Removed rpms
============
- libixion-0_16-0
- libopenh264-6
- liborcus-0_16-0
- libserf-1-1
- mozilla-openh264
Added rpms
==========
- abseil-cpp
- libixion-0_17-0
- liborcus-0_17-0
Package Source Changes
======================
Mesa
+- revert previous change, since it resulted in Xorg and Mesa no
+ longer being able to load "i965" driver at all! This affects many
+ if not almost all Intel GPU users. I can't tell why this happens,
+ but I'm afraid we need to act immediately (boo#1202850); reopened
+ boo#1200965 for now ...
+
+- change default driver from 'iris' back to 'i965' for Intel
+ Gen8-11 hardware; that way we also use the same driver used by X
+ and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
+
Mesa-drivers
+- revert previous change, since it resulted in Xorg and Mesa no
+ longer being able to load "i965" driver at all! This affects many
+ if not almost all Intel GPU users. I can't tell why this happens,
+ but I'm afraid we need to act immediately (boo#1202850); reopened
+ boo#1200965 for now ...
+
+- change default driver from 'iris' back to 'i965' for Intel
+ Gen8-11 hardware; that way we also use the same driver used by X
+ and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
+
audit-secondary
+- Update audit-secondary.spec: create symbolic link from
+ /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).
+
btrfsprogs
+- Upstream behavior of btrfs compression=none (JSC#PED-1711)
+ * btrfs-progs_props_dont_translate_value_of_compression_none.patch
+
dracut
+- Update to version 055+suse.294.gc5bc4bb5:
+ Missing network-manager module fixes (bsc#1201975):
+ * fix(network-manager): avoid calling unavailable dracut-logger functions
+ * fix(network-manager): skip non-directories in /sys/class/net
+ * fix(network-manager): disable tty output if the console is not usable
+ * fix(network-manager): show output on console only with rd.debug enabled
+ * fix(network-manager): write DHCP filename option to dhcpopts file
+ * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts
+ * fix(network-manager): include nm-daemon-helper binary
+ * fix(network-manager): don't pull in systemd-udev-settle
+ * fix(network-manager): support teaming under NM+systemd
+ * fix(network-manager): pull in network.target in nm-initrd.service
+
+- Update to version 055+suse.283.ge98ece25:
+ * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975)
+ * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709)
+
emacs-apel
+- Add emacs-apel-fix-build-error.patch: fix emacs-apel build error
+ on SLE-15-SP4 (bsc#1197714).
+
-- Add suse-start-apel.el.
-
gnutls
+- Security fix: [bsc#1202020, CVE-2022-2509]
+ * Fixed double free during verification of pkcs7 signatures
+ * Add gnutls-CVE-2022-2509.patch
+
+- FIPS:
+ * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979]
+ - gnutls_fips140_run_self_tests now properly releases fips_context
+
+- FIPS:
+ * Add gnutls_ECDSA_signing.patch [bsc#1190698]
+ - Check minimum keylength for symmetric key generation
+ - Only allows ECDSA signature with valid set of hashes
+ (SHA2 and SHA3)
+ * Add gnutls-FIPS-force-self-test.patch [bsc#1198979]
+ - Provides interface for running library self tests on-demand
+ - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598
+
libixion
+- Fix build on SLE-12-SP5
+- Remove unneeded vulkan dependency
+
+- Added patch:
+ * libixion-boost-system.patch
+ + fix missing symbols from boost_system library
+
+- update to 0.17.0:
+ * set the baseline C++ version to 17.
+ * mdds has been internalized so that the public header no longer contains
+ references to mdds. With this change, the users can use different API
+ versions of mdds between the ixion build and run-time use.
+ * cleaned up public API to make use of std::string_view and std::variant
+ where appropriate.
+ * implemented built-in LEFT() function in the formula interpreter.
+ * it is no longer required to set the size of void* at build time to ensure
+ the binaries to be fully functional.
+ * fixed a bug where named expressions with names containing invalid
+ characters were still allowed in.
+
+- Define conditionally make_build to fix build on systems that do
+ not have that macro
+
libnettle
+- update to 3.8.1:
+ * Avoid non-posix m4 argument references in the chacha
+ implementation for arm64, powerpc64 and s390x. Reported by
+ Christian Weisgerber, fix contributed by Mamone Tarsha.
+ * Use explicit .machine pseudo-ops where needed in s390x
+ assembly files. Bug report by Andreas K. Huettel, fix
+ contributed by Mamone Tarsha.
+
+- update to 3.8:
+ This release includes a couple of new features, and many
+ performance improvements. It adds assembly code for two more
+ architectures: ARM64 and S390x.
+ The new version is intended to be fully source and binary
+ compatible with Nettle-3.6. The shared library names are
+ libnettle.so.8.5 and libhogweed.so.6.5, with sonames
+ libnettle.so.8 and libhogweed.so.6.
+ New features:
+ * AES keywrap (RFC 3394), contributed by Nicolas Mora.
+ * SM3 hash function, contributed by Tianjia Zhang.
+ * New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
+ cbc_aes256_encrypt.
+ On processors where AES is fast enough, e.g., x86_64 with
+ aesni instructions, the overhead of using Nettle's general
+ cbc_encrypt can be significant. The new functions can be
+ implemented in assembly, to do multiple blocks with reduced
+ per-block overhead.
+ Note that there's no corresponding new decrypt functions,
+ since the general cbc_decrypt doesn't suffer from the same
+ performance problem.
+ Bug fixes:
+ * Fix fat builds for x86_64 windows, these appear to never
+ have worked.
+ Optimizations:
+ * New ARM64 implementation of AES, GCM, Chacha, SHA1 and
+ SHA256, for processors supporting crypto extensions. Great
+ speedups, and fat builds are supported. Contributed by
+ Mamone Tarsha.
+ * New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
+ SHA256, SHA512 and SHA3. Great speedups, and fat builds are
+ supported. Contributed by Mamone Tarsha.
+ * New PPC64 assembly for ecc modulo/redc operations,
+ contributed by Amitay Isaacs, Martin Schwenke and Alastair
+ D´Silva.
+ * The x86_64 AES implementation using aesni instructions has
+ been reorganized with one separate function per key size,
+ each interleaving the processing of two blocks at a time
+ (when the caller processes multiple blocks with each call).
+ This gives a modest performance improvement on some
+ processors.
+ * Rewritten and faster x86_64 poly1305 assembly.
+- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8)
+
+- Make shared libraries executable
+
liborcus
+- Added patch:
+ * no-std-filesystem.patch
+ + use boost::filesystem instead of std::filesystem, in order to
+ allow building with older compilers
+
+- Update to 0.17.2:
+ * fixed a bug where the state of style:cell-protect="none" was not
+ explicitly pushed, thereby having had the same effect as not having this
+ attribute. After the fix, style:cell-protect="none" will explicitly push
+ the hidden state to false, locked state to false, and the formula-hidden
+ state to false.
+- Update to 0.17.1:
+ * addressed a number of coverity issues.
+ * removed a variety of compiler warnings.
+ * re-generated sax parser tokens from ODF v1.3.
+ * revised the style import code to only push style attributes that are
+ actually specified in the XML.
+ * revised the XML structure validation strategy to ignore any mis-placed
+ elements and their sub structures rather than aborting the import.
+
+- Update to 0.17.0:
+ * set the baseline C++ version to 17.
+ * cleaned up the public API to replace pstring with std::string_view, union
+ with std::variant, and boost::optional with std::optional. With this
+ change, the public API no longer has dependency on boost.
+ * switched to using ixion::model_iterator for horizontal iteration of cells
+ instead of using mdds::mtv::collection.
+ * fixed a bug where exporting a spreadsheet document containing adjacent
+ merged cells regions to html incorrectly exported the merged cell areas.
+ * cached cell values are now correctly loaded from the xlsx file.
+ * utf-8 names are now allowed as element and attribute names in the sax parser.
+ * unquoted utf-8 property values are now allowed in the css parser.
+ * added yaml output option in orcus-json.
+ * fixed a bug where mapping of an XML document with namespace aliases
+ sometimes corrupts the alias values.
+ * added orcus.FormulaTokenOp enum type in python which describes type formula token
+ operator types in a more finer grained manner.
+ * added notes to how to use orcus-xml and orcus-json to map XML and JSON
+ documents to spreadsheet documents.
+- Drop GCC11_build_fixes.patch
+
+- Define conditionally make_build to fix build on systems that do
+ not have that macro
+
libreoffice
+- Update to 7.3.3.1 (jsc#SLE-23447):
+ You can read the release notes for major version 7.3 here:
+ https://wiki.documentfoundation.org/ReleaseNotes/7.3
+ Release notes for minor releases:
+ https://wiki.documentfoundation.org/Releases/7.3.3/RC1
+ https://wiki.documentfoundation.org/Releases/7.3.2/RC2
+ https://wiki.documentfoundation.org/Releases/7.3.2/RC1
+ https://wiki.documentfoundation.org/Releases/7.3.1/RC3
+ https://wiki.documentfoundation.org/Releases/7.3.1/RC2
+ https://wiki.documentfoundation.org/Releases/7.3.1/RC1
+ https://wiki.documentfoundation.org/Releases/7.3.0/RC3
+ https://wiki.documentfoundation.org/Releases/7.3.0/RC2
+ https://wiki.documentfoundation.org/Releases/7.3.0/RC1
+ https://wiki.documentfoundation.org/Releases/7.3.0/Beta1
+- Update bundled dependencies:
+ * boost_1_75_0.tar.xz -> boost_1_77_0.tar.xz
+ * curl-7.79.1.tar.xz
+ * gpgme-1.13.1.tar.bz2 -> gpgme-1.16.0.tar.bz2
+ * icu4c-69_1-data.zip -> icu4c-70_1-data.zip
+ * icu4c-69_1-src.tgz -> icu4c-70_1-src.tgz
+ * libassuan-2.5.3.tar.bz2 -> libassuan-2.5.5.tar.bz2
+ * libgpg-error-1.37.tar.bz2 -> libgpg-error-1.43.tar.bz2
+ * pdfium-4500.tar.bz2 -> pdfium-4699.tar.bz2
+ * skia-m90-45c57e116ee0ce214bdf78405a4762722e4507d9.tar.xz ->
+ skia-m97-a7230803d64ae9d44f4e1282444801119a3ae967.tar.xz
+- Added patches:
+ * bsc1192616.patch
+- Refreshed patches:
+ * 0001-Revert-java-9-changes.patch
+ * fix_gtk_popover_on_3.20.patch
+ * fix-wayland-scaling-in-plasma.patch
+- Deleted patches:
+ * bsc1183308.patch
+- This package contain the fixes for the following bugs:
+ * bsc#1196212
+ * bsc#1195881
+- This package is not affected by the following bugs:
+ * bsc#1196017
+ * bsc#1196499
+- Enable gtk3_kde5. The gtk3 interface is more stable than the
+ qt5/kf5 one, this option makes it possible to use gtk3 in kde
+ with the kde filepicker (bsc#1197017)
+- Add system_curl build condition
+
libslirp
+- security update
+- added patches
+ fix CVE-2021-3593 [bsc#1187365], invalid pointer initialization may lead to information disclosure (udp6)
+ + libslirp-CVE-2021-3593.patch
+
+- Add patch to fix the version header (bsc#1201551):
+ * 0001-meson-remove-meson-dist-script.patch
+
mozilla-nss
+- update to NSS 3.79.1 (bsc#1202645)
+ * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
+ * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
+ * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
+ * bmo#1760998 - avoid data race on primary password change.
+ * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
+
+- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
+ rest of the DSA ciphers, keeping signature verification only
+ (bsc#1201298).
+- Update nss-fips-constructor-self-tests.patch to fix compiler
+ warning.
+
ndctl
+- Update to version 74 (jsc#PED-1080):
+ * Many CXL fixes
+ * Some build system fixes
+ * monitor: Fix the monitor config file parsing
+ * ndctl/bus: Handle missing scrub commands more gracefully
+ * ndctl/dimm: Flush invalidated labels after overwrite
+ - Remove upstreamed patch
+ - ndctl-build-Fix-systemd-unit-directory-detection.patch
+ - ndctl-meson-make-modprobedatadir-an-option.patch
+
+- Provide compatibility symlink for libdaxctl.h in the old location
+
+- Update to version 73:
+ * Many CXL fixes
+ * Fix shipped monitor.conf (bsc#1194696 https://github.com/pmem/ndctl/pull/189)
+ * inject-smart: Add support for papr
+ * Switch to meson build system
+ + ndctl-build-Fix-systemd-unit-directory-detection.patch
+ + ndctl-meson-make-modprobedatadir-an-option.patch
+- Add monitor.conf migration as upstream has (bsc#1194696)
+- Use %%config(noreplace) for files in /etc as upstream does.
+- Update to version 72.1
+ * Add support for CXL interface
+ * Configuration file rework
+ * Add service for automatic reconfiguration
+ * Drop upstreamed patches
+ - ndctl-namespace-skip-zero-namespaces-when-processing.patch
+ - ndctl-namespace-Suppress-ENXIO-when-processing-all-n.patch
+ - 0001-ndctl-namespace-Fix-disable-namespace-accounting-rel.patch
+ - 0002-Expose-ndctl_bus_nfit_translate_spa-as-a-public-func.patch
+ - 0003-libndctl-Unify-adding-dimms-for-papr-and-nfit-famili.patch
+ - 0004-daxctl-fail-reconfigure-device-based-on-kernel-onlin.patch
+ - 0005-libdaxctl-add-an-API-to-check-if-a-device-is-active.patch
+ - 0006-libndctl-check-for-active-system-ram-before-disablin.patch
+ - 0007-daxctl-emit-counts-of-total-and-online-memblocks.patch
+ - 0008-ndctl-Update-nvdimm-mailing-list-address.patch
+ - 0009-libndctl-papr-Fix-probe-for-papr-scm-compatible-nvdi.patch
+ - 0010-ndctl-scrub-Stop-translating-return-values.patch
+ - 0011-ndctl-scrub-Reread-scrub-engine-status-at-start.patch
+ - 0012-ndctl-dimm-Fix-label-index-block-calculations.patch
+ - 0013-daxctl-Add-Soft-Reservation-theory-of-operation.patch
+ - 0014-Documentation-ndctl-fix-self-reference-of-ndctl-disa.patch
+ - 0015-ndctl-docs-Clarify-update-firwmware-activation-overf.patch
+ - 0016-libndctl-papr-Add-support-for-reporting-shutdown-cou.patch
+- Add rpmlinrc filter for libcxl and libdaxctl (boo#1191773).
+- Fix asciidoctor conditional
+
openldap2
+- bsc#1198341 - Prevent memory reuse which may lead to instability
+ * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
+
osinfo-db
+- bsc#1197958 - request support for SLE15-SP4 in the osinfo database
+- Add support for SUSE linux Enterprise Micro 5.2
+ add-slem5.2-support.patch
+
+- bsc#1196965 - openSUSE Tumbleweed unattended installation with
+ libvirt fails
+ opensuse-autoyast-desktop.patch
+
+- Update to database version 20220214
+ osinfo-db-20220214.tar.xz
+
perl-HTTP-Daemon
+- Fix request smuggling in HTTP::Daemon
+ (CVE-2022-31081, bsc#1201157)
+ * CVE-2022-31081.patch
+ * CVE-2022-31081-2.patch
+ * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
+
procps
+- Add the patches
+ * procps-3.3.17-library-bsc1181475.patch
+ * procps-3.3.17-top-bsc1181475.patch
+ which are backports of current newlib tree to solve bug bsc#1181475
+ * 'free' command reports misleading "used" value
+
python-lxml
+- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)
+
raptor
+- add CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch (bsc#1178903, CVE-2020-25713)
+
-- Update to v2.0.7
- * CVE-2012-0037 fixed (bnc#745298)
- * Removed Expat support
- * Removed internal Unicode NFC code for better and optional ICU
- * Added options for denying file requests and XML entity loading
- * Added options for SSL certificate verifying
-
systemd
+- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one
+ pointing to /usr/lib/systemd/ (bsc#1201795)
+
+- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
+ To decrease log level of messages about use of KillMode=none from warning to
+ debug. SAP still uses this deprecated option and the warnings emitted by PID1
+ confuse both SAP customers and support.
+
+- Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12)
+ For a complete list of changes, visit:
+ https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0
+
+- Import commit 4949659dd6ce81845e13034504fe06b85a02f08b
+ 0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent
+ 82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
+ 2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
+
systemd-presets-common-SUSE
+- enable ignition-delete-config by default (bsc#1199524)
+
+- Modify branding-preset-states to fix systemd-presets-common-SUSE
+ not enabling new user systemd service preset configuration just
+ as it handles system service presets. By passing an (optional)
+ second parameter "user", the save/apply-changes commands now
+ work with user services instead of system ones (boo#1200485)
+
+- Add the wireplumber user service preset to enable it by default
+ in SLE15-SP4 where it replaced pipewire-media-session, but keep
+ pipewire-media-session preset so we don't have to branch the
+ systemd-presets-common-SUSE package for SP4 (boo#1200485)
+
timezone
+- Update to reflect new Chile DST change, bsc#1202310
+ * bsc1202310.patch
+
timezone-java
+- Update to reflect new Chile DST change, bsc#1202310
+ * bsc1202310.patch
+
transactional-update
+- Version 4.0.1
+ - create_dirs_from_rpmdb: Just warn if no default SELinux context found
+ [gh#openSUSE/transactional-update#88], [bsc#1188215]
+ - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure
+ [gh#openSUSE/transactional-update#88]
+ - Handle directories owned by multiple packages
+ [gh#openSUSE/transactional-update#90], [bsc#1188215]
+
util-linux
+- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
+ util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
+- libmount: When moving a mount point, update all sub mount entries
+ in utab (bsc#1198731,
+ util-linux-libmount-moving-mount-point-sub-mounts.patch,
+ util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
+
util-linux-systemd
+- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
+ util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
+- libmount: When moving a mount point, update all sub mount entries
+ in utab (bsc#1198731,
+ util-linux-libmount-moving-mount-point-sub-mounts.patch,
+ util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
+
yast2
+- On transactional systems, inform the user that packages are
+ required to be installed manually (related to bsc#1199840)
+- 4.5.11
+
yast2-security
+- Do not crash when reading active LSM modules returns nil
+ (related to jsc#SLE-22069)
+- 4.5.1
+
yast2-tune
+- Added runtime dependency on hwinfo (bsc#1202651)
+- 4.5.1
+
yast2-users
+- AY: Fix writing ssh keys for user without specified home
+ (bsc#1201185)
+- 4.5.2
+
zlib
+- Fix heap-based buffer over-read or buffer overflow in inflate via
+ large gzip header extra field (bsc#1202175, CVE-2022-37434,
+ CVE-2022-37434-extra-header-1.patch,
+ CVE-2022-37434-extra-header-2.patch).
+