Removed rpms ============ - SUSEConnect - busybox-adduser - busybox-attr - busybox-bc - busybox-bind-utils - busybox-bzip2 - busybox-coreutils - busybox-cpio - busybox-diffutils - busybox-dos2unix - busybox-ed - busybox-findutils - busybox-gawk - busybox-grep - busybox-gzip - busybox-hostname - busybox-iproute2 - busybox-iputils - busybox-k8s-yaml - busybox-kbd - busybox-kmod - busybox-less - busybox-links - busybox-man - busybox-misc - busybox-ncurses-utils - busybox-net-tools - busybox-netcat - busybox-patch - busybox-policycoreutils - busybox-procps - busybox-psmisc - busybox-sed - busybox-selinux-tools - busybox-sendmail - busybox-sh - busybox-sharutils - busybox-syslogd - busybox-sysvinit-tools - busybox-tar - busybox-telnet - busybox-tftp - busybox-time - busybox-traceroute - busybox-tunctl - busybox-unzip - busybox-util-linux - busybox-vi - busybox-vlan - busybox-wget - busybox-which - busybox-whois - busybox-xz - clang13-devel-32bit - grub2-arm64-efi - grub2-powerpc-ieee1275-debug - audit-devel-32bit - dbus-1-devel-32bit - gstreamer-32bit - gstreamer-devel-32bit - gstreamer-plugins-bad-fluidsynth-32bit - gstreamer-plugins-good-32bit - gstreamer-plugins-good-extra-32bit - gstreamer-plugins-good-jack-32bit - libaudit1-32bit - libavahi-client3-32bit - libblkid-devel-32bit - libbz2-1-32bit - libexpat-devel-32bit - libext2fs2-32bit - libfabric-devel-32bit - libfabric1-32bit - libgnutls30-hmac-32bit - libgstadaptivedemux-1_0-0-32bit - libgstaudio-1_0-0-32bit - libgstfft-1_0-0-32bit - libgstreamer-1_0-0-32bit - libgsturidownloader-1_0-0-32bit - libgstvulkan-1_0-0-32bit - libgtop-2_0-11-32bit - libmount-devel-32bit - libopenssl1_1-hmac-32bit - libpcre2-posix2-32bit - libsmartcols-devel-32bit - libsoftokn3-hmac-32bit - libwebkit2gtk-4_1-0-32bit - libzstd-devel-32bit - pam-32bit - pipewire-spa-plugins-0_2-32bit - python310-32bit - samba-client-libs-32bit - wine-staging-32bit - wine-staging-devel-32bit - grub2-powerpc-ieee1275 - qemu-seabios - qemu-sgabios - kernel-livepatch-5_14_21-150400_15-default - krb5-devel-32bit - libblkid1-32bit - libdbus-1-3-32bit - libdevmapper1_03-32bit - libeconf0-32bit - libelf-devel-32bit - libexpat1-32bit - libfaxutil7_0_4 - libfdisk-devel-32bit - libfreebl3-hmac-32bit - libgpgme11-32bit - libgstallocators-1_0-0-32bit - libgstcodecs-1_0-0-32bit - libgstgl-1_0-0-32bit - libgstplayer-1_0-0-32bit - libgstriff-1_0-0-32bit - libgsttag-1_0-0-32bit - libgstwayland-1_0-0-32bit - libimobiledevice-1_0-6-32bit - libjavascriptcoregtk-4_1-0-32bit - libpcre2-16-0-32bit - libprotobuf20-32bit - libsemanage1-32bit - libtrilinos_13_0_1-gnu-openmpi2-hpc - libwebkit2gtk-4_0-37-32bit - libzstd1-32bit - nss-myhostname-32bit - opensc-32bit - pipewire-alsa-32bit - python3-uyuni-common-libs - python310-base-32bit - rpm-32bit - samba-client-32bit - samba-libs-32bit - trilinos_13_0_1-gnu-openmpi2-hpc-devel - uyuni-base-common - uyuni-base-proxy - uyuni-base-server Added rpms ========== - audit-devel-32bit - dbus-1-devel-32bit - grub2-powerpc-ieee1275 - gstreamer-32bit - gstreamer-devel-32bit - gstreamer-plugins-bad-fluidsynth-32bit - gstreamer-plugins-good-32bit - gstreamer-plugins-good-extra-32bit - gstreamer-plugins-good-jack-32bit - gstreamer-plugins-rs - gstreamer-plugins-rs-devel - grub2-arm64-efi - clang13-devel-32bit - krb5-devel-32bit - libblkid1-32bit - libdbus-1-3-32bit - libdevmapper1_03-32bit - libeconf0-32bit - libelf-devel-32bit - libexpat1-32bit - libfdisk-devel-32bit - libfreebl3-hmac-32bit - libgpgme11-32bit - libgstallocators-1_0-0-32bit - libgstcodecs-1_0-0-32bit - libgstgl-1_0-0-32bit - libgstplayer-1_0-0-32bit - libgstriff-1_0-0-32bit - libgsttag-1_0-0-32bit - libgstwayland-1_0-0-32bit - libimobiledevice-1_0-6-32bit - libjavascriptcoregtk-4_1-0-32bit - libpcre2-16-0-32bit - libprotobuf20-32bit - libsemanage1-32bit - libwebkit2gtk-4_0-37-32bit - libzstd1-32bit - nss-myhostname-32bit - opensc-32bit - pipewire-alsa-32bit - python310-base-32bit - rpm-32bit - samba-client-32bit - samba-libs-32bit - grub2-powerpc-ieee1275-debug - kernel-obs-build - kernel-livepatch-5_14_21-150400_16-default - libaudit1-32bit - libavahi-client3-32bit - libblkid-devel-32bit - libbz2-1-32bit - libexpat-devel-32bit - libext2fs2-32bit - libfabric-devel-32bit - libfabric1-32bit - libfaxutil7_0_5 - libgnutls30-hmac-32bit - libgstadaptivedemux-1_0-0-32bit - libgstaudio-1_0-0-32bit - libgstfft-1_0-0-32bit - libgstplay-1_0-0 - libgstplay-1_0-0-32bit - libgstreamer-1_0-0-32bit - libgsturidownloader-1_0-0-32bit - libgstva-1_0-0 - libgstva-1_0-0-32bit - libgstvulkan-1_0-0-32bit - libgtop-2_0-11-32bit - libmount-devel-32bit - libopenssl1_1-hmac-32bit - libpcre2-posix2-32bit - libsmartcols-devel-32bit - libsoftokn3-hmac-32bit - libtrilinos_13_2_0-gnu-mpich-hpc13 - libtrilinos_13_2_0-gnu-mvapich2-hpc13 - libtrilinos_13_2_0-gnu-openmpi2-hpc13 - libtrilinos_13_2_0-gnu-openmpi3-hpc13 - libtrilinos_13_2_0-gnu-openmpi4-hpc13 - libwebkit2gtk-4_1-0-32bit - libzstd-devel-32bit - pam-32bit - pipewire-spa-plugins-0_2-32bit - python310-32bit - qemu-seabios - qemu-sgabios - samba-client-libs-32bit - sassist - trilinos_13_2_0-gnu-mpich-hpc-devel - trilinos_13_2_0-gnu-mvapich2-hpc-devel - trilinos_13_2_0-gnu-openmpi2-hpc-devel - trilinos_13_2_0-gnu-openmpi3-hpc-devel - trilinos_13_2_0-gnu-openmpi4-hpc-devel - trilinos_13_2_0-hpc-doc - trivy - typelib-1_0-GstPlay-1_0 - wine-staging-32bit - wine-staging-devel-32bit - yast2-migration-sle Package Source Changes ====================== Photini +- Update to version 2022.3.2 + * Fix urllib import error porblem on some systems. + * / Fix non-existing cache directory error. + bluedevil5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + breeze +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * Fix build without QtQuick and QtX11Extras + breeze-gtk +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + btrfsprogs +- Ignore multipath devices when probing devices for a btrfs filesystem (bsc#1192983) + * 0001-btrfs-progs-Add-optional-dependency-on-libudev.patch + * 0002-btrfs-progs-Ignore-devices-representing-paths-in-mul.patch + * 0003-btrfs-progs-Add-fallback-code-for-path-device-ignore.patch + chrony +- Fix config file handling in the spec file and remove "ntsdumpdir" + from default config, because augeas-lenses cannot parse it during + installation of SLE Micro on SLE-15-SP3 (bsc#1194220). + clamav-database +- database refresh on 2022-03-28 (bsc#1084929) + cloud-init +- systemctl location (bsc#1193531) + - Add cloud-init-sysctl-not-in-bin.patch + - The sytemctl executable is not necessarily in '/bin' + +- Remove unneeded BuildRequires on python3-nose. + discover +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * Fix searchfield focus on touch launch + dnf +- Add Fix-processing-of-download-errors.patch backported from upstream + * Fix dnf incorrectly aborting on non-English systems when packages already cached (rh#2024527) + dnf-plugins-extras +- Update to 4.0.16 + + Fix cleaning up destdir after system-upgrade (rh#2024430) + drkonqi5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + dtb-aarch64 +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + expat +- Security fixes: + * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 + breaks biboumi, ClairMeta, jxmlease, libwbxml, + openleadr-python, rnv, xmltodict + - Added expat-CVE-2022-25236-relax-fix.patch + +- Security fixes: + * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows + attackers to insert namespace-separator characters into + namespace URIs + - Added expat-CVE-2022-25236.patch + * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before + 2.4.5 does not check whether a UTF-8 character is valid in a + certain context. + - Added expat-CVE-2022-25235.patch + * (CVE-2022-25313, bsc#1196168) Stack exhaustion in + build_model() via uncontrolled recursion + - Added expat-CVE-2022-25313.patch + - The fix upstream introduced a regression that was later + amended in 2.4.6 version + + Added expat-CVE-2022-25313-fix-regression.patch + * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString + - Added expat-CVE-2022-25314.patch + * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames + - Added expat-CVE-2022-25315.patch + firewalld +- Provide dummy firewalld-prometheus-config package (bsc#1197042) + +- Add patch which fixes the zone configuration (bsc#1191837) + * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch + gnuhealth +- version 4.0.3 + * Remove pinning from vobject library version (Vanilla installation) + * fix bug #62235: Traceback on default health professional + gstreamer +- Update to version 1.20.1: + + deinterlace: various bug fixes for yadif, greedy and scalerbob + methods + + gtk video sink: Fix rotation not being applied when paused + + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + + jpegdec: fix RGB conversion handling + + matroskademux: improved ProRes video handling + + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio + caps fields correctly when checking caps equality on input caps + changes + + videoaggregator fixes (negative rate handling, current position + rounding) + + soup http plugin: Lookup libsoup dylib files on Apple + platforms; fix Cerbero static build on Android and iOS + + Support build against libfreeaptx in openaptx plugin + + Fix linking issues on Illumos distros + + GstPlay: Fix new error + warning parsing API (was unusuable + before) + + mpegtsmux: VBR muxing fixes + + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + + Support build against libfreeaptx in openaptx plugin + + webrtc: Various fixes to the webrtc-sendrecv python example + + macOS: support a relocatable `GStreamer.framework` on macOS + + macOS: fix applemedia plugin failing to load on ARM64 macOS + + windows: ship wavpack library + + gst-python: Fix build with Python 3.11 + + various bug fixes, memory leak fixes, and other stability and + reliability improvements + + plugin loader: show the reason when spawning of + gst-plugin-scanner fails + + registry, plugin loading: fix dynamic relocation if + GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory; + improve GST_PLUGIN_SUBDIR handling + + context: fix transfer annotation on + gst_context_writable_structure() for bindings + + baseparse: Don't truncate the duration to milliseconds in + gst_base_parse_convert_default() + + bufferpool: Deactivate pool and get rid of references to other + objects from dispose instead of finalize + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Use ldconfig_scriptlets macro for post(un) handling where + possible. +- Update Source url. + gstreamer-plugins-bad +- Add 8440e2a373e5ce681d15f5880cb2f2562be332cf.patch: + nvh264dec,nvh265dec: Fix broken key-unit trick and reverse + playback. +- Quiet setup, we do not need to see the unpacking of the tarball. + +- Add patch to support building with srt 1.3.4 in SLE + * fix-build-with-srt-1.3.4.patch +- Do not build the gstldac plugin in s390x where + pkgconfig(ldacBT-enc) is not available. + +- Update to version 1.20.1: + + GstPlay: Fix new error + warning parsing API (was unusuable + before) + + av1parse: let the parser continue on verbose OBUs + + d3d11converter: Fix RGB to GRAY conversion, broken debug + messages, and add missing GRAY conversion + + gs: look for google_cloud_cpp_storage.pc + + ipcpipeline: fix crash and error on windows with SOCKET or + _pipe() + + ivfparse: Don't set zero resolution on caps + + mpegtsdemux: Handle PES headers bigger than a mpeg-ts packet; + fix locking in error code path; handle more program updates + + mpegtsmux: Start last_ts with GST_CLOCK_TIME_NONE to fix VBR + muxing behaviour + + mpegtsmux: Thread safety fixes: lock mux->tsmux, the programs + hash table, and pad streams + + mpegtsmux: Skip empty buffers + + osxaudiodeviceprovider: Add initial support for duplex devices + on OSX + + rtpldacpay: Fix missing payload information + + sdpdemux: add media attributes to caps, fixes ptp clock + handling + + mfaudioenc: Handle empty IMFMediaBuffer + + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding + + nvenc: Fix deadlock because of too strict buffer pool size + + va: fix library build issues, caps leaks in the vpp transform + function, and add vaav1dec to documentation + + v4l2codecs: vp9: Minor fixes + + v4l2codecs: h264: Correct scaling matrix ABI check + + dtlstransport: Notify ICE transport property changes + + webrtc: Various fixes to the webrtc-sendrecv python example + + webrtc-ice: Fix memory leaks in gst_webrtc_ice_add_candidate() + + Support build against libfreeaptx in openaptx plugin + + Fix linking issues on Illumos distros +- Drop patch already included upstream: + + 1634.patch + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Add explicit pkgconfig(libva) BuildRequires: meson checks for it. +- Go back to using tarball from upstream, remove service. +- Drop 2564.patch: Fixed upstream. +- Add disabled pkgconfig(storage_client) and + pkgconfig(webrtc-audio-coding-1) BuildRequires and pass + gs=disabled, isac=disabled and onnx=disabled to meson, we do not + have the dependencies in openSUSE yet. +- Add explicit BuildRequires: pkgconfig(libsoup-2.4), meson checks + for it. +- Add pkgconfig(json-glib-1.0), pkgconfig(ldacBT-enc) and + pkgconfig(libqrencode) BuildRequires, new dependencies. +- Add pkgconfig(libopenaptx) BuildRequires in build_orig section + and pass openaptx=disabled to meson, do not build this in distro + by default. +- Drop mms and ofa plugins, removed upstream. Drop + pkgconfig(libmms) and pkgconfig(libofa) BuildRequires following + the removal. +- Add new sub-packages libgstplay-1_0-0, typelib-1_0-GstPlay-1_0 + and libgstva-1_0-0, also add libgstva-1_0-0 and libgstplay-1_0-0 + to baselibs.conf. +- Tweak/fix and drop some Obsoletes. +- Drop old conditionals for versions of openSUSE out of support. +- Add 1634.patch -- AV1 playback fixes. +- Use ldconfig_scriptlets macro for post(un) handling. +- Drop explicit gstreamer-devel Requires from devel sub-package, + not needed as this is added via pkgconfig any way. + gstreamer-plugins-base +- Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink: + Complete reconfiguration on pad release. +- Use ldconfig_scriptlets macro for post(un) handling. + +- Update to version 1.20.1: + + typefindfunctions: Fix WebVTT format detection for very short + files + + gldisplay: Reorder GST_GL_WINDOW check for egl-device + + rtpbasepayload: Copy all buffer metadata instead of just + GstMetas for the input meta buffer + + codec-utils: Avoid out-of-bounds error + + navigation: Fix Since markers for mouse scroll events + + videoaggregator: Fix for unhandled negative rate + + videoaggregator: Use floor() to calculate current position + + video-color: Fix for missing clipping in PQ EOTF function + + gst-play-1.0: Fix trick-mode handling in keyboard shortcut + + audiovisualizer: shader: Fix out of bound write + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Rebase add_wayland_dep_to_tests.patch. +- Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream +- Stop using service due to upstreams new mono-repo, just use + tarballs for now. + gstreamer-plugins-good +- Update to version 1.20.1: + + deinterlace: various bug fixes for yadif method + + deinterlace: Refactor greedyh and fix planar formats + + deinterlace: Prevent race between method configuration and + latency query + + gtk video sink: Fix rotation not being applied when paused + + jpegdec: fix RGB conversion handling + + matroskademux: improved ProRes video handling + + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio + caps fields correctly when checking caps equality on input caps + changes + + rtprtx: don't access type-system per buffer (performance + optimisation); code cleanups + + rtpulpfecenc: fix unmatched g_slice_free() + + rtpvp8depay: fix crash when making GstRTPPacketLost custom + event + + qtmux: Don't post an error message if pushing a sample failed + with FLUSHING (e.g. on pipeline shutdown) + + soup: Lookup libsoup dylib files on Apple platforms & fix + Cerbero static build on Android and iOS + + souphttpsrc: element not present on iOS after 1.20.0 update + + v4l2tuner: return NULL if no norm set + + v4l2bufferpool: Fix race condition between qbuf and pool + streamoff + + meson: Don't build lame plugin with -Dlame=disabled + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Stop using service for tarball, use upstream url. +- Drop old obsolete conditionals. +- Add BuildRequires: pkgconfig(libsoup-3.0) + gstreamer-plugins-ugly +- Update to version 1.20.1: + + x264enc: fix plugin long-name and description + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Stop using service, use upstream url for tarball. +- Drop obsolete and unused experimental define. +- Pass gpl=enabled to meson, now needed to build a52 support. + hylafax+ +- version 7.0.5 + * hylafax.diff removed - included in source + * extend Class1RecvAbortOK = 0 timeout to 500 ms (4 Dec 2021) + * cope with Si2435 V.34/V.8 connection glitch (17, 19 Nov 2021) + * cope with spurious +FCERROR or other delayed messages from modem (26 Oct 2021) + * avoid letting corrupt RTC signals lead to RTN (26 Oct 2021) + * don't refer to DCN as an invalid response in error messages (20 Oct 2021) + * handle TSI during procedural interrupt (19 Oct 2021) + * do better with waiting on prologue frames from receiver (13 Oct 2021) + * cope with echo of ERR (13 Oct 2021) + * run ps2fax, pdf2fax, tiff2fax, pcl2fax coverters as fax user (12 Oct 2021) + * attempt to cope with receivers who signal RTN in ECM Phase D (23 Sep 2021) + * fix hfaxd build when LDAP libs are not present (23 Sep 2021) + * handle PPR echo after fourth PPR (22 Sep 2021) + * don't use CRP when waiting for CFR following training (15 Sep 2021) + * attempt to cope with receivers which signal CFR after PPS (14 Sep 2021) + * cope with senders who signal FTT in Phase D (10 Sep 2021) + * fix problem with handling NSF/CSI/DIS frame after CTC/EOR (9 Sep 2021) + * cope with senders who signal PPS without the PPS FCF (9 Sep 2021) + * handle echo of PPR when expecting CTC/EOR (8 Sep 2021) + * add failure messages for unspecified training failures (7 Sep 2021) + * don't use CRP when waiting for CTR (7 Sep 2021) + * handle echo of EOR, don't use CRP when waiting for ERR (7 Sep 2021) + * repeat PIN if sender repeats post-page or partial-page message (7-8 Sep 2021) + ima-inspect +- update to upstream minor release version 0.14 which supports additional + digest algorithms. + +- update to upstream minor release version 0.13 which makes ima-inspect + compatible with libimaevm new ABI introduced in version 1.2. + +- update to upstream minor release version 0.12 which fixes a compatibility + issue with newer libattr-devel packages. It now uses the xattr.h from + glibc-devel instead. + intel-gpu-tools +- release 1.24 (23 Apr 2021) + * fixed build against sle15-sp4 (boo#1197732) +- supersedes + * n_disable-build-of-gem_userptr_blits.patch + * n_disable-build-of-pm_rpm.patch +- refreshed u_respect_cflags.diff + java-11-openjdk +- Update to upstream tag jdk-11.0.14.1+1 + * Changes: + + JDK-8280786: Build failure on Solaris after 8262392 + + JDK-8218546: Unable to connect to https://google.com using + java.net.HttpClient + + JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1 + - + JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM - serialization + + JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization - + JDK-8268813, CVE-2022-21283, bnc#1194937: Better String - matching + + JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching kactivitymanagerd +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kcm_sddm +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kde-cli-tools5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kde-gtk-config5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kernel-azure +- supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) + Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic + arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce +- commit e6b9e81 + +- fuse: handle kABI change in struct fuse_args (bsc#1197343 + CVE-2022-1011). +- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 + CVE-2022-1011). +- commit 879fc92 + +- Refresh + patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch + Add info about context deviation from upstream. +- commit f8cba97 + +- Refresh + patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch + Add info about context deviation from upstream. +- commit 1d085d3 + +- Refresh + patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit e44090b + +- Refresh + patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit da99102 + +- Refresh + patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch + Add info on context deviation from upstream. +- commit aa0e1a6 + +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch + Add info about context deviation from upstream. +- commit 2d1de22 + +- bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes + bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 8bc21d0 + +- watch_queue: Make comment about setting ->defunct more accurate + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix lack of barrier/sync/lock between post and read + (CVE-2022-0995 bsc#1197246). +- watch_queue: Free the alloc bitmap when the watch_queue is + torn down (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix the alloc bitmap size to reflect notes + allocated (CVE-2022-0995 bsc#1197246). +- watch_queue: Use the bitmap API when applicable (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix to always request a pow-of-2 pipe ring size + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix to release page in ->release() (CVE-2022-0995 + bsc#1197246). +- watch_queue, pipe: Free watchqueue state after clearing pipe + ring (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). +- commit 223dbc3 + +- arm64: PCI: Support root bridge preparation for Hyper-V + (bsc#1197291). +- arm64: PCI: Restructure pcibios_root_bridge_prepare() + (bsc#1197291). +- commit 060e164 + +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup + (bsc#1196018). +- commit 6dcb47f + +- sr9700: sanity check for packet length (bsc#1196836 + CVE-2022-26966). +- commit 56eea34 + +- Update kabi files. + Update to reflect the changes from bpf CVE fixes. +- commit 993b084 + +- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. +- commit f0d0e90 + +- nvme-rdma: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme-tcp: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: fix a possible use-after-free in controller reset during + load (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-fabrics: ignore invalid fast_io_fail_tmo values + (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 + bsc#1197146 bsc#1193554). +- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 + bsc#1197146 bsc#1193554). +- blk-mq: don't free tags if the tag_set is used by other device + in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 4ccb78c + +- series: Resort entries + The series is not sorted which makes qdoit unhappy. Sort it. +- commit ce701de + +- esp: Fix possible buffer overflow in ESP transformation + (CVE-2022-0886 bsc#1197131). +- sock: remove one redundant SKB_FRAG_PAGE_ORDER macro + (CVE-2022-0886 bsc#1197131). +- commit fa4075e + +- ipv6: fix skb drops in igmp6_event_query() and + igmp6_event_report() (CVE-2022-0742 bsc#1197128). +- commit b531b26 + +- aio: fix use-after-free due to missing POLLFREE handling + (CVE-2021-39698 bsc#1196956). +- aio: keep poll requests on waitqueue until completed + (CVE-2021-39698 bsc#1196956). +- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- commit ee17f5c + +- net/smc: Fix hung_task when removing SMC-R devices + (bsc#1197082). +- commit 5256139 + +- rpm/kernel-source.spec.in: call fdupes per subpackage + It is a waste of time to do a global fdupes when we have + subpackages. +- commit 1da8439 + +- bpf, selftests: Add test case trying to taint map value pointer + (bsc#1196130,CVE-2021-45402). +- bpf: Make 32->64 bounds propagation slightly more robust + (bsc#1196130,CVE-2021-45402). +- bpf: Fix signed bounds propagation after mov32 + (bsc#1196130,CVE-2021-45402). +- commit 04987fb + +- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. +- commit 174a64f + +- rpm/kernel-docs.spec.in: use %%license for license declarations + Limited to SLE15+ to avoid compatibility nightmares. +- commit 73d560e + +- rpm/*.spec.in: Use https:// urls +- commit 77b5f8e + +- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 + CVE-2022-23960). +- ARM: include unprivileged BPF status in Spectre V2 reporting + (bsc#1085308 CVE-2022-23960). +- commit 2b85b07 + +- ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). +- Update config files. +- commit 214f301 + +- ARM: use LOADADDR() to get load address of sections (bsc#1085308 + CVE-2022-23960). +- ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). +- ARM: report Spectre v2 status through sysfs (bsc#1085308 + CVE-2022-23960). +- commit 20f8a99 + +- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 68439a4 + +- arm64: proton-pack: Include unprivileged eBPF status in + Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: Use the clearbhb instruction in mitigations (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered + and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- commit 52f56e7 + +- arm64: Mitigate spectre style branch history side channels + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Update config files. +- Refresh + patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. +- commit 1403b73 + +- arm64: proton-pack: Report Spectre-BHB vulnerabilities as + part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add macro for reading symbol addresses from + the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Add vectors that have the bhb mitigation sequences + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add non-kpti __bp_harden_el1_vectors for + mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow the trampoline text to occupy multiple pages + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the kpti trampoline's kpti sequence optional + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Move trampoline macros out of ifdef'd section + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Don't assume tramp_vectors is the start + of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow tramp_alias to access symbols after + the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Move the trampoline data page before the text page + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Free up another register on kpti's tramp_exit path + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the trampoline cleanup optional (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow indirect vectors to be used without + SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 39b0cd1 + +- arm64: Add Cortex-X2 CPU part definition (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Refresh + patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. +- commit 1489419 + +- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 76b95f9 + +- bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). +- bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem + (bsc#1196261 CVE-2022-0500). +- bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM + (bsc#1196261CVE-2022-0500). +- bpf: Convert PTR_TO_MEM_OR_NULL to composable types + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 + bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). +- Refresh + patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce composable reg, ret and arg types (bsc#1194111 + bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 4db4b9b + +- Delete ACPI patch that broke s2idle (bsc#1196213) + Deleted: + patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch + A new kABI compat patch was added instead +- commit 99c6bc9 + +- NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). +- commit a149497 + +- arm64: Add Cortex-A510 CPU part definition (git-fixes). +- commit 1fd20fb + kernel-debug +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-default +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-docs +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-install-tools +- Update to version v0.3.0: + * specfile: accept OBS cleanups + * specfile: fix UsrMerge support + * specfile: silence OBS warning about no-binary + * specfile: fix license tag + * Makefile: install the installkernel script directly in /sbin + * installkernel: Don't force hostonly + kernel-kvmsmall +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-obs-build +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-obs-qa +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-preempt +- Revert "rpm/kernel-source.spec.in: call fdupes per subpackage" + This reverts commit 1da843983718d4cfdd652a76e428abee98e37450. +- commit f349b81 + +- Revert "build initrd without systemd" (bsc#1197300) + This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76. + It seems to be the cause of a stall in OBS build that resulted in + the failure with obs-build-qa (and possibly others). +- commit ff2b28e + +- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245) +- commit fd3b6e8 + +- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge +- commit 891ddc4 + +- sr9700: sanity check for packet length (bsc#1196836 + CVE-2022-26966). +- commit edaafdd + +- blacklist.conf: prerequisites break kABI +- commit d0b972b + +- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. +- commit f0d0e90 + +- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). +- commit 3863766 + +- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). +- commit 9d7504f + +- aio: fix use-after-free due to missing POLLFREE handling + (CVE-2021-39698 bsc#1196956). +- aio: keep poll requests on waitqueue until completed + (CVE-2021-39698 bsc#1196956). +- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- commit b026506 + +- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). +- commit 5ad82f7 + +- usb: dwc3: meson-g12a: Disable the regulator in the error + handling path of the probe (git-fixes). +- commit 6109544 + +- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). +- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). +- commit 44ceec6 + +- rpm/kernel-source.spec.in: call fdupes per subpackage + It is a waste of time to do a global fdupes when we have + subpackages. +- commit 1da8439 + +- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920 + bsc#1193731). +- commit 7040fdd + +- Refresh patches.suse/xfrm-fix-mtu-regression.patch. +- commit 8d867d6 + +- bpf, selftests: Add test case trying to taint map value pointer + (bsc#1196130,CVE-2021-45402). +- bpf: Make 32->64 bounds propagation slightly more robust + (bsc#1196130,CVE-2021-45402). +- bpf: Fix signed bounds propagation after mov32 + (bsc#1196130,CVE-2021-45402). +- commit 63a6298 + +- net: phy: DP83822: clear MISR2 register to disable interrupts + (git-fixes). +- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info + (git-fixes). +- NFC: port100: fix use-after-free in port100_send_complete + (git-fixes). +- ax25: Fix NULL pointer dereference in ax25_kill_by_device + (git-fixes). +- staging: gdm724x: fix use after free in gdm_lte_rx() + (git-fixes). +- gpio: ts4900: Do not set DAT and OE together (git-fixes). +- gpiolib: acpi: Convert ACPI value of debounce to microseconds + (git-fixes). +- usb: hub: Fix locking issues with address0_mutex (git-fixes). +- commit ea6e976 + +- EDAC: Fix calculation of returned address and next offset in + edac_align_ptr() (bsc#1178134). +- commit c292d6b + +- xen/netfront: react properly to failing + gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396, + CVE-2022-23042). +- commit fe0a923 + +- xen/gnttab: fix gnttab_end_foreign_access() without page + specified (bsc#1196488, XSA-396, CVE-2022-23041). +- commit 58c801b + +- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488, + XSA-396, CVE-2022-23041). +- commit afb2dba + +- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396, + CVE-2022-23041). +- commit cee63b9 + +- xen/usb: don't use gnttab_end_foreign_access() in + xenhcd_gnttab_done() (bsc#1196488, XSA-396). +- commit b1d434d + +- xen/gntalloc: don't use gnttab_query_foreign_access() + (bsc#1196488, XSA-396, CVE-2022-23039). +- commit a4ec4aa + +- xen/scsifront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23038). +- commit fd9cb30 + +- xen/netfront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23037). +- commit 4e33999 + +- xen/blkfront: don't use gnttab_query_foreign_access() for + mapped status (bsc#1196488, XSA-396, CVE-2022-23036). +- commit 4334af7 + +- xen/grant-table: add gnttab_try_end_foreign_access() + (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038). +- commit 19b769a + +- xen/xenbus: don't let xenbus_grant_ring() remove grants in + error case (bsc#1196488, XSA-396, CVE-2022-23040). +- commit 5aacf1f + +- EDAC/altera: Fix deferred probing (bsc#1178134). +- commit 13cc9b2 + +- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. +- commit 174a64f + +- nvme-rdma: fix possible use-after-free in transport + error_recovery work (git-fixes). +- commit f4a5de3 + +- usb: host: xen-hcd: add missing unlock in error path + (git-fixes). +- commit daa9ea7 + +- Refresh + patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. +- commit d9066f6 + +- Refresh + patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. +- commit 5c41eb3 + +- rpm/kernel-docs.spec.in: use %%license for license declarations + Limited to SLE15+ to avoid compatibility nightmares. +- commit 73d560e + +- rpm/*.spec.in: Use https:// urls +- commit 77b5f8e + +- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). +- commit 8823060 + +- Bluetooth: btusb: Add missing Chicony device for Realtek + RTL8723BE (bsc#1196779). +- commit 504b440 + +- ixgbe: xsk: change !netif_carrier_ok() handling in + ixgbe_xmit_zc() (git-fixes). +- selftests: mlxsw: tc_police_scale: Make test more robust + (bsc#1176774). +- net: fix up skbs delta_truesize in UDP GRO frag_list + (bsc#1176447). +- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). +- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). +- iavf: Fix missing check for running netdev (git-fixes). +- RDMA/cma: Do not change route.addr.src_addr outside state checks + (bsc#1181147). +- RDMA/ib_srp: Fix a deadlock (git-fixes). +- RDMA/rtrs-clt: Fix possible double free in error case + (jsc#SLE-15176). +- net/mlx5e: TC, Reject rules with forward and drop actions + (git-fixes). +- net/mlx5e: TC, Reject rules with drop and modify hdr action + (git-fixes). +- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded + packets (jsc#SLE-15172). +- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure + (git-fixes). +- net/mlx5: Fix possible deadlock on rule deletion (git-fixes). +- net/mlx5: Fix wrong limitation of metadata match on ecpf + (git-fixes). +- net/mlx5: Update the list of the PCI supported devices + (git-fixes). +- netfilter: nf_tables: fix memory leak during stateful obj update + (bsc#1176447). +- bnxt_en: Fix incorrect multicast rx mask setting when not + requested (git-fixes). +- bnxt_en: Fix occasional ethtool -t loopback test failures + (git-fixes). +- bnxt_en: Fix offline ethtool selftest with RDMA enabled + (git-fixes). +- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). +- ice: initialize local variable 'tlv' (jsc#SLE-12878). +- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() + (git-fixes). +- net/sched: act_ct: Fix flow table lookup after ct clear or + switching zones (jsc#SLE-15172). +- bonding: force carrier update when releasing slave (git-fixes). +- RDMA/mlx4: Don't continue event handler after memory allocation + failure (git-fixes). +- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). +- IB/rdmavt: Validate remote_addr during loopback atomic tests + (git-fixes). +- RDMA/cxgb4: Set queue pair state when being queried (git-fixes). +- RDMA/rxe: Fix a typo in opcode name (git-fixes). +- RDMA/cma: Let cma_resolve_ib_dev() continue search even after + empty entry (git-fixes). +- RDMA/core: Let ib_find_gid() continue search even after empty + entry (git-fixes). +- RDMA/uverbs: Remove the unnecessary assignment (git-fixes). +- RDMA/cma: Remove open coding of overflow checking for + private_data_len (git-fixes). +- RDMA/hns: Validate the pkey index (git-fixes). +- RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling + RCFW with pending cmd-bit" (git-fixes). +- RDMA/core: Don't infoleak GRH fields (git-fixes). +- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). +- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). +- IB/hfi1: Fix early init panic (git-fixes). +- IB/hfi1: Insure use of smp_processor_id() is preempt disabled + (git-fixes). +- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). +- net/mlx5: Update the list of the PCI supported devices + (git-fixes). +- commit 5d0d3c3 + +- asix: fix uninit-value in asix_mdio_read() (git-fixes). +- commit 954cba8 + +- usb: hub: Fix usb enumeration issue due to address0 race + (git-fixes). +- commit 831632a + +- USB: hub: Clean up use of port initialization schemes and + retries (git-fixes). +- commit 39e09e3 + +- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 + ltc#196449). +- commit 5cf33af + +- mask out added spinlock in rndis_params (git-fixes). +- commit cf77fd5 + +- usb: gadget: rndis: add spinlock for rndis response list + (git-fixes). +- commit 6500e0b + +- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). +- HID: add mapping for KEY_DICTATE (git-fixes). +- Input: elan_i2c - fix regulator enable count imbalance after + suspend/resume (git-fixes). +- Input: elan_i2c - move regulator_[en|dis]able() out of + elan_[en|dis]able_power() (git-fixes). +- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output + (git-fixes). +- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). +- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). +- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). +- ASoC: rt5682: do not block workqueue if card is unbound + (git-fixes). +- ASoC: rt5668: do not block workqueue if card is unbound + (git-fixes). +- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 + (git-fixes). +- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work + (git-fixes). +- mac80211_hwsim: report NOACK frames in tx_status (git-fixes). +- hamradio: fix macro redefine warning (git-fixes). +- commit add4eb4 + +- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). +- scsi: bnx2fc: Flush destroy_work queue before calling + bnx2fc_interface_put() (git-fixes). +- scsi: nsp_cs: Check of ioremap return value (git-fixes). +- scsi: qedf: Fix potential dereference of NULL pointer + (git-fixes). +- scsi: ufs: Fix race conditions related to driver data + (git-fixes). +- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() + (git-fixes). +- commit 2185cf5 + +- Add SCSI git-fix to blacklist: too pervasive +- commit 3f4a3f6 + +- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug +- commit 511f680 + +- cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning + (bsc#1196868). +- commit 30013c2 + +- cpuset: Fix the bug that subpart_cpus updated wrongly in + update_cpumask() (bsc#1196866). +- commit 8ee9c97 + +- blacklist.conf: prerequisites break kABI +- commit 88b00ea + +- blacklist.conf: kABI +- commit 11980b2 + +- blacklist.conf: patch not applicable due to missing infrastructure +- commit be9f64f + +- usb: dwc2: use well defined macros for power_down (git-fixes). +- commit 781db9c + +- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge +- commit 59d5e34 + +- Hand over the maintainership to SLE15-SP3 maintainers +- commit 0c92742 + +- SUNRPC: avoid race between mod_timer() and del_timer_sync() + (bnc#1195403). +- commit f6cf219 + +- cputime, cpuacct: Include guest time in user time in (git-fixes) +- commit b360f79 + +- sched/core: Mitigate race (git-fixes) +- commit d6e526f + +- cpufreq: schedutil: Use kobject release() method to free (git-fixes) +- commit 3b82dc0 + +- blacklist.conf: Blacklist uclamp related fixes +- commit af69679 + +- sr9700: sanity check for packet length (bsc#1196836). +- commit 558034f + +- tracing: Fix return value of __setup handlers (git-fixes). +- commit 184ff86 + +- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). +- exfat: fix incorrect loading of i_blocks for large files + (git-fixes). +- commit f1e7b8d + +- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION + (CVE-2022-26490 bsc#1196830). +- commit fd10ace + +- nvme-tcp: fix possible use-after-free in transport + error_recovery work (git-fixes). +- nvme: fix a possible use-after-free in controller reset during + load (git-fixes). +- commit 8b4713c + +- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch + (bsc#1194516 CVE-2022-0487). +- Update + patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch + (bsc#1195612 CVE-2022-24448). +- Update + patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch + (bsc#1196079 CVE-2022-0617). +- Update + patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch + (bsc#1196079 CVE-2022-0617). +- Update + patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch + (bsc#1194888 CVE-2022-0644 bsc#1196155). +- commit 096ea36 + +- ALSA: intel_hdmi: Fix reference to PCM buffer address + (git-fixes). +- ASoC: cs4265: Fix the duplicated control name (git-fixes). +- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min + (git-fixes). +- commit 46ecf36 + +- scsi: smartpqi: Add PCI IDs (bsc#1196627). +- commit 0f3e3c7 + +- vrf: Fix fast path output packet handling with async Netfilter + rules (git-fixes). +- commit 4dafe3d + +- net/mlx5e: Fix modify header actions memory leak (git-fixes). +- commit 2d08f14 + +- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping + advertisement (git-fixes). +- commit 644c57f + +- net: hns3: Clear the CMDQ registers before unmapping BAR region + (git-fixes). +- commit 09653f6 + +- netsec: ignore 'phy-mode' device property on ACPI systems + (git-fixes). +- commit b2241ca + +- net: sfc: Replace in_interrupt() usage (git-fixes). +- commit 254377d + +- gtp: remove useless rcu_read_lock() (git-fixes). +- commit 2588833 + +- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo + configuration (git-fixes). +- commit 28ecaea + +- Refresh + patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch. +- Refresh + patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch. +- Refresh + patches.suse/ibmvnic-complete-init_done-on-transport-events.patch. +- Refresh + patches.suse/ibmvnic-define-flush_reset_queue-helper.patch. +- Refresh + patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch. +- Refresh + patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch. +- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch. +- Refresh + patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch. +- Refresh + patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch. +- Refresh + patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch. +- Refresh + patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch. +- Refresh patches.suse/xfrm-fix-mtu-regression.patch. +- commit 25457d5 + +- netfilter: nf_tables_offload: incorrect flow offload action + array size (bsc#1196299 CVE-2022-25636). +- commit 30b89a9 + +- batman-adv: Don't expect inter-netns unique iflink indices + (git-fixes). +- batman-adv: Request iflink once in batadv_get_real_netdevice + (git-fixes). +- batman-adv: Request iflink once in batadv-on-batadv check + (git-fixes). +- nl80211: Handle nla_memdup failures in handle_nan_filter + (git-fixes). +- mac80211: fix forwarded mesh frames AC & queue selection + (git-fixes). +- can: gs_usb: change active_channels's type from atomic_t to u8 + (git-fixes). +- commit 1c8fa49 + +- cgroup-v1: Correct privileges check in release_agent writes + (bsc#1196723). +- commit 3d0b2e2 + +- blacklist.conf: Add 51e50fbd3efc psi: fix "no previous prototype" warnings when CONFIG_CGROUPS=n +- commit 2727993 + +- ARM: 9182/1: mmu: fix returns from early_param() and __setup() + functions (git-fixes). +- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). +- ntb: intel: fix port config status offset for SPR (git-fixes). +- USB: serial: option: add Telit LE910R1 compositions (git-fixes). +- USB: serial: option: add support for DW5829e (git-fixes). +- USB: gadget: validate endpoint index for xilinx udc (git-fixes). +- xhci: re-initialize the HC during resume if HCE was set + (git-fixes). +- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). +- USB: zaurus: support another broken Zaurus (git-fixes). +- USB: gadget: validate interface OS descriptor requests + (git-fixes). +- commit a54291e + +- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch + (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). +- commit 59ca885 + +- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). +- commit 6dcfd65 + +- blk-mq: don't free tags if the tag_set is used by other device + in queue initialztion (bsc#1193787). +- commit 5b79ad2 + +- kernel-binary.spec: Also exclude the kernel signing key from devel package. + There is a check in OBS that fails when it is included. Also the key is + not reproducible. + Fixes: bb988d4625a3 ("kernel-binary: Do not include sourcedir in certificate path.") +- commit 68fa069 + +- powerpc/fadump: register for fadump as early as possible + (bsc#1179439 ltc#190038). +- commit 3f54d95 + +- rpm/check-for-config-changes: Ignore PAHOLE_VERSION. +- commit 88ba5ec + +- powerpc/pseries/iommu: Fix window size for direct mapping with + pmem (bsc#1196472 ltc#192278). +- powerpc/dma: Fallback to dma_ops when persistent memory present + (bsc#1196472 ltc#192278). + Update config files. +- dma-mapping: Allow mixing bypass and mapped DMA operation + (bsc#1196472 ltc#192278). +- dma-direct: Fix potential NULL pointer dereference (bsc#1196472 + ltc#192278). +- commit a04953d + +- soc: fsl: qe: Check of ioremap return value (git-fixes). +- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). +- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) + (git-fixes). +- firmware: arm_scmi: Remove space in MODULE_ALIAS name + (git-fixes). +- efivars: Respect "block" flag in efivar_entry_set_safe() + (git-fixes). +- gpio: tegra186: Fix chip_data type confusion (git-fixes). +- gpio: rockchip: Reset int_bothedge when changing trigger + (git-fixes). +- spi: spi-zynq-qspi: Fix a NULL pointer dereference in + zynq_qspi_exec_mem_op() (git-fixes). +- iio: Fix error handling for PM (git-fixes). +- iio: adc: men_z188_adc: Fix a resource leak in an error handling + path (git-fixes). +- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM + bits (git-fixes). +- tty: n_gsm: fix proper link termination after failed open + (git-fixes). +- tty: n_gsm: fix encoding of control signal octet bit DV + (git-fixes). +- Revert "USB: serial: ch341: add new Product ID for CH341A" + (git-fixes). +- usb: dwc3: gadget: Let the interrupt handler disable bottom + halves (git-fixes). +- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). +- xhci: Prevent futile URB re-submissions due to incorrect return + value (git-fixes). +- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). +- clk: jz4725b: fix mmc0 clock gating (git-fixes). +- drm/edid: Always set RGB444 (git-fixes). +- commit c381750 + +- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 + ltc#196449). +- commit 72793cf + +- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079 + CVE-2022-0617). +- commit a1deb2a + +- udf: Fix NULL ptr deref when converting from inline format + (bsc#1196079 CVE-2022-0617). +- commit 43cd4ed + +- usb: gadget: rndis: check size of RNDIS_MSG_SET command + (CVE-2022-25375 bsc#1196235). +- commit 4e7d746 + +- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155) +- commit 900b4f0 + +- USB: gadget: validate interface OS descriptor requests + (CVE-2022-25258 bsc#1196095). +- commit 4c69367 + +- f2fs: fix to do sanity check on inode type during garbage + collection (CVE-2021-44879 bsc#1195987). +- commit 139271b + +- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959 + bsc#1195897). +- commit 60220af + +- usb: gadget: clear related members when goto fail + (CVE-2022-24958 bsc#1195905). +- usb: gadget: don't release an existing dev->buf (CVE-2022-24958 + bsc#1195905). +- commit 96dda76 + +- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch + (bsc#1194516 CVE-2022-0487). +- commit f68f189 + +- kernel-binary: Do not include sourcedir in certificate path. + The certs macro runs before build directory is set up so it creates the + aggregate of supplied certificates in the source directory. + Using this file directly as the certificate in kernel config works but + embeds the source directory path in the kernel config. + To avoid this symlink the certificate to the build directory and use + relative path to refer to it. + Also fabricate a certificate in the same location in build directory + when none is provided. +- commit bb988d4 + +- constraints: Also adjust disk requirement for x86 and s390. +- commit 9719db0 + +- constraints: Increase disk space for aarch64 +- commit 09c2882 + +- drm/i915: Remove memory frequency calculation (bsc#1195211). +- commit ea4d32b + +- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed + (bsc#1195211). +- drm/i915/gen11+: Only load DRAM information from pcode + (bsc#1195211). +- drm/i915: Nuke not needed members of dram_info (bsc#1195211). +- drm/i915/dg1: Wait for pcode/uncore handshake at startup + (bsc#1195211). +- commit d7995a2 + +- NFSv4: Handle case where the lookup of a directory fails + (bsc#1195612 CVE-2022-24448). +- commit 1023a28 + +- scsi: ufs: Correct the LUN used in eh_device_reset_handler() + callback (bsc#1193864 CVE-2021-39657). +- commit 5ec67f9 + +- kernel-obs-build: include 9p (boo#1195353) + To be able to share files between host and the qemu vm of the build + script, the 9p and 9p_virtio kernel modules need to be included in + the initrd of kernel-obs-build. +- commit 0cfe67a + +- net: tipc: validate domain record count on input (bsc#1195254). +- commit 96de11b + +- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr + directory (bsc#1195051). +- commit c80b5de + +- kernel-binary.spec: Do not use the default certificate path (bsc#1194943). + Using the the default path is broken since Linux 5.17 +- commit 68b36f0 + +- fix rpm build warning + tumbleweed rpm is adding these warnings to the log: + It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl +- commit 3ba8941 + +- build initrd without systemd + This reduces the size of the initrd by over 25%, which + improves startup time of the virtual machine by 0.5-0.6s on + very fast machines, more on slower ones. +- commit ef4c569 + kernel-source +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-source-azure +- supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) + Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic + arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce +- commit e6b9e81 + +- fuse: handle kABI change in struct fuse_args (bsc#1197343 + CVE-2022-1011). +- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 + CVE-2022-1011). +- commit 879fc92 + +- Refresh + patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch + Add info about context deviation from upstream. +- commit f8cba97 + +- Refresh + patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch + Add info about context deviation from upstream. +- commit 1d085d3 + +- Refresh + patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit e44090b + +- Refresh + patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit da99102 + +- Refresh + patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch + Add info on context deviation from upstream. +- commit aa0e1a6 + +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch + Add info about context deviation from upstream. +- commit 2d1de22 + +- bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes + bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 8bc21d0 + +- watch_queue: Make comment about setting ->defunct more accurate + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix lack of barrier/sync/lock between post and read + (CVE-2022-0995 bsc#1197246). +- watch_queue: Free the alloc bitmap when the watch_queue is + torn down (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix the alloc bitmap size to reflect notes + allocated (CVE-2022-0995 bsc#1197246). +- watch_queue: Use the bitmap API when applicable (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix to always request a pow-of-2 pipe ring size + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix to release page in ->release() (CVE-2022-0995 + bsc#1197246). +- watch_queue, pipe: Free watchqueue state after clearing pipe + ring (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). +- commit 223dbc3 + +- arm64: PCI: Support root bridge preparation for Hyper-V + (bsc#1197291). +- arm64: PCI: Restructure pcibios_root_bridge_prepare() + (bsc#1197291). +- commit 060e164 + +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup + (bsc#1196018). +- commit 6dcb47f + +- sr9700: sanity check for packet length (bsc#1196836 + CVE-2022-26966). +- commit 56eea34 + +- Update kabi files. + Update to reflect the changes from bpf CVE fixes. +- commit 993b084 + +- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. +- commit f0d0e90 + +- nvme-rdma: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme-tcp: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: fix a possible use-after-free in controller reset during + load (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-fabrics: ignore invalid fast_io_fail_tmo values + (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 + bsc#1197146 bsc#1193554). +- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 + bsc#1197146 bsc#1193554). +- blk-mq: don't free tags if the tag_set is used by other device + in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 4ccb78c + +- series: Resort entries + The series is not sorted which makes qdoit unhappy. Sort it. +- commit ce701de + +- esp: Fix possible buffer overflow in ESP transformation + (CVE-2022-0886 bsc#1197131). +- sock: remove one redundant SKB_FRAG_PAGE_ORDER macro + (CVE-2022-0886 bsc#1197131). +- commit fa4075e + +- ipv6: fix skb drops in igmp6_event_query() and + igmp6_event_report() (CVE-2022-0742 bsc#1197128). +- commit b531b26 + +- aio: fix use-after-free due to missing POLLFREE handling + (CVE-2021-39698 bsc#1196956). +- aio: keep poll requests on waitqueue until completed + (CVE-2021-39698 bsc#1196956). +- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- commit ee17f5c + +- net/smc: Fix hung_task when removing SMC-R devices + (bsc#1197082). +- commit 5256139 + +- rpm/kernel-source.spec.in: call fdupes per subpackage + It is a waste of time to do a global fdupes when we have + subpackages. +- commit 1da8439 + +- bpf, selftests: Add test case trying to taint map value pointer + (bsc#1196130,CVE-2021-45402). +- bpf: Make 32->64 bounds propagation slightly more robust + (bsc#1196130,CVE-2021-45402). +- bpf: Fix signed bounds propagation after mov32 + (bsc#1196130,CVE-2021-45402). +- commit 04987fb + +- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. +- commit 174a64f + +- rpm/kernel-docs.spec.in: use %%license for license declarations + Limited to SLE15+ to avoid compatibility nightmares. +- commit 73d560e + +- rpm/*.spec.in: Use https:// urls +- commit 77b5f8e + +- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 + CVE-2022-23960). +- ARM: include unprivileged BPF status in Spectre V2 reporting + (bsc#1085308 CVE-2022-23960). +- commit 2b85b07 + +- ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). +- Update config files. +- commit 214f301 + +- ARM: use LOADADDR() to get load address of sections (bsc#1085308 + CVE-2022-23960). +- ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). +- ARM: report Spectre v2 status through sysfs (bsc#1085308 + CVE-2022-23960). +- commit 20f8a99 + +- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 68439a4 + +- arm64: proton-pack: Include unprivileged eBPF status in + Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: Use the clearbhb instruction in mitigations (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered + and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- commit 52f56e7 + +- arm64: Mitigate spectre style branch history side channels + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Update config files. +- Refresh + patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. +- commit 1403b73 + +- arm64: proton-pack: Report Spectre-BHB vulnerabilities as + part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add macro for reading symbol addresses from + the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Add vectors that have the bhb mitigation sequences + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add non-kpti __bp_harden_el1_vectors for + mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow the trampoline text to occupy multiple pages + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the kpti trampoline's kpti sequence optional + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Move trampoline macros out of ifdef'd section + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Don't assume tramp_vectors is the start + of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow tramp_alias to access symbols after + the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Move the trampoline data page before the text page + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Free up another register on kpti's tramp_exit path + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the trampoline cleanup optional (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow indirect vectors to be used without + SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 39b0cd1 + +- arm64: Add Cortex-X2 CPU part definition (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Refresh + patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. +- commit 1489419 + +- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 76b95f9 + +- bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). +- bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem + (bsc#1196261 CVE-2022-0500). +- bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM + (bsc#1196261CVE-2022-0500). +- bpf: Convert PTR_TO_MEM_OR_NULL to composable types + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 + bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). +- Refresh + patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce composable reg, ret and arg types (bsc#1194111 + bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 4db4b9b + +- Delete ACPI patch that broke s2idle (bsc#1196213) + Deleted: + patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch + A new kABI compat patch was added instead +- commit 99c6bc9 + +- NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). +- commit a149497 + +- arm64: Add Cortex-A510 CPU part definition (git-fixes). +- commit 1fd20fb + kernel-syms +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + kernel-syms-azure +- supported.conf: Mark a few SM* chiper modules as supported (bsc#1197287) + Mark supported for the modules: sm2_generic, sm3_generic, sm4_generic + arm64-specific: sha3-ce, sha512-ce, sm3-ce, sm4-ce +- commit e6b9e81 + +- fuse: handle kABI change in struct fuse_args (bsc#1197343 + CVE-2022-1011). +- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 + CVE-2022-1011). +- commit 879fc92 + +- Refresh + patches.suse/bpf-Add-MEM_RDONLY-for-helper-args-that-are-pointers.patch + Add info about context deviation from upstream. +- commit f8cba97 + +- Refresh + patches.suse/bpf-Replace-PTR_TO_XXX_OR_NULL-with-PTR_TO_XXX-PTR_M.patch + Add info about context deviation from upstream. +- commit 1d085d3 + +- Refresh + patches.suse/bpf-Replace-RET_XXX_OR_NULL-with-RET_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit e44090b + +- Refresh + patches.suse/bpf-Replace-ARG_XXX_OR_NULL-with-ARG_XXX-PTR_MAYBE_N.patch + Add info about context deviation from upstream. +- commit da99102 + +- Refresh + patches.suse/bpf-Introduce-composable-reg-ret-and-arg-types.patch + Add info on context deviation from upstream. +- commit aa0e1a6 + +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch + Add info about context deviation from upstream. +- commit 2d1de22 + +- bpf: Fix crash due to out of bounds access into reg2btf_ids (git-fixes + bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 8bc21d0 + +- watch_queue: Make comment about setting ->defunct more accurate + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix lack of barrier/sync/lock between post and read + (CVE-2022-0995 bsc#1197246). +- watch_queue: Free the alloc bitmap when the watch_queue is + torn down (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix the alloc bitmap size to reflect notes + allocated (CVE-2022-0995 bsc#1197246). +- watch_queue: Use the bitmap API when applicable (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix to always request a pow-of-2 pipe ring size + (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix to release page in ->release() (CVE-2022-0995 + bsc#1197246). +- watch_queue, pipe: Free watchqueue state after clearing pipe + ring (CVE-2022-0995 bsc#1197246). +- watch_queue: Fix filter limit check (CVE-2022-0995 bsc#1197246). +- commit 223dbc3 + +- arm64: PCI: Support root bridge preparation for Hyper-V + (bsc#1197291). +- arm64: PCI: Restructure pcibios_root_bridge_prepare() + (bsc#1197291). +- commit 060e164 + +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup + (bsc#1196018). +- commit 6dcb47f + +- sr9700: sanity check for packet length (bsc#1196836 + CVE-2022-26966). +- commit 56eea34 + +- Update kabi files. + Update to reflect the changes from bpf CVE fixes. +- commit 993b084 + +- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. +- commit f0d0e90 + +- nvme-rdma: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme-tcp: fix possible use-after-free in transport + error_recovery work (bsc#1193787 bsc#1197146 bsc#1193554). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: fix a possible use-after-free in controller reset during + load (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-fabrics: ignore invalid fast_io_fail_tmo values + (bsc#1193787 bsc#1197146 bsc#1193554). +- nvme-tcp: fix memory leak when freeing a queue (bsc#1193787 + bsc#1197146 bsc#1193554). +- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (bsc#1193787 + bsc#1197146 bsc#1193554). +- blk-mq: don't free tags if the tag_set is used by other device + in queue initialztion (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 4ccb78c + +- series: Resort entries + The series is not sorted which makes qdoit unhappy. Sort it. +- commit ce701de + +- esp: Fix possible buffer overflow in ESP transformation + (CVE-2022-0886 bsc#1197131). +- sock: remove one redundant SKB_FRAG_PAGE_ORDER macro + (CVE-2022-0886 bsc#1197131). +- commit fa4075e + +- ipv6: fix skb drops in igmp6_event_query() and + igmp6_event_report() (CVE-2022-0742 bsc#1197128). +- commit b531b26 + +- aio: fix use-after-free due to missing POLLFREE handling + (CVE-2021-39698 bsc#1196956). +- aio: keep poll requests on waitqueue until completed + (CVE-2021-39698 bsc#1196956). +- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956). +- commit ee17f5c + +- net/smc: Fix hung_task when removing SMC-R devices + (bsc#1197082). +- commit 5256139 + +- rpm/kernel-source.spec.in: call fdupes per subpackage + It is a waste of time to do a global fdupes when we have + subpackages. +- commit 1da8439 + +- bpf, selftests: Add test case trying to taint map value pointer + (bsc#1196130,CVE-2021-45402). +- bpf: Make 32->64 bounds propagation slightly more robust + (bsc#1196130,CVE-2021-45402). +- bpf: Fix signed bounds propagation after mov32 + (bsc#1196130,CVE-2021-45402). +- commit 04987fb + +- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. +- commit 174a64f + +- rpm/kernel-docs.spec.in: use %%license for license declarations + Limited to SLE15+ to avoid compatibility nightmares. +- commit 73d560e + +- rpm/*.spec.in: Use https:// urls +- commit 77b5f8e + +- ARM: fix build error when BPF_SYSCALL is disabled (bsc#1085308 + CVE-2022-23960). +- ARM: include unprivileged BPF status in Spectre V2 reporting + (bsc#1085308 CVE-2022-23960). +- commit 2b85b07 + +- ARM: Spectre-BHB workaround (bsc#1085308 CVE-2022-23960). +- Update config files. +- commit 214f301 + +- ARM: use LOADADDR() to get load address of sections (bsc#1085308 + CVE-2022-23960). +- ARM: early traps initialisation (bsc#1085308 CVE-2022-23960). +- ARM: report Spectre v2 status through sysfs (bsc#1085308 + CVE-2022-23960). +- commit 20f8a99 + +- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787 bsc#1197146 bsc#1193554). +- commit 68439a4 + +- arm64: proton-pack: Include unprivileged eBPF status in + Spectre v2 mitigation reporting (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: Use the clearbhb instruction in mitigations (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered + and migrated (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- commit 52f56e7 + +- arm64: Mitigate spectre style branch history side channels + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Update config files. +- Refresh + patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch. +- commit 1403b73 + +- arm64: proton-pack: Report Spectre-BHB vulnerabilities as + part of Spectre-v2 (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: Add percpu vectors for EL1 (bsc#1085308 CVE-2022-23960 + CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add macro for reading symbol addresses from + the trampoline (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Add vectors that have the bhb mitigation sequences + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Add non-kpti __bp_harden_el1_vectors for + mitigations (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow the trampoline text to occupy multiple pages + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the kpti trampoline's kpti sequence optional + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Move trampoline macros out of ifdef'd section + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Don't assume tramp_vectors is the start + of the vectors (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Allow tramp_alias to access symbols after + the 4K boundary (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: entry: Move the trampoline data page before the text page + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Free up another register on kpti's tramp_exit path + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry: Make the trampoline cleanup optional (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- KVM: arm64: Allow indirect vectors to be used without + SPECTRE_V3A (bsc#1085308 CVE-2022-23960 CVE-2022-0001 + CVE-2022-0002). +- arm64: spectre: Rename spectre_v4_patch_fw_mitigation_conduit + (bsc#1085308 CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- arm64: entry.S: Add ventry overflow sanity checks (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 39b0cd1 + +- arm64: Add Cortex-X2 CPU part definition (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- Refresh + patches.suse/arm64-Add-Cortex-A510-CPU-part-definition.patch. +- commit 1489419 + +- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1085308 + CVE-2022-23960 CVE-2022-0001 CVE-2022-0002). +- commit 76b95f9 + +- bpf/selftests: Test PTR_TO_RDONLY_MEM (bsc#1196261 CVE-2022-0500). +- bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem + (bsc#1196261 CVE-2022-0500). +- bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM + (bsc#1196261CVE-2022-0500). +- bpf: Convert PTR_TO_MEM_OR_NULL to composable types + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce MEM_RDONLY flag (bsc#1194111 bsc#1194765 + bsc#1196261 CVE-2021-4204 CVE-2022-0500 CVE-2022-23222). +- Refresh + patches.suse/bpf-Fix-out-of-bounds-access-for-ringbuf-helpers.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- Refresh + patches.suse/bpf-Generalize-check_ctx_reg-for-reuse-with-other-ty.patch. +- Refresh + patches.suse/bpf-Generally-fix-helper-register-offset-check.patch. +- bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL + (bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- bpf: Introduce composable reg, ret and arg types (bsc#1194111 + bsc#1194765 bsc#1196261 CVE-2021-4204 CVE-2022-0500 + CVE-2022-23222). +- commit 4db4b9b + +- Delete ACPI patch that broke s2idle (bsc#1196213) + Deleted: + patches.suse/ACPI-EC-Rework-flushing-of-EC-work-while-suspended-t.patch + A new kABI compat patch was added instead +- commit 99c6bc9 + +- NFSD: Fix READDIR buffer overflow (git-fixes bsc#1196346). +- commit a149497 + +- arm64: Add Cortex-A510 CPU part definition (git-fixes). +- commit 1fd20fb + kernel-zfcpdump +- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174 + ltc#196362). +- commit be99d79 + +- watch_queue: Actually free the watch (CVE-2022-0995 + bsc#1197246). +- watch_queue: Fix NULL dereference in error cleanup + (CVE-2022-0995 bsc#1197246). +- commit 9f97636 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- commit 7ca9b7d + +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- commit bdcd5ee + +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- commit 8bb5c1f + +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 4ce87ae + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 15a1bad + keybinder -- Disabled python binding on Leap 15.4 +- Disable python2 bindings on 15.4 - they fail to build. kgamma5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + khotkeys5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kinfocenter5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kmenuedit5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kscreen5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * KCM: Center Orientation label when there's no automatic options + * X11: align touchscreen to internal display (kde#415683) +- Drop code for obsolete versions + kscreenlocker +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + ksshaskpass5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + ksystemstats5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kwayland-integration +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + kwayland-server +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * outputchangeset: set default values for vrr policy and rgb range (kde#442520) + kwin5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * backends/drm: attempt a modeset on output disabling (kde#449878) + * plugins/screencast: Fix a glitch in cursor bitmap + * backends/drm: set max bpc in DrmPipeline + * backends/drm: fall back to legacy mode in virtual machines (kde#427060) + * backends/drm: only allow ARGB8888 as the cursor format + * effects/blur: Fix window flickering when the clip intersected with the current blur region. (kde#421135) + * screencast: better solution for missing context on cursor move + * Revert "screencast: make context current in tryEnqueue" + * src/kcmkwin: fix botched indentation code for final checkbox + * backends/drm: don't do direct scanout with software rotation + * screencast: make context current in tryEnqueue + * effects/desktopgrid: don't forget to schedule repaints when timeline is running (kde#444678) + * effects/desktopgrid: register down gesture (kde#444694) + * inputmethod: Do not reset when hiding + * inputmethod: Listen to text-input enablement changes when starting disabled +- Drop patches, now upstream: + * 0001-backends-drm-fall-back-to-legacy-mode-in-virtual-mac.patch + +- Add patch to fix client cursor offset in VMs (kde#427060): + * 0001-backends-drm-fall-back-to-legacy-mode-in-virtual-mac.patch + kwrited5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + layer-shell-qt +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + libkdecoration2 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * Add RtL support (kde#432390) + libkscreen2 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + libksysguard5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + +- Force PIE when building with gcc-10 (boo#1195628, boo#1197641) + libosinfo +- bsc#1197769 - FTBFS: libosinfo won't compile on SP4 + libosinfo.spec + libqt5-qtwebengine +- Add security fixes: + * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) + * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) + +- Add patch to fix build with GCC 12: + * 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch + libsolv +- reworked choice rule generation to cover more usecases +- support SOLVABLE_PREREQ_IGNOREINST in the ordering code + [bsc#1196514] +- support parsing of Debian's Multi-Arch indicator +- bump version to 0.7.22 + libzypp -- Fix package signature check (bsc#184501) +- ZConfig: Update solver settings if target changes (bsc#1196368) +- version 17.30.0 (22) + +- Fix possible hang in singletrans mode (bsc#1197134) +- Do 2 retries if mount is still busy. +- version 17.29.7 (22) + +- Fix package signature check (bsc#1184501) lzma-sdk +- Update to version 21.07 + * New switches: -spm and -im!{file_path} to exclude + directories from processing for specified paths that don't + contain path separator character at the end of path. + * The sorting order of files in archives was slightly changed + to be more consistent for cases where the name of some + directory is the same as the prefix part of the name of + another directory or file. + makedumpfile +- makedumpfile-sadump-kaslr-fix-kaslr_offset-calculation.patch: + sadump, kaslr: fix failure of calculating kaslr_offset + (bsc#1196736). + +- Turn on zstd in Tumbleweed. + milou5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + nvme-cli +- Fix install conflict caused by new bash completion script + location (bsc#1197365). + nvme-stas +- Update to version 1.0-rc5: + * Remove misconfiguration check. (bsc#1197361) + * Document how to increase the number of interfaces that Avahi can monitor. +- Removed python3-netifaces dependency (bsc#1197361) +- Added ahahi dependency +- Do not list files twice (add %dir to directory paths) +- Drop workaround for Python interpreter path fixup. + +- Update to version 1.0-rc4: + * Check ignore-iface when creating TransportId object + * Adding man pages for ip-family and ignore-iface + * Add ignore-iface and ip-family conf. options + * Update the documentation + * Change default address returned by name resolver + * Filter out invalid IP addresses. (bsc#1197361) + * When reading the Host NQN, warn people if the NQN seems invalid + * Print descriptive message when unable to run stafctl/stacctl + * Use the newly added cntlrtype to check the type of controller + * minor fix to previous change to set the log level on libnvme + * LOG: enable libnvme debug when trace is enabled +- Added python3-netifaces dependency + openblas:gnu-hpc +- Build PPC64LE libraries with the lastest gcc available to + take advantage of instruction sets in later CPUs used in + the CPU specific kernels (jsc#SLE-18143, bsc#1197721). + For fortran use the stock compiler to avoid compatibility + issues between different versions of libfortran. + This is relevant for Leap/SLE only. It may be dropped once + gcc < 10 is no longer supported. + openblas:gnu-hpc-pthreads +- Build PPC64LE libraries with the lastest gcc available to + take advantage of instruction sets in later CPUs used in + the CPU specific kernels (jsc#SLE-18143, bsc#1197721). + For fortran use the stock compiler to avoid compatibility + issues between different versions of libfortran. + This is relevant for Leap/SLE only. It may be dropped once + gcc < 10 is no longer supported. + openblas:openmp +- Build PPC64LE libraries with the lastest gcc available to + take advantage of instruction sets in later CPUs used in + the CPU specific kernels (jsc#SLE-18143, bsc#1197721). + For fortran use the stock compiler to avoid compatibility + issues between different versions of libfortran. + This is relevant for Leap/SLE only. It may be dropped once + gcc < 10 is no longer supported. + openblas:pthreads +- Build PPC64LE libraries with the lastest gcc available to + take advantage of instruction sets in later CPUs used in + the CPU specific kernels (jsc#SLE-18143, bsc#1197721). + For fortran use the stock compiler to avoid compatibility + issues between different versions of libfortran. + This is relevant for Leap/SLE only. It may be dropped once + gcc < 10 is no longer supported. + openblas:serial +- Build PPC64LE libraries with the lastest gcc available to + take advantage of instruction sets in later CPUs used in + the CPU specific kernels (jsc#SLE-18143, bsc#1197721). + For fortran use the stock compiler to avoid compatibility + issues between different versions of libfortran. + This is relevant for Leap/SLE only. It may be dropped once + gcc < 10 is no longer supported. + openssl-1_1 +- FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280] + * The IG 10.3.A and SP800-132 require some minimum parameters for + the salt length, password length and iteration count. These + parameters should be also used in the KAT. + * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch + +- Security Fix: [bsc#1196877, CVE-2022-0778] + * Infinite loop in BN_mod_sqrt() reachable when parsing certificates + * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch + +- Added openssl-1_1-use-include-directive.patch so that the default + /etc/ssl/openssl.cnf file will include any configuration files that + other packages might place into /etc/ssl/engines.d/ and + /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was + being used to modify the openssl.cnf file. The scripting would fail + if either the default openssl.cnf file, or the sample openssl-ibmca + configuration file would be changed by upstream. +- Updated spec file to create the two new necessary directores for + the above patch. [bsc#1194187, bsc#1004463] + +- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch + * bsc#1190652 - Provide a service to output module name/identifier + and version + +- Security fix: [bsc#1192820, CVE-2002-20001] + * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows + remote attackers (from the client side) to send arbitrary + numbers that are actually not public keys, and trigger + expensive server-side DHE calculation. + * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST + * Rebase openssl-DEFAULT_SUSE_cipher.patch + +- FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch + that were removed in the update to 1.1.1l [bsc#1185313] + +- FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num + * Rebase openssl-DH.patch [bsc#1194327] +- Merge openssl-keep_EVP_KDF_functions_version.patch into + openssl-1.1.1-evp-kdf.patch +- Add function codes for pbkdf2, hkdf, tls and ssh selftests. + Rebase patches: + * openssl-fips-kdf-hkdf-selftest.patch + * openssl-kdf-selftest.patch + * openssl-kdf-ssh-selftest.patch + * openssl-kdf-tls-selftest.patch + +- Pull libopenssl-1_1 when updating openssl-1_1 with the same + version. [bsc#1195792] + +- FIPS: Fix function and reason error codes [bsc#1182959] + * Add openssl-1_1-FIPS-fix-error-reason-codes.patch + +- Enable zlib compression support [bsc#1195149] + +- Remove the openssl-has-RSA_get0_pss_params provides as it is + now fixed in the nodejs16 side [bsc#1192489] + +- FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320] + * Add openssl-FIPS-KAT-before-integrity-tests.patch + +- FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442] + * Add openssl-fips-kdf-hkdf-selftest.patch + openssl-ibmca +- Completely revamped the postinstall scriptlet so that it doesn't + need to know or care about how many lines are in either + /etc/ssl/openssl.cnf, or the sample file at + /usr/share/doc/packages/openssl-ibmca/openssl.cnf.sample + We're now using the ".include" directive for the openssl.cnf + file, and only modifying that file the minimum necessary to + implement the change. (bsc#1004463) + - * Define a global variable enginedir the same was as IBM does + * Define a global variable enginesdir the same was as IBM does oxygen5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + pam +- Between allocating the variable "ai" and free'ing them, there are + two "return NO" were we don't free this variable. This patch + inserts freaddrinfo() calls before the "return NO;"s. + [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch] + +- Define _pam_vendordir as "/%{_sysconfdir}/pam.d" + The variable is needed by systemd and others. + [bsc#1196093, macros.pam] + pam_kwallet +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + parsec +- Update to 1.0.0: + * Update changelog file only +- Disable build on x86 since the build fails + +- Update to 1.0.0-rc3: + * Changelog: https://github.com/parallaxsecond/parsec/compare/1.0.0-rc2...1.0.0-rc3 + * Fixes CVE-2022-24713 - boo#1196972 + +- Update to 1.0.0-rc2: + * Changelog: https://github.com/parallaxsecond/parsec/compare/1.0.0-rc1...1.0.0-rc2 +- Remove CryptoAuthLib (CAL) provider as it is unmaintained. + +- Update to 1.0.0-rc1: + * Changelog: https://github.com/parallaxsecond/parsec/compare/0.8.1...1.0.0-rc1 +- Drop upstream patch: + * harden_parsec.service.patch + parsec-tool +- Update to 0.5.2: + * changelog from 0.5.1 to 0.5.2: + https://github.com/parallaxsecond/parsec-tool/compare/0.5.1...0.5.2 + * Fixes CVE-2022-24713 - boo#1196972 + pipewire +- Reorder BuildRequires and space conditions a bit better in the + spec file. + +- Update to version 0.3.49: + * Highlights + - Sample rate switching should work again. + - pw-dot can now use the output of pw-dump to render a graph. + - Bluetooth A2DP streaming was improved that would reduce + stuttering on some devices. + - A JACK bug was fixed that would sometimes make it impossible + to add more tracks in Ardour. (#1714) + - Many bugfixes and improvements. + * PipeWire + - Fix a potential crash when NULL params were configured. + - Add some simple functional tests to avoid some recent + regressions. Improve the test framework for this as well. + - Improvements to the poll loop to avoid some use-after-free + scenarios. + - Fix samplerate switching again. + - setlocale is not called anymore from the pipewire library. + This should be called by the application. (#2223) + - pw_init() and pw_deinit() can now be nested and called + multiple times. + - pw_stream will now report the resampler delay in the + pw_time.queued field. + * modules + - module-filter-chain now supports arbitrary many properties + and will use property hints to assign them the right type. + - The ROC modules now accept a sink/source_properties + parameter. + - The module-rt can now also be built without RT-Kit support. + - module-echo-cancel can now use a fraction to specify the + delay for more precise control. + * SPA + - The channelmixer will now do upmixing by default and will not + use normalization. It will also use a simple upmixing + algorithm that duplicates channels by default. A more + interesting upmix method is also available (PSD) but needs to + be enabled manually. (#861) + - Add SSE optimized (de)interleave functions for 32 bits + samples with and without byteswap. + - JSON parsing of empty strings will now give an invalid number + instead of 0. + - JSON numbers are now parsed and serialized in a locale + independent way so that , and . are not mixed up. + - The resampler will now report the resample delay and queued + samples as the extra delay. + * tools + - pw-cat will read more dsf files correctly and will not crash + at the end. + - pw-top now has a man page. + - pw-dot can now use the output of pw-dump to render a graph. + * bluetooth + - Improve interactions with oFono. + - Fix recovery with slow connections. + - Improve frame size of AptX-ll. + - A2DP can now use any quantum and will flush packets in + smaller chunks when needed to adapt. This improves stuttering + in some cases. + * pulse-server + - The server configuration can now be placed in + pulse.properties section, which also makes it possible to + have custom overrides. + - Implement FIX_ flags for capture as well. + - Small fixes and improvements in module loading. + * JACK + - Clear the last error before executing a new action or else we + could end up with error from a previous action. This causes + some problems in Ardour where adding a track would fail after + some time. (#1714) +- Rebase reduce-meson-dependency.patch. + +- Update to version 0.3.48: + * Highlights + - Fix IEC958 passthrough again. + - Fix pulse-server crashes when playing a sample. + - Support for more a more advanced upmixing algorithm. + - filter-chain now supports arbitrary many ports. + - Fix multichannel support in WINE (with new WirePlumber). + - Many bugfixes and improvements. + * PipeWire + - The work queue is now created in the context so we can fail + early and avoid further error checking in various places. + - Fix a potential use after free with threaded loops. + - The protocol now has a message footer. This is used to pass + around global state such as the last registered object + serial number. This can be used to detect when a client tries + to bind to old (but reused) object ids. This avoids some + races in the session manager but also when binding objects. + - The zero-denormals CPU flag is now not touched anymore unless + explicitly selected by the user. Denormals are avoided in + filter-chain now in software. If the zero-denormals are now + only configured in the data thread. This should fix issues + with luajit. + - Configuration parsing will not actually fail on errors. + - pw-top now correctly clips unicode characters. + - Many places now use a dynamic POD builder to support + arbitrary large property sets. + - pw-stream now support PropInfo parameters so that they can + announce custom properties. + - Serial number are now also set on metadata and + session-manager objects. + * SPA + - audioadapter is now smarter when trying to fixate the format. + It will use the PortConfig format to fill in any wildcards. + This results in the least amount of conversions when the + stream can handle it. It also is part of a fix (also requires + a session manager fix) for WINE multichannel support. + - Fix 5.1 to 2 channels mixing. It was using the volume of the + stereo pair on all channels. + - Fix some weird volume issues when a source is capturing and + channelmixing. + - Add stereo to 7.1 upmixing. + - The channelmix parameters can be changed at runtime now. + - Many improvements to the upmixing algorithms. Rear channels + are now constructed from the ambient sound and can have delay + and phase shift applied to them to improve spacialisation. + The stereo channels can be filtered so that the dialogue is + more concentrated in the centre channel. + * modules + - Module X11 bell received cleanups and improvements. + - The module now has a private method to schedule unload later. + This simplifies cleanup in many modules. + - module-filter-chain now handles arbitrary many ports and + control ports. + - Fix a bug in RAOP where it was reading from the wrong port. + * pulse-server + - Nodes with the DONT_MOVE property should fail with -EINVAL + when they are moved. + - Fix a segfault when playing a sample. + - The _FIX flags in pulse-server also now ignore the configured + sample format, just like pulseaudio does. + - Fix IEC958 passthrough again. It got accidentally broken + since 0.3.45 with a fix for another issue. + - Fix module-null-sink device.description. + * Bluetooth + - Don't try to connect HSP/HFP when no backend is available. +- Drop patches already included upstream: + * 0001-revert-loop-remove-destroy-list.patch + * 0002-pulse-server-free-pending-sample-reply.patch +- Rebase reduce-meson-dependency.patch. +- Enable pulseaudio-setup use on openSUSE Leap 15.4. +- Some spec clean-up. + +- Add 0001-revert-loop-remove-destroy-list.patch: fix MPD crash. +- Add 0002-pulse-server-free-pending-sample-reply.patch: fix + "fast volume change". + +- Update to version 0.3.47: + * Fix a bug in pulse-server that caused cached notifications to + play multiple times. + * Remove a check and warnings to catch leaked listeners on the + proxy. This might access invalid memory and cause infinite + loops in older wireplumber. +- Rebase reduce-meson-dependency.patch. + +- Update to version 0.3.46: + * Highlights: + - Fix a critical bug in pipewire-pulse buffer size handling + that made some apps (MuseScore, ... ) stutter. + - Fix a critical bug where devices would not show when the + kernel was compiled without VERBOSE_PROCSFS. + - JACK clients will now use lock-quantum by default. This + makes sure that all dynamic quantum changes are disabled + while a JACK app is running. The only way to force a + quantum chance is through a JACK app or with the metadata. + - Almost all limits on number of ports, clients and nodes are + removed. + - A Dummy fallback sink is now automatically created when + there are no other sinks. This avoids stalling browsers. + - Sound sharing with Zoom should work better. A new WirePlumber + release might be required. + - Many more fixes and improvements. + * PipeWire + - Update docs with new config overrides. + - The rule matching logic was moved to config and code is now + shared with pulse-server and JACK. + - Add new Romanian translation. + - When a quantum is forced with metadata, any node that asked + to lock-quantum is ignored so that the quantum change can + happen. + - Fix a bug where a mixer was removed twice, leading to + potential memory corruption. + - The port limits on nodes and filters are now removed. + Some code was simplified. + - Fix a potential leak because listeners where removed while + they could be emitted. + - Improve context.exec and avoid zombie processes. + * Modules + - The RAOP module now has a default latency of 2 seconds, + like PulseAudio. + - The echo-cancel module now uses the plugin loader to load + the backends. This makes it possible to add custom, out of + tree, echo cancel plugins. + * Tools + - Improve help of pw-link. + - Output to stdout and error to stderr. Use setlinebuf for + stdout to improve piping between apps. (#2110) + * SPA + - Improve removing sources when dispatching. Also improve + performance now that a destroy loop can be removed. (#2114) + - Fix an fd leak in the logger when logging to a file. + - Improve loop enter/leave checks and support recursive loops. + * pulse-server + - Clamp various buffer attributes to the max length. Fixes some + issues with various applications. (#2100) + - Module properties are now remapped correctly from their + pulseaudio variant to the PipeWire ones. + - Fix module index in introspect. Use the right index when + loaded from our internal modules. (#2101) + - Improve argument parsing and node.description. (#2086) + - The sink-index should now be filled in correctly when playing + a sample. (#2129) + - module-always-sink is now implemented and loaded by default. + (#1838) + - Add support for loading some modules only once. + - Module load and unload now does extra sync to make it appear + synchronous, like in PulseAudio. This improves sounds sharing + in Zoom. + * ALSA + - Fix critical bug where alsa devices would not show when the + kernel was compiled without VERBOSE_PROCFS. + - Some corner cases were fixed in the ALSA timing code. When + the capture node is follower, it will now not try to read too + much data and xrun but it will instead produce a cycle of + silence. + - Various fixes and improvements to make ALSA devices resync to + the driver more quickly and accurately. + * JACK + - Add an option to name the default device as system to improve + compatibility with some applications, + - Use lock-quantum by default. This makes sure that all dynamic + quantum changes are disabled while a JACK app is running. The + only way to force a quantum chance is through a JACK app or + with the metadata. + - It is now possible to do IPC calls from the data thread. Note + that this is a very bad idea but required for compatibility + with JACK2. + * GStreamer + - GStreamer sink will now set a default channelmap to make it + possible to remap to the channel layout of the device. +- Update patch for further uses of "new" meson features used by + upstream: + * reduce-meson-dependency.patch + +- Run ldconfig for pipewire-libjack-0_3 + * The JACK libraries are made available system-wide using + /etc/ld.so.conf.d. Hence, ldconfig should be run to make sure + the dynamic linker picks them up. + plasma-browser-integration +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 +- Drop handling for 0%{?suse_version} < 1330 + plasma-nm5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma-vault +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-addons +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-desktop +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * kcms/componentchooser: unify combobox lengths (kde#451365) + plasma5-disks +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-firewall +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-integration +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-nano +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-pa +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-phone-components +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * mmplugin: set all connections to not autoconnect on setMobileDataEnabled(false) (#182) + plasma5-sdk +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-systemmonitor +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-thunderbolt +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plasma5-workspace +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * kcms/users: Adjust for padding in overlay sheet (kde#451031) + * [Media Controller] Explicitly set slider "to" before setting "value" + * [Notifications] Fix implicit size propagation in SelectableLabel + * applets/kicker: Skip creating KService for non-desktop files or folders (kde#442970) + * Fix sleep/suspend sometimes not working ... from ksmserver-logout-greeter, by making the DBus calls synchronous. + * kicker/actionlist: Ensure we parse the args for the jumplist actions (kde#451418) + * libtaskmanager: recompute active task when a task is removed + * sddm/lockscreen: Fix weird behaviour + * [Notifications] Limit notification heading line count + plasma5-workspace-wallpapers +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + plymouth-theme-breeze +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + polkit-kde-agent-5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + powerdevil5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + protobuf +- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570, + bsc#1195258 + * Add protobuf-CVE-2021-22570.patch + python-Twisted +- Add skip-namespacewithwhitespace.patch to make the test suite + skip test failing with the modern libexpat. + python-rpm -- Add no-hardocded-python2.diff to avoid hardcoding of python2 - (jsc#SLE-16747) - +- update to rpm-4.11.1 + python-subliminal +- Build only for default python3 version + python310 +- (bsc#1196784, CVE-2022-25236) Rename patch: + support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch + and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 + as it was fully patched against CVE-2022-25236. + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + python310:base +- (bsc#1196784, CVE-2022-25236) Rename patch: + support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch + and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 + as it was fully patched against CVE-2022-25236. + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + python310:doc +- (bsc#1196784, CVE-2022-25236) Rename patch: + support-expat-245.patch to support-expat-CVE-2022-25236-patched.patch + and update the patch to detect expat >= 2.4.4 instead of >= 2.4.5 + as it was fully patched against CVE-2022-25236. + +- Add patch support-expat-245.patch: + * Support Expat >= 2.4.5 + qemu:linux-user +- Support the SGX feature (bsc#1197807) + * Patches added: + doc-Add-the-SGX-numa-description.patch + numa-Enable-numa-for-SGX-EPC-sections.patch + numa-Support-SGX-numa-in-the-monitor-and.patch + +- Backport CVE-2021-3929 (bsc#1193880) + * Patches added: + hw-nvme-fix-CVE-2021-3929.patch + +- The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) + * Patches added: + Revert-python-iotests-replace-qmp-with-a.patch + Revert-python-machine-add-instance-disam.patch + Revert-python-machine-add-sock_dir-prope.patch + Revert-python-machine-handle-fast-QEMU-t.patch + Revert-python-machine-move-more-variable.patch + Revert-python-machine-remove-_remove_mon.patch + +- Add missing patch from a PTFs (bsc#1194938) + * Patches added: + scsi-generic-check-for-additional-SG_IO-.patch + +- Kill downstream patches around bifmt handling that makes + cumbersome to run multi-arch containers, and switch to the + upstream behavior, which is well documented and valid on + all other distros. This is possible thanks to Linux kernel + commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so + it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) + * Patches dropped: + qemu-binfmt-conf.sh-allow-overriding-SUS.patch + qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch + +- Fix update_git.sh wiping all the package file of the local + checkout while cloning the git repository on demand (in case they + don't exist and the user as to do so). + +- Improve test reliability + * Patches added: + Fix-the-module-building-problem-for-s390.patch + tests-qemu-iotests-040-Skip-TestCommitWi.patch + tests-qemu-iotests-testrunner-Quote-case.patch + +- Fix virtiofs crashing with glibc >= 2.35, due to rseq syscall + (bsc#1196924) + * Patches added: + tools-virtiofsd-Add-rseq-syscall-to-the-.patch + +- Avoid warnings caused by a GCC 12 bug, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98503 + (bsc#1197018) + * Patches added: + hw-i386-amd_iommu-Fix-maybe-uninitialize.patch + Silence-GCC-12-spurious-warnings.patch + Ignore-spurious-GCC-12-warning.patch + +- Proactive fix + * Patches added: + hw-nvram-at24-return-0xff-if-1-byte-addr.patch + qqc2-breeze-style +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 + qt6-webengine +- Add security fixes: + * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) + * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) + qt6-webengine:docs +- Add security fixes: + * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) + * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) + raspberrypi-firmware-dt +- With recent Linux kernel gpio-ranges Device Tree property is now + required. Add following patches to fix immediate issue described + in bsc#1197578. + ARM-dts-gpio-ranges-property-is-now-required.patch + ARM-dts-Add-GPIO-line-names-for-downstream-RPis.patch + We do not update whole package because this will create new + issues like the one described in comment#12 in bsc#1193434 + and comment#2 in bsc#1196632. Once patches referenced in + bsc#1196632 are accepted upstream. _This_ package could be + upgraded too. + rpm +- Revert unwanted /usr/bin/python -> /usr/bin/python2 change we + got with the update to 4.14.3 [bsc#1194968] + new patch: no-python2.diff + +- Backport header check changes so that old rpms get no longer + rejected [bsc#1190824] + updated patch: headerchk3.diff + +- Add explicit requirement on python-rpm-macros to avoid widespread + breakage by package mistakenly ignoring their requirement of + python-rpm-macros (bsc#1180125, bsc#1193711). + +- backport zstd detection fix [bsc#1187670] + new patch: zstddetection.diff +- backport ndb rofs support [bsc#1188548] + new patch: ndbrofs.diff +- backport pgp hardening changes from upstream [bsc#1185299] + new patch: pgpharden.diff +- fix deadlock when multiple rpm processes try tp acquire the + database lock [bsc#1183659] + new patch: deadlock.diff + salt +- Fix salt-ssh opts poisoning (bsc#1197637) +- Added: + * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch + +- Fix multiple security issues (bsc#1197417) +- * Sign authentication replies to prevent MiTM (CVE-2022-22935) +- * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934) +- * Prevent job and fileserver replays (CVE-2022-22936) +- * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941) +- Added: + * fix-multiple-security-issues-bsc-1197417.patch + spice +- Add patch to let spice build with gstreamer 1.20.x + (https://gitlab.freedesktop.org/spice/spice/-/merge_requests/207) + * fix-build-with-gstreamer-1.20.patch + sudo +- Add sudo-1.9.9-honor-T_opt.patch + * the -T option of sudo does nothing even when + 'Defaults user_command_timeouts' is present in the configuration. + * [bsc#1193446] + * Credit to Jaroslav Jindrak + +- Restrict use of sudo -U other -l to people who have permission + to run commands as that user (bsc#1181703, jsc#SLE-22569) + * feature-upstream-restrict-sudo-U-other-l.patch + systemd +- spec: enable 'efi' support regardless of whether sd_boot is enabled or not + We should support EFI systems even if systemd-boot is not enabled. + +- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE + systemd:mini +- spec: enable 'efi' support regardless of whether sd_boot is enabled or not + We should support EFI systems even if systemd-boot is not enabled. + +- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE + systemsettings5 +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- Changes since 5.24.3: + * Don't let back arrow be re-colored to monochrome + * systemsettings runner: Ensure that we match keywords case insensitively (kde#451634) + termcap +- Convert changes file to proper UTF-8 format: new + version of RPM are getting strict in interpreting files. + +- Use FAT LTO objects in order to provide proper static library. + +- curses-bsd4.4-linux.patch: remove use of internal macro name +- Don't unpack Source0 twice + -- added baselibs.conf file to build xxbit packages - for multilib support - -- converted neededforbuild to BuildRequires - -- Remove one of two __END_DECLS (bug #140467) - texlive +- Add also a Conflicts for texlive-texconfig-bin in + texlive-scripts-extra-bin (bsc#1197569) + trilinos:documentation +- Update to version 13.2.0 + For information on changes consult the release notes of + its sub-packages. + * Remove: Make-kokkos-build-reproducible.patch + Add-missing-ENV-DESTDIR.patch + * Add: Fix-control-reaches-end-of-non-void-function-error.patch + Convert-python2-isms-to-python3.patch + Not-a-shell-script.patch +- Add dependency for library package to devel package. +- Fix cmake include path (boo#1194648): + cmake/tribits/core/package_arch/TribitsWriteClientExportFiles.cmake + uses a logic to calculate the relative path elements between + the cmake directory and the installation directory. This works + only if Trilinos_INSTALL_LIB_DIR is relative, while other parts + of the code allow it to be absolute. +- Fix doc building. + trilinos:gnu-openmpi2-hpc +- Update to version 13.2.0 + For information on changes consult the release notes of + its sub-packages. + * Remove: Make-kokkos-build-reproducible.patch + Add-missing-ENV-DESTDIR.patch + * Add: Fix-control-reaches-end-of-non-void-function-error.patch + Convert-python2-isms-to-python3.patch + Not-a-shell-script.patch +- Add dependency for library package to devel package. +- Fix cmake include path (boo#1194648): + cmake/tribits/core/package_arch/TribitsWriteClientExportFiles.cmake + uses a logic to calculate the relative path elements between + the cmake directory and the installation directory. This works + only if Trilinos_INSTALL_LIB_DIR is relative, while other parts + of the code allow it to be absolute. +- Fix doc building. + trilinos:openmpi2 +- Update to version 13.2.0 + For information on changes consult the release notes of + its sub-packages. + * Remove: Make-kokkos-build-reproducible.patch + Add-missing-ENV-DESTDIR.patch + * Add: Fix-control-reaches-end-of-non-void-function-error.patch + Convert-python2-isms-to-python3.patch + Not-a-shell-script.patch +- Add dependency for library package to devel package. +- Fix cmake include path (boo#1194648): + cmake/tribits/core/package_arch/TribitsWriteClientExportFiles.cmake + uses a logic to calculate the relative path elements between + the cmake directory and the installation directory. This works + only if Trilinos_INSTALL_LIB_DIR is relative, while other parts + of the code allow it to be absolute. +- Fix doc building. + trilinos:serial +- Update to version 13.2.0 + For information on changes consult the release notes of + its sub-packages. + * Remove: Make-kokkos-build-reproducible.patch + Add-missing-ENV-DESTDIR.patch + * Add: Fix-control-reaches-end-of-non-void-function-error.patch + Convert-python2-isms-to-python3.patch + Not-a-shell-script.patch +- Add dependency for library package to devel package. +- Fix cmake include path (boo#1194648): + cmake/tribits/core/package_arch/TribitsWriteClientExportFiles.cmake + uses a logic to calculate the relative path elements between + the cmake directory and the installation directory. This works + only if Trilinos_INSTALL_LIB_DIR is relative, while other parts + of the code allow it to be absolute. +- Fix doc building. + vlc +- Update to version 3.0.17.3: + + This is a fixup release which fixes a regression that could + cause a lack of audio for adaptive streaming playback. It is + identical to 3.0.17.2 otherwise. + + This updates contains various fixes and improvements: + - Major adaptive streaming stack overhaul + - Major codec updates + - Many third party libraries update + - Allow brackets in the path section of URLs + - Better notch support for new macbooks + - Add support for DAV video and Webp image formats + - Improve AV1 live streaming support + - Several SRT support improvements + - Numerous crash fixes + - Update youtube script +- Changes from version 3.0.17.2: + + This is a fixup release which fixes youtube playback and + contextual menus on integrated video for the Qt interface. It + is identical to 3.0.17-1 otherwise. +- Changes from version 3.0.17-1: + + This is a fixup release which bumps libflac to 1.3.4 in order + to fix CVE-2020-0499 and CVE-2021-0561 on platforms for which + we provide binary releases. + +- Disable libnfs and soxr integration on suse_version < 1500 (e.g + SLE12). + +- Update to version 3.0.17: + + Core: + * Fix a regression in parsing secondary source MRLs + * Allow brackets in path part of URLs + + Access: + * Fix support for screen capture on macOS with avcapture + * Fix closing of HTTP 1.x connections + * Improve HTTP2 memory usage + * Improve AVCapture module + * Improve AudioCD support (audio/data mixed mode, musicbrainz) + * Improve SMB compatibility by changing the read size + * Several improvements on the SRT modules (including streamID) + + Decoders/Packetizers: + * Add support for DTS LBR + * Fix some HEVC hardware decoding on Windows and crashes when aspect ratio changes + * Fix hardware decoding for some AMD GPU drivers + * Add support for new Fourcc for E-AC3, AV1, GeoVision + * Fix crashes with VP9 streams + * Fix styling issues with subs tx3g (mp4) tracks + * Fix playback of live AV1 streams + + Audio Output: + * iOS/tvOS: add support for spatial audio + * macOS: fix some channels ordering for > 5.1 channels + * Android: rework audio volume management + + Video Output: + * Fix a D3D11 crash when the stream changes aspect ratio + + Demux: + * Major overhaul of the adaptive streaming stack + * Support for DAV video files + * Add WebP image mapping + * Fix missing audio start of Opus audio in MKV/WebM + * Fix an infinite loop in MP4 + * Fix attachments extractions in ogg files + * Support Uncompressed audio in mp4 (ISO/IEC 23003-5) + * Fix some lip sync issue in rare MPEG-TS streams + + Interface: + * Qt/macOS: Fixup user provided URLs + * Add safe area handling on macOS + * Qt: improve preferences search + * Qt: fix --no-mouse-events option + + Misc: + * Update YouTube script + * Fix Icecast directory parsing which could lead to missing entries + * Improve UPnP compatibility with some servers +- Drop vlc-srto_tsbpddelay.patch: fixed upstream. + +- BuildRequires pkgconfig(smbclient) instead of smbclient-devel: + smbclient-devel was merged into samba-devel, and we do not want + to care for actual package names. + +- Guard --enable-libplacebo configure parameter with is_opensuse: + the buildrequires is also guarded the same way. + vokoscreenNG +- Update to 3.2.0 + * Adjust log file name, add timestamps + * Only show filename without path in the player window title + * Improve audio recording when recording from multiple devices on + PulseAudio + * Show message in audio tab if no PulseAudio server is found + * Translation Updates + wireplumber +- Add patch from upstream to fix no sound on reconnection of + bluetooth device (glfo#pipewire/wireplumber#234): + * 0001-scripts-policy-device-profile-clear-tables-when-devices-removed.patch + +- Add patch from upstream to set locale in apps now that pw_init + doesn't call it by itself anymore in pipewire 0.3.49: + * 0001-src-setlocale-in-main-for-tools-and-the-daemon.patch + +- Make the wireplumber-audio noarch as it just contains a lua + config file. + +- Update to version 0.4.9: + * Fixes: + - restore-stream no longer crashes if properties for it are not + present in the config (#190) + - spa-json no longer crashes on non-x86 architectures + - Fixed a potential crash in the bluetooth auto-switch module + (#193) + - Fixed a race condition that would cause Zoom desktop audio + sharing to fail (#197) + - Surround sound in some games is now exposed properly + (pipewire#876) + - Fixed a race condition that would cause the default source & + sink to not be set at startup + - policy-node now supports the 'target.object' key on streams + and metadata + - Multiple fixes in policy-node that make the logic in some + cases behave more like PulseAudio (regarding nodes with the + dont-reconnect property and regarding following the default + source/sink) + - Fixed a bug with parsing unquoted strings in spa-json + * Misc: + - The policy now supports configuring "persistent" device + profiles. If a device is manually set to one of these + profiles, then it will not be auto-switched to another + profile automatically under any circumstances (#138, #204) + - The device-activation module was re-written in lua + - Brave, Edge, Vivaldi and Telegram were added in the bluetooth + auto-switch applications list + - ALSA nodes now use the PCM name to populate node.nick, which + is useful at least on HDA cards using UCM, where all outputs + (analog, hdmi, etc) are exposesd as nodes on a single profile + - An icon name is now set on the properties of bluetooth devices +- Drop patches already upstream: + * 0001-spa-json-fix-va_list-APIs-for-different-architectures.patch + * 0001-restore-stream-do-not-crash-if-config_properties-is-nil.patch + * 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch + * 0003-si-audio-adapter-relax-format-parsing.patch +- Update split-config-file.py script + +- Add patch from upstream to fix a crash on tty switch + (glfo#pipewire/wireplumber#193): + * 0002-policy-bluetooth-fix-string.find-crash-with-nil-string.patch +- Add patch from upstream to fix issues with PulseAudio support with + PipeWire 0.3.48+ (glfo#pipewire/pipewire#2189): + * 0003-si-audio-adapter-relax-format-parsing.patch +- Some spec clean-up. + xdg-desktop-portal-kde +- Update to 5.24.4 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/plasma/5/5.24.4 +- No code changes since 5.24.3 +