Removed rpms ============ - aaa_base-malloccheck - libavcodec58 - libavdevice58 - libavfilter7 - libavformat58 - libavresample4 - libavutil56 - libpostproc55 - libswresample3 - libswscale5 Added rpms ========== - libavcodec58_134 - libavdevice58_13 - libavfilter7_110 - libavformat58_76 - libavresample4_0 - libavutil56_70 - libdav1d5 - libpostproc55_9 - libswresample3_9 - libswscale5_9 - libvmaf1 - man-pages-cs - man-pages-da - man-pages-de - man-pages-es - man-pages-fr - man-pages-it - man-pages-nl - man-pages-pl - man-pages-pt_BR Package Source Changes ====================== ffmpeg-4 -- fix ffmpeg-4.2-dlopen-fdk_aac.patch, there is no libfdk-aac.so.1 +- Enable libdavd1 on Leap 15.2+ [boo#1184830] + +- Update to release 4.4 + * New demuxers, AV1 support improvements, and other enhancements. + * AV1 monochrome encoding support. +- Remove ffmpeg_altivec_yuv2rgb_novsx.patch (merged) + +- update to 4.3.2: + * lots of oss-fuzz reported overflow fixes, see included ChangeLog +- drop + ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch + 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch + 0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream + +- Add 0001-avformat-vividas-improve-extradata-packing-checks-in.patch + [boo#1180519] [CVE-2020-35964] + +- remove dependency on OpenJPEG, this is obsolete since ffmpeg 4.0, + we already build against OpenJPEG 2.1. + see changes: + - Dropped support for OpenJPEG versions 2.0 and below. Using OpenJPEG now + requires 2.1 (or later) and pkg-config. + +- Add ffmpeg_altivec_yuv2rgb_novsx.patch for ppc64 (BE) as per + https://trac.ffmpeg.org/ticket/8750 + https://bugzilla.opensuse.org/show_bug.cgi?id=1179332 + +- Enable VMAF. This can be used to compute VMAF/PSNR/SSIM. +- Add vmaf-trim-usr-local.patch . + +- Adjust soversion.patch to include a symlink [boo#1177667] +- Add 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch + +- Apply upstream fix to avoid segfaults in x86/yuv2rgb conversion + ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch + +- Add librav1e support + +- Update to version 4.3.1: + * Stable bug fix release, mainly codecs and format fixes. + +- Add soversion.patch to workaround ELF ABI breakage. + +- Update to release 4.3 + * A plethora of new video filters + * Intel QSV-accelerated VP9 decoding + * VDPAU VP9 hwaccel + * QSV-accelerated VP9 encoding + * AV1 frame merge bitstream filter + * AV1 Annex B demuxer + * Expanded styling support for 3GPP Timed Text Subtitles + * Support for muxing PCM and PGS in M2TS +- Drop ffmpeg-prefer-dav1d-for-playback.patch + (solved differently) +- Drop ffmpeg4_swscale_replace_illegal_vector_keyword.patch, + ffmpeg4_swscale_fix_altivec_vsx_recent_gcc.patch, + 929e5159bc13da374b83f5627879c607acce180b.patch + (merged) + +- Update to version 4.2.3: + * Stable bug fix release, mainly codecs and format fixes. +- Drop 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch: Fixed + upstream. + +- libfdk-aac is now .so.2, not .so.1. + +- Throw out v4l2 m2m. This is likely the same case as boo#1041794. + +- Enable v4l2 m2m encoders and decoders + +- Add 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch + [boo#1170767] + +- Add Samba support for Factory (as this needs a fix in Samba itself) + Add --enable-libsmbclient to configure, add BR on pkgconfig(smbclient) +- License is now GPLv3+ by default (--enable-version3) + +- Always build the binary ffmpeg-4 even on Leap releases boo#1167628: + * The conflicts in place should allow users to decide if they + want to use ffmpeg from ffmpeg package or ffmpeg-4 from this + package + +- Add -ffat-lto-objects to _lto_cflags to fix configure checks + +- Enable libmfx support for SLE 15 SP2 and Leap 15.2 via + conditional, libmfx is available there too now. + +- Update to version 4.2.2: + * Stable bug fix release, mainly codecs and format fixes. + +- Add 929e5159bc13da374b83f5627879c607acce180b.patch to fix + bad ID3v2 tag length. + +- Drop unused liboil BuildRequires. findutils -- The following is patch was provided by Jie GONG -- fts-dont-unconditionally-use-leaf-optimization-for-nfs.patch - (bsc#1174232) - fts: don't unconditionally use leaf optimization for NFS - NFS st_nlink are not accurate on all implementations, - leading to aborts() if that assumption is made. - See - * lib/fts.c (leaf_optimization_applies): Remove NFS from - the white list, and document the issue. +- Use new Group Release Keyring + +- update upstream signing key +- remove deprecated texinfo packaging macros +- run spec-cleaner + +- Update to 4.8.0. + Announcement: https://savannah.gnu.org/forum/forum.php?forum_id=9914 +- findutils.spec: + - Source0: Fix download URL: remove "pub/". + - %check: Output the content of all test-suite files in case of errors. +- Remove now-upstream patches: + - disable-null-ptr-test.patch + - findutils-gnulib-disable-test-float.patch + - findutils-gnulib-test-avoid-FP-perror-strerror.patch + +- prepare usrmerge (boo#1029961) + +- findutils-gnulib-test-avoid-FP-perror-strerror.patch: Add patch to + avoid false-positive error in gnulib tests 'test-perror2' and + 'test-strerror_r', visible on armv7l. +- findutils.spec: Reference the patch. +- disable-null-ptr-test.patch: Refresh with -p0. + +- findutils.keyring: Update GPG keys of Bob Proulx. + Prompted by an error of 'osc service localrun download_files'. + +- findutils.spec: Avoid conditional Patch definition as this breaks + cross-platform building from source RPMs. + +- findutils-gnulib-disable-test-float.patch: Add patch to temporarily + disable the gnulib test 'test-float' failing on ppc and ppc64le. +- findutils.spec: Reference the patch. + +- Add disable-null-ptr-test.patch in order to fix boo#1157342. + +- Upgrade to 4.7.0. +- findutils.spec: + - Change source compression from gzip to xz. + - Align comments about how to bump the version. + - Activate the signature checking via *.sig and keyring files. + - Remove downstream hack in %check section to make a test executable. +- Delete obsolete patches: + - disable-broken-tests.patch + - gnulib-libio.patch + - sv-bug-48030-find-exec-plus-does-not-pass-all-arguments.patch + - sysmacros.patch +- findutils-4.4.2-xautofs.patch: Refresh, and rename ... +- findutils-xautofs.patch: ... to this. + +- Add disable-broken-tests.patch in order to remove broken + tests (boo#1138800). + +- gnulib-libio.patch: Update gnulib for libio.h removal +- sysmacros.patch: Include for makedev -- Upgrade to 4.5.14 -- Refresh patches: - findutils-4.4.2-xautofs.patch - findutils-gnulib-ppc64le.patch (using -p0 for consistency) -- findutils.spec (Version): s/4.5.12/4.5/14 - (%patch1): Remove -p1. - (%configure): Remove --without-included-regex option, - as it is the default anyway. - -- findutils-gnulib-ppc64le.patch: Fix imported gnulib long double - math tests for little-endian PowerPC. - -- Do not build findutils-locate anymore as mlocate obsoletes it - since openSUSE 13.1. -- Remove findutils-4.4.2-updatedb.patch as it's not needed anymore. -- Remove cron.daily.updatedb and sysconfig.locate as they aren't - needed anymore. - grub2 +- Fix obsolete syslog in systemd unit file and updating to use journal as + StandardOutput (bsc#1185149) + * grub2-once.service + +- Fix build error on armv6/armv7 (bsc#1184712) + * 0001-emu-fix-executable-stack-marking.patch + kernel-64kb +- supported.conf: add tcpi and tcpm module to base system (bsc#1185010) +- commit 3fac436 + +- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 + ltc#191231). +- commit 7e33c4c + +- ibmvfc: disable MQ channelization by default (bsc#1184570 + ltc#192356). +- commit 500b7bf + +- btrfs: fix exhaustion of the system chunk array due to + concurrent allocations (bsc#1183386). +- commit 6cb1172 + kernel-default +- supported.conf: add tcpi and tcpm module to base system (bsc#1185010) +- commit 3fac436 + +- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 + ltc#191231). +- commit 7e33c4c + +- ibmvfc: disable MQ channelization by default (bsc#1184570 + ltc#192356). +- commit 500b7bf + +- btrfs: fix exhaustion of the system chunk array due to + concurrent allocations (bsc#1183386). +- commit 6cb1172 + libpano +- security update +- added patches + fix CVE-2021-20307 [bsc#1184726], Format string vulnerability in panoFileOutputNamesCreate() + + libpano-CVE-2021-20307.patch + -- Updated to version 2.8.6: - * Bug fixes. -- Split package according to shared library packaging policy. - libreoffice +- Install qt5 plugin when the desktop environment needs it (boo#1184596) + +- Adjust the package to work on SLE-12-SP5 + * bundle boost and icu + * add patches 0001-Revert-java-9-changes.patch and + 0002-fix-the-endif-placement-for-GTK_CHECK_VERSION.patch + +- Fix bsc#1182970 - LO-L3: PPTX: image styles that clip images into curvy shapes missing (and images shown rectangular) + * bsc1182970.patch + +- Version update to 7.1.2.2: + * 7.1.2 final release +- Drop merged patches: + * bsc1174465.diff + * bsc1181644.diff + * bsc1176547_1.diff + * bsc1176547_2.diff + libtpms +- Update to version 0.8.2 + * NOTE: Downgrade to 0.7.x or below is not possible. + Due to fixes in the TPM 2 prime number generation code in + rev155 it is not possible to downgrade from libtpms version + 0.8.0 to some previous version. The seeds are now associated + with an age so that older seeds use the old TPM 2 prime number + generation code while newer seed use the newer code. + * tpm2: rev155: Add new RsaAdjustPrimeCandidate code but do + not use (bsc#1184939 CVE-2021-3505) + * tpm2: Activate SEED_COMPAT_LEVEL_RSA_PRIME_ADJUST_FIX + (bsc#1184939 CVE-2021-3505) + * Update to TPM 2 code release 159 + - X509 support is enabled + + SM2 signing of ceritificates is NOT supported + - Authenticated timers are disabled + * Update to TPM 2 code relase 162 + - ECC encryption / decryption is disabled + * Fix support for elliptic curve due to missing unmarshalling + code + * Runtime filter supported elliptic curves supported by OpenSSL + * Fix output buffer parameter and size for RSA decryption that + could cause stack corruption under certain circumstances + * Set the RSA PSS salt length to the digest length rather than + max + * Fixes to symmetric decryption related to input size check, + defer padding to the user [EVP_CIPHER_CTX_set_padding(ctx, 0)] + and to always use a temporary malloc'ed buffer for decryption + * Fixed the set of PCRs belonging to the TCB group. This affects + the pcrUpdateCounter in TPM2_Pcrread() responses, thus needs + latest swtpm for test cases to succeed there. + makedumpfile +- Fix guessing of VA_BITS and if present use TCR_EL1_T1SZ to determine + vabits_actual (since kernel v5.9). (bsc#1183977) + * makedumpfile-Retrieve-MAX_PHYSMEM_BITS-from-vmcoreinfo.patch + * makedumpfile-arm64-Add-support-for-ARMv8.2-LPA-52-bit-PA-su.patch + * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch + * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch + * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch + patterns-base +- Remove selinux pattern + * can not to have selinux-policy since policycoreutils from SLE + doesn't produce policycoreutils-python-utils + re2 +- Update to 2021-04-01: + * Make cached benchmarks actually use cached objects + * Address some -Wmissing-field-initializers warnings + * Make it easier to swap in a scalable reaer-writer mutex + * In the shared library, set compatibility version and + current version + shim +- Enable the AArch64 signature check for SLE + +- Update the SLE signatures + +- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid + the error message during linux system boot (bsc#1184454) + +- Add remove_build_id.patch to prevent the build id being added to + the binary. That can cause issues with the signature + +- Update to 15.4 (bsc#1182057) + + Rename the SBAT variable and fix the self-check of SBAT + + sbat: add more dprint() + + arm/aa64: Swizzle some sections to make old sbsign happier + + arm/aa64 targets: put .rel* and .dyn* in .rodata +- Drop upstreamed patch: + + shim-bsc1182057-sbat-variable-enhancement.patch + +- Add shim-bsc1182057-sbat-variable-enhancement.patch to change + the SBAT variable name and enhance the handling of SBAT + (bsc#1182057) + +- Update to 15.3 for SBAT support (bsc#1182057) + + Drop gnu-efi from BuildRequires since upstream pull it into the + tar ball. +- Generate vender-specific SBAT metadata + + Add dos2unix to BuildRequires since Makefile requires it for + vendor SBAT +- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following + sign keys: + + SLES-UEFI-SIGN-Certificate-2020-07.crt + + openSUSE-UEFI-SIGN-Certificate-2020-07.crt +- Refresh patches + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-bsc1177315-verify-eku-codesign.patch + - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch +- Drop upstreamed fixes + + shim-correct-license-in-headers.patch + + shim-always-mirror-mok-variables.patch + + shim-bsc1175509-more-tpm-fixes.patch + + shim-bsc1173411-only-check-efi-var-on-sb.patch + + shim-fix-verify-eku.patch + + gcc9-fix-warnings.patch + + shim-fix-gnu-efi-3.0.11.patch + + shim-bsc1177404-fix-a-use-of-strlen.patch + + shim-do-not-write-string-literals.patch + + shim-VLogError-Avoid-Null-pointer-dereferences.patch + + shim-bsc1092000-fallback-menu.patch + + shim-bsc1175509-tpm2-fixes.patch + + shim-bsc1174512-correct-license-in-headers.patch + + shim-bsc1182776-fix-crash-at-exit.patch +- Drop shim-opensuse-cert-prompt.patch + + All newly released openSUSE kernels enable kernel lockdown + and signature verification, so there is no need to add the + prompt anymore. + suse-module-tools +- Update to version 15.3.6: + * dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244). + systemd +- Import commit 60e71ffa7e339cfce8cf70d127f1be9134a573ac + fa79627ef7 udev: ignore additional newline in sysfs attribute on verify (bsc#1182870) + e0028b4c63 fileio: introduce a new flag to make write_string_file() ignore trailing newline + 1928da1337 Add WRITE_STRING_FILE_TRUNCATE to set O_TRUNC + +- Fix again 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1184859) + This time is about the removal of /dev/disk/by-xxx/* symlink that + can be attempted by several workers at the same time. Let's restore + the old behavior in this regard and ignore any error that might + happen during the removal. + u-boot:rpiarm64 +Fix error when reading file from btrfs (bsc#1184947). + Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp3 + * Patches added: + 0035-fs-btrfs-fix-the-false-alert-of-dec.patch + yast2-installation +- Show 'Default' in the proposal summary as the PolicyKit Default + Privileges to be used when it is not specified or specified as + empty in the control file (bsc#1184277) +- 4.3.37 + yast2-trans +- Update to version 84.87.20210418.dfe53bf215: + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Dutch) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * Translated using Weblate (Turkish) + * Translated using Weblate (Turkish) + zypper-migration-plugin +- version 0.12.1618498507.b68ecea +- Disable all repos on Leap - SLES migration (bsc#1184237) +