Removed rpms ============ - mozilla-nss-certs Added rpms ========== - p11-kit-nss-trust Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 91.8.0 ESR (bsc#1197903) + Release candidate! Details filled in later, once it has been released + +- Adjust rust dependency for SP3 and later. TW uses always the + newest version of rust, but we don't, so we can't use the + rust+cargo notation, which would need both < and >= requirements. + (bsc#1197698) + +- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, + faster buildhosts, as the others struggle to build FF. + +- Firefox Extended Support Release 91.7.1 ESR + * Changed: Yandex and Mail.ru have been removed as optional + search providers in the drop-down search menu in Firefox. + If you previously installed a customized version of Firefox + with Yandex or Mail.ru, offered through partner distribution + channels, this release removes those customizations, + including add-ons and default bookmarks. Where applicable, + your browser will revert back to default settings, as offered + by Mozilla. All other releases of Firefox remain unaffected + by the change. + SuSEfirewall2 +- perl-Net-DNS is only needed by some ancillary helper tool but not for the + core features. So set it to Recommended. + +- hosting moved to github.com/opensuse/susefirewall2 +- added a sysvinit -> systemd conversion hack (bnc#891669) + +- SuSEfirewall2, ACCEPT from services is a local variable, otherwise + "ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040) + +- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT + +- Allow incoming DHCPv6 replies, currently unlimited. + bnc#867819,bnc#868031,bnc#783002,bnc#822959 +- typo fix customary -> custom bnc#835677 + +- add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705) + +- adjust service files so manual starts work better (bnc#819499) + +- license update: GPL-2.0 + Various GPL-2.0 (only) licensed files + +- clarify what the default is in FW_MASQ_NETS (bnc#817233) +- removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719) + +- do not add dependency information about YaST2 Second Stage (bnc#800365) + +- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834) + +- move to /usr, remove init scripts + +- adjust for starting via systemd service files +- move lock files to /run +- just CT instead of NOTRACK (bnc#793459) + +- getdevinfo is gone as per commit 0c5ac93 (bnc#777271) + +- honor FW_IPv6 setting also in debug mode (bnc#769411) + +- fix logging in test mode + +- allow icmpv6 in FW_SERVICES_*_* + +- allow ICMPv6 Multicast Listener Query (bnc#767392) + +- fix typo spotted by Frederic + +- assume all interface names are correct (bnc#739084) + +- fix forward masquerading (bnc#736205) +- compat syntax for negated options no longer works (bnc#660156, bnc#731088) +- enhance debug mode + +- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438) + +- set SYSTEMD_NO_WRAP for status (bnc#727445) + +- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583) + +- fix typo (bnc#721845) +- atomic zone status writing + +- Remove redundant tags/sections from specfile + +- sanitize FW_ZONE_DEFAULT (bnc#716013) +- add warning about iptables-batch to SuSEfirewall2-custom +- fix warning about /proc/net/ip_tables_names not readable +- don't install input rules for interfaces in default zone +- Add hook fw_custom_after_finished +- update FAQ (bnc#694464) +- clean up overrides when stopping the firewall (bnc#630961) +- change default FW_LOG_ACCEPT_CRIT to "no" +- allow redir without port specification +- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997) +- fix zonein and zoneout parameters +- fix reverse direction of forwarding rules (bnc#679192) + +- introduce rpcusers file to allow statd to run as non-root + (bnc#668553) + +- add zonein and zoneout parameters for FW_FORWARD +- fix typos + +- don't start in runlevel 4 by default (bnc#656520) +- cut off long zone names (bnc#644527) +- fix and enhance output of log command (bnc#663262) + +- don't unload rules when using systemd + +- list some known rpc services as Should-Start +- don't filter outgoing packets at all +- fix an example (bnc#641907) +- fix status check in SuSEfirewall2_init (bnc#628751) + +- don't use fillup anymore as it keeps corrupting the config file + (bnc#340926) + +- remove "batch committing..." message +- read defaults from separate file +- warn if highports config options are set +- finally drop 'highports' misfeature +- remove kernel ipv6 module detection (bnc#617033) +- silence warning about default zone (bnc#616841) +- SuSEfirewall2-open: don't add values multiple times +- Use multiprotocol xt_conntrack + +- only directories in /sys/class/net are real interfaces (bnc#609810) + +- add entry about drbd to FAQ +- update docu +- implement FW_BOOT_FULL_INIT + +- use new versioning scheme after switch of repo to git +- update and rebuild docu +- remove really old rc.config conversion code from spec file + +- fix spelling error in sysconfig file (bnc#537427) +- polishing of log drop policy (bnc#538053) + * drop multicast packets silently + * separate drop rule for broadcast packets at end of chain + * only consider NEW udp packets as critical + * don't log INVALID packets as critical + +- implement runtime override of interface zones +- allow disabling NOTRACK rules on lo (bnc#519526) + +- remove chkconfig calls (bnc#522268) + +- add note about use as bridging firewall +- allow to set FW_ZONE_DEFAULT via config file +- deprecate fw_custom_before_antispoofing and + fw_custom_after_antispoofing, use fw_custom_after_chain_creation + instead + +- add note that ulog doesn't work with IPv6 (bnc#442756) +- fix version number in help text +- allow service files to specify kernel modules and allow related packets +- silence an error from bash if a service config file is not available (bnc#487870) +- better wording for BROADCAST in template +- update firewall hook script (patch by Marius) + aaa_base +- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to + allow ICMP ping +- added patches + + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch + +- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to + current version which includes a rename of patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + as otherwise autopatch macro does not work anymore + +- Include all fixes and changes for systemwide inputrc to remove + the 8 bit escape sequence which interfere with UTF-8 multi byte + characters as well as support the vi mode of readline library. + This is done with the patches + * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch + * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch + before the changed patch + git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + rename it to + git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch + and also add the patches + * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch + * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch + autoyast2 +- Respect general/signature-handling settings during the 2nd + stage (bsc#1197655). +- 4.4.36 + bcm43xx-firmware +- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286) + +- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) -- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370) +- Update BCM4345C0.hcd dracut +- Update to version 055+suse.248.g92d06110: + * fix(resume): correct call to block_is_netdevice function (bsc#1197737) + * chore(suse): remove fipscheck requirement (bsc#1198065) + joe +- Convert Russian and Ukrainian docs and locales from KOI8 to + UTF-8. +- Corrected License tag. +- Use full URL for Source. + +- Fix yet another case of stack smashing. + +- Remove lang_additions.bz2 obsoleted by inclusion in the gettextization + patch. + +- Fix SIGIOT in autoindent (bnc#548327) +- Minor code cleanup. +- Redo the gettextisation patch (include all files added by tarball + and gettextize). +- Update German translation. + +- Make syntax files config(noreplace) so that updates don't overwrite + modifications. + kernel-default +- iwlwifi: fix use-after-free (bsc#1197762 git-fixes). +- commit d5140bb + +- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762) + Correct the entries that have *-64.ucode instead of *-63.ucode +- commit d8b5646 + +- Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155) +- commit 69353e8 + +- USB: gadget: validate interface OS descriptor requests + (CVE-2022-25258 bsc#1196095 git-fixes). +- commit 4a7f6a3 + +- Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247) +- commit 5b2f9f9 + +- vdpa: clean up get_config_size ret value handling (CVE-2022-0998 + bsc#1197247). +- commit 0d2ae2e + +- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO + (bsc#1196806, bsc#1196961). +- commit 2771ae3 + +- Move upstreamed ALSA fix into sorted section +- commit 051af6b + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit 5e55cab + +- net: sched: fix use-after-free in tc_new_tfilter() + (CVE-2022-1055 bsc#1197702). +- commit 77a7f01 + libexif +- libexif-CVE-2020-0198-CVE-2020-0181.patch: adjusted overflow checking + code to in exif-data to not be optimized away. (CVE-2020-0198, + CVE-2020-0181, bsc#1172802, bsc#1172768) +- libexif-CVE-2020-0452.patch: adjusted a overflow check to not + be optimized away by the compiler (CVE-2020-0452 bsc#1178479) + -- updated to 0.6.21 - * Fixed some buffer overflows in exif_entry_format_value() - This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an off-by-one error in exif_convert_utf16_to_utf8() - This can cause a one-byte NUL write past the end of the buffer. - This fixes CVE-2012-2840 - * Don't read past the end of a tag when converting from UTF-16 - This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed an out of bounds read on corrupted input - The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, - NUL-terminated. - This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of - Google Security Team - * Fixed a buffer overflow problem in exif_entry_get_value - If the application passed in a buffer length of 0, then it would - be treated as the buffer had unlimited length. - This fixes CVE-2012-2841 - * Fix a buffer overflow on corrupt EXIF data. - This fixes bug #3434540 and fixes part of CVE-2012-2836 - Reported by Yunho Kim - * Fix a buffer overflow on corrupted JPEG data - An unsigned data length might wrap around when decremented - below zero, bypassing sanity checks on length. - This code path can probably only occur if exif_data_load_data() - is called directly by the application on data that wasn't parsed - by libexif itself. - This solves the other part of CVE-2012-2836 - * Fixed some possible division-by-zeros in Olympus-style makernotes - This fixes bug #3434545, a.k.a. CVE-2012-2837 - Reported by Yunho Kim - * lots and lots of translations updates. - * added more Canon lenses. - * changed "knots" to "nautical miles" - libgcrypt +- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700] + * Mark RSA public key encryption and private key decryption with + padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks + peer key assurance validation requirements per SP800-56Brev2. + * Mark ECC as approved only for NIST curves P-224, P-256, P-384 + and P-521 with check for common NIST names and aliases. + * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved. + * Add libgcrypt-FIPS-SLI-pk.patch + * Rebase libgcrypt-FIPS-service-indicators.patch +- Run the regression tests also in FIPS mode. + * Disable tests for non-FIPS approved algos. + * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch + libnvme +- Update to version 1.0: + * tree: Remove default port setting for TCP and RDMA ports + * tree: add 'f_args' argument to pass user data to the filter function + * tree: remove 'ctrl_get_ana_state()' + * tree: add namespace path iterators + * tree: filter out namespaces + * tree: update nvme_scan_filter_t usage + +- Update to version 1.0-rc8: + * types: Add support for get log - MI Command Supported + * types: Add new Identify constant + * types: Update persistent event entry struct added new fields + * types: Add Host Initiated Data Gen Number to telemetry log struct + * tree: always allocate config file in nvme_read_config() + * tree: rework nvme_scan_subsystem() + * tree: make subsystem name mandatory in nvme_scan_ctrl() + * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() + * tree: do not return error when filtering out subsystems + * tree: add debugging messages during scanning + * tree: Handle NULL subsysname in nvme_scan_ctrl() + * tree: Fix subsystem initialization in nvme_scan_ctrl() + * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() + * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL + * tree: Clarify NULL return values from nvme_get_attr() + * fabrics: Invoke nvmf_dim() with provided tas argument + * fabrics: add 'nvmf_update_config()' + * fabrics: Avoid out of bounds string chomping + * fabrics: Free old traddr in nvmf_add_ctrl + * fabrics: update log level for write failures + * fabrics: Streamlining documentation + * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() + * fabrics: Add missing break in a switch + * ioctl: Remove attribute packed and alignedof for args structs + * ioctl: Align arguments indentation with braces + * json: fix endless loop scanning for controllers + * Remove nvme_init_id_ns + * Add lbstm support for create-ns + * documentation updates + libotr +- add libtool as buildrequire to avoid implicit dependency + librest -- Add baselibs.conf, as we need the 32bit package for - gnome-online-account libraries. - -- Split typelib files into typelib-1_0-Rest-0_7 subpackage. -- Add typelib-1_0-Rest-0_7 Requires to devel subpackage. -- Change librest0 group from Development/Libraries/GNOME to - System/Libraries. - -- Update to version 0.7.12: - + Build: Detect CA file location [bgo#663783] - + proxy: Force all SSL certificates to be trusted [bgo#663783] -- Add config(ca-certificates) BuildRequires and Recommends in the - shared library package. -- Pass --with-ca-certificates=/etc/ssl/ca-bundle.pem to configure. - -- Update to version 0.7.11: - + oauth-proxy: Fix format string warning - + oauth: - - Add GType for OAuthSignatureMethod enum - - Add property for signature type - + Build fixes. - -- Update to version 0.7.10: - + Introduce rest_proxy_call_upload to provide progress feedback. - + youtube-proxy: Added upload progress callbacks. - + Added documentation to rest_proxy_call_upload. - + bmc#13746: proxy-call: Allow customisation of data - serialization. - -- Update to version 0.7.9: - + Add "disable-cookies" construction property to RestProxy. - -- Update to version 0.7.8: - + Add youtube proxy for uploaded video. - + Fix introspection build. -- Drop librest-fix-introspection.patch: fixed upstream. - -- Update to version 0.7.7: - + Fix a few introspection issues - + oauth-proxy: - - Use POST method to do OAuth 1.0 authentication. - - Added 'signature-host' propery. -- Add librest-fix-introspection.patch: fix introspection build. - Taken from upstream, commit e9c917. - -- Update to version 0.7.6: - + API for manually constructing and outputting XML -- Changes from version 0.7.5: - + Introspection build fixes -- Changes from version 0.7.4: - + Add cookie support to rest-proxy. - + proxy-call: Add continuous call mode - + Various bug fixes. -- Changes from version 0.7.3: - + Fix memory corruption in oauth-proxy-call. -- Changes from version 0.7.2: - + post-twitter: use the correct URL endpoint - + Plug leak. -- Changes from version 0.7.1: - + Flickr: add upload support - + Various bug fixes. - + Improved documentation. -- Changes from version 0.7.0: - + Remove FacebookProxy - + Add Lastfm proxy - + Add a oauth2 proxy - + Add RestParam and RestParams types - + Flickr proxy: Allow specifying the permissions required in the - login url - + Various bug fixes. - + Improved documentation. -- Drop librest-fbconnect-url.patch: facebook features got removed - upstream. -- Change BuildRequires to pkgconfig() ones: glib2-devel to - glib-2.0, libsoup-devel to libsoup-2.4 and libsoup-gnome-2.4, - libxml2-devel to libxml-2.0. -- Add pkgconfig(gobject-introspection-1.0) BuildRequires to enable - introspection. -- Update Url tag. - -- Update to version 0.6.3: - + Fix leaks. - + Code cleanups. -- Changes from version 0.6.2: - + Add introspection support. - + Mark GErrors which shouldn't be freed as const. - + Add oauth_proxy_call_parse_token_reponse to parse token - responses. - + Build system fixes. -- Remove explicit Requires of devel packages in devel subpackage: - they will be added automatically the pkgconfig()-way. - -- (re?)add librest-fbconnect-url.patch from Moblin:Factory to fix - the build of bisho -- some spec file tidying: more explicit %files listing to avoid - unintended/unnoticed major changes -- use %soname and %abi defines throughout to spec to ease - future maintenance - -- Fix spec to comply with shared libraries policy. - -- Rename to librest, provide/obsolete rest - -- Add librest-fbconnect-url.patch to add a new fbconnect url - funciton for facebook - -- Upddate to 0.6.1 - * 四 7月 16 2009 Gary Lin 0.520090716 -- Update to commit ff4561e2a8c38f49127f6e3b2ce7c238a29e1571 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit e9a71922f5997243c45dfaaff21dd9b4a6340ca3 - * 四 7月 09 2009 Gary Lin 0.420090709 -- Update to commit 41f91eec3d26a2514c4bc310b90829cd2d14ed4a - -- Update to commit 92e1871d3181a73a780f588689733f25e3df5b48 - -- Use configure macro to get the right options. - -- Update to commit e49d8730bfb277af59732822e78535ef37e29b6c - -- Update to commit 153d2e8c5cc3452a7275c7ea7fa6abe8750cde8b - nfs-utils +- Add 0023-cache.c-removed-a-couple-warning.patch + Fix compilation with new glibc (SLE15-SP4) + (bsc#1197788) + +- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch + Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch + Ensure "sloppy" is added correctly for newer kernels. Particularly + required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels. + (boo#1197297) + nvme-cli +- Update to version 2.0: + * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243) + * fabrics: Set KATO for discovery controller when connecting + * fabrics: Do no modify default config for discovery controller + * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858) + * fabrics: Support connect even when no /etc/nvme/hostnqn file exists + * nvme: update to nvme_scan_filter_t modifications (bsc#1195938) + * plugins/intel: make 'buckets' a json array + * plugins: Update WDC capabilities command with new commmands + * plugins: Add OCP plugin + +- Update to version 2.0-rc8: + * fabrics: Add DIM command + * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) + * fabrics: Free non-matching controller during discovery + * fabrics: add 'nvme config' command + * fabrics: Correctly stringify discovery.conf and config.json paths + * nvme-print: Add human readable print for nsattr field + * nvme-print: Update Persistent Event log fields + * nvme-print: print discovery async event support + * nvme-rpmb: Fix spelling for 'Partition' + * nvme-copy: add missing field to the command + * nvme: add get_mi_cmd_support_effects_log command + * nvme: Fixup namespace filtering yet again + * nvme: Use type bool for OPT_FLAG + * nvme: use filter for 'list-subsys ' (bsc#1195938) + * Add lbstm option to create-ns + * argconfig: Do not use default value loading by getopt_long_only + * argconfig: Rename CFG_NONE to CFG_FLAG + * plugins: Use type bool for OPT_FLAG + * documenation updates +- Drop 'ProtectKernelTunables=true' (bsc#1197076) + patterns-yast +- Neither recommend nor suggest YaST NIS packages for TW + (bsc#1183893). +- 20220411 + permissions + * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649) + +- Update to version 20201225: polkit-default-privs +- Update to version 13.2+20220404.53052a9: + * Add missing GNOME Control Center login helper + * Reorder gnome and budgie control center entries + * Backport budgie-control-center whitelisting (bsc#1195023) + +- Update to version 13.2+20220401.c64d869: + * Backport of deepin-api whitelisting (bsc#1196681 bsc#1070943) + * Fix generation of file /etc/polkit-1/rules.d/90-default-privs.rules + python-pyOpenSSL +- update to 20.0.1: + - Fixed compatibility with OpenSSL 1.1.0. + +- Adjust metadata for skip-networked-test.patch and refer to the proper + upstream ticket gh#pyca/pyopenssl#68. + +- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also + skip test_verify_with_time on %ix86. + +- Update to v20.0.0 + - Backward-incompatible changes: + - The minimum cryptography version is now 3.2. + - Remove deprecated OpenSSL.tsafe module. + - Removed deprecated + OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated. + - Drop support for Python 3.4 + - Drop support for OpenSSL 1.0.1 and 1.0.2 + - Deprecations: + - Deprecated OpenSSL.crypto.loads_pkcs7 and + OpenSSL.crypto.loads_pkcs12. + - Changes: + - Added a new optional chain parameter to + OpenSSL.crypto.X509StoreContext() where additional untrusted + certificates can be specified to help chain building. #948 + - Added OpenSSL.crypto.X509Store.load_locations to set trusted + certificate file bundles and/or directories for verification. + [#943] + - Added Context.set_keylog_callback to log key material. #910 + - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve + the verified certificate chain of the peer. #894. + - Make verification callback optional in Context.set_verify. If + omitted, OpenSSL’s default verification is used. #933 + - Fixed a bug that could truncate or cause a zero-length key + error due to a null byte in private key passphrase in + OpenSSL.crypto.load_privatekey and + OpenSSL.crypto.dump_privatekey. #947 +- drop patch fix-compilation-2020.patch: no longer needed +- refreshed patch skip-networked-test.patch + +- Update to v19.1 + * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType, + X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType. + Use the classes without the ``Type`` suffix instead. + * The minimum ``cryptography`` version is now 2.8 + * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback, + OpenSSL.SSL.Context.set_npn_select_callback, and + OpenSSL.SSL.Connection.get_next_proto_negotiated + ALPN should be used instead. + * Support bytearray in SSL.Connection.send() by using cffi's from_buffer + * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new + NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake + to complete without an application protocol. + qemu +- Support the SGX feature (bsc#1197807) + * Patches added: + doc-Add-the-SGX-numa-description.patch + numa-Enable-numa-for-SGX-EPC-sections.patch + numa-Support-SGX-numa-in-the-monitor-and.patch + +- Backport CVE-2021-3929 (bsc#1193880) + * Patches added: + hw-nvme-fix-CVE-2021-3929.patch + +- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) + * Patches added: + Revert-python-iotests-replace-qmp-with-a.patch + Revert-python-machine-add-instance-disam.patch + Revert-python-machine-add-sock_dir-prope.patch + Revert-python-machine-handle-fast-QEMU-t.patch + Revert-python-machine-move-more-variable.patch + Revert-python-machine-remove-_remove_mon.patch + +- Add missing patch from a PTFs (bsc#1194938) + * Patches added: + scsi-generic-check-for-additional-SG_IO-.patch + +- Kill downstream patches around bifmt handling that makes + cumbersome to run multi-arch containers, and switch to the + upstream behavior, which is well documented and valid on + all other distros. This is possible thanks to Linux kernel + commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so + it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) + * Patches dropped: + qemu-binfmt-conf.sh-allow-overriding-SUS.patch + qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch + +- Fix update_git.sh wiping all the package file of the local + checkout while cloning the git repository on demand (in case they + don't exist and the user as to do so). + +- Improve test reliability + * Patches added: + Fix-the-module-building-problem-for-s390.patch + tests-qemu-iotests-040-Skip-TestCommitWi.patch + tests-qemu-iotests-testrunner-Quote-case.patch + +- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall + (bsc#1196924) + * Patches added: + tools-virtiofsd-Add-rseq-syscall-to-the-.patch + +- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 + (bsc#1197018) + * Patches added: + hw-i386-amd_iommu-Fix-maybe-uninitialize.patch + Silence-GCC-12-spurious-warnings.patch + Ignore-spurious-GCC-12-warning.patch + +- Proactive fix + * Patches added: + hw-nvram-at24-return-0xff-if-1-byte-addr.patch + rp-pppoe +- beautify spec + sunpinyin +- initial package 2.0.4 + +- Updated to 2.0.3.99. Thanks to csslayer! + +- Rename libsunpinyin3-devel to libsunpinyin-devel +- Add explicitly dependency from devel sub-package +- Clean up spec file + +- Check the license for open-gram. +- bz2ed all sources. + +- First build 2.0.3 for suse and Fedora. + systemd +- Import commit e62acb68de9bccfa272bef98fe5b38effc37528a + b70267d883 journald: make use of CLAMP() in cache_space_refresh() + 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) + d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut + 05499d5a30 fs-util: fix typos in comments + 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new() + 4d07c034da fs-util: add openat_report_new() wrapper around openat() + 258c04836d meson: build kernel-install man page when necessary + 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set + d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi + 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093) + 9145684460 build: include status of TPM2 in the feature string show by --version + +- spec: make sure /lib exists when installing conf files in /lib/modprobe.d + +- spec: enable 'efi' support regardless of whether sd_boot is enabled or not + We should support EFI systems even if systemd-boot is not enabled. + +- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE + timezone +- timezone update 2022a (bsc#1177460): + * Palestine will spring forward on 2022-03-27, not -03-26* + * zdump -v now outputs better failure indications + * Bug fixes for code that reads corrupted TZif data + xz +- Fix ZDI-CAN-16587 Fix escaping of malicious filenames + (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271) + * bsc1198062.patch + yaml-cpp +- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp + allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20573, bsc#1121227) +- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in + yaml-cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2018-20574, bsc#1121230) +- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in + cpp allows remote attackers to cause DOS via a crafted YAML file + (CVE-2019-6285, bsc#1122004) +- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in + yaml-cpp which cause DOS by stack consumption + (CVE-2019-6292, bsc#1122021) +- Added patch cve-2018-20574.patch + yast2-installation +- AutoYaST: move custom file creation past user creation so that + the element files/file/file_owner actually has an effect + (bsc#1196595) +- 4.4.51 + yast2-packager +- Fixed regression in repository alias name for add-ons (bsc#1193214) +- 4.4.27 +