 4.32 + see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes + 4.32 2022-08-13 (rurban) + - fix new JSON::PP::Boolean overload redefinition warnings. GH #200 + 4.31 2022-08-10 (rurban) + - adjust t/20_unknown.t pp bool tests for native bool when supported. + GH #198 PR by Graham Knop. + +- updated to 4.30 + see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes + 4.30 2022-06-14 (rurban) + - Fix perl 5.37 utf8n_to_uvuni deprecation. GH #196 + +- updated to 4.29 + see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes + 4.29 2022-05-27 (rurban) + - Hack: Revert native bool (unblessed) overloads via JSON::PP 4.08. + JSON::PP ignores unblessed bools for now. GH #194 + +- updated to 4.28 + see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes + 4.28 2022-05-05 (rurban) + - Validate the JSON struct which might get corrupted by wrong FREEZE/THAW + methods, or other serializers, or corrupting our magic object. (GH #192) + - Improve our DESTROY and END methods to avoid NULL dereferences. + Fixes perl-compiler/#438 + - Fix 3 tests in t/20_unknown.t with the latest 5.35.10 bool enhancements + and JSON::PP (GH #194) + - Fix t/118_type.t with Windows ivtype long long. (GH #178) + - Added github actions + +- updated to 4.27 + see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes + 4.27 2021-10-13 (rurban) + - Only add -Werror=declaration-after-statement for 5.035004 and earlier (PR #186 nwc) + - Fix 125_shared_boolean.t for threads (PR #184 Sinan Unur) + php7 +- version update to 7.4.33 [bsc#1204577][bsc#1204979] + 03 Nov 2022 + GD: + Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) + Hash: + Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) + +- version update to 7.4.32 [jsc#SLE-23639] + Version 7.4.32 + 29 Sep 2022 + Core: + Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628) + Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629) + Version 7.4.30 + 09 Jun 2022 + mysqlnd: + Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) + pgsql: + Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) + Version 7.4.29 + 14 Apr 2022 + Core: + No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates. + Date: + Updated to latest IANA timezone database (2022a). + Version 7.4.28 + 17 Feb 2022 + Filter: + Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708) + Version 7.4.27 + 16 Dec 2021 + Core: + Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()). + FPM: + Fixed bug #81513 (Future possibility for heap overflow in FPM zlog). + GD: + Fixed bug #71316 (libpng warning from imagecreatefromstring). + OpenSSL: + Fixed bug #75725 (./configure: detecting RAND_egd). + PCRE: + Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). + Standard: + Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type). + Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). + Version 7.4.26 + 18 Nov 2021 + Core: + Fixed bug #81518 (Header injection via default_mimetype / default_charset). + Date: + Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2). + MBString: + Fixed bug #76167 (mbstring may use pointer from some previous request). + MySQLi: + Fixed bug #81494 (Stopped unbuffered query does not throw error). + PCRE: + Fixed bug #81424 (PCRE2 10.35 JIT performance regression). + Streams: + Fixed bug #54340 (Memory corruption with user_filter). + XML: + Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707) +- fixes [bsc#1203867] and [bsc#1203870] +- deleted patches + - php7-CVE-2021-21707.patch (upstreamed) + - php7-CVE-2021-21708.patch (upstreamed) + - php7-CVE-2022-31625.patch (upstreamed) + - php7-CVE-2022-31626.patch (upstreamed) + pixman +- Add pixman-CVE-2022-44638.patch: avoid an integer overflow + (boo#1205033 CVE-2022-44638). + plymouth +- Update plymouth-install-label-library-and-font-file-to-initrd.patch: + avoid invalid script commands failure(bsc#1203147). + -- Do not own /usr/share/locale (owned by filesystem): +- Update plymouth.spec: Do not own /usr/share/locale (owned by filesystem): postfix +- use correct source signature file (gpg2) + +- update to 3.7.2 + https://de.postfix.org/ftpmirror/official/postfix-3.7.2.RELEASE_NOTES +- rebase patches + * pointer_to_literals.patch + * postfix-linux45.patch + * postfix-main.cf.patch + * postfix-master.cf.patch + * postfix-no-md5.patch + * postfix-ssl-release-buffers.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch +- build against libpcre2 + +- remove *.swp from postfix-SUSE.tar.gz + +- fix config.postfix 'hash' leftover with relay_recipients +- update postfix-main.cf.patch about + * smtp_tls_security_level (obsoletes smtp_use_tls, smtp_enforce_tls) + * smtpd_tls_security_level (obsoletes smtpd_use_tls, smtpd_enforce_tls) +- rebase/refresh patches + * harden_postfix.service.patch + * postfix-avoid-infinit-loop-if-no-permission.patch + * postfix-master.cf.patch + * postfix-vda-v14-3.0.3.patch + * set-default-db-type.patch + +- Change ed requires to /usr/bin/ed: allow busybox-ed to be used + inside containers. + +- add missing requires for config.postfix and the postfix + postinstall script: perl and ed + +- update to 3.6.6 + * (problem introduced: Postfix 2.7) The milter_header_checks maps + are now opened before the cleanup(8) server enters the chroot + jail. + * In an internal client module, "host or service not found" was + a fatal error, causing the milter_default_action setting to be + ignored. It is now a non-fatal error, just like a failure to + connect. + * The proxy_read_maps default value was missing up to 27 parameter + names. The corresponding lookup tables were not automatically + authorized for use with the proxymap(8) service. The parameter + names were ending in _checks, _reply_footer, _reply_filter, + _command_filter, and _delivery_status_filter. + * (problem introduced: Postfix 3.0) With dynamic map loading + enabled, an attempt to create a map with "postmap regexp:path" + would result in a bogus error message "Is the postfix-regexp + package installed?" instead of "unsupported map type for this + operation". This happened with all non-dynamic map types (static, + cidr, etc.) that have no 'bulk create' support. + +- config.postfix fails to set smtp_tls_security_level + (bsc#1192314) + +- Refreshed spec-file via spec-cleaner and manual optimizated. + * Added -p flag to all install commands. + * Removed -f flag from all ln commands. +- Changed file harden_postfix.service.patch (boo#1191988). + +- update to 3.6.5 + * Glibc 2.34 implements closefrom(). This was causing a conflict + with Postfix's implementation for systems that have no closefrom() + implementation. + * Support for Berkeley DB version 18. +- removed obsolete postfix-3.6.2-glibc-234-build-fix.patch + +- Postfix on start don't run postalias /etc/postfix/aliases + (error open database /etc/postfix/aliases.lmdb). (bsc#1197041) + Apply proposed patch + +- config.postfix can't handle symlink'd /etc/resolv.cof + (bsc#1195019) + Adapt proposed change: using "cp -afL" by copying. + +- Update to 3.6.4 + * Bug introduced in bugfix 20210708: duplicate bounce_notice_recipient + entries in postconf output. This was caused by an incomplete + fix to send SMTP session transcripts to $bounce_notice_recipient. + * Bug introduced in Postfix 3.0: the proxymap daemon did not + automatically authorize proxied maps inside pipemap (example: + pipemap:{proxy:maptype:mapname, ...}) or inside unionmap. + * Bug introduced in Postfix 2.5: off-by-one error while writing + a string terminator. This code passed all memory corruption + tests, presumably because it wrote over an alignment padding + byte, or over an adjacent character byte that was never read. + * The proxymap daemon did not automatically authorize map features + added after Postfix 3.3, caused by missing *_maps parameter + names in the proxy_read_maps default value. Found during code + maintenance. + +- Update to 3.6.3 + * (problem introduced in Postfix 2.4, released in 2007): queue + file corruption after a Milter (for example, MIMEDefang) made + a request to replace the message body with a copy of that message + body plus additional text (for example, a SpamAssassin report). + * (problem introduced in Postfix 2.10, released in 2012): The + postconf "-x" option could produce incorrect output, because + multiple functions were implicitly sharing a buffer for + intermediate results. Problem report by raf, root cause analysis + by Viktor Dukhovni. + * (problem introduced in Postfix 2.11, released in 2013): The + check_ccert_access feature worked as expected, but produced a + spurious warning when Postfix was built without SASL support. + Fix by Brad Barden. + * Fix for a compiler warning due to a missing 'const' qualifier + when compiling Postfix with OpenSSL 3. Depending on compiler + settings this could cause the build to fail. + * The known_tcp_ports settings had no effect. It also wasn't fully + implemented. Problem report by Peter. + * Fix for missing space between a hostname and warning text. + +- Ensure postfix can write to home directory or server side + filtering wont work (sieve) + +- Ensure service can write to /etc/postfix + +- Added hardening to systemd service (bsc#1181400). Added + harden_postfix.service.patch + +- postfix fails with glibc 2.34 + Define HAS_CLOSEFROM + (bsc#1189101) + add patch + - postfix-3.6.2-glibc-234-build-fix.patch + +- fix config.postfix (follow up of bsc#1188477) + +- Syntax error in config.postfix + (bsc#1188477) + +- Update to 3.6.2 + * In Postfix 3.6, fixed a false "Result too large" (ERANGE) fatal + error in the compatibility_level parser, because there was no + 'errno = 0' statement before an strtol() call. + * (problem introduced in Postfix 3.3) "Null pointer read" error + in the cleanup daemon when "header_from_format = standard" (the + default as of Postfix 3.3), and email was submitted with + /usr/sbin/sendmail without From: header, and an all-space full + name was specified in 1) the password file, 2) with "sendmail + - F", or 3) with the NAME environment variable. Found by Renaud + Metrich. + * (problem introduced in Postfix 2.4) False "too many reverse + jump" warnings in the showq daemon, because loop detection code + was comparing memory addresses instead of queue file names. + Reported by Mehmet Avcioglu. + * (problem introduced in 1999) The Postfix SMTP server was sending + all session transcripts to the error_notice_recipient (default: + postmaster), instead of sending transcripts of bounced mail to + the bounce_notice_recipient (default: postmaster). Reported by + Hans van Zijst. + * The texthash: map implementation broke tls_server_sni_maps, + because it did not support multi-file inputs. Reported by + Christopher Gurnee, who also found an instance of the missing + code in the "postmap -F" source code. File: util/dict_thash.c. + +- spamd wants to start before mail-transfer-agent.target, but that target doesn't exist + (bsc#1066854) + +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_WITH_DKIM + - POSTFIX_DKIM_CONN + * rework config.postfix for main.cf + - with_dkim +- update postfix-main.cf.patch + * add OpenDKIM settings + +- postfix-mysql + * add mysql_relay_recipient_maps.cf +- postfix-SUSE + * rework sysconfig.postfix, add + - POSTFIX_RELAY_RECIPIENTS + - POSTFIX_BACKUPMX + * add relay_recipients + * rework config.postfix for main.cf + - is_backupmx + - relay_recipient_maps + +- Add now working CONFIG parameter to sysusers generator +- Remove unnecessary group line from postfix-vmail-user.conf + +- Update to 3.6.1 + * Bugfix (introduced: Postfix 2.11): the command "postmap + lmdb:/file/name" (create LMDB database from textfile) handled + duplicate input keys ungracefully, discarding entries stored + up to and including the duplicate key, and causing a double + free() call with lmdb versions 0.9.17 and later. Reported by + Adi Prasaja; double free() root cause analysis by Howard Chu. + * Typo (introduced: Postfix 3.4): silent_discard should be + silent-discard in BDAT_README. + +- fix postfix-master.cf.patch + * set correct indentation (again) for options of + - submission (needs 3 spaces) + - smtps (needs 4 spaces) + to make config.postfix work nicely again + +- Update to 3.6.0 + - Major changes - internal protocol identification + Internal protocols have changed. You need to "postfix stop" + before updating, or before backing out to an earlier release, + otherwise long-running daemons (pickup, qmgr, verify, tlsproxy, + postscreen) may fail to communicate with the rest of Postfix, + causing mail delivery delays until Postfix is restarted. + For more see /usr/share/doc/packages/postfix/RELEASE_NOTES +- refreshed patches to apply cleanly again: + fix-postfix-script.patch + ipv6_disabled.patch + pointer_to_literals.patch + postfix-linux45.patch + postfix-main.cf.patch + postfix-master.cf.patch + postfix-no-md5.patch + postfix-ssl-release-buffers.patch + postfix-vda-v14-3.0.3.patch + set-default-db-type.patch + +- Update to 3.5.10 with security fixes: + * Missing null pointer checks (introduced in Postfix 3.4) after + an internal I/O error during the smtp(8) to tlsproxy(8) handshake. + Found by Coverity, reported by Jaroslav Skarvada. Based on a + fix by Viktor Dukhovni. + * Null pointer bug (introduced in Postfix 3.0) and memory leak + (introduced in Postfix 3.4) after an inline: table syntax error + in main.cf or master.cf. Found by Coverity, reported by Jaroslav + Skarvada. Based on a fix by Viktor Dukhovni. + * Incomplete null pointer check (introduced: Postfix 2.10) after + truncated HaProxy version 1 handshake message. Found by Coverity, + reported by Jaroslav Skarvada. Fix by Viktor Dukhovni. + * Missing null pointer check (introduced: Postfix alpha) after + null argv[0] value. + publicsuffix +- Update to version 20220903: + * util: gTLD data autopull updates for 2022-09-03T15:15:24 UTC (#1606) + * Update public_suffix_list.dat (#1594) + * Add streamlitapp.com (#1591) + * Update public_suffix_list.dat (#1573) + * Add Framer Sites domains to PSL (#1570) + * new TLD .ישראל and SLDs for Israel by ISOC-IL (#1595) + +- Update to version 20220805: + * Updates to NIXI `.in` subspace in ICANN section of PSL (#1588) + * util: gTLD data autopull updates for 2022-07-28T15:14:54 UTC (#1592) + * util: gTLD data autopull updates for 2022-07-03T15:13:52 UTC (#1587) + * Add messerli.app (#1535) + * Add iservschule.de, schulplattform.de, update IServ GmbH contact information (#1580) + * Add `lolipopmc.jp` (#1555) + * Add ibxos.it and iliadboxos.it domains (#1549) + * Simplify the instance and endpoint domains using wildcard syntax (#1584) + * util: gTLD data autopull updates for 2022-06-14T15:15:19 UTC (#1581) + * doc (.in): update ref uri to registry policies (#1577) + * util: gTLD data autopull updates for 2022-06-02T15:16:31 UTC (#1579) + +- Update to version 20220518: + * util: gTLD data autopull updates for 2022-05-18T15:16:02 UTC (#1567) + * fixed wordwrap; added # of users q + * Add builder.code.com, stg-builder.code.com, and dev-builder.code.com (#1566) + * UPDATE HOSTBIP RECORDS (`name.pm` `sch.tf` `biz.wf` `sch.wf` `org.yt`) (#1473) + * Fix comments delete space and deprecation of io/ioutil (#1557) + +- Update to version 20220510: + * Cleaned up the wording and formatting + * Clarified 3rd party workaround stuff; fixed #1559 + * Add gov.nl (#1558) + * util: gTLD data autopull updates for 2022-04-30T15:14:45 UTC (#1564) + +- Update to version 20220415: + * util: gTLD data autopull updates for 2022-04-14T15:15:34 UTC (#1554) + * Add `1.azurestaticapps.net` DNS suffix (#1514) + * add support for scaleway subdomains (#1507) + python3 +- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in + the garbage collection (bsc#1188607). + +- Add CVE-2022-37454-sha3-buffer-overflow.patch to fix + bsc#1204577 (CVE-2022-37454, gh#python/cpython#98517) buffer + overflow in hashlib.sha3_* implementations (originally from the + XKCP library). + +- Add CVE-2020-10735-DoS-no-limit-int-size.patch to fix + CVE-2020-10735 (bsc#1203125) to limit amount of digits + converting text to int and vice vera (potential for DoS). + Originally by Victor Stinner of Red Hat. + -- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch and - CRLF_injection_via_host_part.patch. +- Remove merged patch CVE-2020-8492-urllib-ReDoS.patch, + CRLF_injection_via_host_part.patch, and + CVE-2019-18348-CRLF_injection_via_host_part.patch. rpm +- Strip critical bit in signature subpackage parsing + * modified patch: pgpharden.diff +- Add workaround to make newer dnf versions no longer deadlock + after it imported a pubkey [bnc#1202750] + * new patch: keyimportdeadlock.diff + rubygem-nokogiri +- add 003-CVE-2022-24836.patch (CVE-2022-24836, bsc#1198408) + fixes possibility to DoS because of inefficient RE in HTML encoding +- add 004_CVE-2022-29181.patch (CVE-2022-29181, bsc#1199782) + fixes Improper Handling of Unexpected Data Types + systemd +- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 + ae2067b062 time-util: fix buffer-over-run (bsc#1204968 CVE-2022-3821) + 0469b9f2bc pstore: do not try to load all known pstore modules + ad05f54439 pstore: Run after modules are loaded + ccad817445 core: Add trigger limit for path units + 281d818fe3 core/mount: also add default before dependency for automount mount units + ffe5b4afa8 logind: fix crash in logind on user-specified message string + +- Add 1012-man-describe-the-net-naming-schemes-specific-to-SLE.patch (bsc#1204179) +- Make "sle15-sp3" net naming scheme still available for backward compatibility + reason + tar +- Fix unexpected inconsistency when making directory, bsc#1203600 + * tar-avoid-overflow-in-symlinks-tests.patch + * tar-fix-extract-unlink.patch +- Update race condition fix, bsc#1200657 + * tar-fix-race-condition.patch +- Refresh bsc1200657.patch + tiff + * CVE-2022-3597 [bsc#1204641] + * CVE-2022-3626 [bsc#1204644] + * CVE-2022-3627 [bsc#1204645] + + tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch + * CVE-2022-3599 [bsc#1204643] + + tiff-CVE-2022-3599.patch + * CVE-2022-3970 [bsc#1205392] + + tiff-CVE-2022-3970.patch + +- security update: tigervnc -- U_Handle-pending-data-in-TLS-buffers.patch - * Vncclient wasn't refreshing screen correctly due to an issue on - TLS stream buffers. - * bsc#1199477 - -- U_0003-Update-Surface_X11.cxx.patch - * Fix to render properly considering endianness. - * bsc#1197119 +- Release 1.12.0 covers bugfixes for bsc#1197119,bsc#1199477 + +- Release 1.12.0 supersedes the following patches still used with + tigervnc 1.10.1 on sle15-sp4/Leap 15.4: + * U_0003-Update-Surface_X11.cxx.patch + * U_Handle-pending-data-in-TLS-buffers.patch + +- Use %_pam_vendordir + +- fix homepage url +- move license to licensedir +- a few of the trivial spec-cleaner cleanups + +- nasm is not needed for build, remove from buildrequires +- Remove patch: tigervnc-clean-pressed-key-on-exit.patch + * fixed bsc#670448 wich can no longer be reproduced + * removing the patch fixes bsc#1196214 + * related: https://github.com/TigerVNC/tigervnc/pull/14 + +- n_vncserver.patch + * fix location of Xsession script +- vncserver usage has radically changed; please check this: + https://github.com/TigerVNC/tigervnc/blob/master/unix/vncserver/HOWTO.md + +- Update to tigervnc 1.12.0 + * The native viewer now supports full screen over a subset of monitors (e.g. 2 out of 3), and reacts properly to monitors being added or removed + * Recent server history in the native viewer + * The native viewer now has an option to reconnect if the connection is dropped + * Translations are now enabled on Windows and macOS for the native viewer + * The native viewer now respects the system security policy + * Better handling of accented keys in the Java viewer + * The Unix servers can now listen to both a Unix socket and a TCP port at the same time + * The network code in both the servers and the native viewer has been restructured to give a more responsive experience + * The vncserver service now correctly handles settings set to "0" + * Fixed the clipboard Unicode handling in both the native viewer and the servers + * Support for pointer "warping" in Xvnc and the native viewer, enabling e.g. FPS games +- Update to tigervnc 1.11.0 + * A security issue has been fixed in how the viewers handle TLS certificate exceptions + * vncserver has gotten a major redesign to be compatible with modern distributions + * The native viewer now has touch gestures to handle certain mouse actions (e.g. scroll wheel) + * Middle mouse button emulation in the native viewer, for devices with only two mouse buttons + * The Java viewer now supports Java 9+, but also now requires Java 8+ + * Support for alpha cursors in the Java viewer (a feature already supported in the native viewer) + * The password and username can now be specified via the environment for the native viewer + * Support for building Xvnc/libvnc.so with Xorg 1.20.7+ and deprecate support for Xorg older than 1.16 + * The official builds have been fixed to work on the upcoming macOS 11 + * The Windows server (WinVNC) is now packaged separately as it is unmaintained and buggy +- Removed patches (included in 1.12.0): + * U_viewer-reset-ctrl-alt-to-menu-state-on-focus.patch + * tigervnc-fix-saving-of-bad-server-certs.patch + * u_xorg-server-1.20.7-ddxInputThreadInit.patch + * U_0001-Properly-store-certificate-exceptions.patch + * U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch + * tigervnc-FIPS-use-RFC7919.patch + * u_Fix-non-functional-MaxDisconnectionTime.patch +- Removed patches (no longer needed): + * u_tigervnc-cve-2014-8240.patch (https://github.com/TigerVNC/tigervnc/pull/1258) + * u_tigervnc_update_default_vncxstartup.patch +- Refreshed patches: + * n_correct_path_in_desktop_file.patch + * n_tigervnc-date-time.patch + * n_utilize-system-crypto-policies.patch + * tigervnc-clean-pressed-key-on-exit.patch + * tigervnc-newfbsize.patch + * u_build_libXvnc_as_separate_library.patch + * u_change-button-layout-in-ServerDialog.patch + * u_tigervnc-add-autoaccept-parameter.patch + * u_tigervnc-211.patch + +- buildrequire xorg-x11-server-sdk/xorg-x11-server-source >= 21.1.0 + +- Change to systemd-sysusers + +- u_tigervnc-211.patch, xserver211.patch + * fixes build against xorg-server 21.1 sources + timezone +- timezone update 2022f (bsc#1177460): + * Mexico will no longer observe DST except near the US border + * Chihuahua moves to year-round -06 on 2022-10-30 + * Fiji no longer observes DST + * Move links to 'backward' + * In vanguard form, GMT is now a Zone and Etc/GMT a link + * zic now supports links to links, and vanguard form uses this + * Simplify four Ontario zones + * Fix a Y2438 bug when reading TZif data + * Enable 64-bit time_t on 32-bit glibc platforms + * Omit large-file support when no longer needed + * In C code, use some C23 features if available + * Remove no-longer-needed workaround for Qt bug 53071 +- Refreshed patches: + * fat.patch + * tzdata-china.diff + +- timezone update 2022e (bsc#1177460): + * Jordan and Syria switch from +02/+03 with DST to year-round +03 +- timezone update 2022d: + * Palestine transitions are now Saturdays at 02:00 + * Simplify three Ukraine zones into one +- timezone update 2022c: + * Work around awk bug + * Improve tzselect on intercontinental Zones +- timezone update 2022b: + * Chile's DST is delayed by a week in September 2022 boo#1202324 + * Iran no longer observes DST after 2022 + * Rename Europe/Kiev to Europe/Kyiv + * New zic -R option + * Vanguard form now uses %z + * Finish moving duplicate-since-1970 zones to 'backzone' +- Refresh tzdata-china.diff +- Remove upstreamed bsc1202310.patch + vim +- Updated to version 9.0 with patch level 0814, fixes the following problems + * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow + * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. + * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. + * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. + * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c + * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() + * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c + * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c + * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c + * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() + * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. + * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c + * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free + * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() + * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 +- ignore-flaky-test-failure.patch: Ignore failure of flaky tests +- disable-unreliable-tests-arch.patch: Removed +- for the complete list of changes see + https://github.com/vim/vim/compare/v9.0.0313...v9.0.0814 + webkit2gtk3 +- Update to version 2.38.2 (boo#1205120 boo#1205123 boo#1205124): + + Fix scrolling issues in some sites having fixed background. + + Fix prolonged buffering during progressive live playback. + + Fix the build with accessibility disabled. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824. +- Update no-forced-sse.patch with quilt. +- Pass -DENABLE_DOCUMENTATION=OFF to configure, we did not build + the API docs in the past, and I see no reason to start now. +- Drop pkgconfig(libnotify) BuildRequires: No longer needed, nor + used if available. +- Pass -DUSE_SYSTEM_MALLOC=ON on all architectures, to work + around webkit#243535. + +- Update to version 2.38.1: + + Make xdg-dbus-proxy work if host session bus address is an + abstract socket. + + Use a single xdg-dbus-proxy process when sandbox is enabled. + + Fix high resolution video playback due to unimplemented + changeType operation. + + Ensure GSubprocess uses posix_spawn() again and inherit file + descriptors. + + Fix player stucking in buffering (paused) state for progressive + streaming. + + Do not try to preconnect on link click when link preconnect + setting is disabled. + + Fix close status code returned when the client closes a + WebSocket in some cases. + + Fix media player duration calculation. + + Fix several crashes and rendering issues. + +- Update to version 2.38.0 boo#1205121 boo#1205122): + + New media controls UI style. + + Add new API to set WebView’s Content-Security-Policy for web + extensions support. + + Make it possible to use the remote inspector from other + browsers using WEBKIT_INSPECTOR_HTTP_SERVER env var. + + MediaSession is enabled by default, allowing remote media + control using MPRIS. + + Add support for PDF documents using PDF.js. + + Security fixes: CVE-2022-32888, CVE-2022-32923. + wget +- Update 0001-possibly-truncate-pathname-components.patch + * Truncate file name even if no directory structure + * [bsc#1204720] + wicked +- version 0.6.70 +- build: Link as Position Independent Executable (bsc#1184124) +- dhcp4: Fix issues in reuse of last lease (bsc#1187655) +- dhcp6: Add option to refresh lease (jsc#SLE-9492,jsc#SLE-24307) +- dhcp6: Remove address before release (USGv6 DHCPv6_1_2_07b) +- dhcp6: Ignore lease release status (USGv6 DHCPv6_1_2_07e,1_3_03) +- dhcp6: Consider ppp interfaces supported (gh#openSUSE/wicked#924) +- team: Fix to configure port priority in teamd (bsc#1200505) +- firewall-ext: No config change on ifdown (bsc#1201053,bsc#118950) +- wireless: Fix SEGV on supplicant restart (gh#openSUSE/wicked#931) +- wireless: Add support for WPA3 and PMF (bsc#1198894) +- wireless: Remove libiw dependencies (gh#openSUSE/wicked#910) +- client: Fix SEGV on empty xpath results (gh#openSUSE/wicked#919) +- client: Add release options to ifdown/ifreload (jsc#SLE-10249) +- dbus: Clear string array before append (gh#openSUSE/wicked#913) +- socket: Fix SEGV on heavy socket restart errors (bsc#1192508) +- systemd: Remove systemd-udev-settle dependency (bsc#1186787) + -- dbus: cleanup the dbus-service.h file and unused property makros +- dbus: cleanup the dbus-service.h file and unused property macros - e.g. tso has been splitted into several features and the + e.g. tso has been split into several features and the -- cleanup: add mising/explicit designated field initializers +- cleanup: add missing/explicit designated field initializers -- dhcp: suport to define and request custom options (bsc#988954), +- dhcp: support to define and request custom options (bsc#988954), -- utils: fixed last byte formating in ni_format_hex +- utils: fixed last byte formatting in ni_format_hex -- ifconfig: readd broadcast calculation (bcs#971629). +- ifconfig: re-add broadcast calculation (bcs#971629). -- vesion 0.6.27 +- version 0.6.27 xf86-input-libinput +- Enable tarball sig url too, verify tarball via keyring. + +- Update to version 1.2.1 + * few typos and misc minor fixes + * property added to turn off new high-resolution wheel scrolling + API + +- reverted previous change; the issue was broken ckb-next, not + the usage of libinput v120 API (boo#1190646) + +- switch to libinput v120 API broke the driver, so disable it for + now via patching config.h in specfile after running configure + (boo#1190646) + +- Update to version 1.2.0 + * This release introduces support for touchpad gestures that will + be available as part of X server 21.1. Additionally high-resolution + scrolling data is now acquired from libinput if available and sent + downstream to X server. The default scroll distance has been bumped + to 120 in the process, but this should not affect correctly written + clients. + +- Update to version 1.1.0 + * This release adds a new driver-specific option: + ScrollPixelDistance. This option converts movement "pixels" + from libinput into the server's "scroll unit" definition and + can thus help speeding up or slowing down two-finger/edge scrolling. + +- Update to version 1.0.1 + * Only one fix, the code to set the tap button mapping property + didn't correctly check for a valid device, causing memory + corruption and a crash if called after a device was disabled. + Or, in more user-friendly terms: if your X session crashed + after calling `xinput disable $touchpad-device`, this release + has the fix for it. + +- Update to version 1.0.0 + * The biggest change here is the license change to MIT. Due to an unfortunate + copy/paste error, the actual license text used was the Historical Permission + Notice and Disclaimer license. With the ack of the various contributors, the + driver is now using the MIT license text as intended. The actual impact is + low, the HPND is virtually identical to the MIT license anyway (ianal, + consult your legal dept if you have one). + * The only other notable change: cancelled touch points are now lifted + correctly. Where libinput cancels a touch, e.g. in response to a palm being + detected, the touch point previously got stuck in the down state. This is + fixed now. + +- refresh spec file (move licenses to licensedir) + +- Update to version 0.30.0 + * Only one noticeable change: the scroll button lock + configuration option available in recent libinput versions + is now exposed as the usual set of properties by this driver. + +- Update to version 0.29.0 + * Only one real fix: we now check for the tool type as well as + the serial when we create subdevices for tablet tools. + Previously there were some cases where the eraser device + wasn't created correctly. + +- move xorg.conf.d snippet from /etc/X11/xorg.conf.d to + /usr/share/X11/xorg.conf.d (boo#1139692) + +- Update to version 0.28.2 + * This release contains a bugfix that will likely trigger in future releases + of libinput. The driver assumed wrongly that any wheel event has a nonzero + discrete event and used the discrete as a divisor. Which is obviously a bad + idea, mathematically speaking, because you never know what the future will + bring. Hint: it will bring wheel events with a discrete of zero. + xorg-x11-server +- Release 21.1 covers bugfixes and JIRA tickets for bsc#1176015,bsc#1182510,bsc#1182884,bsc#1184072,bsc#1184543,bsc#1184906,bsc#1186092,bsc#1188970,bsc#1194159,bsc#1196577,bsc#1197046,bsc#1197269,bsc#1200076,fdo#574,jsc#SLE-18653,jsc#SLE-8470 + +- Release 21.1 supersedes the following patches still used with + xorg-x11-server 1.20.3 on sle15-sp4/Leap 15.4: + * U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch + * U_0002-Fix-crash-on-XkbSetMap.patch + * U_0003-Fix-crash-on-XkbSetMap.patch + * U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch + * U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch + * U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch + * U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch + * U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch + * U_hw_do-not-include-sys-io-with-glibc.patch + * U_meson-Fix-another-reference-to-gl-9.2.0.patch + * U_modesetting-Fix-broken-manpage-in-autoconf-build.patch + * U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch + * U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch + * U_xfree86-Change-displays-array-to-pointers-array-to-f.patch + * U_xfree86-Fix-NULL-pointer-dereference-crash.patch + * U_xkbsetdeviceinfo.patch + * u_sync-pci-ids-with-Mesa-21.2.4.patch + * u_xf86-Accept-devices-with-the-simpledrm-driver.patch + * u_xichangehierarchy-CVE-2020-14346.patch + * u_xkb-CVE-2020-14345.patch + * u_xkb-CVE-2020-14360.patch + +- removed N_Disable-HW-Cursor-for-cirrus-and-mgag200-kernel-modules.patch + * meanwhile cirrus and mgag200 Kernel drivers have been rewritten + multiple times and no longer have (broken) hardware cursor + +- u_xf86-Accept-devices-with-the-kernels-ofdrm-driver.patch + * Add workaround to support ofdrm + +- rename u_sync-pci-ids-with-Mesa-22.0.0.patch to + u_sync-pci-ids-with-Mesa.patch (currently synced with Mesa 22.1.3) + +- u_sync-pci-ids-with-Mesa-22.0.0.patch + * synced with Mesa 22.1.3; just adding a PCI ID for vmware was + needed + +- Update to version 21.1 + * This release fixes 2 recently reported security vulnerabilities + in xkb, several regressions since 1.20.x and a number of + miscellaneous bugs. +- supersedes the following security patches + * U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch + * U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch + * U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch +- supersedes U_Fix-build-with-gcc-12.patch + -- U_0002-Fix-crash-on-XkbSetMap.patch - U_0003-Fix-crash-on-XkbSetMap.patch - * fixes Xserver crash on keyboard remapping (boo#1200076, fdo#574) - -- U_glamor-Make-pixmap-exportable-from-gbm_bo_from_pixma.patch - * avoid consequently failing page flip (boo#1197269) - -- u_sync-pci-ids-with-Mesa-21.2.4.patch - * sync pci ids with Mesa 21.2.4 (related to boo#1197046) - -- U_0002-DRI2-Add-another-Coffeelake-PCI-ID.patch - U_0003-dri2-Sync-i965_pci_ids.h-from-mesa.patch - U_0004-dri2-Set-fallback-driver-names-for-Intel-and-AMD-chi.patch - U_0005-dri2-Sync-i965_pci_ids.h-from-mesa-iris_pci_ids.h.patch - * sync GL driver PCI IDs with Mesa (boo#1197046) - -- U_xfree86-Fix-NULL-pointer-dereference-crash.patch - * Fix a regression in - u_xfree86-Change-displays-array-to-pointers-array-to-f.patch - (boo#1196577) - * Credits go to Simon Lees for finding the fix! -- renamed u_xfree86-Change-displays-array-to-pointers-array-to-f.patch - to U_xfree86-Change-displays-array-to-pointers-array-to-f.patch - since it's a backport from an upstream patch - -- u_xfree86-Change-displays-array-to-pointers-array-to-f.patch - Fix segmentation fault during terminal switches with multiple attached - displays (bsc#1188970) +- add n_raise_default_clients.patch -- Fix typo in %post: xbb.conf -> xkb.conf (boo#1194159) +- disable -z now linking for now, as there are some missing symbol + issues. (boo#1197994) -- u_xf86-Accept-devices-with-the-simpledrm-driver.patch - * Add workaround to support simpledrm kernel driver -- u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch - * Add workaround to support hyperv_drm kernel driver +- u_sync-pci-ids-with-Mesa-22.0.0.patch + * sync pci ids with Mesa 22.0.0 + +- U_Fix-build-with-gcc-12.patch + * render: Fix build with gcc 12 (glfdo#xorg/xserver!853). + +- U_xephyr-Don-t-check-for-SeatId-anymore.patch + * fix mouse/keyboard focus in Xephyr (boo#1194658, + github issue#1289) + +- fix bashisms in pre_checkins.sh (bsc#1195391) + +- u_xfree86-activate-GPU-screens-on-autobind.patch + * Part of the original patch by Dave Airlie has landed + 078277e4d92f05a90c4715d61b89b9d9d38d68ea, this contains the + remainder of what was in SUSE before Xorg 21.1. + (github issue#1254, boo#1192751) + +- Update to version 21.1.3 + * This release fixes several regressions since 1.20.x and 21.1.1 + + glx/dri: Filter out fbconfigs that don't have a supported pixmap format + + xf86/logind: Fix compilation error when built without logind/platform bus + + xf86/logind: fix missing call to vtenter if the platform device is not paused + + Convert more funcs to use InternalEvent. + + os: Try to discover the current seat with the XDG_SEAT var first + +- Update to version 21.1.2 + * This release fixes 4 recently reported security vulnerabilities and + several regressions. + * In particular, the real physical dimensions are no longer reported + by the X server anymore as it was deemed to be a too disruptive + change. X server will continue to report DPI as 96. +- supersedes U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch +- supersedes U_rendercompositeglyphs.patch +- supersedes U_xfixes-Fix-out-of-bounds-access-in-ProcXFixesCreateP.patch +- supersedes U_Xext-Fix-out-of-bounds-access-in-SProcScreenSaverSus.patch +- supersedes U_record-Fix-out-of-bounds-access-in-SwapCreateRegiste.patch -- u_Support-configuration-files-under-run-X11-xorg.conf..patch -- u_Add-udev-scripts-for-configuration-of-platform-devic.patch -- u_Add-udev-rule-for-HyperV-devices.patch - * Remove udev-based configuration again (not working) -- u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch - * Fix possible SEGFAULT when parsing busid +- u_Support-configuration-files-under-run-X11-xorg.conf..patch +- u_Add-udev-scripts-for-configuration-of-platform-devic.patch +- u_Add-udev-rule-for-HyperV-devices.patch + * Remove udev-based configuration +- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch + * Restore simpledrm workaround +- u_xf86-Accept-devices-with-the-hyperv_drm-driver.patch + * Add workaround to support hyperv_drm +- u_pci-primary-Fix-up-primary-PCI-device-detection-for-the-platfrom-bus.patch + * Fix SEGFAULT when parsing bus IDs of NULL (boo#1193250) - * Support configuration files under /run + * Support configuration files under /run. Required for generating + configuration files via udev. (boo#1193250) - * Add udev rules for configuration of platform (e.g., - simple-framebuffer) devices + * Generate configuration files for platform devices (boo#1193250) +- u_Revert-xf86-Accept-devices-with-the-simpledrm-driver.patch + * Code has been obsoleted by udev patchset (boo#1193250) - * Add udev rules for configuration of HyperV graphics devices + * Same as for platform devices, but on HyperV (boo#1193250) -- disable build of Xwayland, which is now being built in separate - xwayland package with more recent sources (jira#SLE/SLE-18653, - boo#1182677) -- no longer needed patches: - * U_xwayland-Avoid-a-crash-on-pointer-enter-with-a-grab.patch - * U_xwayland-Check-status-in-GBM-pixmap-creation.patch - * U_xwayland-Do-not-free-a-NULL-GBM-bo.patch - * U_xwayland-Update-screen-pixmap-on-output-resize.patch - * U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch - * U_xwayland-glamor-gbm-Handle-DRM_FORMAT_MOD_INVALID-gracefully.patch +- U_hw-xfree86-Propagate-physical-dimensions-from-DRM-co.patch + * reverse apply this one to go back to fixed 96 dpi (gitlab + fdo/xserver issue#1241) +- N_fix-dpi-values.diff + * back to version for xserver < 21.1.0 + +- Update to version 21.1.1 + * s/__/@/ in inputtestdrv manpage + * Make xf86CompatOutput() return NULL when there are no privates + * Makefile.am: Add missing meson build files to release tarball + +- Update to version 21.1.0 + * The meson support is now fully mature. While autotools support + will still be kept for this release series, it will be dropped + afterwards. + * Glamor support for Xvfb. + * Variable refresh rate support in the modesetting driver. + * XInput 2.4 support which adds touchpad gestures. + * DMX DDX has been removed. + * X server now correctly reports display DPI in more cases. This + may affect rendering of client applications that have their own + workarounds for hi-DPI screens. + * A large number of small features and various bug fixes. +- updated xorg-server-provides +- supersedes patches + * U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch + * U_dix-window-Use-ConfigureWindow-instead-of-MoveWindow.patch + * U_glamor_egl-Reject-OpenGL-2.1-early-on.patch + * u_render-Cast-color-masks-to-unsigned-long-before-shifting-them.patch +- refreshed patches + * N_fix-dpi-values.diff + * N_zap_warning_xserver.diff + * u_modesetting-Fix-dirty-updates-for-sw-rotation.patch + * u_randr-Do-not-crash-if-slave-screen-does-not-have-pro.patch + * u_vesa-Add-VBEDPMSGetCapabilities-VBEDPMSGet.patch +- disabled n_xserver-optimus-autoconfig-hack.patch, which I believe is + superseded by: + commit 078277e4d92f05a90c4715d61b89b9d9d38d68ea + Author: Dave Airlie + Date: Fri Aug 17 09:49:24 2012 +1000 + xf86: autobind GPUs to the screen +- added pkgconfig(libxcvt) +- cvt binary moved to libxcvt0 package + +- Update to version 1.20.13 + * bugfix release +- supersedes U_present-get_crtc-should-not-return-crtc-when-its-scr.patch, + U_modesetting-unflip-not-possible-when-glamor-is-not-s.patch + +- U_modesetting-unflip-not-possible-when-glamor-is-not-s.patch + * this should fixes crashes of xfce when running under qemu + (boo#1188559) + +- add U_present-get_crtc-should-not-return-crtc-when-its-scr.patch (bsc#1188559) + https://gitlab.freedesktop.org/xorg/xserver/-/issues/1195 + +- Update to version 1.20.12 + * bugfix release + +- Drop U_xwayland-Allow-passing-a-fd.patch: We build xwayland in a + separate package now, so no need to keep this patch here. + +- Fix typo in %post: xbb.conf -> xkb.conf -- U_xwayland-glamor-gbm-Handle-DRM_FORMAT_MOD_INVALID-gracefully.patch - * xwayland: Fix invisible window produced by Xwayland - (boo#1186092, boo#1184906) - -- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch, - U_meson-Fix-another-reference-to-gl-9.2.0.patch - * fix build on sle15-sp3 with updated libglvnd/Mesa and their - new pkgconfig files - (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893) +- disable build of Xwayland, which is now being built in separate + xwayland package with more recent sources (boo#1182677) -- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch - * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543) +- Update to version 1.20.11 + * bugfix release +- supersedes U_Fix-XChangeFeedbackControl-request-underflow.patch, + U_xkb-Fix-heap-overflow-caused-by-optimized-away-min.patch -- U_modesetting-Fix-broken-manpage-in-autoconf-build.patch - * modesetting: Fix broken manpage in autoconf build (boo#1182510) - -- add U_hw_do-not-include-sys-io-with-glibc.patch (bsc#1182884) +- reenabled LTO (boo#1133294) + * u_no-lto-for-tests.patch + disables LTO in test/ subtree, since "-Wl,-wrap" is not supported by LTO + * added "%global _lto_cflags %{?_lto_cflags} -ffat-lto-objects" + +- Update to version 1.20.10: + * Check SetMap request length carefully. + * Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows + * present/wnmd: Translate update region to screen space + * modesetting: keep going if a modeset fails on EnterVT + * modesetting: check the kms state on EnterVT + * configure: Build hashtable for Xres and glvnd + * xwayland: Create an xwl_window for toplevel only + * xwayland: non-rootless requires the wl_shell protocol + * glamor: Update pixmap's devKind when making it exportable + * os: Fix instruction pointer written in xorg_backtrace + * present/wnmd: Execute copies at target_msc-1 already + * present/wnmd: Move up present_wnmd_queue_vblank + * present: Add present_vblank::exec_msc field + * present: Move flip target_msc adjustment out of present_vblank_create + * xwayland: Remove pending stream reference when freeing + * xwayland: use drmGetNodeTypeFromFd for checking if a node is a render one + * xwayland: Do not discard frame callbacks on allow commits + * present/wnmd: Remove dead check from present_wnmd_check_flip + * xwayland: Check window pixmap in xwl_present_check_flip2 + * present/wnmd: Can't use page flipping for windows clipped by children + * xfree86: Take second reference for SavedCursor in xf86CursorSetCursor + * glamor: Fix glamor_poly_fill_rect_gl xRectangle::width/height handling + * include: Increase the number of max. input devices to 256. + * Revert "linux: Make platform device probe less fragile" + * Revert "linux: Fix platform device PCI detection for complex bus topologies" + * Revert "linux: Fix platform device probe for DT-based PCI" +- Remove included pachtes + * U_xfree86_take_second_ref_for_xcursor.patch + * U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch + * U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch + * U_Revert-linux-Make-platform-device-probe-less-fragile.patch + * U_Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch + * U_Check-SetMap-request-length-carefully.patch + +- remove unneeded python2 script 'fdi2iclass.py' from + xorg-x11-server-sources subpackage (boo#1179591) + +- U_Check-SetMap-request-length-carefully.patch + * XkbSetMap Out-Of-Bounds Access: Insufficient checks on the + lengths of the XkbSetMap request can lead to out of bounds + memory accesses in the X server. (ZDI-CAN 11572, + CVE-2020-14360, bsc#1174908) +- U_Fix-XkbSetDeviceInfo-and-SetDeviceIndicators-heap-ov.patch + * XkbSetDeviceInfo Heap-based Buffer Overflow: Insufficient + checks on input of the XkbSetDeviceInfo request can lead to a + buffer overflow on the head in the X server. (ZDI-CAN 11389, + CVE-2020-25712, bsc#1177596) + +- n_xorg-wrapper-anybody.patch + * replace default config /etc/X11/Xwrapper, which allows + anybody to use the wrapper, by a patch for the code, i.e. + [#] rootonly, console, anybody + allowed_users=anybody + [#] yes, no, auto + needs_root_rights=auto + is now the default without any Xwrapper config + (needs_root_rights=auto was already the default before) + +- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch + * replaced by improved version written by Matthias Gerstner of + our security team + + simplified the option parsing code a bit + + changed the "ignore forbidden argument" logic into an "abort + on forbidden argument" logic. This is safer and avoids + surprises on the user's end that could occur if the desired + command line arguments aren't effective but the Xorg server is + still started. + + tried to adjust to the coding style present in the file + (mostly the function name) + + added some logic to apply the option filtering only to + non-root users when Xorg is actually started as root. This + should allow for full flexibility if root calls the wrapper or + if the Xorg server only runs with user privileges. + +- U_Fix-segfault-on-probing-a-non-PCI-platform-device-on.patch, + U_Revert-linux-Fix-platform-device-PCI-detection-for-c.patch, + U_Revert-linux-Fix-platform-device-probe-for-DT-based-.patch, + U_Revert-linux-Make-platform-device-probe-less-fragile.patch + * fix Xserver startup on Raspberry Pi 3 (boo#1176203) + +- n_xorg-wrapper-rename-Xorg.patch + * moved Xorg to Xorg.bin and Xorg.sh to Xorg (boo#1175867) +- change default for needs_root_rights to auto in Xwrapper.config + (boo#1175867) + +- reenabled SUID wrapper for TW (boo#1175867) +- u_xorg-wrapper-Xserver-Options-Whitelist-Filter.patch + * Xserver option whitelist filter (boo#1175867) -- u_xkb-CVE-2020-14360.patch - * Avoid out of bounds memory accesses on too short request - (ZDI-CAN-11572/CVE-2020-14360, bsc#1174908) - -- update U_xkbsetdeviceinfo.patch - * fixed broken patch (bsc#1177596, comment#18, ZDI-CAN-11839/CVE-2020-25712) - -- U_xkbsetdeviceinfo.patch (bsc#1177596, ZDI-CAN-11839/CVE-2020-25712) - * fix for Heap-based Buffer Overflow Privilege Escalation - Vulnerability - -- U_present-wnmd-Fix-use-after-free-on-CRTC-removal.patch - * fix crash in XWayland when undocking laptop (bsc#1176015) -- U_present-wnmd-Relax-assertion-on-CRTC-on-abort_vblank.patch - * fix for Xwayland abort in Present code (bsc#1176015) -- U_xwayland-Avoid-a-crash-on-pointer-enter-with-a-grab.patch, - U_xwayland-Check-status-in-GBM-pixmap-creation.patch, - U_xwayland-Do-not-free-a-NULL-GBM-bo.patch, - U_xwayland-Update-screen-pixmap-on-output-resize.patch - * various xwayland crashes fixes from 1.20 branch (bsc#1176015) +-Add U_xfree86_take_second_ref_for_xcursor.patch: fix + use-after-free when switching VTs. +- Update to version 1.20.9: + * Fix XRecordRegisterClients() Integer underflow + * Fix XkbSelectEvents() integer underflow + * Fix XIChangeHierarchy() integer underflow + * Correct bounds checking in XkbSetNames() + * linux: Fix platform device probe for DT-based PCI + * linux: Fix platform device PCI detection for complex bus topologies + * linux: Make platform device probe less fragile + * fix for ZDI-11426 + * xfree86: add drm modes on non-GTF panels + * present: Check valid region in window mode flips + * xwayland: Handle NULL xwl_seat in xwl_seat_can_emulate_pointer_warp + * xwayland: Propagate damage x1/y1 coordinates in xwl_present_flip + * doc: Update URLs in Xserver-DTrace.xml + * xwayland: Use a fixed DPI value for core protocol + * xwayland: only use linux-dmabuf if format/modifier was advertised + * hw/xfree86: Avoid cursor use after free + * Update URL's in man pages + * xwayland: Disable the MIT-SCREEN-SAVER extension when rootless + * xwayland: Hold a pixmap reference in struct xwl_present_event + * randr: Check rrPrivKey in RRHasScanoutPixmap() + * modesetting: Fix front_bo leak at drmmode_xf86crtc_resize on XRandR rotation + * xwayland: Store xwl_tablet_pad in its own private key + * xwayland: Initialise values in xwlVidModeGetGamma() + * xwayland: Fix crashes when there is no pointer + * xwayland: Clear private on device removal + * xwayland: Free all remaining events in xwl_present_cleanup + * xwayland: Always use xwl_present_free_event for freeing Present events + * present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip + * present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip + * xwayland: import DMA-BUFs with GBM_BO_USE_RENDERING only + * xwayland: Fix infinite loop at startup + * modesetting: Disable pageflipping when using a swcursor + * dix: do not send focus event when grab actually does not change +- Drop patches fixed upstream: + * U_0001-Correct-bounds-checking-in-XkbSetNames.patch + * U_0002-Fix-XIChangeHierarchy-integer-underflow.patch + * U_0003-Fix-XkbSelectEvents-integer-underflow.patch + * U_0004-Fix-XRecordRegisterClients-Integer-underflow.patch + * U_FixForZDI-11426.patch + +- U_0001-Correct-bounds-checking-in-XkbSetNames.patch + * Correct bounds checking in XkbSetNames() + [CVE-2020-14345 / ZDI 11428, boo#1174635] +- U_0002-Fix-XIChangeHierarchy-integer-underflow.patch + * Fix XIChangeHierarchy() integer underflow + [CVE-2020-14346 / ZDI-CAN-11429, boo#1174638] -- u_xkb-CVE-2020-14345.patch: - * Fix XKB out-of-bounds access privilege escalation vulnerability - (CVE-2020-14345, bsc#1174635, ZDI-CAN-11428) -- u_xichangehierarchy-CVE-2020-14346.patch: - * Fix XIChangeHierarchy integer underflow privilege escalation - vulnerability (CVE-2020-14346, bsc#1174638, ZDI-CAN-11429) - +- move xorg_pci_ids dir from /etc/X11 to /usr/share/X11 and + xorg-x11-server.macros from /etc/rpm to /usr/lib/rpm/macros.d; + no longer package /etc/X11/xorg.conf.d (boo#1173056) + +- U_glamor_egl-Reject-OpenGL-2.1-early-on.patch + * GLAMOR: no longer bail out for OpenGL drivers < 2.1 (boo#1172321) + +- Update to version 1.20.8+0: + * Revert "dri2: Don't make reference to noClientException" + * dix: Check for NULL spriteInfo in GetPairedDevice + * os: Ignore dying client in ResetCurrentRequest + * modesetting: remove unnecessary error message, fix zaphod leases + * Fix building with `-fno-common` + * xwayland: clear pixmaps after creation in rootless mode + * glamor: Fix a compiler warning since the recent OOM fixes. + * Restrict 1x1 pixmap filling optimization to GXcopy + * Add xf86OSInputThreadInit to stub os-support as well + * Fix old-style definition warning for xf86OSInputThreadInit() + * xwayland/glamor-gbm: Handle DRM_FORMAT_MOD_INVALID gracefully + * configure: Define GLAMOR_HAS_EGL_QUERY_DRIVER when available + * modesetting: Disable atomic support by default + * modesetting: Explicitly #include "mi.h" + * xfree86/modes: Bail from xf86RotateRedisplay if pScreen->root is NULL + * xwayland: Split up xwl_screen_post_damage into two phases + * xwayland: Call glamor_block_handler from xwl_screen_post_damage + * xwayland: Add xwl_window_create_frame_callback helper + * xwayland: Use single frame callback for Present flips and normal updates + * xwayland: Use frame callbacks for Present vblank events + * xwayland: Delete all frame_callback_list nodes in xwl_unrealize_window + * glamor: Propagate FBO allocation failure for picture to texture upload + * glamor: Error out on out-of-memory when allocating PBO for FBO access + * glamor: Propagate glamor_prepare_access failures in copy helpers + * glamor: Fallback to system memory for RW PBO buffer allocation +- supersedes u_fno-common.patch + +- u_fno-common.patch + * fix build with gcc's -fno-common option (boo#1160423) + +- Update to version 1.20.7+0: + * xserver 1.20.7 + * ospoll: Fix Solaris ports implementation to build on Solaris 11.4 + * os-support/solaris: Set IOPL for input thread too + * Add xf86OSInputThreadInit call from common layer into os-support layer + * Add ddxInputThread call from os layer into ddx layer + * os-support/solaris: Drop ExtendedEnabled global variable + * glamor: Only use dual blending with GLSL >= 1.30 + * modesetting: Check whether RandR was initialized before calling rrGetScrPriv + * Xi: return AlreadyGrabbed for key grabs > 255 + * xwayland: Do flush GPU work in xwl_present_flush + * modesetting: Clear new screen pixmap storage on RandR resize + * xfree86/modes: Call xf86RotateRedisplay from xf86CrtcRotate + * modesetting: Call glamor_finish from drmmode_crtc_set_mode + * modesetting: Use EGL_MESA_query_driver to select DRI driver if possible + * glamor: Add a function to get the driver name via EGL_MESA_query_driver + +- Update to version 1.20.6+0: + * xfree86: Test presence of isastream() + * present/wnmd: Relax assertion on CRTC on abort_vblank() + * os: Don't crash in AttendClient if the client is gone + * dix: Call SourceValidate before GetImage + * mi: Add a default no-op miSourceValidate + * compiler.h: Do not include sys/io.h on ARM with glibc + * xfree86: Call ScreenInit for protocol screens before GPU + screens + * modesetting: + - Implement ms_covering_randr_crtc() for ms_present_get_crtc() + - Fix ms_covering_crtc() segfault with non-xf86Crtc slave + +- Update to version 1.20.5+24: + * Fix crash on XkbSetMap +- Drop unneeded obsinfo file and tweak _service. + +- Update to version 1.20.5+22: + * miext/sync: + - Make struct _SyncObject::initialized fully ABI compatible + - Fix needless ABI change + * xf86: Disable unused crtc functions when a lease is revoked + * xwayland: + - Handle the case of windows being realized before redirection + - Refactor surface creation into a separate function + - Separate DamagePtr into separate window data + - Do not free a NULL GBM bo + - Expand the RANDR screen size limits + - Update screen pixmap on output resize + - Reset scheduled frames after hiding tablet cursor + - Check status in GBM pixmap creation + - Avoid a crash on pointer enter with a grab + * GLX: + - Fix previous context validation in xorgGlxMakeCurrent + - Set GlxServerExports::{major,minor}Version + - Add a function to change a clients vendor list + - Use the sending client for looking up XID's + - Add a per-client vendor mapping + * xsync: Add resource inside of SyncCreate, export SyncCreate + * dri2: Sync i965_pci_ids.h from mesa + * Xi: Use current device active grab to deliver touch events if + any + * Revert "present/scmd: Check that the flip and screen pixmap + pitches match" + * glamor: Make pixmap exportable from `gbm_bo_from_pixmap()` +- Drop patches fixed upstream: + * U_xwayland-Separate-DamagePtr-into-separate-window-data.patch + * 0001-xsync-Add-resource-inside-of-SyncCreate-export-SyncC.patch + * 0002-GLX-Add-a-per-client-vendor-mapping.patch + * 0003-GLX-Use-the-sending-client-for-looking-up-XID-s.patch + * 0004-GLX-Add-a-function-to-change-a-clients-vendor-list.patch + * 0005-GLX-Set-GlxServerExports-major-minor-Version.patch +- Switch to gitcheckout via source service, use the stable released + branch but set explicit commit used in _service. + +- reintroduce Xvfb subpackage (boo#1151457) + +- Add U_xwayland-Separate-DamagePtr-into-separate-window-data.patch + and U_xwayland-Allow-passing-a-fd.patch: Needed for gnome 3.34 + new and experimental xwayland on demand feature. +- Rebase patches with quilt. + - which is available since release 435.xx (jira#SLE-8470) + which is available since release 435.xx: +- move xorg.conf.d snippets from /etc/X11/xorg.conf.d to + /usr/share/X11/xorg.conf.d (boo#1139692) + +- Update to version 1.20.5: + Minor bugfix release to fix some input, Xwayland, glamor, and Present issues. + Thanks to all who contributed fixes and testing. + +- Disable LTO (boo#1133294). + +- Add systemd-rpm-macros BuildRequire for %tmpfiles_*. + +- xorg-server 1.20.4 + * A variety of bugfixes across the board, but primarily in + Xwayland. Thanks to all who contributed with testing and + fixes! + +- get rid of meta packages still requiring/recommending obsolete + drivers packages (boo#1121525) + xterm +- xterm-CVE-2022-24130.patch: Fixed buffer overflow in set_sixel + when Sixel support is enabled (bsc#1195387) + yast2-country +- Update language cache when selecting new language to ensure that + always the correct language translations are used in the license + translations selection combo box on the next wizard page + (bsc#1204845, bsc#1193009) +- 4.5.3 + yast2-installation +- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871) +- 4.5.10 + +- Fixed the help in the installation summary to include the texts + from the corresponding proposals (related to jsc#SLE-24764). +- 4.5.9 + +- Write config for ssg-apply script according to the enabled + security policy (part of jsc#SLE-24764). + Tue Nov 15 13:41:41 UTC 2022 - Knut Anderssen +- Fix copy of entropy pool during installation (bsc#1204559). + +- Do not use "xrdb" for setting the "Xft.dpi" value, use a specific + YaST tool from the yast2-x11 package (bsc#1201532) + (xrdb depends on the C pre-processor increasing the dependencies + about of 22MB) +- Install yast2-x11 only when GUI (libyui-qt) is installed, + avoid installing the dependent X libraries in minimal (text mode) + installation (bsc#1201966) + --4.5.3 +- 4.5.3 yast2-network +- Fix hash vs keyword arguments in RSpec expectations (bsc#1204871) +- 4.5.10 + yast2-ntp-client +- Fix the netconfig executable path using /sbin/netconfig instead + of /usr/sbin/netconfig which is not available in SLE-15-SP5 + (bsc#1205401) +- 4.5.2 + yast2-online-update +- bsc#1204907 + - Dropped old workaround from 2.13.15 with unconditional refresh + of all repositories. +- 4.5.2 + yast2-pkg-bindings +- Allow querying orphaned packages (related to bsc#1202007) +- 4.5.1 + yast2-schema-default +- Add support for security policies validation (jsc#SLE-24764). +- Synchronize SP4 and master branches (related to bsc#1199165). +- 4.5.6 + +- Add KDUMP_AUTO_RESIZE element in kdump section + (related to jsc#SLE-18441 and gh#yast/yast-kdump#123). +- 4.5.5 + -- 4.4.14 +- 4.5.4 -- 4.4.13 +- 4.5.3 + +- Fix up for the previous change (related to bsc#1183893) +- 4.5.2 + +- Remove dependency of YaST NIS packages from TW (bsc#1183893). +- 4.5.1 -- Fix rules validation when using a dialog (bsc#1199165). -- 4.4.12 +- Bump version to 4.5.0 (bsc#1198109) yast2-security +- Add support for DISA STIG security policy validation + (jsc#SLE-24764). +- Disable the ssg-apply service if the selected SCAP action is + "do nothing" (related to jsc#SLE-24764). +- 4.5.3 + yast2-storage-ng +- GuidedProposal: support for LUKS2 encryption with a configurable + PBKDF to be used by D-Installer (related to jsc#PED-2182). +- 4.5.14 + +- Validate security policies in both guided proposal and + partitioner (part of jsc#SLE-24764). +- 4.5.13 + +- New functionality for D-Installer: MinGuidedProposal and ability + to disable size adjustments (related to gh#yast/d-installer#264). +- 4.5.12 + yast2-update +- Display a warning in the upgrade summary when removing orphaned + 3rd party packages (bsc#1202007) +- 4.5.2 +