Removed rpms ============ - libndctl6 - libpmem1 - libpmemobj1 - p11-kit-nss-trust - pmdk Added rpms ========== - libopenblas_pthreads0 - mozilla-nss-certs Package Source Changes ====================== MozillaThunderbird +- Mozilla Thunderbird 91.8 + * changed: Google accounts using password authentication will + be migrated to OAuth2. See KB Article. + * fixed: OpenPGP ECC keys created by Thunderbird could not be + imported into GnuPG + * fixed: Exporting multiple public PGP keys from Thunderbird + was not possible + * fixed: Replying to a newsgroup message erroneously displayed + a "No-reply" popup warning + * fixed: Opening `mid:` URLs on macOS failed + * fixed: Address books stored in older formats were loaded as + SQLite files, causing a crash + * fixed: Replicated LDAP directories were lost after switching + Thunderbird to "Offline"`mode + * fixed: Importing webcals from the commandline failed if the + URI ended with an `.ics` file extension + * fixed: Various security fixes + MFSA 2022-15 (bsc#1197903) + * CVE-2022-1097 (bmo#1745667) + Use-after-free in NSSToken objects + * CVE-2022-28281 (bmo#1755621) + Out of bounds write due to unexpected WebAuthN Extensions + * CVE-2022-1197 (bmo#1754985) + OpenPGP revocation information was ignored + * CVE-2022-1196 (bmo#1750679) + Use-after-free after VR Process destruction + * CVE-2022-28282 (bmo#1751609) + Use-after-free in DocumentL10n::TranslateDocument + * CVE-2022-28285 (bmo#1756957) + Incorrect AliasSet used in JIT Codegen + * CVE-2022-28286 (bmo#1735265) + iframe contents could be rendered outside the border + * CVE-2022-24713 (bmo#1758509) + Denial of Service via complex regular expressions + * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508, + bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776) + Memory safety bugs fixed in Thunderbird 91.8 + +- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer, + faster buildhosts, as the others struggle to build TB. + SDL +- Add CVE-2021-33657.patch: always create a full 256-entry color + map in case color values are out of range (boo#1198001 + CVE-2021-33657). + - issue (CVE-2019-7637, boo#1124825). + issue (CVE-2019-7637, CVE-2020-14409, CVE-2020-14410, boo#1124825, + boo#1181201, boo#1181202). SDL2 +- Add CVE-2021-33657.patch: always create a full 256-entry color + map in case color values are out of range (boo#1198001 + CVE-2021-33657). + branding-openSUSE +- Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader + ceph -- Adjusting _constraints for SLE 15 SP4 to fix build issues with - aarch64 and ppc64le (bsc#1196733) +- Update to v16.2.7-654-gd5a90ff46f0 + + (bsc#1196733) remove build directory during %clean + +- Update to v16.2.7-652-gf5dc462fdb5 + + (bsc#1194875) [SES7P] include/buffer: include + +- Update to 16.2.7-650-gd083eaa3886 + + (pr#469) cephadm: update image paths to registry.suse.com + + (pr#468) cephadm: use snmp-notifier image from registry.suse.de + + (pr#467) cephadm: infer the default container image during pull + + (pr#465) mgr/cephadm: try to get FQDN for inventory address + + Sync _constaints file for IBS and OBS + +- Update to 16.2.7-640-gceb23c7491b + + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + +- Update to 16.2.7-596-g7d574789716 + + Update Prometheus Container image paths (pr #459) + + mgr/dashboard: Fix documentation URL (pr #456) + + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + +- Update to 16.2.7-577-g3e3603b5dd1 + + Update prometheus-server version + +- Update to 16.2.7-37-gb3be69440db: + + (bsc#1194353) Downstream branding breaks dashboard npm build dnsmasq +- bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch: + Heap use after free in dhcp6_no_relay + gstreamer-plugins-libav +- Change the license to LGPL-2.1-or-later as specified in + the COPYING file + +- Update to version 1.20.1: + + No changes + +- Update to version 1.20.0: + + Development in GitLab was switched to a single git repository + containing all the modules + + GstPlay: new high-level playback library, replaces GstPlayer + + WebM Alpha decoding support + + Encoding profiles can now be tweaked with additional + application-specified element properties + + Compositor: multi-threaded video conversion and mixing + + RTP header extensions: unified support in RTP depayloader and + payloader base classes + + SMPTE 2022-1 2-D Forward Error Correction support + + Smart encoding (pass through) support for VP8, VP9, H.265 in + encodebin and transcodebin + + Runtime compatibility support for libsoup2 and libsoup3 + (libsoup3 support experimental) + + Video decoder subframe support + + Video decoder automatic packet-loss, data corruption, and + keyframe request handling for RTP / WebRTC / RTSP + + mp4 and Matroska muxers now support profile/level/resolution + changes for H.264/H.265 input streams (i.e. codec data changing + on the fly) + + mp4 muxing mode that initially creates a fragmented mp4 which + is converted to a regular mp4 on EOS + + Audio support for the WebKit Port for Embedded (WPE) web page + source element + + CUDA based video color space convert and rescale elements and + upload/download elements + + NVIDIA memory:NVMM support for OpenGL glupload and gldownload + elements + + Many WebRTC improvements + + The new VA-API plugin implementation fleshed out with more + decoders and new postproc elements + + AppSink API to retrieve events in addition to buffers and + buffer lists + + AppSrc gained more configuration options for the internal queue + (leakiness, limits in buffers and time, getters to read current + levels) + + Updated Rust bindings and many new Rust plugins + + Improved support for custom minimal GStreamer builds + + Support build against FFmpeg 5.0 + + Linux Stateless CODEC support gained MPEG-2 and VP9 + + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support + + Lots of new plugins, features, performance improvements and bug + fixes +- Drop add-gpl-option.patch: It no longer applies, but what is more + important is that it does not make sense. Adding the gpl option + only mattered when building the included ffmpeg sources gst-libav + had when it still supported autotools. We can not change how the + external ffmpeg we depend on is built, we take what we are given + in this case. Our ffmpeg is built with GPL-3.0-or-later as + license, hence change the license for this package to + GPL-3.0-or-later in order to reflect that fact. +- Drop Supplements and Requires. No longer autoinstall this package + as when gst-libav is not available, the hardwaresupported codecs + in gst-bad finaly get to shine and strutt their wings. + Upstream sets basicly all decoders from gst-libav to a higher + preferance score, as they assume if you have gst-libav installed, + you want to use it for almost everything. + gutenprint -- Version upgrade to 5.2.10: - * Added a unified CUPS backend 'gutenprint52+usb' that requires - libusb 1.0 (or newer) to support selected dye sublimation - printers. Support for all Canon SELPHY CP- and ES- printers - has been improved considerably through that CUPS backend. - * Added duplex support for the EPSON WorkForce 630, 635, - and 645, and NX635. - * Many new printers supported in this release. - * Very many new printers supported experimentally. - For details see the NEWS file. -- For openSUSE 11.4 or newer BuildRequires libusb-1_0-devel - to build the 'gutenprint52+usb' backend. When libusb-1.0 is - not installed, the configure magic does not build that backend. - The installed /usr/share/cups/usb/net.sf.gimp-print.usb-quirks - needs a current CUPS version (that supports usb quirks). - Older CUPS versions would ignore gutenprint's usb quirks - which means that the generic CUPS backend 'usb' reports - in particular the dye sublimation printers that do not work - with it but require the special 'gutenprint52+usb' backend. - -- Do no longer send SIGHUP to cupsd in RPM post install script - (which would let the cupsd recognize new and updated PPD files - see the entry dated "Fri Sep 24 10:45:28 CEST 2010" below) - because SIGHUP to cupsd makes active print jobs fail - (see bnc#637455 starting at comment#3). -- Added explicit "Requires: ghostscript" if suse_version > 1210 - because since openSUSE 12.2 cups only "Recommends: ghostscript" - (to avoid a build dependency cycle) so that gutenprint needs - an explicit "Requires: ghostscript" for the "cups" device in - Ghostscript that is required by "rastertogutenprint" (compare - the entry dated "Thu Apr 28 17:20:03 CEST 2011" below). - -- Version upgrade to 5.2.9: - Revert an inappropriate change to the internal library version - number that was introduced in the 5.2.8 release. -- Version upgrade to 5.2.8: - The Canon driver has been significantly overhauled. Its output - and functionality may be significantly different from previous - releases. Further work in future releases is expected. - Several Canon PIXMA and SELPHY printers were removed, as they - are not supported. - Several Canon printers do not offer a grayscale printing mode. - CD printing support for some Canon PIXMA printers was added. - Added borderless functionality to most Canon printers - (except S series and BJC series). - Many new Canon printers are now EXPERIMENTAL supported. - A few new Epson printers are now supported. - For details see the NEWS file. -- escputil-send_nulls-void.patch is obsolete because its fixed - in the sources. -- compile-fix.patch is obsolete because its fixed in the sources. - -- compile-fix.patch adds missing includes. - -- Add python-cups BuildRequires to have postscriptdriver() Provides - for the drivers in gutenprint. - -- Upgraded to version 5.2.7: - This release features support for many additional Canon inkjets, - some Epson inkjets, and some dye sublimation printers, - greatly upgraded support for many Epson Stylus Pro printers, - and numerous bug fixes. - For details see the NEWS file. -- escputil-send_nulls-void.patch makes send_nulls a void function - because nowhere is a return value of send_nulls used - to fix a "no-return-in-nonvoid-function escputil.c:683" error. - -- Removed the needless RPM requirement for pstoraster. -- Removed the duplicate RPM requirement for ghostscript-library - because there is a RPM requirement for cups - and cups requires ghostscript. - -- Added missing directories for /usr/lib/gimp/2.0/plug-ins/* - to the "gimpplugin" files section in the RPM spec file. -- Marked /usr/share/gutenprint/doc/* as "doc" in the RPM - spec file (see Novell/openSUSE Bugzilla bnc#661350). - -- Removed gutenprint-5.2.6-make_A4_DefaultPageSize.patch - because it is useless because the DefaultPageSize in the PPD - templates in /usr/share/cups/model/ does not matter because - the cupsd sets the DefaultPageSize for PPDs in /etc/cups/ppd/ - by default according to the locale that the cupsd runs in or - according to a DefaultPaperSize entry in /etc/cups/cupsd.conf. -- Run cups-genppdupdate in the RPM post install script to update - Gutenprint PPD files in /etc/cups/ppd/ if such PPDs exist - (see Novell/openSUSE Bugzilla bnc#637455). - -- Disable the PPD generator /usr/lib/cups/driver/gutenprint.5.2 - to avoid duplicated PPDs because we provide ready-made PPDs - in /usr/share/cups/model/gutenprint/... in the RPM package - (see Novell/openSUSE Bugzilla bnc#514994 comment#9 - the section "Regarding CUPS PPD files"). - -- gutenprint-5.2.6-make_A4_DefaultPageSize.patch - moves the paper definition for "A4" to the top of the list - to make A4 the DefaultPageSize in the Gutenprint PPDs. -- Upgraded to version 5.2.6: - This release offers additional support for Epson Stylus Pro - printers, along with some changes for other Epson printers - and support for additional Canon inkjets and PCL laser - printers over 5.2.5. For details see the NEWS file. -- Upgraded to version 5.2.5: - This release offers several fixes, new features, and support - for new printers over 5.2.4. For details see the NEWS file. - -- Split gutenprint from the cups-drivers package to have it as a - stand-alone package (see Novell/openSUSE Bugzilla bnc#514994). - The IJS driver /usr/bin/ijsgutenprint is no longer provided - because it is not recommend if CUPS is used. Only the native - CUPS driver is provided as recommend, see the README file. - hwdata +- Update to version 0.357 (bsc#1196332): + + Updated pci, usb and vendor ids. + +- Update to version 0.356: + + Updated pci, usb and vendor ids. + hwinfo +- merge gh#openSUSE/hwinfo#112 +- fix bug in determining serial console device name (bsc#1198043) +- 21.81 + +- merge gh#openSUSE/hwinfo#109 +- fix logic around cdrom detection +- 21.80 + +- merge gh#openSUSE/hwinfo#108 +- Donot close the open tray after read_cdrom_info. +- Donot close the open tray after read. +- 21.79 + +- merge gh#openSUSE/hwinfo#106 +- Always read numerical 32bit serial number from EDID header. + Override this with ASCII serial number from display descriptor, + if available. +- Display numerical 32bit serial number for monitors without serial + number display descriptor +- 21.78 + +- merge gh#openSUSE/hwinfo#105 +- Use license file from gnu.org +- Fix spelling +- Add missing final newline +- Trim excess whitespace +- Simple maintenance improvements +- 21.77 + +- merge gh#openSUSE/hwinfo#104 +- Fix timezone issue in SOURCE_DATE_EPOCH code +- 21.76 + +- merge gh#openSUSE/hwinfo#100 +- recognize loongarch64 architecture +- 21.75 + +- merge gh#openSUSE/hwinfo#98 +- update pci and usb ids +- 21.74 + +- merge gh#openSUSE/hwinfo#95 +- don't rely on select() updating its timeout arg (bsc#1184339) +- 21.73 + kernel-64kb +- intel_idle: add core C6 optimization for SPR (bsc#1198602). +- commit d6fb753 + +- intel_idle: add 'preferred_cstates' module argument + (bsc#1198602). +- commit 0bc7d2b + +- intel_idle: add SPR support (bsc#1198602). +- commit 2bc31de + +- Move upstreamed patches into sorted section +- commit e93d073 + +- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). +- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). +- scsi: qedi: Fix failed disconnect handling (bsc#1197685). +- scsi: iscsi: Fix NOP handling during conn recovery + (bsc#1197685). +- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). +- scsi: iscsi: Fix conn cleanup and stop race during iscsid + restart (bsc#1197685). +- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). +- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). +- scsi: iscsi: Fix offload conn cleanup when iscsid restarts + (bsc#1197685). +- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). +- commit d5cdaca + +- Sorted using series_sort.py + Since sequence_patch required it. +- commit 6bf7976 + +- PCI: hv: Remove unused hv_set_msi_entry_from_desc() + (bsc#1198228). +- commit b61cd71 + +- x86/platform/uv: Log gap hole end size (bsc#1198417). +- commit 8618bf4 + +- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). +- commit 3d0fd26 + +- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). +- commit 76ba15c + +- powerpc/numa: Handle partially initialized numa nodes + (bsc#1197658). +- commit 061e1c6 + +- SUNRPC: Ensure we flush any closed sockets before + xs_xprt_free() (bsc#1198330 CVE-2022-28893). +- commit d2a1b78 + +- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() + (bsc#1198228). +- Drivers: hv: balloon: Disable balloon and hot-add accordingly + (bsc#1198228). +- Drivers: hv: balloon: Support status report for larger page + sizes (bsc#1198228). +- Drivers: hv: vmbus: Prevent load re-ordering when reading ring + buffer (bsc#1198228). +- PCI: hv: Propagate coherence from VMbus device to PCI device + (bsc#1198228). +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus + device (bsc#1198228). +- Drivers: hv: vmbus: Fix initialization of device object in + vmbus_device_register() (git-fixes). +- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by + default in isolated guests (bsc#1183682). +- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() + on ARM64 (bsc#1198228). +- x86/hyperv: Output host build info as normal Windows version + number (git-fixes). +- commit 0c3a755 + +- additional reference for arm64 erratum 1418040 (bsc#1198228). +- commit 7a1dfd5 + +- supported.conf: move kmem and dax_hmem to support list + Moved kmem and dax_hmem to support list. (bsc#1195953) +- commit fdf232f + +- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from lzo" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zlib" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zstd" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from generic + helpers" (bsc#1193852). +- commit c24af5b + kernel-default +- intel_idle: add core C6 optimization for SPR (bsc#1198602). +- commit d6fb753 + +- intel_idle: add 'preferred_cstates' module argument + (bsc#1198602). +- commit 0bc7d2b + +- intel_idle: add SPR support (bsc#1198602). +- commit 2bc31de + +- Move upstreamed patches into sorted section +- commit e93d073 + +- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685). +- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685). +- scsi: qedi: Fix failed disconnect handling (bsc#1197685). +- scsi: iscsi: Fix NOP handling during conn recovery + (bsc#1197685). +- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685). +- scsi: iscsi: Fix conn cleanup and stop race during iscsid + restart (bsc#1197685). +- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685). +- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685). +- scsi: iscsi: Fix offload conn cleanup when iscsid restarts + (bsc#1197685). +- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685). +- commit d5cdaca + +- Sorted using series_sort.py + Since sequence_patch required it. +- commit 6bf7976 + +- PCI: hv: Remove unused hv_set_msi_entry_from_desc() + (bsc#1198228). +- commit b61cd71 + +- x86/platform/uv: Log gap hole end size (bsc#1198417). +- commit 8618bf4 + +- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417). +- commit 3d0fd26 + +- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417). +- commit 76ba15c + +- powerpc/numa: Handle partially initialized numa nodes + (bsc#1197658). +- commit 061e1c6 + +- SUNRPC: Ensure we flush any closed sockets before + xs_xprt_free() (bsc#1198330 CVE-2022-28893). +- commit d2a1b78 + +- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() + (bsc#1198228). +- Drivers: hv: balloon: Disable balloon and hot-add accordingly + (bsc#1198228). +- Drivers: hv: balloon: Support status report for larger page + sizes (bsc#1198228). +- Drivers: hv: vmbus: Prevent load re-ordering when reading ring + buffer (bsc#1198228). +- PCI: hv: Propagate coherence from VMbus device to PCI device + (bsc#1198228). +- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus + device (bsc#1198228). +- Drivers: hv: vmbus: Fix initialization of device object in + vmbus_device_register() (git-fixes). +- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by + default in isolated guests (bsc#1183682). +- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask() + on ARM64 (bsc#1198228). +- x86/hyperv: Output host build info as normal Windows version + number (git-fixes). +- commit 0c3a755 + +- additional reference for arm64 erratum 1418040 (bsc#1198228). +- commit 7a1dfd5 + +- supported.conf: move kmem and dax_hmem to support list + Moved kmem and dax_hmem to support list. (bsc#1195953) +- commit fdf232f + +- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from lzo" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zlib" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from zstd" + (bsc#1193852). +- Revert "btrfs: compression: drop kmap/kunmap from generic + helpers" (bsc#1193852). +- commit c24af5b + kernel-preempt +- drm: drm_file struct kABI compatibility workaround + (bsc#1197914). +- commit 7d8a3b5 + +- drm: use the lookup lock in drm_is_current_master (bsc#1197914). +- drm: protect drm_master pointers in drm_lease.c (bsc#1197914). +- drm: serialize drm_file.master with a new spinlock + (bsc#1197914). +- drm: add a locked version of drm_is_current_master + (bsc#1197914). +- commit 05fda16 + +- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460) +- commit 8d52c36 + +- Reinstate some of "swiotlb: rework "fix info leak with + DMA_FROM_DEVICE"" (CVE-2022-0854 bsc#1196823). +- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854 + bsc#1196823). +- commit ff554b5 + +- blacklist.conf: list unneeded commit +- commit 27adcc4 + +- NFSv4/pNFS: Fix another issue with a list iterator pointing + to the head (git-fixes). +- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error + (git-fixes). +- NFS: Return valid errors from nfs2/3_decode_dirent() + (git-fixes). +- NFS: Use of mapping_set_error() results in spurious errors + (git-fixes). +- commit 0460a48 + +- netfilter: nf_tables: initialize registers in nft_do_chain() + (CVE-2022-1016 bsc#1197227). +- commit 7111961 + +- Delete + patches.suse/net-tipc-validate-domain-record-count-on-input.patch. + This was the original work-in-progress patch for CVE-2022-0435 / + bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266 + ("tipc: improve size validations for received domain records") was added as + patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but + this patch was left in place. As it adds the check a bit later than + upstream fix, it did not cause a conflict so nobody noticed the duplicity. +- commit ef08708 + +- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). +- commit 2237578 + +- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028). +- commit 49e69cc + +- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027). +- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205 + bsc#1198027). +- ax25: Fix NULL pointer dereferences in ax25 timers + (CVE-2022-1205 bsc#1198027). +- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205 + bsc#1198027). +- ax25: fix UAF bugs of net_device caused by rebinding operation + (CVE-2022-1205 bsc#1198027). +- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205 + bsc#1198027). +- commit cfa1c37 + +- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028) +- commit 1b5a483 + +- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199 + bsc#1198028). +- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199 + bsc#1198028). +- commit f30e94a + +- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() + (CVE-2022-1198 bsc#1198030). +- commit 6da2b7d + +- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195 + bsc#1198029). +- commit fcd70e2 + +- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195 + bsc#1198029). +- hamradio: defer 6pack kfree after unregister_netdev + (CVE-2022-1195 bsc#1198029). +- hamradio: defer ax25 kfree after unregister_netdev + (CVE-2022-1195 bsc#1198029). +- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195 + bsc#1198029). +- commit d30e348 + +- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb + in error path (CVE-2022-28389 bsc#1198033). +- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() + in error path (CVE-2022-28388 bsc#1198032). +- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() + in error path (CVE-2022-28390 bsc#1198031). +- commit d6e6523 + +- tcp: add some entropy in __inet_hash_connect() (bsc#1180153). +- tcp: change source port randomizarion at connect() time + (bsc#1180153). +- commit 96da58a + +- VFS: filename_create(): fix incorrect intent (bsc#1197534). +- commit bd0a18b + +- KVM: SVM: Don't flush cache if hardware enforces cache coherency + across encryption domains (bsc#1178134). +- commit 706a179 + +- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). +- commit e2095ad + +- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). +- powerpc/perf: Don't use perf_hw_context for trace IMC PMU + (bsc#1156395). +- commit 130da3b + +- mm/page_alloc.c: do not warn allocation failure on zone DMA + if no managed pages (bsc#1197501). +- dma/pool: create dma atomic pool only if dma zone has managed + pages (bsc#1197501). +- mm_zone: add function to check if managed dma zone exists + (bsc#1197501). +- commit c0f79a1 + +- wireguard: socket: ignore v6 endpoints when ipv6 is disabled + (git-fixes). +- wireguard: socket: free skb in send6 when ipv6 is disabled + (git-fixes). +- wireguard: queueing: use CFI-safe ptr_ring cleanup function + (git-fixes). +- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST + (git-fixes). +- commit 972eb7f + +- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() + (bsc#1197675). +- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). +- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). +- scsi: lpfc: Fix queue failures when recovering from PCI parity + error (bsc#1197675 bsc#1196478). +- scsi: lpfc: Fix unload hang after back to back PCI EEH faults + (bsc#1197675 bsc#1196478). +- scsi: lpfc: Improve PCI EEH Error and Recovery Handling + (bsc#1197675 bsc#1196478). +- commit 6fc0429 + +- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data + (git-fixes). +- can: mcba_usb: properly check endpoint type (git-fixes). +- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb + in error path (git-fixes). +- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() + in error path (git-fixes). +- pwm: lpc18xx-sct: Initialize driver data and hardware before + pwmchip_add() (git-fixes). +- remoteproc: qcom_wcnss: Add missing of_node_put() in + wcnss_alloc_memory_region (git-fixes). +- remoteproc: qcom: Fix missing of_node_put in + adsp_alloc_memory_region (git-fixes). +- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). +- clk: qcom: clk-rcg2: Update the frac table for pixel clock + (git-fixes). +- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG + (git-fixes). +- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). +- clk: uniphier: Fix fixed-rate initialization (git-fixes). +- clk: Initialize orphan req_rate (git-fixes). +- clk: bcm2835: Remove unused variable (git-fixes). +- clk: tegra: tegra124-emc: Fix missing put_device() call in + emc_ensure_emc_driver (git-fixes). +- clk: clps711x: Terminate clk_div_table with sentinel element + (git-fixes). +- clk: loongson1: Terminate clk_div_table with sentinel element + (git-fixes). +- clk: actions: Terminate clk_div_table with sentinel element + (git-fixes). +- clk: imx7d: Remove audio_mclk_root_clk (git-fixes). +- clk: nxp: Remove unused variable (git-fixes). +- commit 01f6f64 + +- printk: disable optimistic spin during panic (bsc#1197894). +- commit 0716386 + +- printk: Add panic_in_progress helper (bsc#1197894). +- commit f29520c + +- blacklist.conf: printk: cosmetic problem +- commit eabafef + +- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). +- commit dcd324e + +- btrfs: Remove unnecessary check from join_running_log_trans + (bsc#1194649). +- commit dc4697b + +- btrfs: do not commit delayed inode when logging a file in full + sync mode (bsc#1194649). +- btrfs: do not log new dentries when logging that a new name + exists (bsc#1194649). +- commit b03bb01 + +- Revert "module, async: async_synchronize_full() on module init + iff async is used" (bsc#1197888). +- commit 2252be2 + +- btrfs: avoid unnecessary lock and leaf splits when updating + inode in the log (bsc#1194649). +- btrfs: remove unnecessary list head initialization when syncing + log (bsc#1194649). +- btrfs: avoid unnecessary log mutex contention when syncing log + (bsc#1194649). +- commit c49b58c + +- btrfs: avoid unnecessary logging of xattrs during fast fsyncs + (bsc#1194649). +- commit bcb58d4 + +- btrfs: check error value from btrfs_update_inode in tree log + (bsc#1194649). +- btrfs: fixup error handling in fixup_inode_link_counts + (bsc#1194649). +- commit 215b0a5 + +- btrfs: remove unnecessary directory inode item update when + deleting dir entry (bsc#1194649). +- commit ebbb134 + +- x86/mm/pat: Don't flush cache if hardware enforces cache + coherency across encryption domnains (bsc#1178134). +- commit ed78280 + +- btrfs: fix race leading to unnecessary transaction commit when + logging inode (bsc#1194649). +- btrfs: fix race that makes inode logging fallback to transaction + commit (bsc#1194649). +- btrfs: fix race that causes unnecessary logging of ancestor + inodes (bsc#1194649). +- btrfs: fix race that results in logging old extents during a + fast fsync (bsc#1194649). +- commit 54994e0 + +- scsi: lpfc: Copyright updates for 14.2.0.0 patches + (bsc#1197675). +- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor misc ELS paths + (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR + paths (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths + (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor base ELS paths and the + FLOGI path (bsc#1197675). +- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe + (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor fast and slow paths to + native SLI4 (bsc#1197675). +- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). +- scsi: lpfc: Use kcalloc() (bsc#1197675). +- scsi: lpfc: Fix typos in comments (bsc#1197675). +- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). +- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() + (bsc#1197675). +- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() + (bsc#1197675). +- scsi: lpfc: Use fc_block_rport() (bsc#1197675). +- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). +- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). +- scsi: lpfc: Remove redundant flush_workqueue() call + (bsc#1197675). +- scsi: lpfc: Reduce log messages seen after firmware download + (bsc#1197675). +- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled + (bsc#1197675). +- commit e642242 + +- btrfs: check if a log tree exists at inode_logged() + (bsc#1194649). +- commit 1fd0acd + +- btrfs: remove no longer needed full sync flag check at + inode_logged() (bsc#1194649). +- btrfs: eliminate some false positives when checking if inode + was logged (bsc#1194649). +- commit df30719 + +- btrfs: skip unnecessary searches for xattrs when logging an + inode (bsc#1194649). +- commit e2ffdf0 + +- btrfs: check if a log root exists before locking the log_mutex + on unlink (bsc#1194649). +- Refresh + patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch. +- commit 2097b4a + +- ext2: correct max file size computing (bsc#1197820). +- commit f1d2053 + +- block/wbt: fix negative inflight counter when remove scsi device + (bsc#1197819). +- commit 6f18f30 + +- block: update io_ticks when io hang (bsc#1197817). +- commit 4ee5ce6 + +- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815). +- commit 0c58e0d + +- ecryptfs: fix kernel panic with null dev_name (bsc#1197812). +- commit 18f264d + +- ecryptfs: Fix typo in message (bsc#1197811). +- commit 9a64b6f + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit 2d63590 + +- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and + mmap_lock (CVE-2022-1048 bsc#1197331). +- Refresh + patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch. +- commit db7647d + +- bpf: Remove config check to enable bpf support for branch + records (git-fixes bsc#1177028). +- commit 5fff22c + +- net: sched: fix use-after-free in tc_new_tfilter() + (CVE-2022-1055 bsc#1197702). +- commit 4c7dc78 + +- blacklist.conf: kABI +- commit 79d1df3 + +- blacklist.conf: cleanup, not a bugfix +- commit 3a5b1ab + +- blacklist.conf: cleanup, not a bugfix +- commit a1c1b85 + +- Revert "usb: dwc3: gadget: Use list_replace_init() before + traversing lists" (git-fixes). +- commit 978c488 + +- scsi: qla2xxx: Fix typos in comments (bsc#1197661). +- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). +- scsi: qla2xxx: Increase max limit of ql2xnvme_queues + (bsc#1197661). +- scsi: qla2xxx: Use correct feature type field during RFF_ID + processing (bsc#1197661). +- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). +- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). +- scsi: qla2xxx: Fix laggy FC remote port session recovery + (bsc#1197661). +- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). +- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). +- scsi: qla2xxx: Fix crash during module load unload test + (bsc#1197661). +- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests + (bsc#1197661). +- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload + test (bsc#1197661). +- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). +- scsi: qla2xxx: Fix incorrect reporting of task management + failure (bsc#1197661). +- scsi: qla2xxx: Use named initializers for q_dev_state + (bsc#1197661). +- scsi: qla2xxx: Use named initializers for port_state_str + (bsc#1197661). +- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). +- commit d7f7c48 + +- powerpc/pseries: Fix use after free in remove_phb_dynamic() + (bsc#1065729). +- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). +- powerpc/xive: fix return value of __setup handler (bsc#1065729). +- powerpc/sysdev: fix incorrect use to determine if list is empty + (bsc#1065729). +- commit 14ca561 + +- usb: bdc: Fix a resource leak in the error handling path of + 'bdc_probe()' (git-fixes). +- commit b8afee8 + +- usb: bdc: remove duplicated error message (git-fixes). +- commit 3971aef + +- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). +- commit 0a2966f + +- usb: bdc: Use devm_clk_get_optional() (git-fixes). +- commit f4c7fea + +- usb: bdc: Adb shows offline after resuming from S2 (git-fixes). +- commit 3293f5c + +- usb: gadget: bdc: use readl_poll_timeout() to simplify code + (git-fixes). +- commit 686f431 + +- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). +- serial: 8250: Fix race condition in RTS-after-send handling + (git-fixes). +- serial: 8250_lpss: Balance reference count for PCI DMA device + (git-fixes). +- serial: 8250_mid: Balance reference count for PCI DMA device + (git-fixes). +- serial: core: Fix the definition name in the comment of UPF_* + flags (git-fixes). +- soundwire: intel: fix wrong register name in intel_shim_wake + (git-fixes). +- misc: sgi-gru: Don't cast parameter in bit operations + (git-fixes). +- VMCI: Fix the description of vmci_check_host_caps() (git-fixes). +- misc: alcor_pci: Fix an error handling path (git-fixes). +- pinctrl/rockchip: Add missing of_node_put() in + rockchip_pinctrl_probe (git-fixes). +- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe + (git-fixes). +- pinctrl: mediatek: paris: Fix pingroup pin config state readback + (git-fixes). +- pinctrl: mediatek: paris: Fix "argument" argument type for + mtk_pinconf_get() (git-fixes). +- pinctrl: pinconf-generic: Print arguments for bias-pull-* + (git-fixes). +- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init + (git-fixes). +- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() + (git-fixes). +- pinctrl: nuvoton: npcm7xx: Use %zu printk format for + ARRAY_SIZE() (git-fixes). +- mac80211: fix potential double free on mesh join (git-fixes). +- commit ed99607 + +- usb: bdc: use devm_platform_ioremap_resource() to simplify code + (git-fixes). +- commit d8de3ca + +- driver core: dd: fix return value of __setup handler + (git-fixes). +- firmware: google: Properly state IOMEM dependency (git-fixes). +- iio: accel: mma8452: use the correct logic to get mma8452_data + (git-fixes). +- iio: adc: Add check for devm_request_threaded_irq (git-fixes). +- staging:iio:adc:ad7280a: Fix handing of device address bit + reversing (git-fixes). +- iio: afe: rescale: use s64 for temporary scale calculations + (git-fixes). +- iio: inkern: make a best effort on offset calculation + (git-fixes). +- iio: inkern: apply consumer scale when no channel scale is + available (git-fixes). +- iio: inkern: apply consumer scale on IIO_VAL_INT cases + (git-fixes). +- ALSA: pci: fix reading of swapped values from pcmreg in AC97 + codec (git-fixes). +- ALSA: pcm: Add stream lock during PCM reset ioctl operations + (git-fixes). +- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). +- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). +- ALSA: usb-audio: Add mute TLV for playback volumes on RODE + NT-USB (git-fixes). +- ALSA: hda/realtek - Fix headset mic problem for a HP machine + with alc671 (git-fixes). +- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU + (git-fixes). +- ACPI: battery: Add device HID and quirk for Microsoft Surface + Go 3 (git-fixes). +- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board + (git-fixes). +- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). +- commit 34d0dc9 + +- blacklist.conf: Add 1e9d74660d4d "bpf: Fix mount source show for bpffs" + Missing required dependency +- commit 5a8e47e + +- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() + (git-fixes). +- commit 36f2c3d + +- bpf: Fix comment for helper bpf_current_task_under_cgroup() + (git-fixes). +- commit b94b06c + +- x86/cpu: Add hardware-enforced cache coherency as a CPUID + feature (bsc#1178134). +- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature. +- commit 9b8fd9f + +- Metadata update +- commit 20a72ea + +- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" + (bsc#1197243). +- commit 1e324a1 + +- Drop HID multitouch fix patch (bsc#1197243) + Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch. + Replaced with another revert patch. +- commit 169cf98 + +- usb: dwc3: qcom: add IRQ check (git-fixes). +- commit 0f04f35 + +- usb: dwc3: gadget: Use list_replace_init() before traversing + lists (git-fixes). +- commit fa45b43 + +- xhci: fix garbage USBSTS being logged in some cases (git-fixes). +- commit 6c80c92 + +- Add CVE tags to + patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch + (bsc#1189562 bsc#1196761 CVE-2022-0850). +- commit f3cb08f + +- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP +- commit ae70ffd + +- drm/i915/gem: add missing boundary check in vm_access + (git-fixes). +- commit 99cd925 + +- drm/msm/dpu: add DSPP blocks teardown (git-fixes). +- commit 9c986de + +- drm/bridge: dw-hdmi: use safe format when first in bridge chain + (git-fixes). +- commit 38ac9a8 + +- Refresh + patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch. + Alt-commit +- commit 81cf826 + +- Refresh + patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch. + Alt-commit +- commit 9f55faf + +- Refresh + patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch. + Alt-commit +- commit eb12d1f + +- drm/amd/display: Add affected crtcs to atomic state for dsc + mst unplug (git-fixes). +- commit 1b3e76b + +- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don\'t offset by 2 in FRU EEPROM +- commit 6877985 + +- drm/amd/pm: return -ENOTSUPP if there is no + get_dpm_ultimate_freq function (git-fixes). +- commit fb7d1f2 + +- drm/nouveau/acr: Fix undefined behavior in + nvkm_acr_hsfw_load_bl() (git-fixes). +- commit 4a1a717 + +- drm/doc: overview before functions for drm_writeback.c + (git-fixes). +- commit 6d05b7f + +- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). +- commit 8027fb9 + +- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in + nwl_dsi_probe (git-fixes). +- commit c253ca8 + +- drm/meson: Fix error handling when afbcd.ops->init fails + (git-fixes). +- commit 42a3562 + +- drm/meson: osd_afbcd: Add an exit callback to struct + meson_afbcd_ops (git-fixes). +- commit f2138e4 + +- powerpc/mm/numa: skip NUMA_NO_NODE onlining in + parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). +- commit 4765cfb + +- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). +- commit 047d2b7 + +- video: fbdev: matroxfb: set maxvram of vbG200eW to the same + as vbG200 to avoid black screen (git-fixes). +- commit 3094fd1 + +- drm/vc4: crtc: Make sure the HDMI controller is powered when + disabling (git-fixes). +- commit 0e082ec + +- esp: Fix possible buffer overflow in ESP transformation + (bsc#1197131 CVE-2022-0886 CVE-2022-27666). +- commit 39a5891 + +- Update + patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch + (bsc#1194589 bsc#1197366 CVE-2021-45868). +- commit 1a6f8a7 + +- pinctrl: samsung: drop pin banks references on error paths + (git-fixes). +- memory: emif: check the pointer temp in get_device_details() + (git-fixes). +- memory: emif: Add check for setup_interrupts (git-fixes). +- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). +- soc: qcom: rpmpd: Check for null return of devm_kcalloc + (git-fixes). +- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe + (git-fixes). +- media: usb: go7007: s2250-board: fix leak in probe() + (git-fixes). +- media: em28xx: initialize refcount before kref_get (git-fixes). +- media: stk1160: If start stream fails, return buffers with + VB2_BUF_STATE_QUEUED (git-fixes). +- media: Revert "media: em28xx: add missing + em28xx_close_extension" (git-fixes). +- media: video/hdmi: handle short reads of hdmi info frame + (git-fixes). +- media: aspeed: Correct value for h-total-pixels (git-fixes). +- media: hantro: Fix overfill bottom register field name + (git-fixes). +- media: coda: Fix missing put_device() call in coda_get_vdoa_data + (git-fixes). +- media: bttv: fix WARNING regression on tunerless devices + (git-fixes). +- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of + (git-fixes). +- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() + (git-fixes). +- video: fbdev: atmel_lcdfb: fix an error code in + atmel_lcdfb_probe() (git-fixes). +- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() + (git-fixes). +- video: fbdev: matroxfb: set maxvram of vbG200eW to the same + as vbG200 to avoid black screen (git-fixes). +- mmc: davinci_mmc: Handle error for clk_enable (git-fixes). +- usb: usbtmc: Fix bug in pipe direction for control transfers + (git-fixes). +- net: phy: marvell: Fix invalid comparison in the resume and + suspend functions (git-fixes). +- commit 33bac97 + +- firmware: qcom: scm: Remove reassignment to desc following + initializer (git-fixes). +- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call + (git-fixes). +- ASoC: codecs: wcd934x: Add missing of_node_put() in + wcd934x_codec_parse_data (git-fixes). +- ASoC: msm8916-wcd-analog: Fix error handling in + pm8916_wcd_analog_spmi_probe (git-fixes). +- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() + in msm8916_wcd_digital_probe (git-fixes). +- ASoC: imx-es8328: Fix error return code in imx_es8328_probe() + (git-fixes). +- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). +- ASoC: SOF: topology: remove redundant code (git-fixes). +- ASoC: dmaengine: do not use a NULL prepare_slave_config() + callback (git-fixes). +- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). +- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). +- ASoC: fsi: Add check for clk_enable (git-fixes). +- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). +- ASoC: atmel: Add missing of_node_put() in + at91sam9g20ek_audio_probe (git-fixes). +- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). +- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). +- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). +- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). +- ASoC: rt5663: check the return value of devm_kzalloc() in + rt5663_parse_dp() (git-fixes). +- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting + (git-fixes). +- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior + (git-fixes). +- ASoC: topology: Allow TLV control to be either read or write + (git-fixes). +- ALSA: spi: Add check for clk_enable() (git-fixes). +- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). +- ASoC: codecs: wcd934x: fix return value of + wcd934x_rx_hph_mode_put (git-fixes). +- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred + transaction (git-fixes). +- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). +- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings + (git-fixes). +- commit 364280e + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit 0f1f53e + +- cifs: use the correct max-length for dentry_path_raw() + (bsc1196196). +- commit d014f56 + +- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation() +- commit 2d7347b + +- quota: check block number when reading the block in quota file + (bsc#1197366 CVE-2021-45868). +- commit a7d4915 + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 8a9b87d + +- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048 + bsc#1197331). +- commit 12628f8 + +- ALSA: pcm: Fix races among concurrent prealloc proc writes + (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent prepare and + hw_params/hw_free calls (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent read/write and buffer + changes (CVE-2022-1048 bsc#1197331). +- ALSA: pcm: Fix races among concurrent hw_params and hw_free + calls (CVE-2022-1048 bsc#1197331). +- commit aee063f + +- membarrier: Execute SYNC_CORE on the calling thread (git-fixes) +- commit 8c138d0 + +- fuse: handle kABI change in struct fuse_args (bsc#1197343 + CVE-2022-1011). +- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343 + CVE-2022-1011). +- commit 112493c + +- spi: pxa2xx-pci: Balance reference count for PCI DMA device + (git-fixes). +- spi: tegra114: Add missing IRQ check in tegra_spi_probe + (git-fixes). +- regulator: qcom_smd: fix for_each_child.cocci warnings + (git-fixes). +- hwmon: (pmbus) Add Vin unit off handling (git-fixes). +- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING + (git-fixes). +- hwmon: (pmbus) Add mutex to regulator ops (git-fixes). +- crypto: ccp - ccp_dmaengine_unregister release dma channels + (git-fixes). +- crypto: cavium/nitrox - don't cast parameter in bit operations + (git-fixes). +- crypto: vmx - add missing dependencies (git-fixes). +- hwrng: atmel - disable trng on failure path (git-fixes). +- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes). +- crypto: qat - don't cast parameter in bit operations + (git-fixes). +- crypto: mxs-dcp - Fix scatterlist processing (git-fixes). +- crypto: authenc - Fix sleep in atomic context in decrypt_tail + (git-fixes). +- crypto: rsa-pkcs1pad - fix buffer overread in + pkcs1pad_verify_complete() (git-fixes). +- crypto: rsa-pkcs1pad - restore signature length check + (git-fixes). +- crypto: rsa-pkcs1pad - correctly get hash from source + scatterlist (git-fixes). +- thermal: int340x: Increase bitmap size (git-fixes). +- thermal: int340x: Check for NULL after calling kmemdup() + (git-fixes). +- PM: suspend: fix return value of __setup handler (git-fixes). +- PM: hibernate: fix __setup handler error handling (git-fixes). +- ACPI: docs: enumeration: Remove redundant .owner assignment + (git-fixes). +- ACPI: docs: enumeration: Update UART serial bus resource + documentation (git-fixes). +- ACPI: docs: enumeration: Discourage to use custom _DSM methods + (git-fixes). +- ACPI: APEI: fix return value of __setup handlers (git-fixes). +- clocksource: acpi_pm: fix return value of __setup handler + (git-fixes). +- ACPI: properties: Consistently return -ENOENT if there are no + more references (git-fixes). +- clocksource/drivers/timer-of: Check return value of of_iomap + in timer_of_base_init() (git-fixes). +- Input: aiptek - properly check endpoint type (git-fixes). +- usb: gadget: Fix use-after-free bug by not setting + udc->dev.driver (git-fixes). +- usb: gadget: rndis: prevent integer overflow in + rndis_set_response() (git-fixes). +- drm/vrr: Set VRR capable prop only if it is attached to + connector (git-fixes). +- nl80211: Update bss channel on channel switch for P2P_CLIENT + (git-fixes). +- iwlwifi: don't advertise TWT support (git-fixes). +- mac80211: refuse aggregations sessions before authorized + (git-fixes). +- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN + device when fully ready (git-fixes). +- commit 240077f + +- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) +- commit 4fc5228 + +- blacklist.conf: Add 2ecedd756908 ("membarrier: Add an actual barrier before rseq_preempt()") +- commit e7a5059 + +- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) +- commit 3a3c855 + +- netfilter: conntrack: don't refresh sctp entries in closed state + (bsc#1197389). +- commit d30cf2f + +- NFS: Do not report writeback errors in nfs_getattr() + (git-fixes). +- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). +- NFS: Fix initialisation of nfs_client cl_flags field + (git-fixes). +- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). +- NFS: Don't skip directory entries when doing uncached readdir + (git-fixes). +- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed + client (git-fixes). +- NFS: Ensure the server has an up to date ctime before + hardlinking (git-fixes). +- commit 0dffa33 + +- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3 +- commit 7de8046 + +- net: hns3: add a check for tqp_index in + hclge_get_ring_chain_from_mbx() (git-fixes). +- commit 197c612 + +- net: watchdog: hold device global xmit lock during tx disable + (git-fixes). +- commit 5f626af + +- net: stmmac: set TxQ mode back to DCB after disabling CBS + (git-fixes). +- commit 64e0e15 + +- net: enetc: initialize the RFS and RSS memories (git-fixes). +- commit 48628ab + +- net: dsa: mv88e6xxx: override existent unicast portvec in + port_fdb_add (git-fixes). +- commit d733e4e + +- team: protect features update by RCU to avoid deadlock + (git-fixes). +- commit 0917ada + +- netxen_nic: fix MSI/MSI-x interrupts (git-fixes). +- commit e20b4bd + +- Update config files. +- commit 5e3d4fd + +- drm/i915: Fix dbuf slice config lookup (git-fixes). +- commit 2e1e919 + +- drm/imx: parallel-display: Remove bus flags check in + imx_pd_bridge_atomic_check() (git-fixes). +- commit 37de9a5 + +- ibmvnic: fix race between xmit and reset (bsc#1197302 + ltc#197259). +- commit 1372669 + +- Revert "Revert "build initrd without systemd" (bsc#1197300)" + This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd. +- commit 72ed14f + +- Update config files (bsc#1195926 bsc#1175667). + VIRTIO_PCI=m -> VIRTIO_PCI=y +- commit 3edad5c + +- Revert "Revert "rpm/kernel-source.spec.in: call fdupes per subpackage"" + This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15. + Which was propagated from my local local tree. Restore the commit +- commit ee9cedc + +- x86/speculation: Warn about Spectre v2 LFENCE mitigation + (bsc#1178134). +- Refresh + patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch. +- commit 8588aa6 + +- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). +- commit 5c5db21 + +- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + + SMT (bsc#1178134). +- commit a719566 + +- HID: multitouch: fix Dell Precision 7550 and 7750 button type + (bsc#1197243). +- commit 53c2db3 + +- Sort in upstreamed BHB patches +- Refresh + patches.suse/documentation-hw-vuln-update-spectre-doc.patch. +- Refresh + patches.suse/x86-speculation-add-eibrs-retpoline-options.patch. +- Refresh + patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch. +- Refresh + patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch. +- Refresh + patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch. +- commit 4062a7a + +- s390/mm: fix VMA and page table handling code in storage key + handling functions (git-fixes). +- s390/mm: validate VMA in PGSTE manipulation functions + (git-fixes). +- s390/gmap: don't unconditionally call pte_unmap_unlock() + in __gmap_zap() (git-fixes). +- s390/gmap: validate VMA in __gmap_zap() (git-fixes). +- s390/pci_mmio: fully validate the VMA before calling + follow_pte() (git-fixes). +- mm: add vma_lookup(), update find_vma_intersection() comments + (git-fixes). +- commit 808c094 + +- net/smc: Reset conn->lgr when link group registration fails + (git-fixes). +- net/smc: fix using of uninitialized completions (git-fixes). +- net/smc: fix wrong list_del in smc_lgr_cleanup_early + (git-fixes). +- net/smc: Fix loop in smc_listen (git-fixes). +- net/smc: Make sure the link_id is unique (git-fixes). +- commit 759dc2b + +- blacklist.conf: net/smc cleanup with no functional change +- commit 5a33cbb + +- s390/hypfs: include z/VM guests with access control group set + (bsc#1195640 LTC#196352). +- commit 598f26f + +- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup + (bsc#1196018). +- commit 1580ab2 + +- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 + (bsc#1196018). +- commit 1cdc779 + +- s390/module: fix loading modules with a lot of relocations + (git-fixes). +- commit bc1865f + +- s390/kexec_file: fix error handling when applying relocations + (git-fixes). +- s390/kexec: fix memory leak of ipl report buffer (git-fixes). +- s390/kexec: fix return code handling (git-fixes). +- commit 2f0dd10 + +- s390/bpf: Perform r1 range checking before accessing + jit->seen_reg (git-fixes). +- commit 1cc7c78 + kexec-tools +- kexec-tools-print-error-if-kexec_file_load-fails.patch: print + error if kexec_file_load fails (bsc#1197176). + libgcrypt +- FIPS: extend the service indicator [bsc#1190700] + * introduced a pk indicator function + * adapted the approved and non approved ciphersuites + * Add libgcrypt_indicators_changes.patch + * Add libgcrypt-indicate-shake.patch + libglvnd +- provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages + (bsc#1196576) + libslirp +- security update +- added patches + fix CVE-2021-3592 [bsc#1187364], invalid pointer initialization may lead to information disclosure (bootp) + + libslirp-CVE-2021-3592.patch + fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp) + + libslirp-CVE-2021-3594.patch + fix CVE-2021-3595 [bsc#1187366], invalid pointer initialization may lead to information disclosure (tftp) + + libslirp-CVE-2021-3595.patch + libtirpc +- add option to enforce connection via protocol version 2 first + (bsc#1196647) + add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch + libxml2 +- Security fix: [bsc#1196490, CVE-2022-23308] + * Use-after-free of ID and IDREF attributes. +- Add libxml2-CVE-2022-23308.patch + mariadb +- Build mariadb-galera on SLE (jsc#SLE-22245) +- Add dependency on galera-4 for mariadb-galera +- Remove old constraints for mariadb-galera + +- Update to 10.6.7 (bsc#1196016): + * release notes and changelog: + https://mariadb.com/kb/en/library/mariadb-1067-release-notes + https://mariadb.com/kb/en/library/mariadb-1067-changelog + https://mariadb.com/kb/en/library/mariadb-1066-release-notes + https://mariadb.com/kb/en/library/mariadb-1066-changelog + * fixes for the following security vulnerabilities: + 10.6.7: CVE-2021-46665 + CVE-2021-46664 + CVE-2021-46661 + CVE-2021-46668 + CVE-2021-46663 + 10.6.6: CVE-2022-24052 + CVE-2022-24051 + CVE-2022-24050 + CVE-2022-24048 + CVE-2021-46659, bsc#1195339 +- Skip failing tests for s390x, fixes bsc#1195076 + * suse_skipped_tests.list +- Remove upstreamed patches: + * mariadb-10.0.15-logrotate-su.patch + * mariadb-10.1.1-mysqld_multi-features.patch +- Refresh mariadb-10.2.4-logrotate.patch +- The following issues have already been fixed in this package but weren't + previously mentioned in the changes file: + CVE-2021-46658, bsc#1195334 + CVE-2021-46657, bsc#1195325 + mozilla-nss +- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This + makes the PBKDF known answer test compliant with NIST SP800-132. + +- Mozilla NSS 3.68.3 (bsc#1197903) + This release improves the stability of NSS when used in a multi-threaded + environment. In particular, it fixes memory safety violations that + can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097). + We presume that with enough effort these memory safety violations are exploitable. + * Remove token member from NSSSlot struct (bmo#1756271). + * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots + (bmo#1755555). + * Check return value of PK11Slot_GetNSSToken (bmo#1370866). + net-snmp +- Decouple snmp-mibs from net-snmp version to allow major version + upgrade (bsc#1196955). + open-iscsi +- Updated to latest upstream, including bug fixes and cleanups. + Changes included: + * add handling name/value pairs for firmware login (bsc#1196113), + including man page update for same + * Fix bug where some package parts were installed using + DESTDIR twice + * general build cleanup (in prep for removing DB files from + /etc/iscsi some day soon) + Also, now delivering a "package config" file for libopeniscsiusr. + openblas:openmp +- Fix issues in update paths from earlier versions introduced by + recent structural changes (bsc#1198264): + - Add Obsoletes for old package names + - Handle the change from directories to soft links properly + +- Also build for s390x using latest gcc as requested by IBM + (jsc#SLE-18143, bsc#1197721). + +- Build HPC packages with gcc- >= 10 on Leap/SLE. + +- Do the same for x86_64 on SLE to make sure Cooperlake support + is built properly. +- Remove: + * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch + * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch + * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch + Instead, add from upstream: + * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch + * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch + * Fix-checks-for-AVX512-and-atomics.patch + * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch + * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch + * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch + +- Update to v0.3.20: + * general: + some code cleanup, with added casts etc. + fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset + fixed pivot index calculation by ?LASWP for negative increments other + than one + fixed input argument check in LAPACK ? GEQRT2 + improved the check for a Fortran compiler in CMAKE builds + disabled building OpenBLAS' optimized versions of LAPACK complex SPMV, + SPR,SYMV,SYR with NO_LAPACK=1 + fixed building of LAPACK on certain distributed filesystems with parallel + gmake + fixed building the shared library on MacOS with classic flang + (v0.3.19) + reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16 + fixed a potential thread race in the thread buffer reallocation routines + that were introduced in 0.3.18 + fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE + fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG + made automatic library suffix for CMAKE builds with INTERFACE64 available + to CBLAS-only builds + (v0.3.18) + when the build-time number of preconfigured threads is exceeded + at runtime (by an external program calling BLAS functions from + a larger number of threads), OpenBLAS will now allocate an + auxiliary control structure for up to 512 additional threads + instead of aborting + added support for Loongson's LoongArch64 cpu architecture + fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON + added support for building OpenBLAS as a CMAKE subproject + added support for building for Windows/ARM64 targets with clang + improved support for building with the IBM xlf compiler + imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV) + imported Reference-LAPACK PR 597 for testsuite compatibility with + LLVM's libomp + * x86_64: + fixed cross-compilation with CMAKE for CORE2 target + fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds + added support for the "incidental" AVX512 hardware in Alder Lake when + enabled in BIOS + (v0.3.19) + DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities + when an unknown CPUID is encountered, instead of defaulting to Prescott + added cpu detection for Intel Alder Lake + added cpu detection for Intel Sapphire Rapids + added an optimized SBGEMM kernel for Sapphire Rapids + fixed DYNAMIC_ARCH builds on OSX with CMAKE + worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX + fixed missing thread initialization for static builds on Windows/MSVC + fixed an excessive read in ZSYMV + (v0.3.18) + added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000) + added optimized SBGEMM for Intel Cooper Lake + reinstated the performance patch for AVX512 SGEMV_T with a proper fix + added a workaround for a gcc11 tree-vectorizer bug that caused spurious + failures in the test programs for complex BLAS3 when compiling at -O3 + (the default for cmake "release" builds) + added support for runtime cpu count detection under Haiku OS + worked around a long-standing miscompilation issue of the Haswell DGEMV_T + kernel with gcc that could produce NaN output in some corner cases + * Power: + added support for POWER10 in big-endian mode + added support for building with CMAKE + added optimized SGEMM and DGEMM kernels for small matrix sizes + (v0.3.18) + improved performance of DASUM on POWER10 + * ARMV8: + added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX + added support for Neoverse N2 and V1 cpus + (v0.3.19) + added basic support and cputype detection for Fujitsu A64FX + added a generic ARMV8SVE target + added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX + added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus + fixed cpuid detection for Apple M1 and improved performance + improved compiler flag setting in CMAKE builds + (v0.3.18) + fixed crashes (use of reserved register x18) on Apple M1 under OSX + fixed building with gcc releases earlier than 5.1 +- Fix out of bounds read in ?llarv + LAPACK Reference: PR 625 + CVE-2021-4048, bsc#1196513 +- Limit parallel builds according to available memory. + Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS + instead and let the build do the work. + Also change -flto=auto to -flto=1: spawning even more parallel builds + on top of parallel build treads will wreak havok. +- Move calls to 'update-alternatives --remove' to %%postun instead + of %%preun as suggested by rpmlint. +- Since we build with DYNAMIC_ARCH, create separate config files for + the different target kernels to help debugging + Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch +- Remove compiler feature detection when not using auto-detection. + Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch +- Do not depend in variables which are not available when building + DYNAMIC_ARCH. + Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch +- Do not include symbols defined in driver/others/parameter.c in + DYNAMIC_BUILD to generate more conclusive error messages earlier. + Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch +- Install lapack and blas libraries to an openblas-flavor + specific subdirectory of %%_libdir and set up the alternatives + to point to this directory. Set the system-wide BLAS/LAPACK + default directory to %%_libdir/openblas-default. + This way, the blas/lapack libraries will remain consistent + and from the same source. The user is able to override this + easily by setting the LD_LIBRARY_PATH to include the preferred + BLAS/LAPACK implementation (boo#1177260). +- Consolidate packages 'openblas-devel' and 'openblas-devel-headers' + into 'openblas-common-devel' (these are built for the serial + flavor only). + 'openblas-common-devel' will provide the removed 'openblas-devel-headers' + while the arch specific 'preferred' flavor will provide the removed + 'openblas-devel'. +- Fix the openblas default flavor selection: + [#] /usr/sbin/update-alternatives --config libopenblas.so.0 +- Add cmake and pkgconfig files. openjpeg +- Add security fixes: + openjpeg-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), + openjpeg-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), + openjpeg-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), + openjpeg-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), + openjpeg-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), + openjpeg-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774). + -- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer - overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445). - -- Add baselibs.conf - -- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer - overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649). - -- Added a patch (heap_corruption_fix.patch) to fix heap corruption when - processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260). - -- Update to version 1.5.0: - New Features: - * openjpip: - + complete client-server architecture for remote browsing of jpeg 2000 - images. - + see corresponding README for more details. - API modifications: - * 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more - required. - Misc: - * improved cmake and autotools build methods. - * removed manual makefiles, VS project files and XCode project files. - * added a 'thirdparty' directory to contain all dependencies. - + These libraries will be build only if there are not found on the system. - + Note that libopenjpeg itself does not have any dependency. - * changed the directory hierarchy of the whole project. See README files for - details. - * tests : a complete test suite has been setup. - + both JPEG 2000 conformance tests and non-regressions tests are - configured. - + results are submitted to the OpenJPEG dashboard - (http://my.cdash.org/index.php?project=OPENJPEG) - + images are located in 'http://openjpeg.googlecode.com/svn/data' folder. - + configuration files and utilities are located in 'tests' folder. - * OPJViewer re-activated (need wxWidgets) - * Huge amount of bug fixes. See CHANGES for details. -- Removed the following patches (fixed upstream): - * fix_no_undefined.patch - * fix_soversion.patch - * install_pkgconfig_file.patch -- Replaced openjpeg-1.4-OpenJPEGConfig.patch with - openjpeg-1.5.0-cmake_Config.patch (taken from Fedora) -- Replaced openjpeg-1.4-cmake_symlink_fix.patch with - openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora) -- Added 2 patches (taken from Fedora): - * openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories - * openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig - file -- Spec file updates: - * Added doxygen in BuildRequires: to enable compilation of devel docs. - * Updated BuildRequires: to include also liblcms2-devel and zlib-devel. - * Fixed rpmlint warning "file-contains-date-and-time" -- No need to remove the JavaOpenJPEG/ directory from the package source anymore - (the Sun proprietary code was removed from the package). - -- license update: BSD-2-Clause - SPDX format - -- Removed the JavaOpenJPEG/ directory from the package source (fix for - bnc#733009 - openjpg contains Sun proprietary code). - -- Initial release (version 1.4). -- Added 5 patches (taken from upstream and Fedora): - * openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake - * openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for - header file - * fix_no_undefined.patch -- Fix libopenjpeg undefined references - * fix_soversion.patch -- Fix so version to 1 instead of 1.4 - * install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s) - openjpeg2 +- Add security fixes: + openjpeg2-CVE-2018-5727.patch (CVE-2018-5727, bsc#1076314), + openjpeg2-CVE-2018-5785.patch (CVE-2018-5785, bsc#1076967), + openjpeg2-CVE-2018-6616.patch (CVE-2018-6616, bsc#1079845), + openjpeg2-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016), + openjpeg2-CVE-2018-16375.patch (CVE-2018-16375, bsc#1106882), + openjpeg2-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881), + openjpeg2-CVE-2018-20845.patch (CVE-2018-20845, bsc#1140130), + openjpeg2-CVE-2020-6851.patch (CVE-2020-6851, bsc#1160782), + openjpeg2-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090), + openjpeg2-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578), + openjpeg2-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457), + openjpeg2-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774), + openjpeg2-CVE-2022-1122.patch (CVE-2022-1122, bsc#1197738). + -- add libopenjp2.pc (demand introduced by ImageMagick 6.8.8-5) - patterns-base +- Backports fips pattern from SLE15 SP4 + * Since patterns_base has huge different compared to SLE ones, + backport fips pattern from SLE then fips pattern is not missing + raspberrypi-firmware-dt +- Switch back to platform driver until upstream gain support for + VEC clock in clk-raspberrypi driver. Add following patch to fix + immediate issue described in bsc#1198061. + Revert-dt-Move-VEC-clock-to-clk-raspberrypi.patch + swtpm +- Update to version 0.5.3 + - swtpm: + - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240) + - Fix --print-capabilities for 'swtpm chardev' + - swtpm_localca: + - Test for available issuercert before creating CA + - swtpm_cert: + - Rename deprecated libtasn1 types + - man pages: + - Update the doc of the flag to connect to TPM via UnixIO socket + systemd +- Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b + 6256b14446 test: adapt install_pam() for openSUSE + 3ea5b7e295 test: add test checking tmpfiles conf file precedence + e63e641ee8 test tmpfiles: add a test for 'w+' + b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) + ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails +- Move coredumpctl completion files into systemd-coredump sub-package. + webkit2gtk3:gtk3 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. webkit2gtk3:gtk3-soup2 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. webkit2gtk3:gtk4 -- Update to version 2.34.6: +- Update to version 2.36.0 (boo#1198290): + + Add new accessibility implementation using ATSPI DBus + interfaces instead of ATK. + + Add support for requestVideoFrameCallback. + + Change hardware-acceleration-policy setting default value to + always. + + Add support for media session. + + Add new API to set HTTP response information to custom uri + schemes. + + Make user interactive threads (event handler, scrolling, …) + real time in linux. + + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629. +- Rebase no-forced-sse.patch. +- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream. +- Add webkit2gtk3-old-ruby.patch: fix a build failure. + +- Update to version 2.34.6 (boo#1196133): + + Security fixes: CVE-2022-22620. - CVE-2022-22594. + CVE-2022-22594, CVE-2022-22637. wicked +- version 0.6.69 +- redfish: decode smbios and setup host interface + Add initial support to decode the SMBIOS Management Controller Host + Interface (Type 42) structure and expose it as wicked `firmware:redfish` + configuration to setup a Host Network Interface (to the BMC) using the + `Redfish over IP` protocol allowing access to the Redfish Service (via + redfish-localhost in /etc/hosts) used to manage the computer system. + Tech Preview (jsc#SLE-17762). +- buffer: fix size_t length downcast to uint, add guards to init functions +- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string +- xml-schema: reference counting fix to not crash at exit on schema errors +- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl, + remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. +- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable +- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) +- removed obsolete patch included in the master sources (bsc#1194392) + [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch] +