Removed rpms
============
- mozilla-nss-certs
Added rpms
==========
- p11-kit-nss-trust
Package Source Changes
======================
MozillaFirefox
+- Firefox Extended Support Release 91.8.0 ESR (bsc#1197903)
+ Release candidate! Details filled in later, once it has been released
+
+- Adjust rust dependency for SP3 and later. TW uses always the
+ newest version of rust, but we don't, so we can't use the
+ rust+cargo notation, which would need both < and >= requirements.
+ (bsc#1197698)
+
+- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
+ faster buildhosts, as the others struggle to build FF.
+
+- Firefox Extended Support Release 91.7.1 ESR
+ * Changed: Yandex and Mail.ru have been removed as optional
+ search providers in the drop-down search menu in Firefox.
+ If you previously installed a customized version of Firefox
+ with Yandex or Mail.ru, offered through partner distribution
+ channels, this release removes those customizations,
+ including add-ons and default bookmarks. Where applicable,
+ your browser will revert back to default settings, as offered
+ by Mozilla. All other releases of Firefox remain unaffected
+ by the change.
+
SuSEfirewall2
+- perl-Net-DNS is only needed by some ancillary helper tool but not for the
+ core features. So set it to Recommended.
+
+- hosting moved to github.com/opensuse/susefirewall2
+- added a sysvinit -> systemd conversion hack (bnc#891669)
+
+- SuSEfirewall2, ACCEPT from services is a local variable, otherwise
+ "ACCEPT" would be used a service name (bnc#889406 bnc#889555 bnc#887040)
+
+- Added ACCEPT to TEMPLATE using FW_SERVICES_ACCEPT
+
+- Allow incoming DHCPv6 replies, currently unlimited.
+ bnc#867819,bnc#868031,bnc#783002,bnc#822959
+- typo fix customary -> custom bnc#835677
+
+- add perl-Net-DNS requires for "SuSEfirewall2 log" (bnc#856705)
+
+- adjust service files so manual starts work better (bnc#819499)
+
+- license update: GPL-2.0
+ Various GPL-2.0 (only) licensed files
+
+- clarify what the default is in FW_MASQ_NETS (bnc#817233)
+- removed the --rttl option in recent matches, as this could also be used by attackers (bnc#800719)
+
+- do not add dependency information about YaST2 Second Stage (bnc#800365)
+
+- fix defaultl value docu for FW_PROTECT_FROM_INT (bnc#798834)
+
+- move to /usr, remove init scripts
+
+- adjust for starting via systemd service files
+- move lock files to /run
+- just CT instead of NOTRACK (bnc#793459)
+
+- getdevinfo is gone as per commit 0c5ac93 (bnc#777271)
+
+- honor FW_IPv6 setting also in debug mode (bnc#769411)
+
+- fix logging in test mode
+
+- allow icmpv6 in FW_SERVICES_*_*
+
+- allow ICMPv6 Multicast Listener Query (bnc#767392)
+
+- fix typo spotted by Frederic
+
+- assume all interface names are correct (bnc#739084)
+
+- fix forward masquerading (bnc#736205)
+- compat syntax for negated options no longer works (bnc#660156, bnc#731088)
+- enhance debug mode
+
+- use /sbin/rpcinfo as /usr/sbin/rpcinfo is gone (bnc#727438)
+
+- set SYSTEMD_NO_WRAP for status (bnc#727445)
+
+- fix manual rcSuSEfirewall2 stop with sytemd (bnc#717583)
+
+- fix typo (bnc#721845)
+- atomic zone status writing
+
+- Remove redundant tags/sections from specfile
+
+- sanitize FW_ZONE_DEFAULT (bnc#716013)
+- add warning about iptables-batch to SuSEfirewall2-custom
+- fix warning about /proc/net/ip_tables_names not readable
+- don't install input rules for interfaces in default zone
+- Add hook fw_custom_after_finished
+- update FAQ (bnc#694464)
+- clean up overrides when stopping the firewall (bnc#630961)
+- change default FW_LOG_ACCEPT_CRIT to "no"
+- allow redir without port specification
+- make FW_SERVICES_{REJECT,DROP}_* take precedende before ACCEPT (bnc#671997)
+- fix zonein and zoneout parameters
+- fix reverse direction of forwarding rules (bnc#679192)
+
+- introduce rpcusers file to allow statd to run as non-root
+ (bnc#668553)
+
+- add zonein and zoneout parameters for FW_FORWARD
+- fix typos
+
+- don't start in runlevel 4 by default (bnc#656520)
+- cut off long zone names (bnc#644527)
+- fix and enhance output of log command (bnc#663262)
+
+- don't unload rules when using systemd
+
+- list some known rpc services as Should-Start
+- don't filter outgoing packets at all
+- fix an example (bnc#641907)
+- fix status check in SuSEfirewall2_init (bnc#628751)
+
+- don't use fillup anymore as it keeps corrupting the config file
+ (bnc#340926)
+
+- remove "batch committing..." message
+- read defaults from separate file
+- warn if highports config options are set
+- finally drop 'highports' misfeature
+- remove kernel ipv6 module detection (bnc#617033)
+- silence warning about default zone (bnc#616841)
+- SuSEfirewall2-open: don't add values multiple times
+- Use multiprotocol xt_conntrack
+
+- only directories in /sys/class/net are real interfaces (bnc#609810)
+
+- add entry about drbd to FAQ
+- update docu
+- implement FW_BOOT_FULL_INIT
+
+- use new versioning scheme after switch of repo to git
+- update and rebuild docu
+- remove really old rc.config conversion code from spec file
+
+- fix spelling error in sysconfig file (bnc#537427)
+- polishing of log drop policy (bnc#538053)
+ * drop multicast packets silently
+ * separate drop rule for broadcast packets at end of chain
+ * only consider NEW udp packets as critical
+ * don't log INVALID packets as critical
+
+- implement runtime override of interface zones
+- allow disabling NOTRACK rules on lo (bnc#519526)
+
+- remove chkconfig calls (bnc#522268)
+
+- add note about use as bridging firewall
+- allow to set FW_ZONE_DEFAULT via config file
+- deprecate fw_custom_before_antispoofing and
+ fw_custom_after_antispoofing, use fw_custom_after_chain_creation
+ instead
+
+- add note that ulog doesn't work with IPv6 (bnc#442756)
+- fix version number in help text
+- allow service files to specify kernel modules and allow related packets
+- silence an error from bash if a service config file is not available (bnc#487870)
+- better wording for BROADCAST in template
+- update firewall hook script (patch by Marius)
+
aaa_base
+- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
+ allow ICMP ping
+- added patches
+ + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
+
+- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
+ current version which includes a rename of patch
+ git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
+ to
+ git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
+ as otherwise autopatch macro does not work anymore
+
+- Include all fixes and changes for systemwide inputrc to remove
+ the 8 bit escape sequence which interfere with UTF-8 multi byte
+ characters as well as support the vi mode of readline library.
+ This is done with the patches
+ * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
+ * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
+ before the changed patch
+ git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
+ rename it to
+ git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
+ and also add the patches
+ * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
+ * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
+
autoyast2
+- Respect general/signature-handling settings during the 2nd
+ stage (bsc#1197655).
+- 4.4.36
+
bcm43xx-firmware
+- Add required firmware file for Bluetooth module found on RPi Zero 2W (bsc#1197286)
+
+- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370)
-- Update BCM4345C0.hcd to fix Spectra for CYW43455 (CVE-2020-10370)
+- Update BCM4345C0.hcd
dracut
+- Update to version 055+suse.248.g92d06110:
+ * fix(resume): correct call to block_is_netdevice function (bsc#1197737)
+ * chore(suse): remove fipscheck requirement (bsc#1198065)
+
joe
+- Convert Russian and Ukrainian docs and locales from KOI8 to
+ UTF-8.
+- Corrected License tag.
+- Use full URL for Source.
+
+- Fix yet another case of stack smashing.
+
+- Remove lang_additions.bz2 obsoleted by inclusion in the gettextization
+ patch.
+
+- Fix SIGIOT in autoindent (bnc#548327)
+- Minor code cleanup.
+- Redo the gettextisation patch (include all files added by tarball
+ and gettextize).
+- Update German translation.
+
+- Make syntax files config(noreplace) so that updates don't overwrite
+ modifications.
+
kernel-default
+- iwlwifi: fix use-after-free (bsc#1197762 git-fixes).
+- commit d5140bb
+
+- Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1197762)
+ Correct the entries that have *-64.ucode instead of *-63.ucode
+- commit d8b5646
+
+- Update patch references for a few already backported fixes (CVE-2022-26878 bsc#1197035 bsc#1193983 CVE-2021-4148 bsc#1197366 CVE-2021-45868 CVE-2022-0644 bsc#1196155)
+- commit 69353e8
+
+- USB: gadget: validate interface OS descriptor requests
+ (CVE-2022-25258 bsc#1196095 git-fixes).
+- commit 4a7f6a3
+
+- Update patch reference for vdpa fix (CVE-2022-0998 bsc#1197247)
+- commit 5b2f9f9
+
+- vdpa: clean up get_config_size ret value handling (CVE-2022-0998
+ bsc#1197247).
+- commit 0d2ae2e
+
+- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
+ (bsc#1196806, bsc#1196961).
+- commit 2771ae3
+
+- Move upstreamed ALSA fix into sorted section
+- commit 051af6b
+
+- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
+ mmap_lock (CVE-2022-1048 bsc#1197331).
+- Refresh
+ patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
+- commit 5e55cab
+
+- net: sched: fix use-after-free in tc_new_tfilter()
+ (CVE-2022-1055 bsc#1197702).
+- commit 77a7f01
+
libexif
+- libexif-CVE-2020-0198-CVE-2020-0181.patch: adjusted overflow checking
+ code to in exif-data to not be optimized away. (CVE-2020-0198,
+ CVE-2020-0181, bsc#1172802, bsc#1172768)
+- libexif-CVE-2020-0452.patch: adjusted a overflow check to not
+ be optimized away by the compiler (CVE-2020-0452 bsc#1178479)
+
-- updated to 0.6.21
- * Fixed some buffer overflows in exif_entry_format_value()
- This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of
- Google Security Team
- * Fixed an off-by-one error in exif_convert_utf16_to_utf8()
- This can cause a one-byte NUL write past the end of the buffer.
- This fixes CVE-2012-2840
- * Don't read past the end of a tag when converting from UTF-16
- This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of
- Google Security Team
- * Fixed an out of bounds read on corrupted input
- The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not,
- NUL-terminated.
- This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of
- Google Security Team
- * Fixed a buffer overflow problem in exif_entry_get_value
- If the application passed in a buffer length of 0, then it would
- be treated as the buffer had unlimited length.
- This fixes CVE-2012-2841
- * Fix a buffer overflow on corrupt EXIF data.
- This fixes bug #3434540 and fixes part of CVE-2012-2836
- Reported by Yunho Kim
- * Fix a buffer overflow on corrupted JPEG data
- An unsigned data length might wrap around when decremented
- below zero, bypassing sanity checks on length.
- This code path can probably only occur if exif_data_load_data()
- is called directly by the application on data that wasn't parsed
- by libexif itself.
- This solves the other part of CVE-2012-2836
- * Fixed some possible division-by-zeros in Olympus-style makernotes
- This fixes bug #3434545, a.k.a. CVE-2012-2837
- Reported by Yunho Kim
- * lots and lots of translations updates.
- * added more Canon lenses.
- * changed "knots" to "nautical miles"
-
libgcrypt
+- FIPS: Implement a service indicator for asymmetric ciphers [bsc#1190700]
+ * Mark RSA public key encryption and private key decryption with
+ padding (e.g. OAEP, PKCS) as non-approved since RSA-OAEP lacks
+ peer key assurance validation requirements per SP800-56Brev2.
+ * Mark ECC as approved only for NIST curves P-224, P-256, P-384
+ and P-521 with check for common NIST names and aliases.
+ * Mark DSA, ELG, EDDSA, ECDSA and ECDH as non-approved.
+ * Add libgcrypt-FIPS-SLI-pk.patch
+ * Rebase libgcrypt-FIPS-service-indicators.patch
+- Run the regression tests also in FIPS mode.
+ * Disable tests for non-FIPS approved algos.
+ * Rebase: libgcrypt-FIPS-verify-unsupported-KDF-test.patch
+
libnvme
+- Update to version 1.0:
+ * tree: Remove default port setting for TCP and RDMA ports
+ * tree: add 'f_args' argument to pass user data to the filter function
+ * tree: remove 'ctrl_get_ana_state()'
+ * tree: add namespace path iterators
+ * tree: filter out namespaces
+ * tree: update nvme_scan_filter_t usage
+
+- Update to version 1.0-rc8:
+ * types: Add support for get log - MI Command Supported
+ * types: Add new Identify constant
+ * types: Update persistent event entry struct added new fields
+ * types: Add Host Initiated Data Gen Number to telemetry log struct
+ * tree: always allocate config file in nvme_read_config()
+ * tree: rework nvme_scan_subsystem()
+ * tree: make subsystem name mandatory in nvme_scan_ctrl()
+ * tree: move nvme_init_subsystem() into nvme_lookup_subsystem()
+ * tree: do not return error when filtering out subsystems
+ * tree: add debugging messages during scanning
+ * tree: Handle NULL subsysname in nvme_scan_ctrl()
+ * tree: Fix subsystem initialization in nvme_scan_ctrl()
+ * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace()
+ * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL
+ * tree: Clarify NULL return values from nvme_get_attr()
+ * fabrics: Invoke nvmf_dim() with provided tas argument
+ * fabrics: add 'nvmf_update_config()'
+ * fabrics: Avoid out of bounds string chomping
+ * fabrics: Free old traddr in nvmf_add_ctrl
+ * fabrics: update log level for write failures
+ * fabrics: Streamlining documentation
+ * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry()
+ * fabrics: Add missing break in a switch
+ * ioctl: Remove attribute packed and alignedof for args structs
+ * ioctl: Align arguments indentation with braces
+ * json: fix endless loop scanning for controllers
+ * Remove nvme_init_id_ns
+ * Add lbstm support for create-ns
+ * documentation updates
+
libotr
+- add libtool as buildrequire to avoid implicit dependency
+
librest
-- Add baselibs.conf, as we need the 32bit package for
- gnome-online-account libraries.
-
-- Split typelib files into typelib-1_0-Rest-0_7 subpackage.
-- Add typelib-1_0-Rest-0_7 Requires to devel subpackage.
-- Change librest0 group from Development/Libraries/GNOME to
- System/Libraries.
-
-- Update to version 0.7.12:
- + Build: Detect CA file location [bgo#663783]
- + proxy: Force all SSL certificates to be trusted [bgo#663783]
-- Add config(ca-certificates) BuildRequires and Recommends in the
- shared library package.
-- Pass --with-ca-certificates=/etc/ssl/ca-bundle.pem to configure.
-
-- Update to version 0.7.11:
- + oauth-proxy: Fix format string warning
- + oauth:
- - Add GType for OAuthSignatureMethod enum
- - Add property for signature type
- + Build fixes.
-
-- Update to version 0.7.10:
- + Introduce rest_proxy_call_upload to provide progress feedback.
- + youtube-proxy: Added upload progress callbacks.
- + Added documentation to rest_proxy_call_upload.
- + bmc#13746: proxy-call: Allow customisation of data
- serialization.
-
-- Update to version 0.7.9:
- + Add "disable-cookies" construction property to RestProxy.
-
-- Update to version 0.7.8:
- + Add youtube proxy for uploaded video.
- + Fix introspection build.
-- Drop librest-fix-introspection.patch: fixed upstream.
-
-- Update to version 0.7.7:
- + Fix a few introspection issues
- + oauth-proxy:
- - Use POST method to do OAuth 1.0 authentication.
- - Added 'signature-host' propery.
-- Add librest-fix-introspection.patch: fix introspection build.
- Taken from upstream, commit e9c917.
-
-- Update to version 0.7.6:
- + API for manually constructing and outputting XML
-- Changes from version 0.7.5:
- + Introspection build fixes
-- Changes from version 0.7.4:
- + Add cookie support to rest-proxy.
- + proxy-call: Add continuous call mode
- + Various bug fixes.
-- Changes from version 0.7.3:
- + Fix memory corruption in oauth-proxy-call.
-- Changes from version 0.7.2:
- + post-twitter: use the correct URL endpoint
- + Plug leak.
-- Changes from version 0.7.1:
- + Flickr: add upload support
- + Various bug fixes.
- + Improved documentation.
-- Changes from version 0.7.0:
- + Remove FacebookProxy
- + Add Lastfm proxy
- + Add a oauth2 proxy
- + Add RestParam and RestParams types
- + Flickr proxy: Allow specifying the permissions required in the
- login url
- + Various bug fixes.
- + Improved documentation.
-- Drop librest-fbconnect-url.patch: facebook features got removed
- upstream.
-- Change BuildRequires to pkgconfig() ones: glib2-devel to
- glib-2.0, libsoup-devel to libsoup-2.4 and libsoup-gnome-2.4,
- libxml2-devel to libxml-2.0.
-- Add pkgconfig(gobject-introspection-1.0) BuildRequires to enable
- introspection.
-- Update Url tag.
-
-- Update to version 0.6.3:
- + Fix leaks.
- + Code cleanups.
-- Changes from version 0.6.2:
- + Add introspection support.
- + Mark GErrors which shouldn't be freed as const.
- + Add oauth_proxy_call_parse_token_reponse to parse token
- responses.
- + Build system fixes.
-- Remove explicit Requires of devel packages in devel subpackage:
- they will be added automatically the pkgconfig()-way.
-
-- (re?)add librest-fbconnect-url.patch from Moblin:Factory to fix
- the build of bisho
-- some spec file tidying: more explicit %files listing to avoid
- unintended/unnoticed major changes
-- use %soname and %abi defines throughout to spec to ease
- future maintenance
-
-- Fix spec to comply with shared libraries policy.
-
-- Rename to librest, provide/obsolete rest
-
-- Add librest-fbconnect-url.patch to add a new fbconnect url
- funciton for facebook
-
-- Upddate to 0.6.1
- * 四 7月 16 2009 Gary Lin <glin@novell.com> 0.520090716
-- Update to commit ff4561e2a8c38f49127f6e3b2ce7c238a29e1571
- * 四 7月 09 2009 Gary Lin <glin@novell.com> 0.420090709
-- Update to commit e9a71922f5997243c45dfaaff21dd9b4a6340ca3
- * 四 7月 09 2009 Gary Lin <glin@novell.com> 0.420090709
-- Update to commit 41f91eec3d26a2514c4bc310b90829cd2d14ed4a
-
-- Update to commit 92e1871d3181a73a780f588689733f25e3df5b48
-
-- Use configure macro to get the right options.
-
-- Update to commit e49d8730bfb277af59732822e78535ef37e29b6c
-
-- Update to commit 153d2e8c5cc3452a7275c7ea7fa6abe8750cde8b
-
nfs-utils
+- Add 0023-cache.c-removed-a-couple-warning.patch
+ Fix compilation with new glibc (SLE15-SP4)
+ (bsc#1197788)
+
+- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
+ Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
+ Ensure "sloppy" is added correctly for newer kernels. Particularly
+ required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
+ (boo#1197297)
+
nvme-cli
+- Update to version 2.0:
+ * fabrics: Create persistent controller using unique subsystem NQN (bsc#1198243)
+ * fabrics: Set KATO for discovery controller when connecting
+ * fabrics: Do no modify default config for discovery controller
+ * fabrics: Set default trsvcid ports for TCP and RDMA (bsc#1195858)
+ * fabrics: Support connect even when no /etc/nvme/hostnqn file exists
+ * nvme: update to nvme_scan_filter_t modifications (bsc#1195938)
+ * plugins/intel: make 'buckets' a json array
+ * plugins: Update WDC capabilities command with new commmands
+ * plugins: Add OCP plugin
+
+- Update to version 2.0-rc8:
+ * fabrics: Add DIM command
+ * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076)
+ * fabrics: Free non-matching controller during discovery
+ * fabrics: add 'nvme config' command
+ * fabrics: Correctly stringify discovery.conf and config.json paths
+ * nvme-print: Add human readable print for nsattr field
+ * nvme-print: Update Persistent Event log fields
+ * nvme-print: print discovery async event support
+ * nvme-rpmb: Fix spelling for 'Partition'
+ * nvme-copy: add missing field to the command
+ * nvme: add get_mi_cmd_support_effects_log command
+ * nvme: Fixup namespace filtering yet again
+ * nvme: Use type bool for OPT_FLAG
+ * nvme: use filter for 'list-subsys <devname>' (bsc#1195938)
+ * Add lbstm option to create-ns
+ * argconfig: Do not use default value loading by getopt_long_only
+ * argconfig: Rename CFG_NONE to CFG_FLAG
+ * plugins: Use type bool for OPT_FLAG
+ * documenation updates
+- Drop 'ProtectKernelTunables=true' (bsc#1197076)
+
patterns-yast
+- Neither recommend nor suggest YaST NIS packages for TW
+ (bsc#1183893).
+- 20220411
+
permissions
+ * squid: adjust pinger path, drop basic_pam_auth (bsc#1197649)
+
+- Update to version 20201225:
polkit-default-privs
+- Update to version 13.2+20220404.53052a9:
+ * Add missing GNOME Control Center login helper
+ * Reorder gnome and budgie control center entries
+ * Backport budgie-control-center whitelisting (bsc#1195023)
+
+- Update to version 13.2+20220401.c64d869:
+ * Backport of deepin-api whitelisting (bsc#1196681 bsc#1070943)
+ * Fix generation of file /etc/polkit-1/rules.d/90-default-privs.rules
+
python-pyOpenSSL
+- update to 20.0.1:
+ - Fixed compatibility with OpenSSL 1.1.0.
+
+- Adjust metadata for skip-networked-test.patch and refer to the proper
+ upstream ticket gh#pyca/pyopenssl#68.
+
+- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also
+ skip test_verify_with_time on %ix86.
+
+- Update to v20.0.0
+ - Backward-incompatible changes:
+ - The minimum cryptography version is now 3.2.
+ - Remove deprecated OpenSSL.tsafe module.
+ - Removed deprecated
+ OpenSSL.SSL.Context.set_npn_advertise_callback,
+ OpenSSL.SSL.Context.set_npn_select_callback, and
+ OpenSSL.SSL.Connection.get_next_proto_negotiated.
+ - Drop support for Python 3.4
+ - Drop support for OpenSSL 1.0.1 and 1.0.2
+ - Deprecations:
+ - Deprecated OpenSSL.crypto.loads_pkcs7 and
+ OpenSSL.crypto.loads_pkcs12.
+ - Changes:
+ - Added a new optional chain parameter to
+ OpenSSL.crypto.X509StoreContext() where additional untrusted
+ certificates can be specified to help chain building. #948
+ - Added OpenSSL.crypto.X509Store.load_locations to set trusted
+ certificate file bundles and/or directories for verification.
+ [#943]
+ - Added Context.set_keylog_callback to log key material. #910
+ - Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
+ the verified certificate chain of the peer. #894.
+ - Make verification callback optional in Context.set_verify. If
+ omitted, OpenSSL’s default verification is used. #933
+ - Fixed a bug that could truncate or cause a zero-length key
+ error due to a null byte in private key passphrase in
+ OpenSSL.crypto.load_privatekey and
+ OpenSSL.crypto.dump_privatekey. #947
+- drop patch fix-compilation-2020.patch: no longer needed
+- refreshed patch skip-networked-test.patch
+
+- Update to v19.1
+ * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
+ X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
+ Use the classes without the ``Type`` suffix instead.
+ * The minimum ``cryptography`` version is now 2.8
+ * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
+ OpenSSL.SSL.Context.set_npn_select_callback, and
+ OpenSSL.SSL.Connection.get_next_proto_negotiated
+ ALPN should be used instead.
+ * Support bytearray in SSL.Connection.send() by using cffi's from_buffer
+ * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
+ NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
+ to complete without an application protocol.
+
qemu
+- Support the SGX feature (bsc#1197807)
+ * Patches added:
+ doc-Add-the-SGX-numa-description.patch
+ numa-Enable-numa-for-SGX-EPC-sections.patch
+ numa-Support-SGX-numa-in-the-monitor-and.patch
+
+- Backport CVE-2021-3929 (bsc#1193880)
+ * Patches added:
+ hw-nvme-fix-CVE-2021-3929.patch
+
+- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528)
+ * Patches added:
+ Revert-python-iotests-replace-qmp-with-a.patch
+ Revert-python-machine-add-instance-disam.patch
+ Revert-python-machine-add-sock_dir-prope.patch
+ Revert-python-machine-handle-fast-QEMU-t.patch
+ Revert-python-machine-move-more-variable.patch
+ Revert-python-machine-remove-_remove_mon.patch
+
+- Add missing patch from a PTFs (bsc#1194938)
+ * Patches added:
+ scsi-generic-check-for-additional-SG_IO-.patch
+
+- Kill downstream patches around bifmt handling that makes
+ cumbersome to run multi-arch containers, and switch to the
+ upstream behavior, which is well documented and valid on
+ all other distros. This is possible thanks to Linux kernel
+ commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so
+ it can only work on Leap/SLE 15.4 and higher). (bsc#1197298)
+ * Patches dropped:
+ qemu-binfmt-conf.sh-allow-overriding-SUS.patch
+ qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch
+
+- Fix update_git.sh wiping all the package file of the local
+ checkout while cloning the git repository on demand (in case they
+ don't exist and the user as to do so).
+
+- Improve test reliability
+ * Patches added:
+ Fix-the-module-building-problem-for-s390.patch
+ tests-qemu-iotests-040-Skip-TestCommitWi.patch
+ tests-qemu-iotests-testrunner-Quote-case.patch
+
+- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall
+ (bsc#1196924)
+ * Patches added:
+ tools-virtiofsd-Add-rseq-syscall-to-the-.patch
+
+- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503
+ (bsc#1197018)
+ * Patches added:
+ hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
+ Silence-GCC-12-spurious-warnings.patch
+ Ignore-spurious-GCC-12-warning.patch
+
+- Proactive fix
+ * Patches added:
+ hw-nvram-at24-return-0xff-if-1-byte-addr.patch
+
rp-pppoe
+- beautify spec
+
sunpinyin
+- initial package 2.0.4
+
+- Updated to 2.0.3.99. Thanks to csslayer!
+
+- Rename libsunpinyin3-devel to libsunpinyin-devel
+- Add explicitly dependency from devel sub-package
+- Clean up spec file
+
+- Check the license for open-gram.
+- bz2ed all sources.
+
+- First build 2.0.3 for suse and Fedora.
+
systemd
+- Import commit e62acb68de9bccfa272bef98fe5b38effc37528a
+ b70267d883 journald: make use of CLAMP() in cache_space_refresh()
+ 3953e685cb journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
+ d03a5f79bf fs-util: make sure openat_report_new() initializes return param also on shortcut
+ 05499d5a30 fs-util: fix typos in comments
+ 9f77c8fae1 journal-file: port journal_file_open() to openat_report_new()
+ 4d07c034da fs-util: add openat_report_new() wrapper around openat()
+ 258c04836d meson: build kernel-install man page when necessary
+ 23da9cc83a man: do not install sd-boot man pages when -Dgnu-efi=false is set
+ d452b8738c unit: install the systemd-bless-boot.service only if we have gnu-efi
+ 98f44dc500 boot: don't build bootctl when -Dgnu-efi=false is set (bsc#1198093)
+ 9145684460 build: include status of TPM2 in the feature string show by --version
+
+- spec: make sure /lib exists when installing conf files in /lib/modprobe.d
+
+- spec: enable 'efi' support regardless of whether sd_boot is enabled or not
+ We should support EFI systems even if systemd-boot is not enabled.
+
+- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
+
timezone
+- timezone update 2022a (bsc#1177460):
+ * Palestine will spring forward on 2022-03-27, not -03-26*
+ * zdump -v now outputs better failure indications
+ * Bug fixes for code that reads corrupted TZif data
+
xz
+- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
+ (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
+ * bsc1198062.patch
+
yaml-cpp
+- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
+ allows remote attackers to cause DOS via a crafted YAML file
+ (CVE-2018-20573, bsc#1121227)
+- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
+ yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
+ (CVE-2018-20574, bsc#1121230)
+- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
+ cpp allows remote attackers to cause DOS via a crafted YAML file
+ (CVE-2019-6285, bsc#1122004)
+- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
+ yaml-cpp which cause DOS by stack consumption
+ (CVE-2019-6292, bsc#1122021)
+- Added patch cve-2018-20574.patch
+
yast2-installation
+- AutoYaST: move custom file creation past user creation so that
+ the element files/file/file_owner actually has an effect
+ (bsc#1196595)
+- 4.4.51
+
yast2-packager
+- Fixed regression in repository alias name for add-ons (bsc#1193214)
+- 4.4.27
+