Removed rpms ============ - libpmem1 - libpmemobj1 - p11-kit-nss-trust - pmdk Added rpms ========== - libopenblas_pthreads0 - mozilla-nss-certs Package Source Changes ====================== MozillaThunderbird +- Mozilla Thunderbird 91.8 + * changed: Google accounts using password authentication will + be migrated to OAuth2. See KB Article. + * fixed: OpenPGP ECC keys created by Thunderbird could not be + imported into GnuPG + * fixed: Exporting multiple public PGP keys from Thunderbird + was not possible + * fixed: Replying to a newsgroup message erroneously displayed + a "No-reply" popup warning + * fixed: Opening `mid:` URLs on macOS failed + * fixed: Address books stored in older formats were loaded as + SQLite files, causing a crash + * fixed: Replicated LDAP directories were lost after switching + Thunderbird to "Offline"`mode + * fixed: Importing webcals from the commandline failed if the + URI ended with an `.ics` file extension + * fixed: Various security fixes + MFSA 2022-15 (bsc#1197903) + * CVE-2022-1097 (bmo#1745667) + Use-after-free in NSSToken objects + * CVE-2022-28281 (bmo#1755621) + Out of bounds write due to unexpected WebAuthN Extensions + * CVE-2022-1197 (bmo#1754985) + OpenPGP revocation information was ignored + * CVE-2022-1196 (bmo#1750679) + Use-after-free after VR Process destruction + * CVE-2022-28282 (bmo#1751609) + Use-after-free in DocumentL10n::TranslateDocument + * CVE-2022-28285 (bmo#1756957) + Incorrect AliasSet used in JIT Codegen + * CVE-2022-28286 (bmo#1735265) + iframe contents could be rendered outside the border + * CVE-2022-24713 (bmo#1758509) + Denial of Service via complex regular expressions + * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508, + bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776) + Memory safety bugs fixed in Thunderbird 91.8 + +- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, + faster buildhosts, as the others struggle to build TB. + SDL +- Add CVE-2021-33657.patch: always create a full 256-entry color + map in case color values are out of range (boo#1198001 + CVE-2021-33657). + - issue (CVE-2019-7637, boo#1124825). + issue (CVE-2019-7637, CVE-2020-14409, CVE-2020-14410, boo#1124825, + boo#1181201, boo#1181202). SDL2 +- Add CVE-2021-33657.patch: always create a full 256-entry color + map in case color values are out of range (boo#1198001 + CVE-2021-33657). + branding-openSUSE +- Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader + ceph -- Adjusting _constraints for SLE 15 SP4 to fix build issues with - aarch64 and ppc64le (bsc#1196733) +- Update to v16.2.7-654-gd5a90ff46f0 + + (bsc#1196733) remove build directory during %clean + +- Update to v16.2.7-652-gf5dc462fdb5 + + (bsc#1194875) [SES7P] include/buffer: include + +- Update to 16.2.7-650-gd083eaa3886 + + (pr#469) cephadm: update image paths to registry.suse.com + + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + + (pr#467) cephadm: infer the default container image during pull + + (pr#465) mgr/cephadm: try to get FQDN for inventory address + + Sync _constaints file for IBS and OBS + +- Update to 16.2.7-640-gceb23c7491b + + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + +- Update to 16.2.7-596-g7d574789716 + + Update Prometheus Container image paths (pr #459) + + mgr/dashboard: Fix documentation URL (pr #456) + + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + +- Update to 16.2.7-577-g3e3603b5dd1 + + Update prometheus-server version + +- Update to 16.2.7-37-gb3be69440db: + + (bsc#1194353) Downstream branding breaks dashboard npm build dnsmasq +- bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: + Heap use after free in dhcp6_no_relay + gstreamer-plugins-libav +- Change the license to LGPL-2.1-or-later as specified in + the COPYING file + +- Update to version 1.20.1: + + No changes + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Drop add-gpl-option.patch: It no longer applies, but what is more + important is that it does not make sense. Adding the gpl option + only mattered when building the included ffmpeg sources gst-libav + had when it still supported autotools. We can not change how the + external ffmpeg we depend on is built, we take what we are given + in this case. Our ffmpeg is built with GPL-3.0-or-later as + license, hence change the license for this package to + GPL-3.0-or-later in order to reflect that fact. +- Drop Supplements and Requires. No longer autoinstall this package + as when gst-libav is not available, the hardwaresupported codecs + in gst-bad finaly get to shine and strutt their wings. + Upstream sets basicly all decoders from gst-libav to a higher + preferance score, as they assume if you have gst-libav installed, + you want to use it for almost everything. + gutenprint -- Version upgrade to 5.2.10: - * Added a unified CUPS backend 'gutenprint52+usb' that requires - libusb 1.0 (or newer) to support selected dye sublimation - printers. Support for all Canon SELPHY CP- and ES- printers - has been improved considerably through that CUPS backend. - * Added duplex support for the EPSON WorkForce 630, 635, - and 645, and NX635. - * Many new printers supported in this release. - * Very many new printers supported experimentally. - For details see the NEWS file. -- For openSUSE 11.4 or newer BuildRequires libusb-1_0-devel - to build the 'gutenprint52+usb' backend. When libusb-1.0 is - not installed, the configure magic does not build that backend. - The installed /usr/share/cups/usb/net.sf.gimp-print.usb-quirks - needs a current CUPS version (that supports usb quirks). - Older CUPS versions would ignore gutenprint's usb quirks - which means that the generic CUPS backend 'usb' reports - in particular the dye sublimation printers that do not work - with it but require the special 'gutenprint52+usb' backend. - -- Do no longer send SIGHUP to cupsd in RPM post install script - (which would let the cupsd recognize new and updated PPD files - see the entry dated "Fri Sep 24 10:45:28 CEST 2010" below) - because SIGHUP to cupsd makes active print jobs fail - (see bnc#637455 starting at comment#3). -- Added explicit "Requires: ghostscript" if suse_version > 1210 - because since openSUSE 12.2 cups only "Recommends: ghostscript" - (to avoid a build dependency cycle) so that gutenprint needs - an explicit "Requires: ghostscript" for the "cups" device in - Ghostscript that is required by "rastertogutenprint" (compare - the entry dated "Thu Apr 28 17:20:03 CEST 2011" below). - -- Version upgrade to 5.2.9: - Revert an inappropriate change to the internal library version - number that was introduced in the 5.2.8 release. -- Version upgrade to 5.2.8: - The Canon driver has been significantly overhauled. Its output - and functionality may be significantly different from previous - releases. Further work in future releases is expected. - Several Canon PIXMA and SELPHY printers were removed, as they - are not supported. - Several Canon printers do not offer a grayscale printing mode. - CD printing support for some Canon PIXMA printers was added. - Added borderless functionality to most Canon printers - (except S series and BJC series). - Many new Canon printers are now EXPERIMENTAL supported. - A few new Epson printers are now supported. - For details see the NEWS file. -- escputil-send_nulls-void.patch is obsolete because its fixed - in the sources. -- compile-fix.patch is obsolete because its fixed in the sources. - -- compile-fix.patch adds missing includes. - -- Add python-cups BuildRequires to have postscriptdriver() Provides - for the drivers in gutenprint. - -- Upgraded to version 5.2.7: - This release features support for many additional Canon inkjets, - some Epson inkjets, and some dye sublimation printers, - greatly upgraded support for many Epson Stylus Pro printers, - and numerous bug fixes. - For details see the NEWS file. -- escputil-send_nulls-void.patch makes send_nulls a void function - because nowhere is a return value of send_nulls used - to fix a "no-return-in-nonvoid-function escputil.c:683" error. - -- Removed the needless RPM requirement for pstoraster. -- Removed the duplicate RPM requirement for ghostscript-library - because there is a RPM requirement for cups - and cups requires ghostscript. - -- Added missing directories for /usr/lib/gimp/2.0/plug-ins/* - to the "gimpplugin" files section in the RPM spec file. -- Marked /usr/share/gutenprint/doc/* as "doc" in the RPM - spec file (see Novell/openSUSE Bugzilla bnc#661350). - -- Removed gutenprint-5.2.6-make_A4_DefaultPageSize.patch - because it is useless because the DefaultPageSize in the PPD - templates in /usr/share/cups/model/ does not matter because - the cupsd sets the DefaultPageSize for PPDs in /etc/cups/ppd/ - by default according to the locale that the cupsd runs in or - according to a DefaultPaperSize entry in /etc/cups/cupsd.conf. -- Run cups-genppdupdate in the RPM post install script to update - Gutenprint PPD files in /etc/cups/ppd/ if such PPDs exist - (see Novell/openSUSE Bugzilla bnc#637455). - -- Disable the PPD generator /usr/lib/cups/driver/gutenprint.5.2 - to avoid duplicated PPDs because we provide ready-made PPDs - in /usr/share/cups/model/gutenprint/... in the RPM package - (see Novell/openSUSE Bugzilla bnc#514994 comment#9 - the section "Regarding CUPS PPD files"). - -- gutenprint-5.2.6-make_A4_DefaultPageSize.patch - moves the paper definition for "A4" to the top of the list - to make A4 the DefaultPageSize in the Gutenprint PPDs. -- Upgraded to version 5.2.6: - This release offers additional support for Epson Stylus Pro - printers, along with some changes for other Epson printers - and support for additional Canon inkjets and PCL laser - printers over 5.2.5. For details see the NEWS file. -- Upgraded to version 5.2.5: - This release offers several fixes, new features, and support - for new printers over 5.2.4. For details see the NEWS file. - -- Split gutenprint from the cups-drivers package to have it as a - stand-alone package (see Novell/openSUSE Bugzilla bnc#514994). - The IJS driver /usr/bin/ijsgutenprint is no longer provided - because it is not recommend if CUPS is used. Only the native - CUPS driver is provided as recommend, see the README file. - hwdata +- Update to version 0.357 (bsc#1196332): + + Updated pci, usb and vendor ids. + +- Update to version 0.356: + + Updated pci, usb and vendor ids. + hwinfo +- merge gh#openSUSE/hwinfo#112 +- fix bug in determining serial console device name (bsc#1198043) +- 21.81 + +- merge gh#openSUSE/hwinfo#109 +- fix logic around cdrom detection +- 21.80 + +- merge gh#openSUSE/hwinfo#108 +- Donot close the open tray after read_cdrom_info. +- Donot close the open tray after read. +- 21.79 + +- merge gh#openSUSE/hwinfo#106 +- Always read numerical 32bit serial number from EDID header. + Override this with ASCII serial number from display descriptor, + if available. +- Display numerical 32bit serial number for monitors without serial + number display descriptor +- 21.78 + +- merge gh#openSUSE/hwinfo#105 +- Use license file from gnu.org +- Fix spelling +- Add missing final newline +- Trim excess whitespace +- Simple maintenance improvements +- 21.77 + +- merge gh#openSUSE/hwinfo#104 +- Fix timezone issue in SOURCE_DATE_EPOCH code +- 21.76 + +- merge gh#openSUSE/hwinfo#100 +- recognize loongarch64 architecture +- 21.75 + +- merge gh#openSUSE/hwinfo#98 +- update pci and usb ids +- 21.74 + +- merge gh#openSUSE/hwinfo#95 +- don't rely on select() updating its timeout arg (bsc#1184339) +- 21.73 + kernel-default +- intel_idle: add core C6 optimization for SPR (bsc#1198602). +- commit d6fb753 + +- intel_idle: add 'preferred_cstates' module argument + (bsc#1198602). +- commit 0bc7d2b + +- intel_idle: add SPR support (bsc#1198602). +- commit 2bc31de + +- Move upstreamed patches into sorted section +- commit e93d073 + +- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). +- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). +- scsi: qedi: Fix failed disconnect handling (bsc#1197685). +- scsi: iscsi: Fix NOP handling during conn recovery + (bsc#1197685). +- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). +- scsi: iscsi: Fix conn cleanup and stop race during iscsid + restart (bsc#1197685). +- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). +- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). +- scsi: iscsi: Fix offload conn cleanup when iscsid restarts + (bsc#1197685). +- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). +- commit d5cdaca + +- Sorted using series_sort.py + Since sequence_patch required it. +- commit 6bf7976 + +- PCI: hv: Remove unused hv_set_msi_entry_from_desc() + (bsc#1198228). +- commit b61cd71 + +- x86/platform/uv: Log gap hole end size (bsc#1198417). +- commit 8618bf4 + +- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). +- commit 3d0fd26 + +- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). +- commit 76ba15c + +- powerpc/numa: Handle partially initialized numa nodes + (bsc#1197658). +- commit 061e1c6 + +- SUNRPC: Ensure we flush any closed sockets before + xs_xprt_free() (bsc#1198330 CVE-2022-28893). +- commit d2a1b78 + +- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() + (bsc#1198228). +- Drivers: hv: balloon: Disable balloon and hot-add accordingly + (bsc#1198228). +- Drivers: hv: balloon: Support status report for larger page + sizes (bsc#1198228). +- Drivers: hv: vmbus: Prevent load re-ordering when reading ring + buffer (bsc#1198228). +- PCI: hv: Propagate coherence from VMbus device to PCI device + (bsc#1198228). +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus + device (bsc#1198228). +- Drivers: hv: vmbus: Fix initialization of device object in + vmbus_device_register() (git-fixes). +- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by + default in isolated guests (bsc#1183682). +- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() + on ARM64 (bsc#1198228). +- x86/hyperv: Output host build info as normal Windows version + number (git-fixes). +- commit 0c3a755 + +- additional reference for arm64 erratum 1418040 (bsc#1198228). +- commit 7a1dfd5 + +- supported.conf: move kmem and dax_hmem to support list + Moved kmem and dax_hmem to support list. (bsc#1195953) +- commit fdf232f + +- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from lzo" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zlib" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zstd" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from generic + helpers" (bsc#1193852). +- commit c24af5b + kernel-kvmsmall +- intel_idle: add core C6 optimization for SPR (bsc#1198602). +- commit d6fb753 + +- intel_idle: add 'preferred_cstates' module argument + (bsc#1198602). +- commit 0bc7d2b + +- intel_idle: add SPR support (bsc#1198602). +- commit 2bc31de + +- Move upstreamed patches into sorted section +- commit e93d073 + +- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). +- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). +- scsi: qedi: Fix failed disconnect handling (bsc#1197685). +- scsi: iscsi: Fix NOP handling during conn recovery + (bsc#1197685). +- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). +- scsi: iscsi: Fix conn cleanup and stop race during iscsid + restart (bsc#1197685). +- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). +- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). +- scsi: iscsi: Fix offload conn cleanup when iscsid restarts + (bsc#1197685). +- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). +- commit d5cdaca + +- Sorted using series_sort.py + Since sequence_patch required it. +- commit 6bf7976 + +- PCI: hv: Remove unused hv_set_msi_entry_from_desc() + (bsc#1198228). +- commit b61cd71 + +- x86/platform/uv: Log gap hole end size (bsc#1198417). +- commit 8618bf4 + +- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). +- commit 3d0fd26 + +- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). +- commit 76ba15c + +- powerpc/numa: Handle partially initialized numa nodes + (bsc#1197658). +- commit 061e1c6 + +- SUNRPC: Ensure we flush any closed sockets before + xs_xprt_free() (bsc#1198330 CVE-2022-28893). +- commit d2a1b78 + +- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() + (bsc#1198228). +- Drivers: hv: balloon: Disable balloon and hot-add accordingly + (bsc#1198228). +- Drivers: hv: balloon: Support status report for larger page + sizes (bsc#1198228). +- Drivers: hv: vmbus: Prevent load re-ordering when reading ring + buffer (bsc#1198228). +- PCI: hv: Propagate coherence from VMbus device to PCI device + (bsc#1198228). +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus + device (bsc#1198228). +- Drivers: hv: vmbus: Fix initialization of device object in + vmbus_device_register() (git-fixes). +- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by + default in isolated guests (bsc#1183682). +- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() + on ARM64 (bsc#1198228). +- x86/hyperv: Output host build info as normal Windows version + number (git-fixes). +- commit 0c3a755 + +- additional reference for arm64 erratum 1418040 (bsc#1198228). +- commit 7a1dfd5 + +- supported.conf: move kmem and dax_hmem to support list + Moved kmem and dax_hmem to support list. (bsc#1195953) +- commit fdf232f + +- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from lzo" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zlib" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zstd" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from generic + helpers" (bsc#1193852). +- commit c24af5b + kexec-tools +- kexec-tools-print-error-if-kexec_file_load-fails.patch: print + error if kexec_file_load fails (bsc#1197176). + libgcrypt +- FIPS: extend the service indicator [bsc#1190700] + * introduced a pk indicator function + * adapted the approved and non approved ciphersuites + * Add libgcrypt_indicators_changes.patch + * Add libgcrypt-indicate-shake.patch + libglvnd +- provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages + (bsc#1196576) + libslirp +- security update +- added patches + fix CVE-2021-3592 [bsc#1187364], invalid pointer initialization may lead to information disclosure (bootp) + + libslirp-CVE-2021-3592.patch + fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp) + + libslirp-CVE-2021-3594.patch + fix CVE-2021-3595 [bsc#1187366], invalid pointer initialization may lead to information disclosure (tftp) + + libslirp-CVE-2021-3595.patch + libtirpc +- add option to enforce connection via protocol version 2 first + (bsc#1196647) + add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch + libxml2 +- Security fix: [bsc#1196490, CVE-2022-23308] + * Use-after-free of ID and IDREF attributes. +- Add libxml2-CVE-2022-23308.patch + mozilla-nss +- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This + makes the PBKDF known answer test compliant with NIST SP800-132. + +- Mozilla NSS 3.68.3 (bsc#1197903) + This release improves the stability of NSS when used in a multi-threaded + environment. In particular, it fixes memory safety violations that + can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). + We presume that with enough effort these memory safety violations are exploitable. + * Remove token member from NSSSlot struct (bmo#1756271). + * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots + (bmo#1755555). + * Check return value of PK11Slot_GetNSSToken (bmo#1370866). + net-snmp +- Decouple snmp-mibs from net-snmp version to allow major version + upgrade (bsc#1196955). + open-iscsi +- Updated to latest upstream, including bug fixes and cleanups. + Changes included: + * add handling name/value pairs for firmware login (bsc#1196113), + including man page update for same + * Fix bug where some package parts were installed using + DESTDIR twice + * general build cleanup (in prep for removing DB files from + /etc/iscsi some day soon) + Also, now delivering a "package config" file for libopeniscsiusr. + openblas:openmp +- Fix issues in update paths from earlier versions introduced by + recent structural changes (bsc#1198264): + - Add Obsoletes for old package names + - Handle the change from directories to soft links properly + +- Also build for s390x using latest gcc as requested by IBM + (jsc#SLE-18143, bsc#1197721). + +- Build HPC packages with gcc- >= 10 on Leap/SLE. + +- Do the same for x86_64 on SLE to make sure Cooperlake support + is built properly. +- Remove: + * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch + * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch + * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch + Instead, add from upstream: + * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch + * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch + * Fix-checks-for-AVX512-and-atomics.patch + * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch + * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch + * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch + +- Update to v0.3.20: + * general: + some code cleanup, with added casts etc. + fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset + fixed pivot index calculation by ?LASWP for negative increments other + than one + fixed input argument check in LAPACK ? GEQRT2 + improved the check for a Fortran compiler in CMAKE builds + disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, + SPR,SYMV,SYR with NO_LAPACK=1 + fixed building of LAPACK on certain distributed filesystems with parallel + gmake + fixed building the shared library on MacOS with classic flang + (v0.3.19) + reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 + fixed a potential thread race in the thread buffer reallocation routines + that were introduced in 0.3.18 + fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE + fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG + made automatic library suffix for CMAKE builds with INTERFACE64 available + to CBLAS-only builds + (v0.3.18) + when the build-time number of preconfigured threads is exceeded + at runtime (by an external program calling BLAS functions from + a larger number of threads), OpenBLAS will now allocate an + auxiliary control structure for up to 512 additional threads + instead of aborting + added support for Loongson's LoongArch64 cpu architecture + fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON + added support for building OpenBLAS as a CMAKE subproject + added support for building for Windows/ARM64 targets with clang + improved support for building with the IBM xlf compiler + imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) + imported Reference-LAPACK PR 597 for testsuite compatibility with + LLVM's libomp + * x86_64: + fixed cross-compilation with CMAKE for CORE2 target + fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds + added support for the "incidental" AVX512 hardware in Alder Lake when + enabled in BIOS + (v0.3.19) + DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities + when an unknown CPUID is encountered, instead of defaulting to Prescott + added cpu detection for Intel Alder Lake + added cpu detection for Intel Sapphire Rapids + added an optimized SBGEMM kernel for Sapphire Rapids + fixed DYNAMIC_ARCH builds on OSX with CMAKE + worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX + fixed missing thread initialization for static builds on Windows/MSVC + fixed an excessive read in ZSYMV + (v0.3.18) + added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) + added optimized SBGEMM for Intel Cooper Lake + reinstated the performance patch for AVX512 SGEMV_T with a proper fix + added a workaround for a gcc11 tree-vectorizer bug that caused spurious + failures in the test programs for complex BLAS3 when compiling at -O3 + (the default for cmake "release" builds) + added support for runtime cpu count detection under Haiku OS + worked around a long-standing miscompilation issue of the Haswell DGEMV_T + kernel with gcc that could produce NaN output in some corner cases + * Power: + added support for POWER10 in big-endian mode + added support for building with CMAKE + added optimized SGEMM and DGEMM kernels for small matrix sizes + (v0.3.18) + improved performance of DASUM on POWER10 + * ARMV8: + added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX + added support for Neoverse N2 and V1 cpus + (v0.3.19) + added basic support and cputype detection for Fujitsu A64FX + added a generic ARMV8SVE target + added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX + added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus + fixed cpuid detection for Apple M1 and improved performance + improved compiler flag setting in CMAKE builds + (v0.3.18) + fixed crashes (use of reserved register x18) on Apple M1 under OSX + fixed building with gcc releases earlier than 5.1 +- Fix out of bounds read in ?llarv + LAPACK Reference: PR 625 + CVE-2021-4048, bsc#1196513 +- Limit parallel builds according to available memory. + Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS + instead and let the build do the work. + Also change -flto=auto to -flto=1: spawning even more parallel builds + on top of parallel build treads will wreak havok. +- Move calls to 'update-alternatives --remove' to %%postun instead + of %%preun as suggested by rpmlint. +- Since we build with DYNAMIC_ARCH, create separate config files for + the different target kernels to help debugging + Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch +- Remove compiler feature detection when not using auto-detection. + Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch +- Do not depend in variables which are not available when building + DYNAMIC_ARCH. + Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch +- Do not include symbols defined in driver/others/parameter.c in + DYNAMIC_BUILD to generate more conclusive error messages earlier. + Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch +- Install lapack and blas libraries to an openblas-flavor + specific subdirectory of %%_libdir and set up the alternatives + to point to this directory. Set the system-wide BLAS/LAPACK + default directory to %%_libdir/openblas-default. + This way, the blas/lapack libraries will remain consistent + and from the same source. The user is able to override this + easily by setting the LD_LIBRARY_PATH to include the preferred + BLAS/LAPACK implementation (boo#1177260). +- Consolidate packages 'openblas-devel' and 'openblas-devel-headers' + into 'openblas-common-devel' (these are built for the serial + flavor only). + 'openblas-common-devel' will provide the removed 'openblas-devel-headers' + while the arch specific 'preferred' flavor will provide the removed + 'openblas-devel'. +- Fix the openblas default flavor selection: + [#] /usr/sbin/update-alternatives --config libopenblas.so.0 +- Add cmake and pkgconfig files. openjpeg +- Add security fixes: + openjpeg-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), + openjpeg-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), + openjpeg-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), + openjpeg-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), + openjpeg-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), + openjpeg-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774). + -- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer - overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445). - -- Add baselibs.conf - -- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer - overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649). - -- Added a patch (heap_corruption_fix.patch) to fix heap corruption when - processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260). - -- Update to version 1.5.0: - New Features: - * openjpip: - + complete client-server architecture for remote browsing of jpeg 2000 - images. - + see corresponding README for more details. - API modifications: - * 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more - required. - Misc: - * improved cmake and autotools build methods. - * removed manual makefiles, VS project files and XCode project files. - * added a 'thirdparty' directory to contain all dependencies. - + These libraries will be build only if there are not found on the system. - + Note that libopenjpeg itself does not have any dependency. - * changed the directory hierarchy of the whole project. See README files for - details. - * tests : a complete test suite has been setup. - + both JPEG 2000 conformance tests and non-regressions tests are - configured. - + results are submitted to the OpenJPEG dashboard - (http://my.cdash.org/index.php?project=OPENJPEG) - + images are located in 'http://openjpeg.googlecode.com/svn/data' folder. - + configuration files and utilities are located in 'tests' folder. - * OPJViewer re-activated (need wxWidgets) - * Huge amount of bug fixes. See CHANGES for details. -- Removed the following patches (fixed upstream): - * fix_no_undefined.patch - * fix_soversion.patch - * install_pkgconfig_file.patch -- Replaced openjpeg-1.4-OpenJPEGConfig.patch with - openjpeg-1.5.0-cmake_Config.patch (taken from Fedora) -- Replaced openjpeg-1.4-cmake_symlink_fix.patch with - openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora) -- Added 2 patches (taken from Fedora): - * openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories - * openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig - file -- Spec file updates: - * Added doxygen in BuildRequires: to enable compilation of devel docs. - * Updated BuildRequires: to include also liblcms2-devel and zlib-devel. - * Fixed rpmlint warning "file-contains-date-and-time" -- No need to remove the JavaOpenJPEG/ directory from the package source anymore - (the Sun proprietary code was removed from the package). - -- license update: BSD-2-Clause - SPDX format - -- Removed the JavaOpenJPEG/ directory from the package source (fix for - bnc#733009 - openjpg contains Sun proprietary code). - -- Initial release (version 1.4). -- Added 5 patches (taken from upstream and Fedora): - * openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake - * openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for - header file - * fix_no_undefined.patch -- Fix libopenjpeg undefined references - * fix_soversion.patch -- Fix so version to 1 instead of 1.4 - * install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s) - openjpeg2 +- Add security fixes: + openjpeg2-CVE-2018-5727.patch (CVE-2018-5727, bsc#1076314), + openjpeg2-CVE-2018-5785.patch (CVE-2018-5785, bsc#1076967), + openjpeg2-CVE-2018-6616.patch (CVE-2018-6616, bsc#1079845), + openjpeg2-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), + openjpeg2-CVE-2018-16375.patch (CVE-2018-16375, bsc#1106882), + openjpeg2-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), + openjpeg2-CVE-2018-20845.patch (CVE-2018-20845, bsc#1140130), + openjpeg2-CVE-2020-6851.patch (CVE-2020-6851, bsc#1160782), + openjpeg2-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), + openjpeg2-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), + openjpeg2-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), + openjpeg2-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774), + openjpeg2-CVE-2022-1122.patch (CVE-2022-1122, bsc#1197738). + -- add libopenjp2.pc (demand introduced by ImageMagick 6.8.8-5) - patterns-base +- Backports fips pattern from SLE15 SP4 + * Since patterns_base has huge different compared to SLE ones, + backport fips pattern from SLE then fips pattern is not missing + swtpm +- Update to version 0.5.3 + - swtpm: + - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) + - Fix --print-capabilities for 'swtpm chardev' + - swtpm_localca: + - Test for available issuercert before creating CA + - swtpm_cert: + - Rename deprecated libtasn1 types + - man pages: + - Update the doc of the flag to connect to TPM via UnixIO socket + systemd +- Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b + 6256b14446 test: adapt install_pam() for openSUSE + 3ea5b7e295 test: add test checking tmpfiles conf file precedence + e63e641ee8 test tmpfiles: add a test for 'w+' + b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) + ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails +- Move coredumpctl completion files into systemd-coredump sub-package. + webkit2gtk3:gtk3 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. webkit2gtk3:gtk3-soup2 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. webkit2gtk3:gtk4 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. wicked +- version 0.6.69 +- redfish: decode smbios and setup host interface + Add initial support to decode the SMBIOS Management Controller Host + Interface (Type 42) structure and expose it as wicked `firmware:redfish` + configuration to setup a Host Network Interface (to the BMC) using the + `Redfish over IP` protocol allowing access to the Redfish Service (via + redfish-localhost in /etc/hosts) used to manage the computer system. + Tech Preview (jsc#SLE-17762). +- buffer: fix size_t length downcast to uint, add guards to init functions +- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string +- xml-schema: reference counting fix to not crash at exit on schema errors +- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, + remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. +- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable +- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) +- removed obsolete patch included in the master sources (bsc#1194392) + [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] +