Removed rpms
============
- alsa-plugins-pulse-32bit
- glibc-locale-base-32bit
- gnome-keyring-pam-32bit
- cyrus-sasl-crammd5-32bit
- cyrus-sasl-plain-32bit
- fontconfig-32bit
- glibc-32bit
- gnome-keyring-32bit
- krb5-32bit
- libFLAC8-32bit
- libacl1-32bit
- libaudit1-32bit
- libdw1-32bit
- libfontconfig1-32bit
- libgcrypt20-32bit
- libglib-2_0-0-32bit
- libgmp10-32bit
- libgnutls30-32bit
- libidn2-0-32bit
- liblz4-1-32bit
- libnettle8-32bit
- libnscd1-32bit
- libpwquality1-32bit
- libtalloc2-32bit
- libtdb1-32bit
- libunistring2-32bit
- nss-mdns-32bit
- samba-client-32bit
- libavahi-client3-32bit
- libbrotlicommon1-32bit
- libelf1-32bit
- libgdbm4-32bit
- libgpg-error0-32bit
- libldb2-32bit
- libp11-kit0-32bit
- libparted0-32bit
- libpng16-16-32bit
- libpopt0-32bit
- libsndfile1-32bit
- libspeex1-32bit
- libssh4-32bit
- libtasn1-6-32bit
- libverto1-32bit
- libvorbis0-32bit
- libvorbisenc2-32bit
- openslp-32bit
- samba-winbind-libs-32bit
- systemd-32bit
Added rpms
==========
- cyrus-sasl-crammd5-32bit
- cyrus-sasl-plain-32bit
- fontconfig-32bit
- glibc-32bit
- gnome-keyring-32bit
- alsa-plugins-pulse-32bit
- glibc-locale-base-32bit
- gnome-keyring-pam-32bit
- libavahi-client3-32bit
- libbrotlicommon1-32bit
- libelf1-32bit
- libgdbm4-32bit
- libgpg-error0-32bit
- libldb2-32bit
- libp11-kit0-32bit
- libparted0-32bit
- libpng16-16-32bit
- libpopt0-32bit
- libsndfile1-32bit
- libspeex1-32bit
- libssh4-32bit
- libtasn1-6-32bit
- libverto1-32bit
- libvorbis0-32bit
- libvorbisenc2-32bit
- openslp-32bit
- samba-winbind-libs-32bit
- systemd-32bit
- krb5-32bit
- libFLAC8-32bit
- libacl1-32bit
- libaudit1-32bit
- libdw1-32bit
- libfontconfig1-32bit
- libgcrypt20-32bit
- libglib-2_0-0-32bit
- libgmp10-32bit
- libgnutls30-32bit
- libidn2-0-32bit
- liblz4-1-32bit
- libnettle8-32bit
- libnscd1-32bit
- libpwquality1-32bit
- libtalloc2-32bit
- libtdb1-32bit
- libunistring2-32bit
- man-pages-el
- man-pages-fi
- man-pages-hu
- man-pages-id
- man-pages-nb
- man-pages-sv
- nss-mdns-32bit
- samba-client-32bit
Package Source Changes
======================
MozillaFirefox
+- Firefox Extended Support Release 91.6.1 ESR
+ * Fixed: Security fix
+- Mozilla Firefox ESR 91.6.1
+ MFSA 2022-09 (bsc#1196809)
+ * CVE-2022-26485 (bmo#1758062)
+ Use-after-free in XSLT parameter processing
+ * CVE-2022-26486 (bmo#1758070)
+ Use-after-free in WebGPU IPC Framework
+
+- Firefox Extended Support Release 91.6.0 ESR
+ * Fixed: Various stability, functionality, and security fixes
+ MFSA 2022-05 (bsc#1195682)
+ * CVE-2022-22753 (bmo#1732435)
+ Privilege Escalation to SYSTEM on Windows via Maintenance
+ Service
+ * CVE-2022-22754 (bmo#1750565)
+ Extensions could have bypassed permission confirmation during
+ update
+ * CVE-2022-22756 (bmo#1317873)
+ Drag and dropping an image could have resulted in the dropped
+ object being an executable
+ * CVE-2022-22759 (bmo#1739957)
+ Sandboxed iframes could have executed script if the parent
+ appended elements
+ * CVE-2022-22760 (bmo#1740985, bmo#1748503)
+ Cross-Origin responses could be distinguished between script
+ and non-script content-types
+ * CVE-2022-22761 (bmo#1745566)
+ frame-ancestors Content Security Policy directive was not
+ enforced for framed extension pages
+ * CVE-2022-22763 (bmo#1740534)
+ Script Execution during invalid object state
+ * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545,
+ bmo#1748210, bmo#1748279)
+ Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
+
+- Firefox Extended Support Release 91.5.1 ESR (bsc#1195230)
+ * Fixed: Fixed an issue that allowed unexpected data to be
+ submitted in some of our search telemetry (bmo#1752317)
+
acl
+- test: Add helper library to fake passwd/group files
+- quote: escape literal backslashes (bsc#953659).
+- Added patch:
+ * 0001-test-Add-helper-library-to-fake-passwd-group-files.patch
+ * 0002-quote-escape-literal-backslashes.patch
+
+- refresh acl-2.2.52-tests.patch to work with perl 5.26
+
+- BuildRequires gettext-tools-mini instead of gettext-tools: as
+ acl is part of the bootstrap, we want to try to keep the dep
+ chain as small as possible.
+
+- Remove --with-pic that's just for static libraries.
+- Replace %__-type macro indirections.
+ Replace old $RPM_ by their macro equivalents for consistency.
+ Make the macro style consistent across the file again.
+
+- reenable full Larg File Support for i586
+
+- Make it possible to disable tests (for Ring0)
+- Add BuildRequires: system-user-daemon for the testsuite
+
+- Add BuildRequires for system user bin needed by test suite
+
+- Update to git snapshot dated 21 Sep 2015.
+ - Added:
+ * 0001-Install-the-libraries-to-the-appropriate-directory.patch
+ * 0002-setfacl.1-fix-typo-inclu-de-include.patch
+ * 0003-test-fix-insufficient-quoting-of.patch
+ * 0004-Makefile-rename-configure.in-to-configure.ac.patch
+ * 0005-Bad-markup-in-acl.5-page.patch
+ * 0006-.gitignore-ignore-and-config.h.in.patch
+ * 0007-Use-autoreconf-rather-than-autoconf-to-regenerate-th.patch
+ * 0008-libacl-Make-sure-that-acl_from_text-always-sets-errn.patch
+ * 0009-libacl-fix-SIGSEGV-of-getfacl-e-on-overly-long-group.patch
+ * 0010-punt-debian-rpm-packaging-logic.patch
+ * 0011-move-gettext-logic-into-misc.h.patch
+ * 0012-test-make-running-parallel-out-of-tree-safe.patch
+ * 0013-modernize-build-system.patch
+ * 0014-po-regenerate-files-after-move.patch
+ * 0015-build-drop-aclincludedir-use-pkgincludedir.patch
+ * 0016-build-make-use-of-an-aux-dir-to-stow-away-helper-scr.patch
+ * 0017-build-ship-a-pkgconfig-file-for-libacl.patch
+ * 0018-read_acl_-comments-seq-rename-line-to-lineno.patch
+ * 0019-read_acl_-comments-seq-switch-to-next_line.patch
+ * 0020-telldir-return-value-and-seekdir-second-parameters-a.patch
+ * 0021-mark-libmisc-funcs-as-hidden-so-they-are-not-exporte.patch
+ * 0022-add-__acl_-prefixes-to-internal-symbols.patch
+ * 0023-cp.test-Check-permissions-of-the-right-file.patch
+ * 0024-libacl-acl_set_file-Remove-unnecesary-racy-check.patch
+ * 0025-fix-compilation-with-latest-xattr-git.patch
+ * 0026-getfacl-Fix-memory-leak.patch
+ * 0027-Fix-the-display-block-nesting-in-acl.5.patch
+ * 0028-setfacl-man-page-Minor-wording-improvements.patch
+ * 0029-getfacl-Fix-minor-resource-leak.patch
+ * 0030-Do-not-export-symbols-that-are-not-supposed-to-be-ex.patch
+ * 0031-walk_tree-mark-internal-variables-as-static.patch
+ * 0032-ignore-configure.lineno.patch
+- Signficant spec file restructuring due to 0013-modernize-build-system.patch
+- removed builddefs.in.diff
+
+- Reduce size of filelist by using wildcards;
+ remove %doc (some locations are always %doc),
+ remove %attr (files already have proper permissions)
+
+- add acl-2.2.52-tests.patch and enable tests, check section taken
+ from Fedora package
+
+- remove gpg-offline calls from bootstrap package
+
+- Update to new upstream release 2.2.52
+ * This release fixes a few build system issues that were found and
+ merges in a tree walking bug fix.
+- Remove acl-fiximplicit.patch (merged upstream),
+ config-guess-sub-update.diff (no longer applies)
+- Sync baselibs.conf with in-.spec obsoletes/provides.
+
+- add gpg checking
+
+- use source url
+
+- Add config-guess-sub-update.diff:
+ update config.guess/sub to latest state for AArch64
+
+- Use OS byteswapping routines, application already Includes
+ "endian.h" but then goes ahead defining ad-hoc equivalent
+ functionality (0001-Use-OS-byteswapping-macros.patch)
+
+- remove useless automake deps
+
+- patch license to follow spdx.org standard
+
+- license update: GPL-2.0+;LGPL-2.1+
+ SPDX format
+
+- add automake as buildrequire to avoid implicit dependency
+
+- Fix provides/Obsoletes
+
+- Implement shlib package (libacl1)
+- Enable libacl-devel on all baselib arches
+
+- upgrade to 2.2.51
+ - Test fixes
+
+- upgrade to 2.2.50
+ - OPTIONS in man pages should be a section heading, not a subsection heading
+ - Fix a typo in the setfacl man page
+ - setfacl: Clarify that removing a non-existent acl entry is not an error
+ - Prevent setfacl --restore from SIGSEGV on malformed restore file
+ - setfacl: make sure that -R only calls stat(2) on symlinks when it needs to
+ - libacl: fix potential null pointer dereference
+ - setfacl: fix restore crash on malformed input
+ - setfacl: print useful error from read_acl_comments
+ - setfacl: changing owner and when S_ISUID should be set --restore fix
+
+- use %_smp_mflags
+
+- add baselibs.conf as a source
+- adjust baselibs.conf for SPARC
+
+- readded incorrectly removed libattr-devel requires in -devel
+
+- fixed implicit strchr() usage.
+
+- do not package static libraries
+- fix -devel package dependencies
+
+- Version bump to 2.2.48
+ - Document the new flags comments
+ - Include the S_ISUID, S_ISGID, S_ISVTX flags in the getfacl output, and restore them with "setfacl --restore=file".
+ - Make sure that getfacl -R only calls stat(2) on symlinks when it needs to
+ - Stop quoting nonprintable characters in the getfacl output
+ - Avoid unnecessary but destructive chown calls
+ - Clarify license notice
+
akonadi-calendar
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-calendar-tools
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-contact
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix build on Windows
+ * Make sure helper apps we start are in path
+
akonadi-import-wizard
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-mime
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-notes
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-search
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
akonadi-server
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Use exec variable
+ * Check executables exist in PATH before passing them to QProcess
+
akregator
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix bug 450650: URL encoded chars in feed-entry-link-href become
+ invalid (kde#450650)
+
analitza
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
apache2
+- security update
+- added patches
+ fix CVE-2021-44224 [bsc#1193943], NULL dereference or SSRF in forward proxy configurations
+ + apache2-CVE-2021-44224.patch
+ fix CVE-2021-44790 [bsc#1193942], buffer overflow when parsing multipart content in mod_lua
+ + apache2-CVE-2021-44790.patch
+
ark
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix multivolume archive creation (kde#448065)
+ * zip: Fix setting un-initialized access time (kde#450125)
+ * Fix build when libzip is missing
+ * libzip: Implement proper cancelation, using libzip 1.6
+ * CreateJob: Clean up temp file after cancellation
+ * libzipplugin: Prevent crash when canceling archive creation (kde#446926)
+
autoyast2
+- Properly handle the "dopackages" option in the openFile
+ method of the AyastSetup module (bsc#1196566).
+- 4.4.35
+
+- Avoid login while running AutoYaST init-scripts (bsc#1196594 and
+ related to bsc#1195059).
+- 4.4.34
+
+- Consider user selected packages as optional to not block the
+ installation (bsc#1195747).
+- 4.4.33
+
+- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910)
+- 4.4.32
+
+- Modified init-scripts service dependencies fixing a root login
+ systemd timeout when installing with ssh (bsc#1195059)
+- 4.4.31
+
baloo5-widgets
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
bluez
+- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
+
calendarsupport
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
chromium
+- Chromium 99.0.4844.51 (boo#1196641)
+ * CVE-2022-0789: Heap buffer overflow in ANGLE
+ * CVE-2022-0790: Use after free in Cast UI
+ * CVE-2022-0791: Use after free in Omnibox
+ * CVE-2022-0792: Out of bounds read in ANGLE
+ * CVE-2022-0793: Use after free in Views
+ * CVE-2022-0794: Use after free in WebShare
+ * CVE-2022-0795: Type Confusion in Blink Layout
+ * CVE-2022-0796: Use after free in Media
+ * CVE-2022-0797: Out of bounds memory access in Mojo
+ * CVE-2022-0798: Use after free in MediaStream
+ * CVE-2022-0799: Insufficient policy enforcement in Installer
+ * CVE-2022-0800: Heap buffer overflow in Cast UI
+ * CVE-2022-0801: Inappropriate implementation in HTML parser
+ * CVE-2022-0802: Inappropriate implementation in Full screen mode
+ * CVE-2022-0803: Inappropriate implementation in Permissions
+ * CVE-2022-0804: Inappropriate implementation in Full screen mode
+ * CVE-2022-0805: Use after free in Browser Switcher
+ * CVE-2022-0806: Data leak in Canvas
+ * CVE-2022-0807: Inappropriate implementation in Autofill
+ * CVE-2022-0808: Use after free in Chrome OS Shell
+ * CVE-2022-0809: Out of bounds memory access in WebXR
+- Removed patches:
+ * chromium-96-EnumTable-crash.patch
+ * chromium-89-missing-cstring-header.patch
+ * chromium-95-libyuv-aarch64.patch
+ * chromium-95-libyuv-arm.patch
+ * chromium-98-MiraclePtr-gcc-ice.patch
+ * chromium-98-WaylandFrameManager-check.patch
+- Added patches:
+ * chromium-97-arm-tflite-cast.patch
+ * chromium-98-gtk4-build.patch
+ * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
+ * chromium-98-EnumTable-crash.patch
+ * chromium-third_party-symbolize-missing-include.patch
+ * chromium-v8-missing-utility-include.patch
+
dolphin
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2.1:
+ * Fix rating pixmap alignment on high-dpi screens
+
elfutils
+- Add support for zstd, needed to inspect kernel modules (bsc#1196510)
+
eventviews
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ffmpegthumbs
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
firewalld
+- Fix modprobe.d directory for SLE15 SP3
+- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639)
+
flac
+- Fix memory leak (CVE-2020-0487 bsc#1180112):
+ stream_decoder.c-Fix-a-memory-leak.patch
+
+- Fix out-of-bounds access (CVE-2020-0499 bsc#1180099):
+ libFLAC-bitreader.c-Fix-out-of-bounds-read.patch
+
+- Fix memory leak in read_metadata_vorbiscomment_() function
+ (CVE-2017-6888, bsc#1091045):
+ flac-CVE-2017-6888.patch
+
+- Update to version 1.3.2
+ * Fix undefined behaviour using GCC/Clang UBSAN (erikd).
+ * General hardening via fuzz testing with AFL (erikd and
+ others).
+ * General code improvements (lvqcl, erikd and others).
+ * Add FLAC in MP4 specification docs (Ralph Giles).
+ * Fix some cppcheck warnings (erikd).
+ * Assume all currently used OSes support SSE2.
+ flac:
+ * Fix potential infinite loop on flac-to-flac conversion
+ (erikd).
+ * Add WAVEFORMATEXTENSIBLE to WAV (as needed) when
+ decoding (lvqcl).
+ * Only write vorbis-comments if they are non-empty.
+ * Error out if decoding RAW with bits != (8|16|24).
+ metaflac:
+ * Add --scan-replay-gain option.
+ libraries:
+ * CPU detection cleanup and fixes (Julian Calaby, erikd
+ and lvqcl).
+ * Fix two stream decoder bugs (Max Kellermann).
+ * Fix a NULL dereference bug (on a malformed file).
+ * Changed the LPC order guess for a slight compression
+ improvement, particularly for classical music
+ (Martijn van Beurden).
+ * Improved encoding speed on older Intel CPUs.
+ * Fixed a seeking bug when decoding certain files
+ (Miroslav Lichvar).
+ * Put an upper bound (32768) on the number of seek
+ points.
+ * Fix potential memory leaks.
+ * Support 64bit brword/bwword allowing
+ FLAC__BYTES_PER_WORD to be set to 8 (disabled by
+ default).
+ * Fix an out-of-bounds heap read.
+- Refreshed flac-cflags.patch
+
+- Drop patch that should be upstreamed first, otherwise we will
+ have to keep it ofrever:
+ * flac-ocloexec.patch
+- Drop wrong patch:
+ * flac-fix-pkgconfig.patch
+ + If using this change you get assert.h include overriden in your
+ project by the one from FLAC/ which is not what upstream desired
+ If packages fail to build they should fix their include
+
+- Build documentation as noarch
+
+- Cleanup spec file with spec-cleaner
+- Update url
+- Remove no longer needed patches
+ * flac-fix-CVE-2014-8962.patch
+ * flac-fix-CVE-2014-9028.patch
+ * 0001-getopt_long-not-broken-here.patch
+- Remove following as benefit of using openssl is small
+ * 0001-Allow-use-of-openSSL.patch
+- Add flac-cflags.patch
+- Use doxygen to build documentation
+- Split documentation to separate package
+- Update to 1.3.1
+ * Improved decoding efficiency of all bit depths but especially
+ so for 24 bits for IA32 architecture (lvqcl and Miroslav Lichvar).
+ * Faster encoding using SSE and AVX (lvqcl).
+ * Fixed bartlett, bartlett_hann and triangle functions.
+ * New apodization functions partial_tukey and punchout_tukey for
+ improved compression (Martijn van Beurden).
+ * Retuned compression presets to incorporate new apodization
+ functions (Martijn van Beurden).
+ * Fix -Wcast-align warnings on armhf architecture (Erik de
+ Castro Lopo).
+ * Help output documentation improvements.
+ * I/O buffering improvements on Windows to reduce disk
+ fragmentation when writing files.
+ * Only write vorbis-comments if they are non-empty.
+ * Fix symbol visibility in XMMS plugin.
+ * Many fixes and improvements across all the build systems.
+ * Fix CVE-2014-9028 (heap write overflow) and CVE-2014-8962
+ (heap read overflow)
+
+- A couple of security fixes:
+ * flac-fix-CVE-2014-8962.patch:
+ arbitrary code execution by a stack overflow (CVE-2014-8962,
+ bnc#906831)
+ * flac-fix-CVE-2014-9028.patch:
+ Heap overflow via specially crafted .flac files (CVE-2014-9028,
+ bnc#907016)
+
+- Update to final upstream release 1.3.0
+ * No user-visible changes
+- More robust make install call
+
+- Update to flac 1.3.0pre4 (packaged as 1.2.99_git* to avoid
+ messing with RPM versioning)
+ * Mostly non-linux related bugfixes plus autotools fixes
+ - flac-openssl.patch --> 0001-Allow-use-of-openSSL.patch
+ - remove flac-1.2.1-automake1_13.patch, fixed in upstream.
+ - add 0001-getopt_long-not-broken-here.patch, FLAC bundles
+ GNU-compatible getopt_long for broken OS, but we do have
+ a functional version in libc already.
+
grantleetheme
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
grub2
+- Support saving grub environment for POWER signed grub images (jsc#SLE-23854)
+ * 0001-Add-grub_envblk_buf-helper-function.patch
+ * 0002-Add-grub_disk_write_tail-helper-function.patch
+ * 0003-grub-install-support-prep-environment-block.patch
+ * 0004-Introduce-prep_load_env-command.patch
+ * 0005-export-environment-at-start-up.patch
+- Use enviroment variable in early boot config to looking up root device
+ * grub2.spec
+
+- Remove obsolete openSUSE 12.2 conditionals in spec file
+- Clean up powerpc certificate handling.
+
+- Set grub2-check-default shebang to "#!/bin/bash", as the the code
+ uses many instructions which are undefined for a POSIX sh.
+ (boo#1195794).
+
gwenview5
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Prevent users from "losing" the thumbnail bar
+
icewm-theme-branding:openSUSE
+- Add fix-font-configuration.patch:
+ Fix font configuration after google-droid-fonts update
+ (boo#1195328 bsc#1196336)
+
incidenceeditor
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kaccounts-integration
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kaccounts-providers
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kaddressbook
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kalarmcal
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kalgebra
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kalzium
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kamera
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kanagram
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kate
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix stashing not working when Kate is quit using Ctrl+Q (kde#449229)
+
kbruch
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Link explicitly to KCoreAddons
+
kcalc
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kcalutils
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kcharselect
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kcolorchooser
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kde-print-manager
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kdeedu-data
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kdegraphics-thumbnailers
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kdenetwork-filesharing
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kdepim-addons
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix Bug 434335 Zoom in/out is missing in the context menu (kde#434335)
+
kdepim-runtime
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Apply patch for disable sync contact as it don't ported yet. (kde#449024)
+- Drop patch, now upstream:
+ * 0001-Apply-patch-for-disable-sync-contact-as-it-don-t-por.patch
+
+- Add patch to Work around google calendar events breaking due to
+ dropped Contacts API (kde#449024):
+ * 0001-Apply-patch-for-disable-sync-contact-as-it-don-t-por.patch
+
kdialog
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kernel-default
+- ibmvnic: Allow queueing resets during probe (bsc#1196516
+ ltc#196391).
+- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
+- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
+- ibmvnic: register netdev after init of adapter (bsc#1196516
+ ltc#196391).
+- ibmvnic: complete init_done on transport events (bsc#1196516
+ ltc#196391).
+- ibmvnic: define flush_reset_queue helper (bsc#1196516
+ ltc#196391).
+- ibmvnic: initialize rc before completing wait (bsc#1196516
+ ltc#196391).
+- ibmvnic: free reset-work-item when flushing (bsc#1196516
+ ltc#196391).
+- commit 0236fcc
+
+- Update kabi files.
+- commit c453b5c
+
+- netfilter: nf_tables_offload: incorrect flow offload action
+ array size (bsc#1196299 CVE-2022-25636).
+- commit f8ec613
+
+- mm/page_alloc: Do not prefetch buddies during bulk free
+ (bnc#1193239,bnc#1193199,bnc#1193329).
+- commit 40059fa
+
+- nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643).
+ Refresh:
+ - patches.suse/0006-nvme-Implement-In-Band-authentication.patch
+- nvme: send uevent on connection up (jsc#SLE-23643).
+- commit d19ac19
+
+- Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch
+ (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138).
+ Use the secondary keyring rather than platform keyring for KEXEC_SIG on
+ powerpc. Platform keyring is not available on powerpc.
+- commit 78a342a
+
+- Delete
+ patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch
+ (bsc#1196589).
+ We did not have enough time to stablize ADL-P graphics so restore the
+ experimental flag.
+- commit 0cc030f
+
+- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
+- commit 0c858b7
+
kernel-kvmsmall
+- ibmvnic: Allow queueing resets during probe (bsc#1196516
+ ltc#196391).
+- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
+- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
+- ibmvnic: register netdev after init of adapter (bsc#1196516
+ ltc#196391).
+- ibmvnic: complete init_done on transport events (bsc#1196516
+ ltc#196391).
+- ibmvnic: define flush_reset_queue helper (bsc#1196516
+ ltc#196391).
+- ibmvnic: initialize rc before completing wait (bsc#1196516
+ ltc#196391).
+- ibmvnic: free reset-work-item when flushing (bsc#1196516
+ ltc#196391).
+- commit 0236fcc
+
+- Update kabi files.
+- commit c453b5c
+
+- netfilter: nf_tables_offload: incorrect flow offload action
+ array size (bsc#1196299 CVE-2022-25636).
+- commit f8ec613
+
+- mm/page_alloc: Do not prefetch buddies during bulk free
+ (bnc#1193239,bnc#1193199,bnc#1193329).
+- commit 40059fa
+
+- nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643).
+ Refresh:
+ - patches.suse/0006-nvme-Implement-In-Band-authentication.patch
+- nvme: send uevent on connection up (jsc#SLE-23643).
+- commit d19ac19
+
+- Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch
+ (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138).
+ Use the secondary keyring rather than platform keyring for KEXEC_SIG on
+ powerpc. Platform keyring is not available on powerpc.
+- commit 78a342a
+
+- Delete
+ patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch
+ (bsc#1196589).
+ We did not have enough time to stablize ADL-P graphics so restore the
+ experimental flag.
+- commit 0cc030f
+
+- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
+- commit 0c858b7
+
kernel-preempt
+- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
+ Deleted:
+ patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
+- commit 0c68bb9
+
+- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
+- commit 1dafeb6
+
+- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
+ and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- commit b546cd9
+
+- arm64: Mitigate spectre style branch history side channels
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- Update config files.
+- commit d035616
+
+- KVM: arm64: Add templates for BHB mitigation sequences
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- Refresh
+ patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
+- commit 8c9b0c2
+
+- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- commit c3c4a06
+
+- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
+ of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
+ CVE-2022-0002).
+- arm64: entry: Add macro for reading symbol addresses from the
+ trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Add vectors that have the bhb mitigation sequences
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
+ mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Allow the trampoline text to occupy multiple pages
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Make the kpti trampoline's kpti sequence optional
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Move trampoline macros out of ifdef'd section
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Don't assume tramp_vectors is the start of the
+ vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Allow tramp_alias to access symbols after the
+ 4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Move the trampoline data page before the text page
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Free up another register on kpti's tramp_exit path
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- commit 284cd49
+
+- lib/iov_iter: initialize "flags" in new pipe_buffer
+ (bsc#1196584).
+- commit 4f3bbf5
+
+- x86/speculation: Use generic retpoline by default on AMD
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- commit bed48b1
+
+- ibmvnic: Allow queueing resets during probe (bsc#1196516
+ ltc#196391).
+- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
+- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
+- ibmvnic: register netdev after init of adapter (bsc#1196516
+ ltc#196391).
+- ibmvnic: complete init_done on transport events (bsc#1196516
+ ltc#196391).
+- ibmvnic: define flush_reset_queue helper (bsc#1196516
+ ltc#196391).
+- ibmvnic: initialize rc before completing wait (bsc#1196516
+ ltc#196391).
+- ibmvnic: free reset-work-item when flushing (bsc#1196516
+ ltc#196391).
+- commit 1cc99d0
+
+- tracing: Have traceon and traceoff trigger honor the instance
+ (git-fixes).
+- commit 92ab7ec
+
+- tracing: Dump stacktrace trigger to the corresponding instance
+ (git-fixes).
+- commit a3c85e9
+
+- nvme: also mark passthrough-only namespaces ready in
+ nvme_update_ns_info (git-fixes).
+- nvme: don't return an error from nvme_configure_metadata
+ (git-fixes).
+- nvme: let namespace probing continue for unsupported features
+ (git-fixes).
+- commit a5b2a87
+
+- blk-mq: avoid to iterate over stale request (bsc#1193787).
+- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
+- blk-mq: fix kernel panic during iterating over flush request
+ (bsc#1193787 git-fixes).
+- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
+ (bsc#1193787 git-fixes).
+- blk-mq: always allow reserved allocation in hctx_may_queue
+ (bsc#1193787).
+- commit cc53802
+
+- drm/i915: Fix bw atomic check when switching between SAGV
+ vs. no SAGV (git-fixes).
+- commit 209cee8
+
+- drm/i915: Correctly populate use_sagv_wm for all pipes
+ (git-fixes).
+- commit 5d7b5fe
+
+- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
+ LTC#194674).
+- KVM: remember position in kvm->vcpus array (bsc#1190972
+ LTC#194674).
+- commit 81f3dbb
+
+- s390/cpumf: Support for CPU Measurement Sampling Facility LS
+ bit (bsc#1195081 LTC#196088).
+- s390/cpumf: Support for CPU Measurement Facility CSVN 7
+ (bsc#1195081 LTC#196088).
+- commit 0ce3482
+
+- s390/cio: verify the driver availability for path_event call
+ (bsc#1195928 LTC#196418).
+- commit 4741f1a
+
+- scsi: zfcp: Fix failed recovery on gone remote port with
+ non-NPIV FCP devices (bsc#1195378 LTC#196244).
+- commit 6fb3d19
+
+- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
+ LTC#195540).
+- commit 79f1350
+
+- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
+ LTC#196028).
+- commit 512e596
+
+- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
+ LTC#195549).
+- commit 6f84bff
+
+- block: do not send a rezise udev event for hidden block device
+ (bsc#1193096).
+- commit c3addda
+
+- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
+- commit 542287e
+
+- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
+ (git-fixes).
+- commit 774f927
+
+- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
+ ltc#195815).
+- commit 7099d61
+
+- ext4: prevent partial update of the extent blocks (bsc#1194163
+ bsc#1196339).
+- commit 9b7f6a6
+
+- ext4: check for inconsistent extents between index and leaf
+ block (bsc#1194163 bsc#1196339).
+- commit 8a25180
+
+- ext4: check for out-of-order index extents in
+ ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
+- commit b72afd9
+
+- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
+- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
+ (git-fixes).
+- mtd: rawnand: gpmi: don't leak PM reference in error path
+ (git-fixes).
+- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
+ (git-fixes).
+- ASoC: Revert "ASoC: mediatek: Check for error clk pointer"
+ (git-fixes).
+- ASoC: ops: Fix stereo change notifications in
+ snd_soc_put_volsw_range() (git-fixes).
+- ASoC: ops: Fix stereo change notifications in
+ snd_soc_put_volsw() (git-fixes).
+- ALSA: hda: Fix missing codec probe on Shenker Dock 15
+ (git-fixes).
+- ALSA: hda: Fix regression on forced probe mask option
+ (git-fixes).
+- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
+- HID:Add support for UGTABLET WP5540 (git-fixes).
+- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
+- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
+ (git-fixes).
+- net: macb: Align the dma and coherent dma masks (git-fixes).
+- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
+- drm/amdgpu: fix logic inversion in check (git-fixes).
+- ax25: improve the incomplete fix to avoid UAF and NPD bugs
+ (git-fixes).
+- commit ea7f847
+
+- blk-tag: Hide spin_lock (bsc#1193787).
+- commit 78741a7
+
+- blk-mq: clearing flush request reference in tags->rqs
+ (bsc#1193787).
+- blk-mq: clear stale request in tags->rq before freeing one
+ request pool (bsc#1193787).
+- blk-mq: grab rq->refcount before calling ->fn in
+ blk_mq_tagset_busy_iter (bsc#1193787).
+- block: avoid double io accounting for flush request
+ (bsc#1193787).
+- block: mark flush request as IDLE when it is really finished
+ (bsc#1193787).
+- blk-mq: mark flush request as IDLE in flush_end_io()
+ (bsc#1193787).
+- commit 2d33352
+
+- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
+- commit 445785b
+
+- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
+- commit 436acc9
+
+- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
+- commit a9ec6c0
+
+- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
+- commit ace9b16
+
+- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
+- commit 4beb0b0
+
+- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
+- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
+- commit 41c6188
+
+- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
+- commit b25996b
+
+- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
+- commit f36b423
+
+- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
+- commit ef6e83a
+
+- x86/speculation: Include unprivileged eBPF status in Spectre v2
+ mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- commit d42fa20
+
+- Documentation/hw-vuln: Update spectre doc (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- commit a48cfcc
+
+- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
+ CVE-2022-0001 CVE-2022-0002).
+- commit 1a20a7e
+
+- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- commit 80f47a3
+
+- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
+ (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
+- commit 1f9dd65
+
+- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
+- commit 718c631
+
+- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
+- commit 142c6ac
+
+- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
+ (git-fixes).
+- iommu/vt-d: Fix potential memory leak in
+ intel_setup_irq_remapping() (git-fixes).
+- iommu/iova: Fix race between FQ timeout and teardown
+ (git-fixes).
+- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
+ (git-fixes).
+- iommu/amd: Remove useless irq affinity notifier (git-fixes).
+- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
+ (git-fixes).
+- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
+ (git-fixes).
+- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
+- iommu/amd: Restore GA log/tail pointer on host resume
+ (git-fixes).
+- iommu/io-pgtable-arm-v7s: Add error handle for page table
+ allocation failure (git-fixes).
+- commit 50e60e3
+
+- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
+- commit b7dc18b
+
+- net/ibmvnic: Cleanup workaround doing an EOI after partition
+ migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
+- commit 0dfd4da
+
+- drm/i915/opregion: check port number bounds for SWSCI display
+ power state (git-fixes).
+- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
+- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
+- iwlwifi: fix use-after-free (git-fixes).
+- iwlwifi: pcie: gen2: fix locking when "HW not ready"
+ (git-fixes).
+- iwlwifi: pcie: fix locking when "HW not ready" (git-fixes).
+- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
+- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
+- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
+- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
+ (git-fixes).
+- USB: serial: option: add ZTE MF286D modem (git-fixes).
+- USB: serial: ch341: add support for GW Instek USB2.0-Serial
+ devices (git-fixes).
+- usb: gadget: rndis: check size of RNDIS_MSG_SET command
+ (git-fixes).
+- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
+- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
+- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
+ 88e1121-compatible PHYs (git-fixes).
+- net: phy: marvell: Fix MDI-x polarity setting in
+ 88e1118-compatible PHYs (git-fixes).
+- usb: dwc2: gadget: don't try to disable ep0 in
+ dwc2_hsotg_suspend (git-fixes).
+- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
+- drm: panel-orientation-quirks: Add quirk for the 1Netbook
+ OneXPlayer (git-fixes).
+- net: phy: marvell: configure RGMII delays for 88E1118
+ (git-fixes).
+- commit cc7a24c
+
+- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
+- commit 9af94a7
+
+- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
+ Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
+ Also update blacklist
+- commit 4f68062
+
+- gve: Recording rx queue before sending to napi (bsc#1191655).
+- gve: Add consumed counts to ethtool stats (bsc#1191655).
+- gve: Implement suspend/resume/shutdown (bsc#1191655).
+- gve: Add optional metadata descriptor type GVE_TXD_MTD
+ (bsc#1191655).
+- gve: remove memory barrier around seqno (bsc#1191655).
+- gve: Update gve_free_queue_page_list signature (bsc#1191655).
+- gve: Move the irq db indexes out of the ntfy block struct
+ (bsc#1191655).
+- gve: Correct order of processing device options (bsc#1191655).
+- gve: fix for null pointer dereference (bsc#1191655).
+- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
+- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
+- gve: Add a jumbo-frame device option (bsc#1191655).
+- gve: Implement packet continuation for RX (bsc#1191655).
+- gve: Add RX context (bsc#1191655).
+- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
+- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
+- commit 4a8e1e2
+
+- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
+ (bsc#1195506).
+- commit c74c330
+
+- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
+- commit 8ef8f22
+
+- md/raid5: fix oops during stripe resizing (bsc#1181588).
+- commit bcd3697
+
+- powerpc/pseries: read the lpar name from the firmware
+ (bsc#1187716 ltc#193451).
+- commit 181541b
+
+- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
+- commit c964381
+
+- powerpc: add link stack flush mitigation status in debugfs
+ (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
+- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
+ bsc#1157923 ltc#182612 git-fixes).
+- commit 5862a79
+
+- powerpc: Set crashkernel offset to mid of RMA region
+ (bsc#1190812).
+- powerpc/64: Move paca allocation later in boot (bsc#1190812).
+- commit 11e3668
+
+- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
+ (bsc#1195012).
+- commit 4d29ac4
+
+- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
+- commit 73dbd5c
+
+- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
+ scsi_qla_host_t (bsc#1195823).
+- scsi: qla2xxx: Add qla2x00_async_done() for async routines
+ (bsc#1195823).
+- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
+- scsi: qla2xxx: Check for firmware dump already collected
+ (bsc#1195823).
+- scsi: qla2xxx: Add devids and conditionals for 28xx
+ (bsc#1195823).
+- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
+ (bsc#1195823).
+- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
+ 28XX adapters (bsc#1195823).
+- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
+- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
+- scsi: qla2xxx: Fix device reconnect in loop topology
+ (bsc#1195823).
+- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
+ number of NVMe queues (bsc#1195823).
+- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
+ (bsc#1195823).
+- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
+- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
+- scsi: qla2xxx: Fix premature hw access after PCI error
+ (bsc#1195823).
+- scsi: qla2xxx: Fix warning message due to adisc being flushed
+ (bsc#1195823).
+- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
+- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
+- scsi: qla2xxx: Refactor asynchronous command initialization
+ (bsc#1195823).
+- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
+- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
+ (bsc#1195823).
+- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
+- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
+- scsi: qla2xxx: edif: Replace list_for_each_safe with
+ list_for_each_entry_safe (bsc#1195823).
+- scsi: qla2xxx: Remove a declaration (bsc#1195823).
+- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
+- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
+- commit c358f38
+
+- ice: fix IPIP and SIT TSO offload (git-fixes).
+- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
+- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
+ (bsc#1176447).
+- nfp: flower: fix ida_idx not being released (bsc#1154353).
+- bonding: pair enable_port with slave_arr_updates (git-fixes).
+- ixgbevf: Require large buffers for build_skb on 82599VF
+ (git-fixes).
+- RDMA/cma: Use correct address when leaving multicast group
+ (bsc#1181147).
+- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
+ (git-fixes).
+- commit 679175c
+
+- USB: serial: mos7840: remove duplicated 0xac24 device ID
+ (git-fixes).
+- commit 546d043
+
+- tracing: Don't inc err_log entry count if entry allocation fails
+ (git-fixes).
+- commit 5c45742
+
+- tracing: Propagate is_signed to expression (git-fixes).
+- commit a834cba
+
+- blacklist.conf: b59f2f2b865c ("tracing: Fix smatch warning for do while check in event_hist_trigger_parse()")
+ Cosmetic only.
+- commit f0fcec9
+
+- tracing: Fix smatch warning for null glob in
+ event_hist_trigger_parse() (git-fixes).
+- commit 329e4ac
+
+- powerpc/pseries/ddw: Revert "Extend upper limit for huge DMA
+ window for persistent memory" (bsc#1195995 ltc#196394).
+- commit 877b9c1
+
+- misc: fastrpc: avoid double fput() on failed usercopy
+ (git-fixes).
+- staging: fbtft: Fix error path in fbtft_driver_module_init()
+ (git-fixes).
+- usb: dwc3: gadget: Prevent core from processing stale TRBs
+ (git-fixes).
+- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
+ transition (git-fixes).
+- usb: ulpi: Call of_node_put correctly (git-fixes).
+- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
+- usb: f_fs: Fix use-after-free for epfile (git-fixes).
+- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
+- drm/rockchip: vop: Correct RK3399 VOP register fields
+ (git-fixes).
+- drm/panel: simple: Assign data from panel_dpi_probe() correctly
+ (git-fixes).
+- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
+ (git-fixes).
+- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
+ (git-fixes).
+- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
+ (git-fixes).
+- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
+ (git-fixes).
+- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
+- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
+ Xtreme after reboot from Windows (git-fixes).
+- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
+ Master (newer chipset) (git-fixes).
+- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
+ X570 ALC1220 quirks (git-fixes).
+- staging/fbtft: Fix backlight (git-fixes).
+- commit 033cee4
+
+- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
+- commit 7b9eed7
+
+- blacklist.conf: misattributed upstream
+- commit f62cf37
+
+- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
+- commit a103972
+
+- tipc: improve size validations for received domain records
+ (bsc#1195254, CVE-2022-0435).
+- commit 48911da
+
+- scsi: target: iscsi: Fix cmd abort fabric stop race
+ (bsc#1195286).
+- commit 52d26b6
+
+- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
+- commit 3d90f3c
+
+- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
+- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
+- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
+- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
+- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
+- commit c0baca0
+
+- EDAC/xgene: Fix deferred probing (bsc#1178134).
+- commit 9308a14
+
+- s390/protvirt: fix error return code in uv_info_init()
+ (jsc#SLE-22135).
+- commit 7f8b088
+
+- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
+- commit 004f3c6
+
+- KVM: s390: Return error on SIDA memop on normal guest
+ (bsc#1195516 CVE-2022-0516).
+- commit d46602b
+
+- ceph: set pool_ns in new inode layout for async creates
+ (bsc#1195799).
+- ceph: properly put ceph_string reference after async create
+ attempt (bsc#1195798).
+- commit 8f44ef0
+
+- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
+- commit 9acc804
+
+- s390/uv: fix prot virt host indication compilation
+ (jsc#SLE-22135).
+- s390/uv: add prot virt guest/host indication files
+ (jsc#SLE-22135).
+- commit f479d35
+
+- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
+ ltc#195811).
+- commit 902d854
+
+- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
+- commit ccd41ed
+
+- cgroup-v1: Require capabilities to set release_agent
+ (bsc#1195543 CVE-2022-0492).
+- commit 413d689
+
+- RDMA/ucma: Protect mc during concurrent multicast leaves
+ (bsc#1181147).
+- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
+- net/mlx5e: Fix handling of wrong devices during bond netevent
+ (jsc#SLE-15172).
+- gve: fix the wrong AdminQ buffer queue index check
+ (bsc#1176940).
+- gve: Fix GFP flags when allocing pages (git-fixes).
+- i40e: fix unsigned stat widths (git-fixes).
+- i40e: Fix for failed to init adminq while VF reset (git-fixes).
+- i40e: Fix queues reservation for XDP (git-fixes).
+- i40e: Fix issue when maximum queues is exceeded (git-fixes).
+- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
+- commit 6aa87c4
+
+- Update patch reference for HD-audio fix (bsc#1183872)
+- commit 1e16eaa
+
+- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
+ (git-fixes).
+- commit 2492c7d
+
+- mmc: sdhci-of-esdhc: Check for error num after setting mask
+ (git-fixes).
+- ima: Do not print policy rule with inactive LSM labels
+ (git-fixes).
+- ima: Allow template selection with ima_template[_fmt]= after
+ ima_hash= (git-fixes).
+- ima: Remove ima_policy file before directory (git-fixes).
+- integrity: check the return value of audit_log_start()
+ (git-fixes).
+- integrity: double check iint_cache was initialized (git-fixes).
+- integrity: Make function integrity_add_key() static (git-fixes).
+- commit a8bf0cb
+
+- RDMA/core: Always release restrack object (git-fixes)
+- commit a4c74f1
+
+- RDMA/siw: Release xarray entry (git-fixes)
+- commit cfa201c
+
+- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
+- commit 06f1504
+
+- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
+- commit 2bfec1b
+
+- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
+ (git-fixes).
+- bpf: Adjust BTF log size limit (git-fixes).
+- commit 5e3ed1a
+
+- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
+ LTC#194816).
+- commit 5aa085e
+
+- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
+- commit 5b20187
+
+- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
+- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
+- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
+- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
+- scsi: core: No retries on abort success (bsc#1195506).
+- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
+- scsi: core: Add limitless cmd retry support (bsc#1195506).
+- commit af99987
+
+- Align s390 NVME target options with other architectures
+ (bsc#1188404, jsc#SLE-22494).
+ CONFIG_NVME_TARGET=m
+ CONFIG_NVME_TARGET_PASSTHRU=y
+ CONFIG_NVME_TARGET_LOOP=m
+ CONFIG_NVME_TARGET_RDMA=m
+ CONFIG_NVME_TARGET_FC=m
+ CONFIG_NVME_TARGET_FCLOOP=m
+ CONFIG_NVME_TARGET_TCP=m
+- commit 5b2b9f6
+
kgeography
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
khangman
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
khelpcenter5
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Mark as SingleMainWindow in desktop file
+
kidentitymanagement
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kig
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Empty Coordinates are Kind of Valid (kde#448700)
+
kimap
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kio-extras5
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Add missing "truncating" parameter. (kde#450198)
+
kio_audiocd
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kipi-plugins
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kiten
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kitinerary
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Don't pass PDFDoc arguments that Poppler already has the same defaults for
+ * Ignore more files for cppcheck that hang the latest version on the CI
+ * Add basic Air France PDF ticket extractor
+ * Reduce the lower size threshold for 2D barcodes
+
kldap
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kleopatra
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
klettres
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmag
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmahjongg
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmail
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix order
+ * Avoid to duplicate entries
+ * Make sure helper apps we start are in path
+
kmail-account-wizard
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmailtransport
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmbox
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmime
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmines
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmousetool
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kmplot
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
knotes
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kompare
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
konsole
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kontact
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix Manager Crash when clicking New (kde#424252)
+ * Use KIO/ApplicationLauncherJob
+ * Make sure helper apps we start are in path
+
kontactinterface
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
konversation
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * KStatusNotifierItem new API need to be guarded with KNotifications version
+
korganizer
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kpat
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kpimtextedit
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kpkpass
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kqtquickcharts
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kreversi
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ksmtp
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ksudoku
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ktnef
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ktouch
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
kwalletmanager5
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Desktop file: fix to announce taking local files only, not URLs
+ * Fix skipping the first wallet arg name on the commandline
+ * Fix QCommandLineParser setup, wallet names are taken as positional args
+
kwordquiz
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libcaca
+- If an image has a size of 0x0, when exporting, no data is written
+ and space is allocated for the header only, not taking into
+ account that sprintf appends a NUL byte.
+ [CVE-2021-30498, CVE-2021-30499, bsc#1184751, bsc#1184752,
+ bsc1184751-add-space-for-NUL-byte.patch]
+
libgravatar
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libidn2
+- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
+ match factory licenses (bsc#1180138)
+
+- Update to version 2.2.0 CVE-2019-12290 bsc#1154884:
+ * Perform A-Label roundtrip for lookup functions by default
+ * Stricter check of input to punycode decoder
+ * Fix punycode decoding with no ASCII chars but given delimiter
+ * Fix 'idn2 --no-tr64' (was a no-op)
+ * Allow _ as a basic code point in domain labels
+ * Fail building documentation if 'ronn' isn't installed
+ * git tag changed to reflect https://semver.org/
+
+- update to 2.1.1 CVE-2019-18224 bsc#1154887:
+ * Revert SONAME bump from release 2.1.0
+ * Fix NULL dereference in idn2_register_u8() and
+ idn2_register_ul()
+ * Fix free of random value in idn2_to_ascii_4i()
+ * Improved fuzzer (which found the above issues)
+ * Check for valid unicode input in punycode encoder
+ * Avoid excessive CPU usage in punycode encoding with
+ large inputs
+ * Deprecate idn2_to_ascii_4i() in favor of idn2_to_ascii_4i2()
+ * Restrict output length of idn2_to_ascii_4i() to 63 bytes
+
+- update to 2.1.0:
+ * Two internal functions are no longer exposed, soname bump
+ * Fix label length check for idn2_register_u8()
+ * Add missing error messages to idn2_strerror_name()
+
+- update to 2.0.5:
+ * Switch the default library behavior to IDNA2008 as amended by
+ TR#46 (non-transitional). That default behavior is enabled when
+ no flags are specified to function calls. Applications can
+ utilize the %IDN2_NO_TR46 flag to switch to the unamended
+ IDNA2008. This is done in the interest of interoperability
+ based on the fact that this is what application writers care
+ about rather than strict compliance with a particular protocol
+ * Fixed memory leak in idn2_to_unicode_8zlz()
+ * Return error (IDN2_ICONV_FAIL) on charset conversion errors
+ * Fixed issue with STD3 rules applying in non-transitional TR46
+ mode
+ * idn2: added option --usestd3asciirules
+- put translations into libidn2-lang
+- correct location of install_info_prereq macro to be on tools
+
+- update to 2.0.4:
+ * Fix integer overflow in bidi.c/_isBidi() bsc#1056451
+ * Fix integer overflow in puny_decode.c/decode_digit()
+ bsc#1056450
+ * Fix idna_free() to idn_free()
+- enable documentation again
+
+- update to 2.0.3:
+ * %IDN2_USE_STD3_ASCII_RULES disabled by default.
+ Previously libidn2 was eliminating non-STD3 characters from
+ domain strings such as _443._tcp.example.com, or IPs such as
+ 1.2.3.4/24 provided to libidn2 functions. That was an
+ unexpected regression for applications switching from libidn
+ and thus it is no longer applied by default.
+ Use %IDN2_USE_STD3_ASCII_RULES to enable that behavior again.
+- disable documentation, does not build correctly
+
+- update to 2.0.2:
+ * Fix TR46 transitional mode
+ * Fix several documentation issues
+
+- Sources updated from http://alpha.gnu.org to https://ftp.gnu.org
+
+- Update to version 2.0.1
+- Version 2.0.1 (released 2017-04-22)
+ * idn2 utility now using IDNA2008 + TR46 by default
+- Version 2.0.0 (released 2017-03-29) [alpha]
+ * Version numbering scheme changed
+ * Added to ASCII conversion functions corresponding to libidn1
+ functions:
+ - idn2_to_ascii_4i - idn2_to_ascii_4z
+ - idn2_to_ascii_8z - idn2_to_ascii_lz
+ * Added to unicode conversion functions corresponding to libidn1
+ functions:
+ - idn2_to_unicode_8z4z - idn2_to_unicode_4z4z
+ - idn2_to_unicode_44i - idn2_to_unicode_8z8z
+ - idn2_to_unicode_8zlz - idn2_to_unicode_lzlz
+ * Including idn2.h will provide libidn1 compatibility functions
+ unless IDN2_SKIP_LIBIDN_COMPAT is defined. That allows converting
+ applications from libidn1 (which offers IDNA2003) to libidn2 (which
+ offers IDNA2008) by replacing idna.h to idn2.h in the applications'
+ source.
+- Dropped patch not needed after revision
+ * libidn2-no-examples-build.patch
+
+- Update to version 0.16
+ * build: Fix idn2_cmd.h build rule.
+ * API and ABI is backwards compatible with the previous version.
+- Update to version 0.15 (released 2017-01-14)
+ * Fix out-of-bounds read.
+ * Fix NFC input conversion (regression).
+ * Shrink TR46 static mapping data.
+ * API and ABI is backwards compatible with the previous version.
+- Update to version 0.14 (released 2016-12-30)
+ * build: Fix gentr46map build.
+ * API and ABI is backwards compatible with the previous version.
+- Update to version 0.13:
+ * build: Doesn't download external files during build.
+ * doc: Clarify license.
+ * build: Generate ChangeLog file properly.
+ * doc: API documentation related to TR46 flags.
+ * API and ABI is backwards compatible with the previous version.
+- Update to version 0.12:
+ * Builds/links with libunistring.
+ * Fix two possible crashes with unchecked NULL pointers.
+ * Memleak fix.
+ * Binary search for codepoints in tables.
+ * Do not taint output variable on error in idn2_register_u8().
+ * Do not taint output variable on error in idn2_lookup_u8().
+ * Update to Unicode 6.3.0 IDNA tables.
+ * Add TR46 / UTS#46 support to API and idn2 utility.
+ * Add NFC quick check.
+ * Add make target 'check-coverage' for test coverage report.
+ * Add tests to increase test code coverage.
+ * API and ABI is backwards compatible with the previous version.
+
+- update to 0.11:
+ * Fix stack underflow in 'idn2' command line tool. [boo#1014473]
+ * Fix gdoc script to fix texinfo syntax error.
+ * API and ABI is backwards compatible with the previous version.
+
+- Convert to libidn2 package started to being used, namely by curl
+- Alternative implementation based on new specification from 2008
+ + completely different codebase with no ties to libidn
+
+- libidn 1.33:
+ * bnc#990189 CVE-2015-8948 CVE-2016-6262
+ * bnc#990190 CVE-2016-6261
+ * bnc#990191 CVE-2016-6263
+ * libidn: Fix out-of-bounds stack read in idna_to_ascii_4i.
+ * idn: Solve out-of-bounds-read when reading one zero byte as input.
+ * libidn: stringprep_utf8_nfkc_normalize reject invalid UTF-8.
+
+- Update to 1.32
+ * libidn: Fix crash in idna_to_unicode_8z8z and
+ idna_to_unicode_8zlz. This problem was introduced in 1.31.
+ * API and ABI is backwards compatible with the previous version.
+- Update gpg keyring
+
+- Add Apache-2.0 license to the license line. Under this is the
+ java code, but we don't build it -> just the sources license
+
+- Version bump to 1.31:
+ * Fixes bnc#923241 CVE-2015-2059 out-of-bounds read with stringprep on
+ invalid UTF-8
+ * Few other triv changes
+
+- Version bump to 1.30:
+ * punycode.{c,h} files were reimported
+- Cleanup with spec-cleaner
+
+- update version 1.29:
+ * libidn: Mark internal variable "g_utf8_skip" as static.
+ * idn: Flush stdout to simplify for tools that buffer too heavily.
+ * i18n: Added Brazilian Portuguese translation.
+ * Update gnulib files.
+ * API and ABI is backwards compatible with the previous version.
+
libkcddb
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkcompactdisc
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkdcraw
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkdegames
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Make the installed files reproducible
+
libkdepim
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkeduvocdocument
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkexiv2
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkgapi
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Make sure utf8 text is displayed as utf8
+
libkipi
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkleo
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libkmahjongg
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Make the installed files reproducible
+
libkomparediff2
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libksieve
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
libnvme
+- Update License information. The library is released under
+ LGPL-2.1-or-later and not LGPL-2.1-only.
+
+- Update to version 1.0-rc5:
+ * ioctl: Set lsp to action in nvme_get_log_persistent_event (bsc#1196121)
+ * tree: Ignore traddr case in nvme_lookup_ctrl() (bsc#1194025)
+ * fabrics: Do not swap bytes for system uuid (bsc#1196565)
+ * documentation updates
+
+- Update to version 1.0-rc4:
+ * fabrics: add default port number for NVMe/TCP I/O controllers
+ * linux: Update size when telemetry controller initiated data is unavailable
+ * add cdw13 for set_feature_args structure
+ * Add support for TP8010
+ * Documentation cleanups
+
+- Update to version v1.0-rc3:
+ * Properly create manuals/documentation
+ * Fix memleaks in __nvme_free_ns() and nvme_scan_subsystem()
+ * nvme: get log domain id included in Log Specific Identifier
+ * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns
+ * ioctl: Add identify ioctl for CNS 09h, 0Ah
+ * nvme: Add Enhanced Controller Meta Data(FID: 0x7D)
+ * nvme: Add Supported Capacity Configuration List log page(LID: 0x11)
+ * tree: do not set dhchap_key to 'none'
+ * tree: restart controller lookup
+ * tree: fixup memory leak in nvme_scan_ctrl()
+ * Rename nvme_path_get_subsystem()
+ * Remove nvme_reset_topology()
+- Use precompiled documentation instead regenerating it
+
+- Update to version 1.0~2:
+ * Add fabrics config option 'tls'
+ * Logging infrastructure reworked (API break)
+ * Changed argument structs layout (API break)
+ * Changed scan API (API break)
+ * Fixed ctrl_loss_tmo handling concerning values of '-1'
+ * Various build fixes
+
libpng16
-- security update
-- added patches
- CVE-2019-7317 [bsc#1124211]
- + libpng16-CVE-2019-7317.patch
-
-- asan_build: build ASAN included
-- debug_build: build more suitable for debugging, install pngcp
-- usecase example: [bsc#1121624]
-
-- security update:
- * CVE-2018-13785 [bsc#1100687]
- + libpng16-CVE-2018-13785.patch
-
-- check with -j1
-
-- Fix SRPM group and grammar issues.
-
-- removed obsoleted Obsoletes
-
-- update to 1.6.34:
- * Removed contrib/pngsuite/i*.png; some of these were incorrect
- and caused test failures.
-- includes 1.6.33:
- * Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added
- missing parenthesis in contrib/pngminus/pnm2png.c
- * Fixed off-by-one error in png_do_check_palette_indexes()
- * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
- to fix shortlived oss-fuzz issue 3234.
- * Compute a larger limit on IDAT because some applications write
- a deflate buffer for each row
- * Use current date (DATE) instead of release-date (RDATE) in last
- changed date of contrib/oss-fuzz files.
- * Enabled ARM support in CMakeLists.txt
- * Fixed incorrect typecast of some arguments to png_malloc() and
- png_calloc() that were png_uint_32 instead of png_alloc_size_t
- * Use pnglibconf.h.prebuilt when building for ANDROID with cmake
- * Initialize memory allocated by png_inflate to zero, using
- memset, to stop an oss-fuzz "use of uninitialized value"
- detection in png_set_text_2() due to truncated iTXt or zTXt
- chunk.
- * Initialize memory allocated by png_read_buffer to zero, using
- memset, to stop an oss-fuzz "use of uninitialized value"
- detection in png_icc_check_tag_table() due to truncated iCCP
- chunk.
- * Removed redundant tests
- * Added an interlaced version of each file in contrib/pngsuite.
- * Relocate new memset() call in pngrutil.c
- * Add support for loading images with associated alpha in the
- Simplified API
- * Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32
- state
- * Initialize png_handler.row_ptr in libpng_read_fuzzer.cc
- * Add end_info structure and png_read_end() to the libpng fuzzer
-- includes 1.6.32:
- * Avoid possible NULL dereference in png_handle_eXIf when
- benign_errors are allowed. Avoid leaking the input buffer
- "eXIf_buf".
- * Eliminated png_ptr->num_exif member from pngstruct.h and added
- num_exif to arguments for png_get_eXIf() and png_set_eXIf().
- * Added calls to png_handle_eXIf(() in pngread.c and
- png_write_eXIf() in pngwrite.c, and made various other fixes
- to png_write_eXIf().
- * Changed name of png_get_eXIF and png_set_eXIf() to
- png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid
- breaking API compatibility with libpng-1.6.31.
- * Updated contrib/libtests/pngunknown.c with eXIf chunk.
- * Initialized btoa[] in pngstest.c
- * Stop memory leak when returning from png_handle_eXIf() with an
- error
- * Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf().
- * Update libpng.3 and libpng-manual.txt about eXIf functions.
- * Restored png_get_eXIf() and png_set_eXIf() to maintain API
- compatability.
- * Removed png_get_eXIf_1() and png_set_eXIf_1().
- * Check length of all chunks except IDAT against user limit to
- fix an OSS-fuzz issue (Fixes CVE-2017-12652)
- * Check length of IDAT against maximum possible IDAT size,
- accounting for height, rowbytes, interlacing and zlib/deflate
- overhead.
- * Restored png_get_eXIf_1() and png_set_eXIf_1(), because
- strlen(eXIf_buf) does not work (the eXIf chunk data can
- contain zeroes).
- * Revised symlink creation, no longer using deprecated cmake
- LOCATION feature
- * Fixed five-byte error in the calculation of IDAT maximum
- possible size.
- * Moved chunk-length check into a png_check_chunk_length()
- private function
- * Moved bad pngs from tests to contrib/libtests/crashers
- * Moved testing of bad pngs into a separate
- tests/pngtest-badpngs script
- * Added the --xfail (expected FAIL) option to pngtest.c. It
- writes XFAIL in the output but PASS for the libpng test.
- * Require cmake-3.0.2 in CMakeLists.txt
- * Fix "const" declaration info_ptr argument to png_get_eXIf_1()
- and the num_exif argument to png_get_eXIf_1()
- * Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
- * Added huge_IDAT.png and empty_ancillary_chunks.png to
- testpngs/crashers.
- * Make pngtest --strict, --relax, --xfail options imply -m
- (multiple).
- * Removed unused chunk_name parameter from png_check_chunk_length().
- * Relocated setting free_me for eXIf data, to stop an OSS-fuzz'
- leak.
- * Initialize profile_header[] in png_handle_iCCP() to fix
- OSS-fuzz issue.
- * Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix
- OSS-fuzz UMR.
- * Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue.
- * Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(),
- to account for the minimum 'deflate' stream, and relocate the
- test to a point after the keyword has been read.
- * Check that the eXIf chunk has at least 2 bytes and begins with
- "II" or "MM".
- * Added a set of "huge_xxxx_chunk.png" files to
- contrib/testpngs/crashers, one for each known chunk type, with
- length = 2GB-1.
- * Check for 0 return from png_get_rowbytes() and added some
- (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity
- issues (162705, 162706, and 162707).
- * Renamed chunks in contrib/testpngs/crashers to avoid having
- files whose names differ only in case; this causes problems with
- some platforms
- * Added contrib/oss-fuzz directory which contains files used by
- the oss-fuzz project
-- cleanup with spec-cleaner
-
-- update to 1.6.31:
- * Guard the definition of _POSIX_SOURCE in pngpriv.h.
- * Revised pngpriv.h to work around failure to compile
- arm/filter_neon.S.
- * Added "Requires: zlib" to libpng.pc.in.
- * Added special case for FreeBSD in arm/filter_neon.S.
- * Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent
- possible integer overflow.
- * Added eXIf chunk support.
-- remove upstreamed
- 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
-
-- Drop png-version-info-only.patch, it has no effect after applying
- 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
- Both patches achieve the same, prefer the upstream version
-
-- Add 0001-libpng16-Revised-pngpriv.h-to-use-PNG_VERSION_INFO_O.patch
- Fix build on ARM
-
-- png-version-info-only.patch: fix missing PNG_VERSION_INFO_ONLY check
-
-- update to 1.6.30:
- Revised documentation of png_get_error_ptr() in the libpng manual.
- Document need to check for integer overflow when allocating a pixel
- buffer for multiple rows in contrib/gregbook, contrib/pngminus,
- example.c, and in the manual (suggested by Jaeseung Choi). This
- is similar to the bug reported against pngquant in CVE-2016-5735.
- Check for integer overflow in contrib/visupng and contrib/tools/genpng.
- Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt.
- Avoid writing an empty IDAT when the last IDAT exactly fills the
- compression buffer (bug report by Brian Baird). This bug was
- introduced in libpng-1.6.0.
- Add a reference to the libpng.download site in README.
-
-- update to 1.6.29:
- Moved SSE2 optimization code into the main libpng source directory.
- Configure libpng with "configure --enable-intel-sse" or compile
- libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it.
- Added code for PowerPC VSX optimisation (Vadim Barkov).
- Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer).
-
-- update to 1.6.28: fix build issues
-
-- update to 1.6.27: fixes CVE-2016-10087
-
-- update to 1.6.26:
- Fixed handling zero length IDAT in pngfix (bug report by Agostino Sarubbo,
- bugfix by John Bowler).
- Do not issue a png_error() on read in png_set_pCAL() because
- png_handle_pCAL has allocated memory that libpng needs to free.
- Issue a png_benign_error instead of a png_error on ADLER32 mismatch
- while decoding compressed data chunks.
- Changed PNG_ZLIB_VERNUM to ZLIB_VERNUM in pngpriv.h, pngstruct.h, and
- pngrutil.c.
- If CRC handling of critical chunks has been set to PNG_CRC_QUIET_USE,
- ignore the ADLER32 checksum in the IDAT chunk as well as the chunk CRCs.
- Issue png_benign_error() on ADLER32 checksum mismatch instead of
- png_error().
- Updated the documentation about CRC and ADLER32 handling.
- Fixed offsets in contrib/intel/intel_sse.patch
- Changed integer constant 4294967294 to unsigned 4294967294U in pngconf.h
- to avoid a signed/unsigned compare in the preprocessor.
- Use zlib-1.2.8.1 inflateValidate() instead of inflateReset2() to
- optionally avoid ADLER32 evaluation.
-
-- update to 1.6.25:
- Reject oversized iCCP profile immediately.
- Conditionally compile png_inflate().
- Don't install pngcp; it conflicts with pngcp in the pngtools package.
- Added MIPS support (Mandar Sahastrabuddhe <
-
-- update to 1.6.24:
- Avoid potential overflow of the PNG_IMAGE_SIZE macro.
- Correct filter heuristic overflow handling.
- Use a more efficient absolute value calculation on SSE2.
- Added pngcp.
- etc. see ANNOUNCE
-
-- Update to new upstream release 1.6.23
- * Fixes a potential memleak in png_set_tRNS.
- * Fixed the progressive reader to handle empty first IDAT
- chunk properly.
- * Added tests in pngvalid.c to check zero-length IDAT chunks
- in various positions.
- * Fixed the sequential reader to handle these more robustly.
- * Corrected progressive read input buffer in pngvalid.c.
- * Moved sse2 prototype from pngpriv.h to
- contrib/intel/intel_sse.patch.
- * Fixed undefined behavior in png_push_save_buffer().
- Do not call memcpy() with a null source, even if count is zero.
- * Fixed bad link to RFC2083 in png.5.
-
-- update to 1.6.22:
- Added a png_image_write_to_memory() API and a number of assist macros
- to allow an application that uses the simplified API write to bypass
- stdio and write directly to memory.
- Relaxed limit checks on gamma values in pngrtran.c. As suggested in
- the comments gamma values outside the range currently permitted
- by png_set_alpha_mode are useful for HDR data encoding. These values
- are already permitted by png_set_gamma so it is reasonable caution to
- extend the png_set_alpha_mode range as HDR imaging systems are starting
- to emerge.
- Restored "& 0xff" in png_save_uint_16() and png_save_uint_32() that
- were accidentally removed from libpng-1.6.17.
- Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h
- (Robert C. Seacord).
- Added INTEL-SSE2 support (Mike Klein and Matt Sarett, Google, Inc.).
- SSE filter speed improvements for bpp=3:
- memcpy-free implementations of load3() / store3().
- Added PNG_FAST_FILTERS macro (defined as
- PNG_FILTER_NONE|PNG_FILTER_SUB|PNG_FILTER_UP).
-
-- Update to new upstream release 1.6.21
- * Widened the 'limit' check on the internally calculated error limits in
- the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error
- checks) and changed the check to only operate in non-release builds
- (base build type not RC or RELEASE.)
- * Fixed undefined behavior in pngvalid.c, undefined because
- (png_byte) << shift is undefined if it changes the signed bit
- (because png_byte is promoted to int). The libpng exported functions
- png_get_uint_32 and png_get_uint_16 handle this.
-
-- update to 1.6.20:
- Avoid potential pointer overflow/underflow in png_handle_sPLT() and
- png_handle_pCAL() (Bug report by John Regehr).
- Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
- not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
- vulnerability.
- Backported tests from libpng-1.7.0beta69.
- Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
- American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
- immediately fault a bad CMINFO field; instead a 'too far back' error
- happens later (at least some times). pngfix failed to limit CMINFO to
- the allowed values but then assumed that window_bits was in range,
- triggering an assert. The bug is mostly harmless; the PNG file cannot
- be fixed.
- In libpng 1.6 zlib initialization was changed to use the window size
- in the zlib stream, not a fixed value. This causes some invalid images,
- where CINFO is too large, to display 'correctly' if the rest of the
- data is valid. This provides a workaround for zlib versions where the
- error arises (ones that support the API change to use the window size
- in the stream).
-
-- update to 1.6.19:
- Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
- Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
- Fixed the recently reported 1's complement security issue.
- Fixed png_save_int_32 when int is not 2's complement by replacing
- the value that is illegal in the PNG spec, in both signed and
- unsigned values, with 0.
- etc., see ANNOUNCE and CHANGES for details
-- removed: libpng-rgb_to_gray-checks.patch (upstreamed)
-
-- drop unknown configure switch
-
-- Fixed rgb_to_gray checks and added tRNS checks to pngvalid.c.
- + libpng-rgb_to_gray-checks.patch
-
-- updated to 1.6.17:
- Corrected the width limit calculation in png_check_IHDR().
- Removed user limits from pngfix. Also pass NULL pointers to
- png_read_row to skip the unnecessary row de-interlace stuff.
- Implement previously untested cases of libpng transforms in pngvalid.c
- Fixed byte order in 2-byte filler, in png_do_read_filler().
- Made the check for out-of-range values in png_set_tRNS() detect
- values that are exactly 2^bit_depth, and work on 16-bit platforms.
- Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47.
- Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and
- pngset.c to avoid warnings about dead code.
- Do not build png_product2() when it is unused.
- Display user limits in the output from pngtest.
- Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
- and 1-million-row default limits in pnglibconf.dfa, that can be reset
- by the user at build time or run time. This provides a more robust
- defense against DOS and as-yet undiscovered overflows.
- Added PNG_WRITE_CUSTOMIZE_COMPRESSION_SUPPORTED macro, on by default.
- Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
- Moved png_set_filter() prototype into a PNG_WRITE_SUPPORTED block
- of png.h.
- Free the unknown_chunks structure even when it contains no data.
- Fixed simplified 8-bit-linear to sRGB alpha. The calculated alpha
- value was wrong. It's not clear if this affected the final stored
- value; in the obvious code path the upper and lower 8-bits of the
- alpha value were identical and the alpha was truncated to 8-bits
- rather than dividing by 257 (John Bowler).
-
-- build with PNG_SAFE_LIMITS_SUPPORTED [bnc#912076], [bnc#912929]
-
-- updated to 1.6.16:
- * Restored a test on width that was removed from png.c at libpng-1.6.9
- (Bug report by Alex Eubanks).
- * Fixed an overflow in png_combine_row with very wide interlaced images.
-
-- updated to 1.6.15:
- * Avoid out-of-bounds memory access in png_user_version_check().
- * Fixed incorrect handling of the iTXt compression.
- * Free all allocated memory in pngimage.
- * Fixed array size calculations to avoid warnings.
- etc. see ANNOUNCE
-
libqt5-qtbase
- place missed in the first version (boo#1195386, CVE-2022-23853):
+ place missed in the first version (boo#1195386, CVE-2022-23853,
+ boo#1196501, CVE-2022-25255):
- (boo#1195386, CVE-2022-23853):
+ (boo#1195386, CVE-2022-23853, boo#1196501, CVE-2022-25255):
libseccomp
+- add python-rpm-macros (bsc#1194758).
+
libsndfile
-- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156,
- bsc#1194006):
- libsndfile-CVE-2021-4156.patch
-
-- Fix heap buffer overflow vulnerability in msadpcm_decode_block
- (CVE-2021-3246, bsc#1188540):
- ms_adpcm-Fix-and-extend-size-checks.patch
-
-- Fix segfault in wav conversion due to the invalid loop count
- (CVE-2018-19758, bsc#1117954):
- libsndfile-wav-loop-count-fix.patch
-
-- Fix buffer overflow in sndfile-deinterleave, which isn't really a
- security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
- CVE-2018-19432):
- sndfile-deinterlace-channels-check.patch
-
-- Use license file tag
-
-- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
- bsc#1071777):
- libsndfile-CVE-2017-17456-alaw-range-check.patch
-- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
- bsc#1071767):
- libsndfile-CVE-2017-17457-ulaw-range-check.patch
-
-- Fix VUL-0: divide-by-zero error exists in the function
- double64_init() in double64.c (CVE-2017-14634, bsc#1059911):
- 0030-double64_init-Check-psf-sf.channels-against-upper-bo.patch
-- Tentative fix for VUL-0: out of bounds read in the function
- d2alaw_array() in alaw.c (CVE-2017-14245, bsc#1059912) and
- VUL-0: out of bounds read in the function d2ulaw_array() in
- ulaw.c (CVE-2017-14246, bsc#1059913):
- 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
-
-- Fix Heap-based Buffer Overflow in the psf_binheader_writef
- (CVE-2017-12562, bsc#1052476):
- 0020-src-common.c-Fix-heap-buffer-overflows-when-writing-.patch
-
-- Fix out-of-bounds read memory access in the aiff_read_chanmap()
- (CVE-2017-6892, bsc#1043978):
- 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
-
-- Fix FLAC buffer overflows (CVE-2017-8361 CVE-2017-8363
- CVE-2017-8365 CVE-2017-8362 bsc#1036944 bsc#1036945 bsc#1036946
- bsc#1036943):
- 0001-FLAC-Fix-a-buffer-read-overrun.patch
- 0002-src-flac.c-Fix-a-buffer-read-overflow.patch
-
-- Update to version 1.0.27:
- * Fix a seek regression in 1.0.26
- * Add metadata read/write for CAF and RF64
- * FIx PAF endian-ness issue
-- Update to version 1.0.28
- * Fix buffer overruns in FLAC and ID3 handling code
- (CVE-2017-7585, CVE-2017-7586, bsc#1033054, bsc#1033053)
- * Reduce default header memory requirements
- * Fix detection of Large File Support for 32 bit systems.
-- Obsoleted patch:
- libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
-
-- Fix spec file to enable builds on non opensuse OS
-
-- Update to version 1.0.26:
- * Fix for CVE-2014-9496, CVE-2014-9756 and CVE-2015-7805.
- * Add ALAC/CAF support. Minor bug fixes and improvements.
-- Refreshed patches:
- sndfile-ocloexec.patch
- libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
-- Removed obsoleted patches:
- libsndfile-example-fix.diff
- libsndfile-fix-header-read-CVE-2015-7805.patch
- libsndfile-paf-zero-division-fix.diff
- libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
- libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
- sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
- sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
-
-- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-7805, bsc#953516)
- libsndfile-src-common.c-Fix-a-header-parsing-bug.patch
- libsndfile-fix-header-read-CVE-2015-7805.patch
-- VUL-0: libsndfile 1.0.25 heap overflow (CVE-2015-8075, bsc#953519)
- libsndfile-psf_strlcpy_crlf-fix-CVE-2015-8075.patch
-- Fix the build with SLE11-SP3 due to AM_SILENT_RULE macro
-
-- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
- libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
-
-- Cleanup spec file with spec-cleaner
-- Add gpg signature
-- Remove old ppc provides/obsoletes
-
-- VUL-0: two buffer read overflows in sd2_parse_rsrc_fork()
- (CVE-2014-9496, bnc#911796): backported upstream fix patches
- sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
- sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
-
libstorage-ng
+- merge gh#openSUSE/libstorage-ng#862
+- log some environment variables
+- 4.4.93
+
+- Translated using Weblate (French) (bsc#1149754)
+- 4.4.92
+
+- Translated using Weblate (French) (bsc#1149754)
+- 4.4.91
+
+- Translated using Weblate (German) (bsc#1149754)
+- 4.4.90
+
+- Translated using Weblate (Spanish) (bsc#1149754)
+- 4.4.89
+
+- Translated using Weblate (Italian) (bsc#1149754)
+- 4.4.88
+
+- Translated using Weblate (German) (bsc#1149754)
+
+- merge gh#openSUSE/libstorage-ng#861
+- allow by-id/mmc-* and by-path/platform-* links for disks
+ (bsc#1195692)
+- 4.4.87
+
+- Translated using Weblate (Chinese (Taiwan) (zh_TW)) (bsc#1149754)
+- 4.4.86
+
+- Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754)
+- 4.4.85
+
+- Translated using Weblate (Italian) (bsc#1149754)
+- 4.4.84
+
+- Translated using Weblate (German) (bsc#1149754)
+- 4.4.83
+
+- Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754)
+- 4.4.82
+
+- merge gh#openSUSE/libstorage-ng#860
+- added integration test
+- use in-class member initialization
+- 4.4.81
+
+- merge gh#openSUSE/libstorage-ng#859
+- Modify mount point if mount_type changes
+- Mount/unmount if needed when mount type changes
+- 4.4.80
+
+- Translated using Weblate (Finnish) (bsc#1149754)
+- 4.4.79
+
+- merge gh#openSUSE/libstorage-ng#858
+- Add glibc-locale buildrequires for testsuite on SUSE distros
+- 4.4.78
+
+- Translated using Weblate (Portuguese (Brazil)) (bsc#1149754)
+- 4.4.77
+
libyui
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
libyui:libyui-ncurses
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
libyui:libyui-ncurses-pkg
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
libyui:libyui-qt
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
libyui:libyui-qt-graph
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
libyui:libyui-qt-pkg
+- Update also the stylesheet (theme) for the RichText content when
+ changing the UI theme (bsc#1196296)
+- 4.3.2
+
mailcommon
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
mailimporter
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
manpages-l10n
+- Update to version 4.13+56:
+ * Remove files with non-commercial licenses from sources.
+ * Improve appearance and readability of the addendum.
+ * Updated translations.
+
+- Update to version 4.13:
+ * New language: Vietnamese.
+ * New distribution: Fedora 36.
+ * Fix addendum creation for mdoc based files.
+ * Updated many translations.
+- Drop update path from Leap 15.2 since it has reached EOL.
+- Update license to GPL-3.0-or-later as per Debian packaging.
+
+- Update to version 4.12.1:
+ * Bugfix: Enable new languages in po/Makefile.am.
+- Changes from version 4.12.0:
+ * New languages: Finnish, Greek, Indonesian, Norwegian bokmål,
+ Swedish, Serbian.
+ * Persian (fa) is in a very early state; still disabled.
+ * Updated and added many translations.
+- Upgrade macros: Build for Leap has been upgraded to 15.4 - build
+ for 15.3 has been dropped upstream.
+
+- Update to version 4.11.0:
+ * Enable Hungarian translation.
+ * Updated and added many translations.
+
+- Update to version 4.10.0: Updated many translations.
+
marble
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
mbox-importer
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
mdadm
+- Monitor: print message before quit for no array to monitor
+ (bsc#1183229)
+ 0120-Monitor-print-message-before-quit-for-no-array-to-mo.patch
+
messagelib
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * [messagecomposer] Do not sign long headers. (kde#439958)
+ * Fix Bug 449809 KMail2 does not resize images (kde#449809)
+
mobipocket
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
ndctl
+- Install modprobe.conf file to %_modprobedir (bsc#1196275, jsc#SLE-20639)
+
nvme-cli
-- nvmf: Remove --matching from systemd service file (bsc#1195665)
- * add 0001-nvmf-Remove-matching-from-systemd-service-file.patch
+- Update to version 2.0-rc5:
+ * nvme: passthru bugfix(wrong jump, wrong file descriptor)
+ * nvme-cli: Ignore traddr case (bsc#1194025)
+ * nvme: fix segfault in nvme telemetry-log error handling
+ * fabrics: ensure zero kato for non-persistent controllers
+ * documenation updates
+
+- Update to version 2.0-rc4:
+ * netapp-nvme: free the nsdescs pointer after use
+ * netapp-nvme: fix ontapdevices segfault in json output
+ * nvme-print: fix 'nvme list -o json' segfault
+ * nvme: get_ns_id command fails on nvme device
+ * wdc: updated products list for telemetry (--type) argument
+ * docs: fix typo in Data Set Management section
+ * Fix ctrlist for attach-ns and detach-ns
+ * netapp-nvme: fix nvme ns desc uuid handling for ontapdevices
+ * wdc: Fix use-after-free access of cbs_data
+ * Fixed regression with 'open namespace exclusive' (bsc#1195945)
+
+- Update to version v2.0-rc3:
+ * nvme-print: Fix json output for list-subsys
+ * nvme: Allow --verbose flag to increase log level
+ * Added telemetry log fetch support for SN810, SN530 and SN740 series NVMe SSDs through wdc vs-internal-log command
+ * nvmf: Remove --matching from systemd service file (bsc#1195665)
+ * nvme: Fix --force flag inversion (bsc#1195637)
+ * nvme: Add support for data area 4 to get-telemetry-log
+ * nvme: Add Supported Capacity Configuration List log page(LID: 0x11)
+ * nvme: Add Enhanced Controller Meta Data(FID: 0x7D)
+ * nvme-print: Add NVME_FEAT_FID_ENH_CTRL_METADATA to nvme_feature_to_string
+ * nvme-print: remove unused nvme_show_id_ctrl function
+ * nvme: Add nvm-id-ns-lba-format(CNS 0Ah) command from TP4095
+ * nvme: Add NVM Command Set specific identify namespace command
+ * nvme: Add id-ns-lba-format(CNS 09h) command from TP4095
+ * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns
+- Include precompiled documentation
+
+- Update to version 2.0~2:
+ * Adapt to logging API changes in libnvme
+ * Adapt to scan API changes in libnvme
+ * Reworked error message handling
+ * Fix 'list-ns' (bsc#1195151)
+ * Add 'gen-tls-key' and 'check-tls-key'
+ * Add Media Unit Status log page support
+ * Cleanups and build fixes
+- Fix path to systemctl (bsc#1193699)
okular
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix wrong default font string for annotation tools
+
openslp
-- Implement automatic active discovery retries so that DAs do
- not get dropped if they are not reachable for some time
- [bnc#1166637] [bnc#1184008]
- new patch: openslp.unicastactivediscovery.diff
-
-- Add missing group(daemon) prerequires to the openslp-server
- package [bnc#1165050]
-- Add missing openslp requires to the openslp-server package
- [bnc#1165121]
-
-- Add missing zlib build dependency, which used to be pulled in
- by libopenssl-devel. The package fails to build since the openssl
- upgrade to 1.1.1 (bsc#1149792)
-
-- Use tcp connects to talk with other DAs [bnc#1117969]
- new patch: openslp.tcpknownda.diff
-- Fix segfault in predicate match if a registered service has
- a malformed attribute list [bnc#1136136]
- new patch: openslp.nullattr.diff
-
-- Fix memory corruption when the sendbuf gets reallocated
- [bnc#1090638] [CVE-2017-17833]
- new patch: openslp.sendbuf_move.diff
-- Fix out of bounds reads in message parsing
- new patch: openslp.parseoob.diff
-
-- move systemd notification before the chroot() call, otherwise
- the notify function cannot reach systend's unix domain socket
- [bnc#1089097]
-
-- Use %license (boo#1082318)
-- fix slpd using the peer address as local address for TCP
- connections [bnc#1076035]
- new patch: openslp.localaddr.diff
-- use tcp connections for unicast requests [bnc#1080964]
- new patch: openslp.tcpunicast.diff
-
-- add separate source openslp.logrotate.systemd to
- use systemctl reload for logrotate configuration
-
-- Add support for OpenSSL 1.1. Commit from upstream [bsc#1042665]
- new patch: openslp.openssl-1.1.diff
-
-- Also update openslp.sd_notify.diff to use the new systemd lib
-
-- Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd)
- Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which
- are obsolete.
-
-- Fix bounds check in SLPFoldWhiteSpace
- [bnc#1001600] [CVE-2016-7567]
- new patch: openslp.foldws.diff
-
-- remove convenience code as changes bytes in the message
- buffer breaking the verification code [bnc#994989]
- new patch: openslp.noconvenience.diff
-- fix storage handling in predicate code, it clashed with gcc's
- fortify_source extension [bnc#909195]
- new patch: openslp.predicatestorage.diff
-- bring back allowDoubleEqualInPredicate option
- new patch: openslp.doubleequal.diff
-- fix bug in openslp.initda.diff patch
-- fix rcopenslp helper
-- fix _xrealloc not checking the malloc return value
- [bnc#980722] [CVE-2016-4912]
- new patch: openslp.xrealloc.diff
-
-- Do not depend on fillup and insserv if the package build with
- systemd support; the dependencies are not needed in that case
-
openvpn
-- bsc#1185279, CVE-2020-15078, openvpn-CVE-2020-15078.patch:
- Authentication bypass with deferred authentication.
-- bsc#1169925, CVE-2020-11810, openvpn-CVE-2020-11810.patch:
- race condition between allocating peer-id and initializing data
- channel key
-- bsc#1085803, CVE-2018-7544, openvpn-CVE-2018-7544.patch:
- Cross-protocol scripting issue was discovered in the management
- interface
+- Fix license tag in spec file.
-- CVE-2018-9336, bsc#1090839: Fix potential double-free() in
- Interactive Service (openvpn-CVE-2018-9336.patch).
+- update to 2.5.5:
+ * SWEET32/64bit cipher deprecation change was postponed to 2.7
+ * improve "make check" to notice if "openvpn --show-cipher" crashes
+ * improve argv unit tests
+ * ensure unit tests work with mbedTLS builds without BF-CBC ciphers
+ * include "--push-remove" in the output of "openvpn --help"
+ * fix error in iptables syntax in example firewall.sh script
+ * fix "resolvconf -p" invocation in example "up" script
+ * fix "common_name" environment for script calls when
+ "--username-as-common-name" is in effect (Trac #1434)
+ * move "push-peer-info" documentation from "server options" to "client"
+ * correct "foreign_option_{n}" typo in manpage
+ * README.down-root: fix plugin module name
+
+- Drop 0001-preform-deferred-authentication-in-the-background.patch
+ Upstream has meanwhile solved this differently and the two
+ implementations interfere (boo#1193017).
+- Obsoleted SLE patches up to this point:
+ * openvpn-CVE-2020-15078.patch
+ * openvpn-CVE-2020-11810.patch
+ * openvpn-CVE-2018-7544.patch
+ * openvpn-CVE-2018-9336.patch
+
+- Avoid bashisms and use POSIX sh syntax.
+- Use more efficient find commands.
+- Trim marketing filler words from description.
+
+- update to 2.5.4:
+ * fix prompting for password on windows console if stderr redirection
+ is in use - this breaks 2.5.x on Win11/ARM, and might also break
+ on Win11/adm64 when released.
+ * fix setting MAC address on TAP adapters (--lladdr) to use sitnl
+ (was overlooked, and still used "ifconfig" calls)
+ * various improvements for man page building (rst2man/rst2html etc)
+ * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on
+ at least one platform strictly checking this)
+ * fix minor memory leak under certain conditions in add_route() and
+ add_route_ipv6()
+ * documentation improvements
+ * copyright updates where needed
+ * better error reporting when win32 console access fails
+
+- Update to 2.5.3:
+ * Removal of BF-CBC support in default configuration
+ * ** POSSIBLE INCOMPATIBILITY ***
+ See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8).
+ * Connections setup is now much faster
+ * Support ChaCha20-Poly1305 cipher in the OpenVPN data channel
+ * Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer
+ * Client-specific tls-crypt keys (--tls-crypt-v2)
+ * Improved Data channel cipher negotiation
+ * HMAC based auth-token support for seamless reconnects to
+ standalone servers or a group of servers
+ * Asynchronous (deferred) authentication support for auth-pam
+ plugin
+ * Asynchronous (deferred) support for client-connect scripts and
+ plugins
+ * Support IPv4 configs with /31 netmasks
+ * 802.1q VLAN support on TAP servers
+ * Support IPv6-only tunnels
+ * New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
+ * Support Virtual Routing and Forwarding (VRF)
+ * Netlink integration (OpenVPN no longer needs to execute
+ ifconfig/route or ip commands)
+ * Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch
+- bsc#1062157: The fix for bsc#934237 causes problems with the
+ crypto self-test of newer openvpn versions.
+ Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch .
+
+- update to 2.4.11 (bsc#1185279):
+ * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+ * This bug allows - under very specific circumstances - to trick a server using
+ delayed authentication (plugin or management) into returning a PUSH_REPLY
+ before the AUTH_FAILED message, which can possibly be used to gather
+ information about a VPN setup.
+ * In combination with "--auth-gen-token" or an user-specific token auth
+ solution it can be possible to get access to a VPN with an
+ otherwise-invalid account.
+ * Fix potential NULL ptr crash if compiled with DMALLOC
+- drop sysv init support, it hasn't build successfully in ages
+ and is build-disabled in devel project
+
+- update 'rcopenvpn' to work without /etc/rc.status (boo#1185273)
+
+- update to 2.4.10:
+ - OpenVPN client will now announce the acceptable ciphers to the server
+ (IV_CIPHER=...), so NCP cipher negotiation works better
+ - Parse static challenge response in auth-pam plugin
+ - Accept empty password and/or response in auth-pam plugin
+ - Log serial number of revoked certificate
+ - Fix tls_ctx_client/server_new leaving error on OpenSSL error stack
+ - Fix auth-token not being updated if auth-nocache is set
+ (this should fix all remaining client-side bugs for the combination
+ "auth-nocache in client-config" + "auth-token in use on the server")
+ - Fix stack overflow in OpenSolaris and *BSD NEXTADDR()
+ - Fix error detection / abort in --inetd corner case (#350)
+ - Fix TUNSETGROUP compatibility with very old Linux systems (#1152)
+ - Fix handling of 'route remote_host' for IPv6 transport case
+ (#1247 and #1332)
+ - Fix --show-gateway for IPv6 on NetBSD/i386 (#734)
+ - A number of documentation improvements / clarification fixes.
+ - Fix line number reporting on config file errors after <inline> segments
+ - Fix fatal error at switching remotes (#629)
+ - socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848)
+ - Switch "ks->authenticated" assertion failure to returning false (#1270)
+- refresh 0001-preform-deferred-authentication-in-the-background.patch
+ openvpn-2.3.x-fixed-multiple-low-severity-issues.patch against 2.4.10
+
+- update to 2.4.9 (CVE-2020-11810, bsc#1169925O):
+ * Allow unicode search string in --cryptoapicert option (Windows)
+ * Skip expired certificates in Windows certificate store (Windows) (trac #966)
+ * OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623)
+ * fix condition where a client's session could "float" to a new IP address that is not authorized ("fix illegal client float").
+ This can be used to disrupt service to a freshly connected client (no session
+ keys negotiated yet). It can not be used to inject or steal VPN traffic.
+ CVE-2020-11810).
+ * fix combination of async push (deferred auth) and NCP (trac #1259)
+ * Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228)
+ * Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
+ * mbedTLS: Make sure TLS session survives move (trac #880)
+ * Fix OpenSSL private key passphrase notices
+ * Fix building with --enable-async-push in FreeBSD (trac #1256)
+ * Fix broken fragmentation logic when using NCP (trac #1140)
+
+- Modernize openvpn.service
+ * /var/run has been obsoleted since a long time.
+ * on reload, send HUP signal directly rather than relying on
+ killproc to look for the main process.
+
+- Explicitly requires sysvinit-tools as some of the tools shipped by
+ this package are used in various places regardless of whether
+ openvpn is built for systemd or non systemd systems.
+ For the context: sysvinit-tools was pulled in by systemd since 2014
+ but it's no longer the case so better to be safe than sorry.
+
+- Fix inconsistency in openvpn.service:
+ * It uses the unescape instance name as config file basename,
+ so use that in the description as well
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+ shortcut through the -mini flavors.
+- Use %systemd_ordering instead of systemd_requires: in fact,
+ systemd is not a hard requirement for openvpn. But in case a
+ system is being installed with systemd, we want systemd to be
+ there before openvpn is being installed.
+
+- Update to version 2.4.8:
+ * mbedtls: fix segfault by calling mbedtls_cipher_free() in
+ cipher_ctx_free()
+ * cleanup: Remove RPM openvpn.spec build approach
+ * docs: Update INSTALL
+ * build: Package missing mock_msg.h
+ * Increase listen() backlog queue to 32
+ * Force combinationation of --socks-proxy and --proto UDP to use
+ IPv4.
+ * Wrong FILETYPE in .rc files
+ * Do not set pkcs11-helper 'safe fork mode'
+ * tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
+ * Fix various compiler warnings
+ * Fix regression, reinstate LibreSSL support.
+ * man: correct the description of --capath and --crl-verify
+ regarding CRLs
+ * Fix typo in NTLM proxy debug message
+ * Ignore --pull-filter for --mode server
+ * openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
+ * Better error message when script fails due to script-security
+ setting
+ * Correct the return value of cryptoapi RSA signature callbacks
+ * Handle PSS padding in cryptoapicert
+ * cmocka: use relative paths
+ * Fix documentation of tls-verify script argument
+
+- BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
+ Allow OBS to shortcut through the -mini flavors.
+
+- Add p11kit build time dependency for pkcs providers autodetection
+
+- Clarify in the service file that the reload action doesn't work
+ when dropping root privileges (boo#1142830).
+
+- Updated openvpn.keyring with public key downloaded from
+ https://swupdate.openvpn.net/community/keys/security-key-2019.asc
+
+- Drop use of $FIRST_ARG in openvpn.spec
+ The use of $FIRST_ARG was probably required because of the
+ %service_* rpm macros were playing tricks with the shell positional
+ parameters. This is bad practice and error prones so let's assume
+ that no macros should do that anymore and hence it's safe to assume
+ that positional parameters remains unchanged after any rpm macro
+ call.
+
+- Update to 2.4.7:
+ Adam Ciarcin?ski (1):
+ * Fix subnet topology on NetBSD (2.4).
+ Antonio Quartulli (3):
+ * add support for %lu in argv_printf and prevent ASSERT
+ * buffer_list: add functions documentation
+ * ifconfig-ipv6(-push): allow using hostnames
+ Arne Schwabe (7):
+ * Properly free tuntap struct on android when emulating persist-tun
+ * Add OpenSSL compat definition for RSA_meth_set_sign
+ * Add support for tls-ciphersuites for TLS 1.3
+ * Add better support for showing TLS 1.3 ciphersuites in --show-tls
+ * Use right function to set TLS1.3 restrictions in show-tls
+ * Add message explaining early TLS client hello failure
+ * Fallback to password authentication when auth-token fails
+ Christian Ehrhardt (1):
+ * systemd: extend CapabilityBoundingSet for auth_pam
+ David Sommerseth (1):
+ * plugin: Export base64 encode and decode functions
+ Gert Doering (3):
+ * Add %d, %u and %lu tests to test_argv unit tests.
+ * Fix combination of --dev tap and --topology subnet across multiple platforms.
+ * Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
+ Gert van Dijk (1):
+ * Minor reliability layer documentation fixes
+ James Bekkema (1):
+ * Resolves small IV_GUI_VER typo in the documentation.
+ Jonathan K. Bullard (1):
+ * Clarify and expand management interface documentation
+ Lev Stipakov (5):
+ * Refactor NCP-negotiable options handling
+ * init.c: refine functions names and description
+ * interactive.c: fix usage of potentially uninitialized variable
+ * options.c: fix broken unary minus usage
+ * Remove extra token after #endif
+ Richard van den Berg via Openvpn-devel (1):
+ * Fix error message when using RHEL init script
+ Samy Mahmoudi (1):
+ * man: correct a --redirection-gateway option flag
+ Selva Nair (7):
+ * Replace M_DEBUG with D_LOW as the former is too verbose
+ * Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
+ * Bump version of openvpn plugin argument structs to 5
+ * Move get system directory to a separate function
+ * Enable dhcp on tap adapter using interactive service
+ * Pass the hash without the DigestInfo header to NCryptSignHash()
+ * White-list pull-filter and script-security in interactive service
+ Simon Rozman (2):
+ * Add Interactive Service developer documentation
+ * Detect TAP interfaces with root-enumerated hardware ID
+ Steffan Karger (7):
+ * man: add security considerations to --compress section
+ * mbedtls: print warning if random personalisation fails
+ * Fix memory leak after sighup
+ * travis: add OpenSSL 1.1 Windows build
+ * Fix --disable-crypto build
+ * Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
+ * buffer_list_aggregate_separator(): simplify code
+
+- Update to 2.4.6:
+ * CVE-2018-9336, bsc#1090839: Fix potential double-free() in
+ Interactive Service
+ * Delete the IPv6 route to the "connected" network on tun close
+ * Management: warn about password only when the option is in use
+ * Avoid overflow in wakeup time computation
+
+- Remove --askpass again, because it was also asking for a password
+ when none was needed. As a workaround for keys that need a
+ password, the "askpass" statement should be added to the config
+ file (bsc#1078026).
+- Use Type=notify in openvpn.service to reflect what openvpn is
+ actually doing.
+- Import the new signing key from upstream.
+- Remove obsolete configure switch --enable-password-save .
+
+- Update to 2.4.5
+ * New features
+ + The new option --tls-cert-profile can be used to restrict the
+ set of allowed crypto algorithms in TLS certificates in mbed
+ TLS builds. The default profile is 'legacy' for now, which
+ allows SHA1+, RSA-1024+ and any elliptic curve certificates.
+ The default will be changed to the 'preferred' profile in the
+ future, which requires SHA2+, RSA-2048+ and any curve.
+ + openvpnserv: Add support for multi-instances (to support
+ multiple parallel OpenVPN installations, like EduVPN and
+ regular OpenVPN)
+ + Use P_DATA_V2 for server->client packets too (better packet
+ alignment)
+ + improve management interface documentation
+ (bsc#1085803, CVE-2018-7544)
+ + rework registry key handling for OpenVPN service, notably
+ making most registry values optional, falling back to
+ reasonable defaults
+ + accept IPv6 address for pushed "dhcp-option DNS ..." (make
+ OpenVPN 2 option compatible with OpenVPN 3 iOS and Android
+ clients)
+ * Bug fixes
+ + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
+ + Fix lots of compiler warnings (format string, type casts, ...)
+ + reload HTTP proxy credentials when moving to the next
+ connection profile
+ + Fix build with LibreSSL (multiple times)
+ + Remove non-useful warning on pushed tun-ipv6 option.
+ + autoconf: Fix engine checks for openssl 1.1
+ + lz4: Rebase compat-lz4 against upstream v1.7.5
+ + lz4: Fix broken builds when pkg-config is not present but
+ system library is
+ + Fix '--bind ipv6only'
+ + Allow learning iroutes with network made up of all 0s
+- Includes 2.4.4
+ * Bug fixes
+ + Fix issues when a pushed cipher via the Negotiable Crypto
+ Parameters (NCP) is rejected by the remote side
+ + Ignore --keysize when NCP have resulted in a changed cipher
+ + Configurations using --auth-nocache and the management
+ interface to provide user credentials (like NetworkManager)
+ on client side with servers implementing authentication
+ tokens (for example, using --auth-gen-token) will now behave
+ correctly and not query the user for an, to them, unknown
+ authentication token on renegotiations of the tunnel.
+ + Invalid or corrupt SOCKS port number when changing the proxy
+ via the management interface.
+ + man page should now have proper escaping of hyphen/minus
+ characters and other minor corrections.
+ * User-visible Changes
+ + Linux servers with systemd which use the openvpn-server@.service
+ unit file for server configurations will now utilize the
+ automatic restart feature in systemd. If the OpenVPN server
+ process dies unexpectedly, systemd will ensure the OpenVPN
+ configuration will be restarted automatically.
+ * Deprecated
+ + --no-replay (will be removed in 2.5)
+ + --keysize (will be removed in 2.6)
+ * Security
+ + CVE-2017-12166: Fix bounds check for configurations using
+ - -key-method 1. Before this fix, attackers could send a
+ malformed packet to trigger a stack overflow. This is
+ considered to be a low risk issue, as --key-method 2 has
+ been the default since 2.0 (released on 2005-04-17). This
+ option is already deprecated in v2.4 and will be completely
+ removed in v2.5.
+- Rebase openvpn-fips140-2.3.2.patch
+- Drop 0002-Fix-bounds-check-in-read_key.patch
+ * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255
+- Partial cleanup with spec-cleaner
+
+- Add --askpass to ExecStart, so that the user name and password
+ are correctly being queried from the user.
+ (bsc#1078026, boo#985798, boo#1031748)
+- Use %service_add/del macros throughout (bsc#1038406).
parley
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
pciutils
+- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
+ Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
+ (bsc#1192862)
+
pim-data-exporter
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
pim-sieve-editor
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- Changes since 21.12.2:
+ * Fix build with GCC 12 (standard attributes in middle of decl-specifiers)
+
pimcommon
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
python-pip
+- Add wheel subpackage with the generated wheel for this package
+ (bsc#1176262, CVE-2019-20916).
+- Make wheel a separate build run to avoid the setuptools/wheel build
+ cycle.
+
rdma-core
+- install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639)
+
ristretto
+- Update to version 0.12.2
+ * Add support for shared thumbnail repositories
+ (gxo#apps/ristretto#82)
+ * Add thumbnail flavor support (gxo#apps/ristretto#81)
+ * Use TreeModel IFace to walk the image list
+ * Add index and list link to RsttoImageListIter
+ * Switch to GQueue in RsttoImageList
+ * Cleanup and simplifications around thumbnail size
+ * Redistribute thumbnail sizes uniformly
+ * Disable debug checks in release mode
+ * Remove unused APIs in RsttoImageList
+ * Fix and complete file change monitoring
+ * Thumbnailer: Rework queue management
+ * Thumbnailer: Properly set the number of visible items
+ * Take the device scale into account to limit rendering quality
+ * Avoid multi-threading issue with X11 (gxo#apps/ristretto#76)
+ * Translation Updates
+
signon-kwallet-extension
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
spectacle
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
speex
-- Fix zero division error in read_samples (CVE-2020-23903 bsc#1192580)
- speex-CVE-2020-23903.patch
-
-- Update to stable 1.2 release
-
-- make speex-devel require speexdsp-devel to be backward compatible
-
-- Use the tilde versioning scheme; we are no longer bound to use
- the old hacks.
-
-- Move libname up and set it just once, easier for later on.
-
-- Split package to two separate packages
- * speexdsp contains libraries
- * speex contains tools
-- Update to 1.2rc2
- * This release splits the speex codec library and the speex DSP
- library into separate source trees. Both projects received
- build-system improvements, bugfixes, and cleanup. The speex
- codec's VBR tuning was improved, while the speexdsp resampler
- got some NEON optimizations.
-- Remove obsolete patch
- * speex-1.0.5-warning-fix.diff
-
-- Add Source URL, see https://en.opensuse.org/SourceUrls
-
-- add libtool as buildrequire to avoid implicit dependency
-
-- Do not include build date in binaries...
-
-- obsolete old -XXbit packages
-
step
+- Update to 21.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/gear/21.12.3/
+- No code change since 21.12.2
+
systemd
+- Fix the default target when it's been incorrectly set to one of the runlevel
+ targets (bsc#1196567)
+ The script 'upgrade-from-pre-210.sh' used to initialize the default target
+ during migration from sysvinit to systemd. However it created symlinks to
+ runlevel targets, which are deprecated and might be missing when
+ systemd-sysvcompat package is not installed. If such symlinks are found the
+ script now renames them to point to 'true' systemd target units.
+- When migrating from sysvinit to systemd (it probably won't happen anymore),
+ let's use the default systemd target, which is the graphical.target one. In
+ most cases it will do the right thing anyway.
+
+- systemd.spec: minor simplification by assuming that %{bootstrap} is always
+ defined.
+
+- Make sure to create 'systemd-coredump' system user when systemd-coredump is
+ installed (follow-up for the split of the sysusers config files).
+
tigervnc
+- x11vnc: no longer explicitely require python3, since it's already
+ required implicitely via autogenerated RPM requires
+
+- x11vnc requires python3 (bsc#1196623)
+
util-linux
+- Prevent root owning of /var/lib/libuuid/clock.txt
+ (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
+
+- Make uuidd lock state file usable and time based UUIDs safe again
+ (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
+
+- Fix "su -s" bash completion
+ (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
util-linux-systemd
+- Prevent root owning of /var/lib/libuuid/clock.txt
+ (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
+
+- Make uuidd lock state file usable and time based UUIDs safe again
+ (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
+
+- Fix "su -s" bash completion
+ (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
vim
+- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
+ Heap-based Buffer Overflow in vim prior to 8.2.
+ / vim-8.0.1568-CVE-2022-0413.patch
+- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
+ normal.c / vim-8.0.1568-CVE-2021-3796.patch
+- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
+ win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
+- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
+ Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
+- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
+ Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
+- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
+ Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
+- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
+ could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
+- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
+ / vim-8.0.1568-CVE-2021-3778.patch
+- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
+ / vim-8.0.1568-CVE-2021-4193.patch
+- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
+ exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
+ causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
+- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
+ prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
+- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
+ / vim-8.0.1568-CVE-2022-0351.patch
+- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
+ prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
+- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
+ / vim-8.0.1568-CVE-2022-0413.patch
+
wpa_supplicant
+- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch,
+ CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch
+ SAE/EAP-pwd side-channel attack update 2
+ (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733)
+
xfce4-whiskermenu-plugin
+- Update to version 2.7.1
+ * Fix not selecting second icon in search results.
+ (gxo#panel-plugins/xfce4-whiskermenu-plugin#50)
+ * Fix incorrect selection when leaving treeview.
+ * Fix skipping first treeview item.
+ * Fix unnecessary button size changes.
+ * Translation updates
+
xorg-x11-server
+- U_xfree86-Fix-NULL-pointer-dereference-crash.patch
+ * Fix a regression in
+ u_xfree86-Change-displays-array-to-pointers-array-to-f.patch
+ (boo#1196577)
+ * Credits go to Simon Lees <sflees@suse.de> for finding the fix!
+- renamed u_xfree86-Change-displays-array-to-pointers-array-to-f.patch
+ to U_xfree86-Change-displays-array-to-pointers-array-to-f.patch
+ since it's a backport from an upstream patch
+
yast2
+- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326)
+- 4.4.46
+
+- New doc: Invoking External Commands in YaST (in doc/)
+
yast2-installation
+- Avoid terminal login prompt when running Second Stage service
+ (bsc#1196594 and related to bsc#1195059).
+- 4.4.47
+
+- Fixed crash when starting the expert console (bsc#1196724)
+- 4.4.46
+
+- Fixed the start of the VNC server during installation. Done by
+ Joan Torres López <joan.torres@suse.com> (bsc#1196201).
+- 4.4.45
+
+- Use the default UI theme in SSH installation, the
+ "installation_slim" theme does not exist anymore (bsc#1196287)
+- memsample-archive-to-csv - handle "ps" errors in the data file
+- 4.4.44
+
+- Modified Second Stage service dependencies fixing a root login
+ systemd timeout when installing with ssh (bsc#1195059)
+- 4.4.43
+
+- Do not create a Btrfs snapshot at the end of the installation
+ or upgrade when the root filesystem is mounted as read-only
+ (jsc#SLE-22560).
+- 4.4.42
+
yast2-network
+- Write NetworkManager s390 options to the ethernet section instead
+ of the connection one (bsc#1196582)
+- 4.4.44
+
+- Added connection config writers for Qeth and Hipersocket
+ devices (bsc#1196582)
+- 4.4.43
+
+- Revert last change going back to skip DHCP setup completely if
+ the network is already configured through iBFT (bsc#1194911)
+- 4.4.42
+
+- Related to bsc#1194911:
+ - Skip iBFT interfaces as DHCP candidates but configure DHCP if
+ there is no active and ifcfg file configured interface
+- 4.4.41
+
+- Fixed active configuration detection (bsc#1196276, bsc#1194911)
+- 4.4.40
+
yast2-packager
+- Properly set the repository alias for the Full medium add-ons
+ (bsc#1193214)
+- 4.4.24
+
yast2-security
+- Stop using 'lsm' kernel boot parameter even for the
+ "None" Major Linux Security Module (bsc#1194332, bsc#1196274).
+- 4.4.12
+
yast2-theme
+- Include the light SLE installation theme
+ (jsc#SLE-20547, jsc#SLE-20564)
+- SLE theme fixes:
+ - Fixed partly hidden push buttons in some popups (bsc#1184778)
+ - Fixed missing logo and "SUSE" label in the header in the
+ non-default installation themes (bsc#1196312)
+ - Fixed CheckBoxFrame indicator size (bsc#1184780)
+- 4.4.7
+
yast2-trans
+- Update to version 84.87.20220305.ba29422b84:
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Swedish)
+ * Translated using Weblate (Swedish)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Swedish)
+ * Translated using Weblate (Finnish)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Finnish)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Finnish)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * New POT for text domain 'autoinst'.
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (German)
+
+- Update to version 84.87.20220227.6bd7ce0ef2:
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Slovak)
+
+- Leap 15.4 Beta translations poo#99990 bump to version 84.87.20220224.fc95951c18:
+ * Translated using Weblate (Catalan)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Dutch)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Catalan)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * New POT for text domain 'registration'.
+ * New POT for text domain 'nis_server'.
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * New POT for text domain 'installation'.
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (French)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (German)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (German)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (French)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (French)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Dutch)
+ * Translated using Weblate (Catalan)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * New POT for text domain 'installation'.
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Ukrainian)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (French)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Dutch)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Catalan)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (Taiwan) (zh_TW))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Italian)
+ * Translated using Weblate (Finnish)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Vietnamese)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * Translated using Weblate (Chinese (China) (zh_CN))
+ * New POT for text domain 'autoinst'.
+ * Translated using Weblate (German)
+ * Translated using Weblate (Chinese (China) (zh_CN))
+