Removed rpms
============
- glibc-locale-base-32bit
- libavahi-common3-32bit
- libcrypt1-32bit
- libcups2-32bit
- libndr-krb5pac0-32bit
- libndr-standard0-32bit
- libopenssl1_1-32bit
- libsamdb0-32bit
- libsystemd0-32bit
- perl-base-32bit
- libavahi-client3-32bit
- libbz2-1-32bit
- libhogweed4-32bit
- libmount1-32bit
- libsamba-errors0-32bit
- libudev1-32bit
- libuuid1-32bit
- openslp-32bit
- samba-libs-32bit
- samba-winbind-32bit
- systemd-32bit
- typelib-1_0-Flatpak-1_0
Added rpms
==========
- glibc-locale-base-32bit
- libavahi-client3-32bit
- libbz2-1-32bit
- libhogweed4-32bit
- libmount1-32bit
- libsamba-errors0-32bit
- libudev1-32bit
- libuuid1-32bit
- openslp-32bit
- samba-libs-32bit
- samba-winbind-32bit
- systemd-32bit
- libSPIRV-Tools-suse15
- libavahi-common3-32bit
- libcrypt1-32bit
- libcups2-32bit
- libglslang-suse9
- libndr-krb5pac0-32bit
- libndr-standard0-32bit
- libopenssl1_1-32bit
- libplacebo43
- libsamdb0-32bit
- libshaderc_shared1
- libsystemd0-32bit
- libwoff2common1_0_2
- libwoff2dec1_0_2
- openSUSE-signkey-cert
- perl-base-32bit
Package Source Changes
======================
ImageMagick
+ fix CVE-2021-20309 [bsc#1184624], Division by zero in WaveImage() of MagickCore/visual-effects.c
+ + ImageMagick-CVE-2021-20309.patch
+ fix CVE-2021-20311 [bsc#1184626], Division by zero in sRGBTransformImage() in MagickCore/colorspace.c
+ + ImageMagick-CVE-2021-20311.patch
+ fix CVE-2021-20312 [bsc#1184627], Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c
+ + ImageMagick-CVE-2021-20312.patch
+ fix CVE-2021-20313 [bsc#1184628], Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c
+ + ImageMagick-CVE-2021-20313.patch
+
+- security update
+- added patches
MozillaFirefox
+- Firefox Extended Support Release 78.10.0 ESR
+ * Fixed: Various stability, functionality, and security fixes
+- Mozilla Firefox ESR 78.10
+ MFSA 2021-15 (bsc#1184960)
+ * CVE-2021-23994 (bmo#1699077)
+ Out of bound write due to lazy initialization
+ * CVE-2021-23995 (bmo#1699835)
+ Use-after-free in Responsive Design Mode
+ * CVE-2021-23998 (bmo#1667456)
+ Secure Lock icon could have been spoofed
+ * CVE-2021-23961 (bmo#1677940)
+ More internal network hosts could have been probed by a
+ malicious webpage
+ * CVE-2021-23999 (bmo#1691153)
+ Blob URLs may have been granted additional privileges
+ * CVE-2021-24002 (bmo#1702374)
+ Arbitrary FTP command execution on FTP servers using an
+ encoded URL
+ * CVE-2021-29945 (bmo#1700690)
+ Incorrect size computation in WebAssembly JIT could lead to
+ null-reads
+ * CVE-2021-29946 (bmo#1698503)
+ Port blocking could be bypassed
+
MozillaThunderbird
+- Mozilla Thunderbird 78.10
+ * fixed: Usability & theme improvements on Windows
+ * fixed: Various security fixes
+ MFSA 2021-14 (bsc#1184960)
+ * CVE-2021-23994 (bmo#1699077)
+ Out of bound write due to lazy initialization
+ * CVE-2021-23995 (bmo#1699835)
+ Use-after-free in Responsive Design Mode
+ * CVE-2021-23998 (bmo#1667456)
+ Secure Lock icon could have been spoofed
+ * CVE-2021-23961 (bmo#1677940)
+ More internal network hosts could have been probed by a
+ malicious webpage
+ * CVE-2021-23999 (bmo#1691153)
+ Blob URLs may have been granted additional privileges
+ * CVE-2021-24002 (bmo#1702374)
+ Arbitrary FTP command execution on FTP servers using an
+ encoded URL
+ * CVE-2021-29945 (bmo#1700690)
+ Incorrect size computation in WebAssembly JIT could lead to
+ null-reads
+ * CVE-2021-29946 (bmo#1698503)
+ Port blocking could be bypassed
+ * CVE-2021-29948 (bmo#1692899)
+ Race condition when reading from disk while verifying
+ signatures
+
+- Mozilla Thunderbird 78.9.1
+ * new: Support recipient aliases for OpenPGP encryption.
+ Documentation can be found https://wiki.mozilla.org/
+ Thunderbird:OpenPGP:Aliases.
+ * fixed: The key and signature parts of the message security
+ popup on a received message could not be selected for
+ copy/paste.
+ * fixed: Various UX and theme improvements
+ MFSA 2021-13 (bsc#1184536)
+ * CVE-2021-23991 (bmo#1673240)
+ An attacker may use Thunderbird's OpenPGP key refresh
+ mechanism to poison an existing key
+ * MOZ-2021-23992 (bmo#1666236)
+ A crafted OpenPGP key with an invalid user ID could be used
+ to confuse the user
+ * CVE-2021-23993 (bmo#1666360)
+ Inability to send encrypted OpenPGP email after importing a
+ crafted OpenPGP key
+
+- Mozilla Thunderbird 78.9
+ * fixed: New mail notification displayed old messages that were
+ unread
+ * fixed: Spaces following soft line breaks in messages using
+ quoted-printable and format=flowed were incorrectly encoded;
+ existing messages which were previously incorrectly encoded
+ may now display with some words not separated by a space
+ * fixed: Some fields were unreadable in the Dark theme in the
+ General preferences panel
+ * fixed: Sending a message containing an anchor tag with an
+ invalid data URI failed
+ * fixed: When switching tabs, input focus was not moved to the
+ new tab
+ * fixed: Address Book: Syncing a read-only Google address book
+ via CardDAV failed
+ * fixed: Address Book: Importing VCards with non-ascii
+ characters would fail
+ * fixed: Address Book: Some values may not have been parsed
+ when syncing from Google address books.
+ * fixed: Add-ons Manager did not show if an addon used
+ experiment APIs
+ * fixed: Calendar: Removing a recurring task was not possible
+ * fixed: Various security fixes
+ MFSA 2021-12 (bsc#1183942)
+ * CVE-2021-23981 (bmo#1692832)
+ Texture upload into an unbound backing buffer resulted in an
+ out-of-bound read
+ * MOZ-2021-0002 (bmo#1691547)
+ Angle graphics library out of date
+ * CVE-2021-23982 (bmo#1677046)
+ Internal network hosts could have been probed by a malicious
+ webpage
+ * CVE-2021-23984 (bmo#1693664)
+ Malicious extensions could have spoofed popup information
+ * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169,
+ bmo#1690718)
+ Memory safety bugs fixed in Thunderbird 78.9
+- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542)
+
NetworkManager
+- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's
+ timeout so that a recorded lease can be used when dhcp server
+ is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
+- Modified NetworkManager.conf: Use dhclient as the default dhcp
+ client(glfo#NetworkManager/NetworkManager!811, bsc#1183202).
+
+- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond:
+ restore MAC on release only when there is a cloned MAC address
+ (glfo#NetworkManager/NetworkManager!775, bsc#1183967).
+
avahi
+- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling
+ HUP event in client_work (boo#1184521 CVE-2021-3468).
+ https://github.com/lathiat/avahi/pull/330
+
bzip2
-- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many
- selectors as the file format allows. This relaxes the previous
- fix for CVE-2019-12900 so that bzip2 allows decompression of bz2
- files that use (too) many selectors again. It fixes a bzip2 and
- lbzip2 incompatibility caused by previous patch [bsc#1139083]
- [CVE-2019-12900]
-
-- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds
- write in decompress.c when there are many nSelectors used in a
- loop to access selectorMtf [bsc#1139083] [CVE-2019-12900]
-
-- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
- free vulnerability that was reported in bzip2recover [bsc#985657]
- [CVE-2016-3189]
-
-- Update autotools patchset:
- D bzip2-1.0.6-autoconfiscated.patch
- A bzip2-1.0.6.2-autoconfiscated.patch
-
-- Use %license (boo#1082318)
-
-- Fix build on Fedora and Mageia
-
-- Update bzip2-1.0.6-autoconfiscated.patch:
- * Bump version to 1.0.6.
- * Fix script symlinks on platforms with EXEEXT.
-
-- Drop implicit pie building
-- Try profiled build
-- Move autoreconf to build section
-
-- cleanup with spec-cleaner
-
-- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper
- that always returns 0 as an exit code when grepping multiple
- archives [bsc#970260]
-
-- Remove bzip2-faster.patch, it causes a crash with libarchive and
- valgrind points out uninitialized memory. See
- https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
-
-- Avoid noarch sub package in SLE_11
-
-- Cleanup a bit.
-- Remove the profiling stuff as it should not be used nowdays.
- At least even factory builds without it.
-- Provide libbz2.so.1.0 as other distros do, so we can run tiny
- things like steam.
-- Respect cflags again, borked by previous commit.
-
-- build with PIE
-
-- fix basisms in bzgrep and bznew
-- add patches:
- * bzip2-1.0.6-fix-bashisms.patch
-
ceph
+- Update to 15.2.11-83-g8a15f484c2:
+ + (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections
+
+- Update to 15.2.11-82-g7c6356e178:
+ + upstream Octopus v15.2.11 release
+ see https://ceph.io/releases/v15-2-11-octopus-released/
+ * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse
+ + cephadm: Update Grafana container image from 7.0.3 to 7.3.1
+
+- Update to 15.2.10-81-g29303934a5:
+ + upstream Octopus v15.2.10 release, see https://ceph.io/releases/v15-2-10-octopus-released/
+ * bluestore: fix huge reads/writes at BlueFS (bsc#1183899)
+
+- Update to 15.2.9-83-g4275378de0:
+ + cephadm: fix 'inspect' and 'pull' (bsc#1182766)
+
+- Update to 15.2.9-82-gee18977364:
+ + upstream Octopus v15.2.9 release, see https://ceph.io/releases/v15-2-9-octopus-released/
+ * (bsc#1179997) (CVE-2020-27839) mgr/dashboard: Use secure cookies to store JWT Token
+ * (bsc#1178905) (CVE-2020-25678) Do not add sensitive information in Ceph log files
+ * (bsc#1172926) mgr/orchestrator: Sort 'ceph orch device ls' by host
+ * (bsc#1176390, bsc#1176679) mgr/dashboard: enable different URL for users
+ of browser to Grafana
+ * (bsc#1176489) mgr/cephadm: lock multithreaded access to OSDRemovalQueue
+ * (bsc#1176828) cephadm: command_unit: call systemctl with verbose=True
+ * (bsc#1177360) cephadm: silence "Failed to evict container" log msg
+ * (bsc#1177857) mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails
+ * (bsc#1178837) rgw: cls/user: set from_index for reset stats calls
+ * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1
+ * (bsc#1178932, bsc#1179569) cephadm: reference the last local image by digest
+
cifs-utils
+- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
+ * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch
+
+- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
+ container; (bsc#1183239); CVE-2021-20208.
+
cups
+- When cupsd creates directories with specific owner group
+ and permissions (usually owner is 'root' and group matches
+ "configure --with-cups-group=lp") specify same owner group and
+ permissions in the RPM spec file to ensure those directories
+ are installed by RPM with the right settings because if those
+ directories were installed by RPM with different settings then
+ cupsd would use them as is and not adjust its specific owner
+ group and permissions which could lead to privilege escalation
+ from 'lp' user to 'root' via symlink attacks e.g. if owner is
+ falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161)
+
cups-filters
+- fix_upstream_issue348.patch fixes
+ https://github.com/OpenPrinting/cups-filters/issues/348
+ foomatic-rip segfaults with 'job-sheets=none,none'
+ but works with 'job-sheets=none'
+ (bsc#1182893)
+
dhcp
+- bsc#1185157:
+ Use /run instead of /var/run for PIDFile in dhcrelay.service.
+
dracut
+- Update to version 049.1+suse.187.g63c1504f:
+ * fix(shutdown): add timeout to umount calls (bsc#1178219)
+
e2fsprogs
+- Remove autoreconf call from e2fsprogs.spec (bsc#1183791)
+
flatpak
+- Update to version 1.10.2:
+ + This is a security update which fixes a potential attack where
+ a flatpak application could use custom formated .desktop files
+ to gain access to files on the host system.
+ + Fix memory leaks
+ + Some test fixes
+ + Documentation updates
+ + G_BEGIN/END_DECLS added to library headders for c++ use
+ + Fix for X11 cookies on OpenSUSE
+ + Spawn portal better handles non-utf8 filenames
+
+- Flatpak only requires glib 2.44, not 2.60
+- Update ostree version required to 2020.8
+
+- Update to version 1.10.1:
+ + Fix flatpak build on systems with setuid bwrap
+ + Fix some compiler warnings
+ + Fix crash on updating apps with no deploy data
+ + Updated translations.
+- Remove deprecated texinfo packaging macros.
+- Switch to upstream release tarball.
+
+- Update to version 1.10.0:
+ + The major new feature in this series compared to 1.8 is the
+ support for the new repo format which should make updates
+ faster and download less data.
+ + The systemd generator snippets now call flatpak
+ - -print-updated-env in place of a bunch of shell for better
+ login performance.
+ + The .profile snippets now disable GVfs when calling flatpak to
+ avoid spawning a gvfs daemon when logging in via ssh.
+ + Build fixes for GCC 11.
+ + Flatpak now finds the pulseaudio sockets better in uncommon
+ configurations.
+ + Sandboxes with network access it now also has access to the
+ systemd-resolved socket to do dns lookups.
+ + Flatpak supports unsetting env vars in the sandbox using
+ - -unset-env, and --env=FOO= now sets FOO to the empty string
+ instead of unsetting it.
+ + Similarly the spawn portal has an option to unset an env var.
+ + The spawn portal now has an option to share the pid namespace
+ with the sub-sandbox.
+
+- Update to version 1.8.5 (CVE-2021-21261):
+ + This is a security update that fixes a sandbox escape where a
+ malicious application can execute code outside the sandbox by
+ controlling the environment of the "flatpak run" command when
+ spawning a sub-sandbox (boo#1180996)
+
+- Update to version 1.8.4:
+ + Fix support for ppc64.
+
+- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage,
+ allow to remove python3 dependency on main package.
+
+- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO.
+
+- Update to version 1.8.3:
+ + Fixed progress reporting for OCI and extra-data.
+ + The in-memory summary cache is more efficient.
+ + Fixed authentication getting stuck in a loop in some cases.
+ + Fixed authentication error reporting.
+ + We now extract OCI info for runtimes as well as apps.
+ + Fixed crash if anonymous authentication fails and -y is
+ specified.
+ + flatpak info now only looks at the specified installation if
+ one is specified.
+ + Better error reporting for server HTTP errors during download.
+ + Uninstall now removes applications before the runtime it
+ depends on.
+ + Fixed test-suite to pass with the latest OSTree version.
+ + Fixed dbus environment variables in flatpak enter.
+ + Avoid updating metadata from the remote when uninstalling.
+ + Fixed error message handling in various places.
+ + FlatpakTransaction now verifies all passed in refs to avoid.
+ + potential issues with invalid names.
+ + Updated translations.
+
+- Update to version 1.8.2:
+ + Added validation of collection id settings for remotes.
+ + Fix seccomp filters on s390.
+ + Robustness fixes to the spawn portal.
+ + Fix support for masking update in the system installation.
+ + Better support for distros with uncommon models of merged /usr.
+ + Cache responses from localed/AccountService.
+ + Fix hangs in cases where xdg-dbus-proxy fails to start.
+ + Fix double-free in cups socket detection.
+ + OCI authenticator now doesn't ask for auth in case of http
+ errors.
+
+- Fix invalid usage of %{_libexecdir} to reference systemd
+ directories.
+
+- Update to version 1.8.1:
+ * Avoid calling authenticator in update if ref didn't change
+ * Don't fail transaction if ref is already installed (after
+ transaction start)
+ * Fix flatpak run handling of userns in the --device=all case
+ * Fix handling of extensions from different remotes
+ * Fix flatpak run --no-session-bus
+ * Updated translations
+- Update to version 1.8.0:
+ * FlatpakTransaction has a new signal "install-authenticator"
+ which clients can handle to install authenticators needed for
+ the transaction. This is done in the CLI commands.
+ * We now always expose the host timezone data, allowing us the
+ expose the host /etc/localtime in a way that works better,
+ fixing several apps that had timezone issues.
+ * Fix flatpak enter which didn't work in some cases.
+ * We now ship a systemd unit (not installed by default) to
+ automatically detect plugged in usb sticks with sideload repos.
+ * By default we no longer install the gdm env.d file, as the
+ systemd generators work better.
+ * create-usb now exports partial commits by default
+ * Fix handling of docker media types in oci remotes
+ * Fix subjects in remote-info --log output
+- Remove source file used to generate a flatpak user on the system
+ since it's now included by upstream:
+ * system-user-flatpak.conf
+
+- Fixes for %_libexecdir changing to /usr/libexec
+
+- Update to version 1.6.4:
+ + This release backports some of the OCI authenticator fixes from
+ the 1.7 series, and should now be able to host flatpak images
+ on e.g. docker hub.
+ + Other changes:
+ - Fix a use-after free in libflatpak.
+ - Don't list p2p downgrades in list of available updates.
+
+- jsc#SLE-7171
giflib
+- Enable Position Independent Code and inherit CFLAGS from the build system.
+ * Added giflib-PIE.patch (bsc#1184123).
+
-- Update to new upstream release 5.0.4
- * Fix for a rare misrendering bug when a GIF overruns the
- decompression-code table.
-- Make patches have -p1, as requested by
- http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
-
-- Added url as source.
- Please see http://en.opensuse.org/SourceUrls
-
-- add giflib-automake-1_13.patch, fix build with automake-1.13.1
-
-- Remove "Obsoletes: giflib", because libgif6 must not obsolete
- libgif4 (it would do that by way of libgif4's "Provides: giflib").
-
-- Adjust baselibs.conf for libgif6, remove libungif rpm symbols
- since they are now no longer provided.
-
-- Version 5.0.3
- * The library is now purely reentrant and thread-safe
- * Adds an EGifSetGifVersion() entry point
- * All names of exported functions now have a Gif, DGif, or EGif prefix.
-- packaging changes:
- * soname is now libgif6
- * Compatibility with ancient "libungif" via rpm spec file hacks
- is no longer included, if there is any application around
- that still requires this it has to be fixed.
-
-- Remove redundant tags/sections
-
-- annotate functions from gif_lib_private.h with visibility
- hidden so they are not exported.
-
-- add libtool as buildrequire to make the spec file more reliable
-
-- Correct project URL
-- Implement shlib naming (libgif4)
-- Apply packaging guidelines (remove redundant/obsolete
- tags/sections from specfile, etc.)
-
-- Do not use __Date__ and __TIME__ , make build-compare
- happier
-
-- add baselibs.conf as a source
-
gnome-session
+- Add gnome-session-exit-when-lost-name-on-bus.patch: gnome-session
+ exit immediately when lost name on bus
+ (bsc#1175622 glgo!GNOME/gnome-session!60).
+
gnome-shell-extension-desktop-icons
+- Add desktop-icons-show-iso-file-icon.patch: Show ISO file icon as
+ default icon.
+ (bsc#1183504 glgo#GNOME/World/ShellExtensions/desktop-icons!196)
+
gpgme
+- Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801]
+ * tests/json: Bravo key does not have secret key material
+ * tests/json: Do not check for keygrip of pubkeys
+ * core: Make sure the keygrip is available in WITH_SECRET mode
+- Add gpgme-test-json.patch
+
gzip
+- fix DFLTCC segfault [bsc#1177047]
+- added patches
+ fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
+ + gzip-1.10-fix-DFLTCC-segfault.patch
+
irqbalance
+- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405)
+ A procinterrupts-check-xen-dyn-event-more-flexible.patch
+
kimageformats
+- Add patch to fix OOB write (oss-fuzz#33742):
+ * 0001-xcf-Fix-Stack-buffer-overflow-WRITE-on-broken-files.patch
+
kyotocabinet
+- Add yet an other patch kyotocabinet-pie.patch
+ * link all executables as pie (bsc#1185033)
+
+- Update to version 1.2.77:
+ * kcthread.cc (CondVar::wait): a bug on Win32 was fixed.
+ * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating
+ existing records was fixed.
+ * kcdb.h (DB::check): new function.
+- Drop no longer needed gcc6-fix-errors.patch
+- Modernise spec file
+
-- update version 1.2.76
- * kcthread.cc (CondVar::wait): a bug on Win32 was fixed.
- * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating existing records was fixed.
- * kcdb.h (DB::check): new function.
-
-- Make kyotocabinet installation work on SLE_11
-
-- Remove redundant tags/sections per specfile guideline suggestions
-- Add autotools BuildRequires for factory/12.2
-
-- updated to 1.2.52
-
-- updated to 1.2.50
-
-- created package (version 1.2.47)
-
libcap
+- Add explicit dependency on libcap2 with version to libcap-progs
+ and pam_cap (bsc#1184690)
+
-- Update to libcap 2.22
-- libcap 2.22 includes:
- * Clarified License file (with version 2 of the GPL)
- * Support getting/setting capabilities on large files
- * After --chroot command, change working directory to "/".
-- libcap 2.21 includes:
- * Introduce cap_get_bound() and cap_drop_bound() functions.
- also include a macro CAP_IS_SUPPORTED(cap) for capabilities
-- libcap 2.20 includes:
- * Latest kernel capabilites supported: now includes CAP_SYSLOG
- * $(CFLAGS) Makefile fixes
- * Default to installing setcap with an inheritable capability.
-
libhugetlbfs
+- Hardening: Link as PIE (bsc#1184123).
+
-- There are no tests installed in s390(x) case, therefore there are no
- files in %{_libdir}/libhugetlbfs
- Remove the directory from the file list to fix package build for s390(x)
-
-- Add support of ppc64le with 4 patches
- libhugetlbfs-ppc64le.patch
- libhugetlbfs.ppc64le.step2.patch
- libhugetlbfs.ppc64le.step3.patch
- libhugetlbfs.ppc64le.step4.patch
-
-- Update to version 2.16:
- Features:
- * ARM Support
- * s390x Dynamic TASK_SIZE support
- Bug Fixes:
- * find_mounts() now properly NULL terminates mount point names
-
-- Update to version 2.15
- Features:
- * Some System z functionality went into 2.15
- * Updated man pages
- * Added basic events for core_i7 to oprofile_map_events
- Fixes:
- * Disable Unable to verify address range warning when offset < page_size
- * Remove sscanf in library setup to avoid heap allocation before _morecore
- override
- * Revert heap exhaustion patch
- * hugectl no longer clips LD_LIBRARY_PATH variable
- * Fix clean on failure code to avoid closing stdout
-
-- Add excludearch for arm due to lacking support
-
-- Update to version 2.13
- * hugeadm can now be used to control Transparent Huge Page tunables
- * New morecore mode to better support THP
- * Check permissions on hugetlbfs mount point before marking it as
- available
- * Fix shm tests to use random address instead of fixed, old address
- failed on ARM
-
-- Update to version 2.12
- * libhugetlbfs usages can now be restricted to certain binary names
- * libhugetlbfs now supports static linking
- * hugeadm uses more human readable directory names for mount points
- * Fix segfault if specified user was not in passwd, failuer in
- getpwuid() is now checked
- * Added tests for static linking to testcase
- * Added missing tests to driver script
-
-- Do not include the 268MB testcase /usr/lib/libhugetlbfs/tests/obj32/linkhuge_rw.
-
-- Update to version 2.11
- Bugfixes and new features are listed in the NEWS file in
- /usr/share/doc/packages/libhugetlbfs/NEWS
-
-- Update to version 2.9:
- * Add --no-reseve to hugectl to request mmap'd pages are not reserved
- for kernels newer than 2.6.34
- * Add --obey-numa-mempol to hugeadm to request static pool pages are
- allocated following the process NUMA memory policy
- * Add switch to let administrator limit new mount points by size or inodes
- * cpupcstat now caches the value returned by tlmiss_cost.sh to avoid
- rerunning the script
- * When specifying huge page pool sizes with hugeadm, memory sizes can
- be used as well as the number of huge pages
- * DEFAULT is now a valid huge page pool for resizing, it will adjust
- the pool for the default huge page size
- * tlbmiss_cost.sh in the contrib/ sub directory will estimate the cost
- in CPU cycles of a TLB miss on the arch where it is run
- * Add python script which automates huge page pool setup with minimal
- input required from user
- * cpupcstat now supports data collection using the perf tool as well as
- oprofile
- * --explain reports if min_free_kbytes is too small
- * add --set-min_free_kbytes to hugeadm
-
-- strip test binaries to fix build
-
-- Removed unused files
-
-- add workarounds for broken Makefile logic to detect arch
-
-- Package baselibs.conf
-
-- Fix typo in requires.
-
-- Update from version 2.0 to 2.5
-
libmodulemd
+- Update to 2.12.0
+ + Add support for 'buildorder' to Packager documents
+ + Fix issue with ModuleIndex when input contains only Obsoletes documents
+ + Extend read_packager_[file|string]() to support overriding the module name
+ and stream.
+ + Ignore Packager documents when running ModuleIndex.update_from_*()
+ + Add python overrides for XMD in PackagerV3
+ + Add python override to ignore the GType return when reading packager files
+ + Add PackagerV3.get_mdversion()
+- Drop patch incorporated in this release
+ + Patch: 0001-Fix-integer-size-issue-on-32-bit-platforms.patch
+
libostree
+- Enable LTO (boo#1133120) as it works now.
+
+- Update to version 2020.8:
+ + This release mostly contains scalability improvements and
+ bugfixes.
+ + Caching-related HTTP headers are now supported on summaries and
+ signatures, so that they do not have to be re-downloaded if not
+ changed in the meanwhile.
+ + Summaries and delta have been reworked to allow more
+ fine-grained fetching.
+ + Finally, this fixes several bugs related to atomic variables,
+ HTTP timeouts, and 32-bit architectures.
+- Changes from version 2020.7:
+ + Static deltas can now be signed to more easily support offline
+ verification.
+ + There's now support for multiple initramfs images; the idea
+ here is that one can have a "main" initramfs image and a
+ secondary one which represents local configuration.
+ + The documentation is now moved to
+ https://ostreedev.github.io/ostree/
+ + Lot of preparatory cleanups to the pull code landed for
+ upcoming work on indexing deltas outside of the summary.
+ + On the bugfix side, the biggest one is a fix for an assertion
+ failure when upgrading from systems before ostree supported
+ devicetree.
+ + Also notable is that ostree no longer hardlinks zero sized
+ files to avoid hitting filesystem maximum link counts.
+- Changes from version 2020.6:
+ + One notable feature: ostree now supports / and /boot being on
+ the same filesystem.
+ + Other than that it's mostly bugfixes; there is one quite
+ important one for anyone using the readonly=true for /sysroot
+ (which is still just Fedora CoreOS I suspect).
+ + There's some improvements to the GObject Introspection
+ metadata, some (cosmetic) static analyzer fixes, a fix for the
+ immutable bit on s390x, dropping a deprecated bit in the
+ systemd unit file, etc.
+- Changes from version 2020.5:
+ + This release primarily fixes a regression in 2020.4 where the
+ "readonly sysroot" changes incorrectly left the sysroot
+ read-only on systems that started out with a read-only / (most
+ of them, e.g. Fedora Silverblue/IoT at least).
+ + There's some additions to the pull API to aid flatpak.
+ + There were a few fixes to the man pages, and ostree show now
+ displays the parent commit.
+ + The default dracut config now enables reproducibility.
+ + On the "feature" side, there is a new ostree admin unlock
+ - -transient. We expect this to be a foundation for further
+ support for "live" updates.
+- Changes from version 2020.4:
+ + By far the biggest change in this release is new ed25519
+ signing support, powered by libsodium.
+ + stree commit gained a new --base argument, which significantly
+ simplifies constructing "derived" commits, particularly for
+ systems using SELinux.
+ + Handling of the read-only sysroot was reimplemented to run in
+ the initramfs and be more reliable. Enabling the readonly=true
+ flag in the repo config is recommended.
+ + Several bugs were fixed in locking for the temporary "staging"
+ directories OSTree creates, particularly on NFS.
+ + lib: Coerce flags enums to GIR bitfields changed some values to
+ be (correctly) flags - this may show up as incompatible for
+ GObject Introspection consumers (but not C).
+ + A new timestamp-check-from-rev option was added for pulls,
+ which makes downgrade protection more reliable and will be used
+ by Fedora CoreOS.
+ + Several fixes and enhancements were made for "collection" pulls
+ including a new --mirror option.
+ + The ostree commit command learned a new --mode-ro-executables
+ which enforces W^R semantics on all executables.
+ + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE)
+ was added to help standardize the architecture of the OSTree
+ commit. This could be used on the client side for example to
+ sanity-check that the commit matches the architecture of the
+ machine before deploying.
+
+- Stop invalid usage of %_libexecdir:
+ + Use %{_prefix}/lib where appropriate.
+ + Use _systemdgeneratordir for the systemd-generators.
+ + Define _dracutmodulesdir based on dracut.pc. Add
+ BuildRequires(dracut) for this to work.
+
librsvg
+- Update to version 2.46.5:
+ + Update dependent crates that had security vulnerabilities:
+ generic-array to 0.12.4 - RUSTSEC-2020-0146
+ smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900
+ + There are no changes to the library code.
+ + Fix bash-isms in Makefile.am (Tin-Wei Lan).
+ + Fix Visual Studio build (Chun-wei Fan).
+- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate.
+
libsolv
+- fix rare segfault in resolve_jobrules() that could happen
+ if new rules are learnt
+- fix a couple of memory leaks in error cases
+- fix error handling in solv_xfopen_fd()
+- bump version to 0.7.19
+
+- fixed regex code on win32
+- fixed memory leak in choice rule generation
+- repo_add_conda: add flag to skip v2 packages
+- bump version to 0.7.18
+
libxml2
+- Security fix: [bsc#1185408, CVE-2021-3518]
+ * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
+ * Add libxml2-CVE-2021-3518.patch
+
+- Security fix: [bsc#1185410, CVE-2021-3517]
+ * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
+ * Add libxml2-CVE-2021-3517.patch
+
+- Security fix: [bsc#1185409, CVE-2021-3516]
+ * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
+ * Add libxml2-CVE-2021-3516.patch
+
libzypp
+- Properly handle permission denied when providing optional files
+ (bsc#1185239)
+- Fix sevice detection with cgroupv2 (bsc#1184997)
+- version 17.25.10 (22)
+
+- Add missing includes for GCC 11 (bsc#1181874)
+- Fix unsafe usage of static in media verifier.
+- Solver: Avoid segfault if no system is loaded (bsc#1183628)
+- MediaVerifier: Relax media set verification in case of a single
+ not-volatile medium (bsc#1180851)
+- Do no cleanup in custom cache dirs (bsc#1182936)
+- ZConfig: let pubkeyCachePath follow repoCachePath.
+- version 17.25.9 (22)
+
-- Patch: Identify well-known category names (bsc#117984)
+- Patch: Identify well-known category names (bsc#1179847)
-- Add missing includes for GCC 11 compatibility.
+- Add missing includes for GCC 11 compatibility. (bsc#1181874)
lvm2
+- Add metadata-based autoactivation property for VG and LV (bsc#1178680)
+ + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
+
mpfr
+- Add cummulative patch mpfr-4.0.2-p6.patch fixing various bugs.
+
+- Add floating-point-format-no-lto.patch in order to fix assembler scanning
+ (boo#1141190).
+
+- Update to mpfr 4.0.2
+ * Cummulative bugfix release, includes mpfr-4.0.1-cummulative-patch.patch.
+
+- Fix %install_info_delete usage:
+ * It has to be performed in %preun not in %postun.
+ * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
+
+- Add mpfr-4.0.1-cummulative-patch.patch. Fixes
+ * A subtraction of two numbers of the same sign or addition of two
+ numbers of different signs can be rounded incorrectly (and the
+ ternary value can be incorrect) when one of the two inputs is
+ reused as the output (destination) and all these MPFR numbers
+ have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits
+ on 32-bit machines, 64 bits on 64-bit machines).
+ * The mpfr_fma and mpfr_fms functions can behave incorrectly in case
+ of internal overflow or underflow.
+ * The result of the mpfr_sqr function can be rounded incorrectly
+ in a rare case near underflow when the destination has exactly
+ GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit
+ machines, 64 bits on 64-bit machines) and the input has at most
+ GMP_NUMB_BITS bits of precision.
+ * The behavior and documentation of the mpfr_get_str function are
+ inconsistent concerning the minimum precision (this is related to
+ the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The
+ get_str patch fixes this issue in the following way: the value 1
+ can now be provided for n (4th argument of mpfr_get_str); if n = 0,
+ then the number of significant digits in the output string can now
+ be 1, as already implied by the documentation (but the code was
+ increasing it to 2).
+ * The mpfr_cmp_q function can behave incorrectly when the rational
+ (mpq_t) number has a null denominator.
+ * The mpfr_inp_str and mpfr_out_str functions might behave
+ incorrectly when the stream is a null pointer: the stream is
+ replaced by stdin and stdout, respectively. This behavior is
+ useless, not documented (thus incorrect in case a null pointer
+ would have a special meaning), and not consistent with other
+ input/output functions.
+
-- Add Source URL, see https://en.opensuse.org/SourceUrls
-
-- Update to version 3.1.2.
- * Bug fixes
- * Updated examples to the MPFR 3.x API
-
-- Update to version 3.1.1.
- * Bug fixes
-
-- patch license to follow spdx.org standard
-
-- Remove redundant tags/sections per specfile guideline suggestions
-
-- Update to version 3.1.0.
- * The mpfr_urandom and mpfr_urandomb functions now return identical
- values on processors with different word size.
- * Speed improvement for the mpfr_sqr and mpfr_div functions using
- Mulders' algorithm.
- * Much faster formatted output (mpfr_printf, etc.) with %Rg and similar.
- * New divide-by-zero exception (flag) and associated functions.
-- Remove bogus provides/obsoletes for old shared library version.
-- Fix license, it is LGPL v3 or later.
-
-- Update to version 3.0.1.
- * Minor bugfixes.
-
-- Update to version 3.0.0.
- * Bump SO version to 4.
-
-- use %_smp_mflags
-
-- PA-Risc is not threadsafe just as sparc
-
-- add baselibs.conf to specfile as source
-
-- Do not use --enable-thread-safe on SPARC (Fedora does the same) -
- the tests segfault if TS is enabled
-
-- Update to version 2.4.2.
- * Bug and documentation fixes.
-
-- Add x86 baselibs entry.
-
-- Update to version 2.4.1 (no changes).
-- Apply current cummulative bugfixing patch.
- * mpfr_fmod, mpfr_remainder and mpfr_remquo rounding issues.
- * incorrect type in vasprintf.c.
- * wrong type in mpfr_zeta_ui.
-
nautilus
+- Update set_trusted.sh: Use the right value in gio command
+ (bsc#1185026).
+
+- Update to version 3.34.3 (bsc#1171506):
+ + Revert icon emblem fixes in order to prevent performance
+ issues.
+ + Fix crashes often happening when searching.
+ + Fix crashes after conflict dialog response.
+
openexr
+ fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
+ fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers
+ + openexr-CVE-2021-23215,26260.patch
+
+- security update
+- modified patches
+ % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch)
+- added patches
+ fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference
+ + openexr-CVE-2021-20296.patch
+ fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts
+ + openexr-CVE-2021-3477.patch
+ fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer
+ + openexr-CVE-2021-3479.patch
+
+- security update
+- added patches
+ fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder
+ + openexr-CVE-2021-3474.patch
+ fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles
+ + openexr-CVE-2021-3475.patch
+ fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14
+ + openexr-CVE-2021-3476.patch
+
+- security update
+- added patches
openldap2
+- bsc#1182791 - improve proxy connection timout options to correctly
+ prune connections.
+ * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch
+ * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch
+ * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch
+ * 0228-ITS-9197-fix-typo-in-prev-commit.patch
+ * 0229-ITS-9197-Fix-test-script.patch
+ * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch
+
openslp
-- Add missing group(daemon) prerequires to the openslp-server
- package [bnc#1165050]
-- Add missing openslp requires to the openslp-server package
- [bnc#1165121]
-
-- Add missing zlib build dependency, which used to be pulled in
- by libopenssl-devel. The package fails to build since the openssl
- upgrade to 1.1.1 (bsc#1149792)
-
-- Use tcp connects to talk with other DAs [bnc#1117969]
- new patch: openslp.tcpknownda.diff
-- Fix segfault in predicate match if a registered service has
- a malformed attribute list [bnc#1136136]
- new patch: openslp.nullattr.diff
-
-- Fix memory corruption when the sendbuf gets reallocated
- [bnc#1090638] [CVE-2017-17833]
- new patch: openslp.sendbuf_move.diff
-- Fix out of bounds reads in message parsing
- new patch: openslp.parseoob.diff
-
-- move systemd notification before the chroot() call, otherwise
- the notify function cannot reach systend's unix domain socket
- [bnc#1089097]
-
-- Use %license (boo#1082318)
-- fix slpd using the peer address as local address for TCP
- connections [bnc#1076035]
- new patch: openslp.localaddr.diff
-- use tcp connections for unicast requests [bnc#1080964]
- new patch: openslp.tcpunicast.diff
-
-- add separate source openslp.logrotate.systemd to
- use systemctl reload for logrotate configuration
-
-- Add support for OpenSSL 1.1. Commit from upstream [bsc#1042665]
- new patch: openslp.openssl-1.1.diff
-
-- Also update openslp.sd_notify.diff to use the new systemd lib
-
-- Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd)
- Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which
- are obsolete.
-
-- Fix bounds check in SLPFoldWhiteSpace
- [bnc#1001600] [CVE-2016-7567]
- new patch: openslp.foldws.diff
-
-- remove convenience code as changes bytes in the message
- buffer breaking the verification code [bnc#994989]
- new patch: openslp.noconvenience.diff
-- fix storage handling in predicate code, it clashed with gcc's
- fortify_source extension [bnc#909195]
- new patch: openslp.predicatestorage.diff
-- bring back allowDoubleEqualInPredicate option
- new patch: openslp.doubleequal.diff
-- fix bug in openslp.initda.diff patch
-- fix rcopenslp helper
-- fix _xrealloc not checking the malloc return value
- [bnc#980722] [CVE-2016-4912]
- new patch: openslp.xrealloc.diff
-
-- Do not depend on fillup and insserv if the package build with
- systemd support; the dependencies are not needed in that case
-
openssl-1_1
+- Don't list disapproved cipher algorithms while in FIPS mode
+ * openssl-1.1.1-fips_list_ciphers.patch
+ * bsc#1161276
+
p7zip
+- Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465)
+
patterns-base
+- Recommending openSUSE-signkey-cert in the base pattern bsc#1182641
+
perl-Image-ExifTool
+- Update to version 12.25 fixes (boo#1185547)
+ * JPEG XL support is now official
+ * Added read support for Medical Research Council (MRC) image
+ files
+ * Added ability to write a number of 3gp tags in video files
+ * Added a new Sony PictureProfile value (thanks Jos Roost)
+ * Added a new Sony LensType (thanks LibRaw)
+ * Added a new Nikon LensID (thanks Niels Kristian Bech Jensen)
+ * Added a new Canon LensType
+ * Decode more GPS information from Blackvue dashcam videos
+ * Decode a couple of new NikonSettings tags (thanks Warren
+ Hatch)
+ * Decode a few new RIFF tags
+ * Improved Validate option to add minor warning if standard
+ XMP is missing xpacket wrapper
+ * Avoid decoding some large arrays in DNG images to improve
+ performance unless the -m option is used
+ * Patched bug that could give runtime warning when trying to
+ write an empty XMP structure
+ * Fixed decoding of ImageWidth/Height for JPEG XL images
+ * Fixed problem were Microsoft Xtra tags couldn't be deleted
+ version 12.24:
+ * Added a new PhaseOne RawFormat value (thanks LibRaw)
+ * Decode a new Sony tag (thanks Jos Roost)
+ * Decode a few new Panasonic and FujiFilm tags (thanks LibRaw
+ and Greybeard)
+ * Patched security vulnerability in DjVu reader
+ * Updated acdsee.config in distribution (thanks StarGeek)
+ * Recognize AutoCAD DXF files
+ * More work on experimental JUMBF read support
+ * More work on experimental JPEG XL read/write support
+ version 12.23:
+ * Added support for Olympus ORI files
+ * Added experimental read/write support for JPEG XL images
+ * Added experimental read support for JUMBF metadata in JPEG
+ and Jpeg2000 images
+ * Added built-in support for parsing GPS track from Denver
+ ACG-8050 videos
+ with the -ee option
+ * Added a some new Sony lenses (thanks Jos Roost and LibRaw)
+ * Changed priority of Samsung trailer tags so the first
+ DepthMapImage takes
+ precedence when -a is not used
+ * Improved identification of M4A audio files
+ * Patched to avoid escaping ',' in "Binary data" message when
+ - struct is used
+ * Removed Unknown flag from MXF VideoCodingSchemeID tag
+ * Fixed -forcewrite=EXIF to apply to EXIF in binary header of
+ EPS files
+ * API Changes:
+ + Added BlockExtract option
+ version 12.22:
+ * Added a few new Sony LensTypes and a new SonyModelID (thanks
+ Jos Roost and LibRaw)
+ * Added Extra BaseName tag
+ * Added a new CanonModelID (thanks LibRaw)
+ * Decode timed GPS from unlisted programs in M2TS videos with
+ the -ee3 option
+ * Decode more Sony rtmd tags
+ * Decode some tags for the Sony ILME-FX3 (thanks Jos Roost)
+ * Allow negative values to be written to XMP-aux:LensID
+ * Recognize HEVC video program in M2TS files
+ * Enhanced -b option so --b suppresses tags with binary data
+ * Improved flexibility when writing GPS coordinates:
+ + Now pulls latitude and longitude from a combined
+ GPSCoordinates string
+ + Recognizes the full word "South" and "West" to write
+ negative coordinates
+ * Improved warning when trying to write an integer QuickTime
+ date/time tag and Time::Local is not available
+ * Convert GPSSpeed from mph to km/h in timed GPS from Garmin
+ MP4 videos
+ version 12.21:
+ * Added a few new iOS QuickTime tags
+ * Decode a couple more Sony rtmd tags
+ * Patch to avoid possible "Use of uninitialized value" warning
+ when attempting to write QuickTime date/time tags with an
+ invalid value
+ * Fixed problem writing Microsoft Xtra tags
+ * Fixed Windows daylight savings time patch for file times
+ that was broken in 12.19 (however directory times will not
+ yet handle DST properly)
+ version 12.20:
+ * Added ability to write some Microsoft Xtra tags in MOV/MP4
+ videos
+ * Added two new Canon LensType values (thanks Norbert Wasser)
+ * Added a new Nikon LensID
+ * Fixed problem reading FITS comments that start before column
+ 11
+ version 12.19:
+ * Added -list_dir option
+ * Added the "ls-l" Shortcut tag
+ * Extract Comment and History from FITS files
+ * Enhanced FilePermissions to include device type (similar to
+ "ls -l")
+ * Changed the name of Apple ContentIdentifier tag to
+ MediaGroupUUID (thanks Neal Krawetz)
+ * Fixed a potential "substr outside of string" runtime error
+ when reading corrupted EXIF
+ * Fixed edge case where NikonScanIFD may not be copied
+ properly when copying MakerNotes to another file
+ * API Changes:
+ + Added ability to read/write System tags of directories
+ + Enhanced GetAllGroups() to support family 7 and take
+ optional ExifTool reference
+ + Changed QuickTimeHandler option default to 1
+ version 12.18:
+ * Added a new SonyModelID
+ * Decode a number of Sony tags for the ILCE-1 (thanks Jos
+ Roost)
+ * Decode a couple of new Canon tags (thanks LibRaw)
+ * Patched to read differently formatted UserData:Keywords as
+ written by iPhone
+ * Patched to tolerate out-of-order Nikon MakerNote IFD entries
+ when obtaining tags necessary for decryption
+ * Fixed a few possible Condition warnings for some
+ NikonSettings tags
+ version 12.17:
+ * Added a new Canon FocusMode value
+ * Added a new FujiFilm FilmMode value
+ * Added a number of new XMP-crs tags (thanks Herb)
+ * Decode a new H264 MDPM tag
+ * Allow non-conforming lower-case XMP boolean "true" and
+ "false" values to be written, but only when print conversion
+ is disabled
+ * Improved Validate option to warn about non-capitalized
+ boolean XMP values
+ * Improved logic for setting GPSLatitude/LongitudeRef values
+ when writing
+ * Changed -json and -php options so the -a option is implied
+ even without the -g option
+ * Avoid extracting audio/video data from AVI videos when -ee
+ - u is used
+ * Patched decoding of Canon ContinuousShootingSpeed for newer
+ firmware versions of the EOS-1DXmkIII
+ * Re-worked LensID patch of version 12.00 (github issue #51)
+ * Fixed a few typos in newly-added NikonSettings tags (thanks
+ Herb)
+ * Fixed problem where group could not be specified for
+ PNG-pHYs tags when writing
+ version 12.16:
+ * Extract another form of video subtitle text
+ * Enhanced -ee option with -ee2 and -ee3 to allow parsing of
+ the H264 video stream in MP4 files
+ * Changed a Nikon FlashMode value
+ * Fixed problem that caused a failed DPX test on Strawberry
+ Perl
+ * API Changes:
+ + Enhanced ExtractEmbedded option
+ version 12.15:
+ * Added a couple of new Sony LensType values (thanks LibRaw
+ and Jos Roost)
+ * Added a new Nikon FlashMode value (thanks Mike)
+ * Decode NikonSettings (thanks Warren Hatch)
+ * Decode thermal information from DJI RJPEG images
+ * Fixed extra newline in -echo3 and -echo4 outputs added in
+ version 12.10
+ * Fixed out-of-memory problem when writing some very large PNG
+ files under Windows
+ version 12.14:
+ * Added support for 2 more types of timed GPS in video files
+ (that makes 49 different formats now supported)
+ * Added validity check for PDF trailer dictionary Size
+ * Added a new Pentax LensType
+ * Extract metadata from Jpeg2000 Association box
+ * Changed -g:XX:YY and -G:XX:YY options to show empty strings
+ for non-existent groups
+ * Patched to issue warning and avoid writing date/time values
+ with a zero month or day number
+ * Patched to avoid runtime warnings if trying to set FileName
+ to an empty string
+ * Fixed issue that could cause GPS test number 12 to fail on
+ some systems
+ * Fixed problem extracting XML as a block from Jpeg2000
+ images, and extract XML tags in the XML group instead of XMP
+- Update URL
+
+- update to 12.13:
+ - Add time zone automatically to most string-based QuickTime date/time tags
+ when writing unless the PrintConv option is disabled
+ - Added -i HIDDEN option to ignore files with names that start with "."
+ - Added a few new Nikon ShutterMode values (thanks Jan Skoda)
+ - Added ability to write Google GCamera MicroVideo XMP tags
+ - Decode a new Sony tag (thanks LibRaw)
+ - Changed behaviour when writing only pseudo tags to return an error and avoid
+ writing any other tags if writing FileName fails
+ - Print "X image files read" message even if only 1 file is read when at least
+ one other file has failed the -if condition
+ - Added ability to geotag from DJI CSV log files
+ - Added a new CanonModelID
+ - Added a couple of new Sony LensType values (thanks LibRaw)
+ - Enhanced -csvDelim option to allow "\t", "\n", "\r" and "\\"
+ - Unescape "\b" and "\f" in imported JSON values
+ - Fixed bug introduced in 12.10 which generated a "Not an integer" warning
+ when attempting to shift some QuickTime date/time tags
+ - Fixed shared-write permission problem with -@ argfile when using -stay_open
+ and a filename containing special characters on Windows
+ - Added -csvDelim option
+ - Added new Canon and Olympus LensType values (thanks LibRaw)
+ - Added a warning if ICC_Profile is deleted from an image (github issue #63)
+ - EndDir() function for -if option now works when -fileOrder is used
+ - Changed FileSize conversion to use binary prefixes since that is how the
+ conversion is currently done (eg. MiB instead of MB)
+ - Patched -csv option so columns aren't resorted when using -G option and one
+ of the tags is missing from a file
+ - Fixed incompatiblity with Google Photos when writing UserData:GPSCoordinates
+ to MP4 videos
+ - Fixed problem where the tags available in a -p format string were limited to
+ the same as the -if[NUM] option when NUM was specified
+ - Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for Ricoh
+ models
+
+- Update to 12.10
+ * Added -validate test for proper TIFF magic number in
+ JPEG EXIF header
+ * Added support for Nikon Z7 LensData version 0801
+ * Added a new XMP-GPano tag
+ * Decode ColorData for the Canon EOS 1DXmkIII
+ * Decode more tags for the Sony ILCE-7SM3
+ * Automatically apply QuickTimeUTC option for CR3 files
+ * Improved decoding of XAttrMDLabel from MacOS files
+ * Ignore time zones when writing date/time values and
+ using the -d option
+ * Enhanced -echo3 and -echo4 options to allow exit status
+ to be returned
+ * Changed -execute so the -q option no longer suppresses
+ the "{ready}" message when a synchronization number is used
+ * Added ability to copy CanonMakerNotes from CR3 images
+ to other file types
+ * Added read support for ON1 presets file (.ONP)
+ * Added two new CanonModelID values
+ * Added trailing "/" when writing QuickTime:GPSCoordinates
+ * Added a number of new XMP-crs tags
+ * Added a new Sony LensType (thanks Jos Roost)
+ * Added a new Nikon Z lens (thanks LibRaw)
+ * Added a new Canon LensType
+ * Decode ColorData for Canon EOS R5/R6
+ * Decode a couple of new HEIF tags
+ * Decode FirmwareVersion for Canon M50
+ * Improved decoding of Sony CreativeStyle tags
+ * Improved parsing of Radiance files to recognize comments
+ * Renamed GIF AspectRatio tag to PixelAspectRatio
+ * Patched EndDir() feature so subdirectories are always
+ processed when -r is used (previously, EndDir() would
+ end processing of a directory completely)
+ * Avoid loading GoPro module unnecessarily when reading MP4 videos
+ from some other cameras
+ * Fixed problem with an incorrect naming of CodecID tags in some
+ MKV videos
+ * Fixed verbose output to avoid "adding" messages for
+ existing flattened XMP tags
+ * Added a new Sony LensType
+ * Recognize Mac OS X xattr files
+ * Extract ThumbnailImage from MP4 videos of more dashcam models
+ * Improved decoding of a number of Sony tags
+ * Fixed problem where the special -if EndDir() function didn't
+ work properly for directories after the one in which
+ it was initially called
+ * Patched to read DLL files which don't have a .rsrc section
+ * Patched to support new IGC date format when geotagging
+ * Patched to read DLL files with an invalid size in the header
+ * Added support for GoPro .360 videos
+ * Added some new Canon RF and Nikkor Z lenses
+ * Added some new Sony LensType and CreativeStyle values
+ and decode some ILCE-7C tags
+ * Added a number of new Olympus SceneMode values
+ * Added a new Nikon LensID
+ * Decode more timed metadata from Insta360 videos
+ * Decode timed GPS from videos of more Garmin dashcam models
+ * Decode a new GoPro video tag
+ * Reformat time-only EventTime values when writing and prevent
+ arbitrary strings from being written
+ * Patched to accept backslashes in SourceFile entries for -csv option
+
+- update to 12.06
+ - Added read support for Lyrics3 metadata (and fixed problem
+ where APE metadata may be ignored if Lyrics3 exists)
+ - Added a new Panasonic VideoBurstMode value
+ - Added a new Olympus MultipleExposureMode value
+ - Added a new Nikon LensID
+ - Added back conversions for XMP-dwc EventTime that were removed
+ in 12.04 with a patch to allow time-only values
+ - Decode GIF AspectRatio
+ - Decode Olympus FocusBracketStepSize
+ - Extract PNG iDOT chunk in Binary format with the
+ name AppleDataOffsets
+ - Process PNG images which do not start with mandatory
+ IHDR chunk
+ - Added a new Panasonic SelfTimer value
+ - Decode a few more DPX tags
+ - Extract AIFF APPL tag as ApplicationData
+ - Fixed bug writing QuickTime ItemList 'gnre' Genre values
+ - Fixed an incorrect value for Panasonic VideoBurstResolution
+ - Fixed problem when applying a time shift to some invalid
+ makernote date/time values
+
+- update to 12.04:
+ * See /usr/share/doc/packages/perl-Image-ExifTool/Change
+
+- update to 11.50, see Image-ExifTool-11.50.tar.gz for details
+
+- Update to version 11.30:
+ * Add a new Sony/Minolta LensType.
+ * Decode streaming metadata from TomTom Bandit Action Cam MP4
+ videos.
+ * Decode Reconyx HF2 PRO maker notes.
+ * Decode ColorData for some new Canon models.
+ * Enhanced -geotag feature to set AmbientTemperature if
+ available.
+ * Remove non-significant spaces from some DICOM values.
+ * Fix possible "'x' outside of string" error when reading
+ corrupted EXIF.
+ * Fix incorrect write group for GeoTIFF tags.
+
+- Update to version 11.29
+ * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.27
+ * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.24
+ * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to version 11.11 (changes since 11.01):
+ * See /usr/share/doc/packages/perl-Image-ExifTool/Changes
+
+- Update to 11.01:
+ * Added a new ProfileCMMType
+ * Added a Validate warning about non-standard EXIF or XMP in
+ PNG images
+ * Added a new Canon LensType
+ * Decode a couple more PanasonicRaw tags
+ * Patched to avoid adding tags to QuickTime videos with multiple
+ 'mdat' atoms --> avoids potential corruption of these videos!
+
+- Update to 11.00:
+ * Added read support for WTV and DVR-MS videos
+ * Added print conversions for some ASF date/time tags
+ * Added a new SonyModelID
+ * Decode a new PanasonicRaw tag
+ * Decode some new Sony RX100 VI tags
+ * Made Padding and OffsetSchema tags "unsafe" so they
+ aren't copied by default
+
permissions
+- Update to version 20181225:
+ * etc/permissions: remove unnecessary entries (bsc#1182899)
+
plasma5-desktop
+- Add upstream patch to fix renaming files on the desktop via the
+ keyboard shortcut (boo#1174487, kde#425436):
+ * 0001-Fix-renaming-shortcut-for-files-selected-via-selecti.patch
+
plasma5-workspace
+- Add upstream patch to fix broken/missing "Switch User"
+ functionality with systemd 246 (boo#1177223, kde#427777):
+ * Fix-missing-Switch-User-with-systemd-246.patch
+
plymouth
+- Pickup plymouth-only_use_fb_for_cirrus_bochs.patch: Currently our
+ kernel hardware support need this fix, and boo#1172028 will be
+ fix seperately (bnc#888590 boo#1172028 bsc#1181913).
+
procps
+- Add upstream patch procps-3.3.17-bsc1181976.patch based on
+ commit 3dd1661a to fix bsc#1181976 that is change descripton
+ of psr, which is for 39th field of /proc/[pid]/stat
+
python-libxml2-python
+- Security fix: [bsc#1185408, CVE-2021-3518]
+ * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess()
+ * Add libxml2-CVE-2021-3518.patch
+
+- Security fix: [bsc#1185410, CVE-2021-3517]
+ * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal()
+ * Add libxml2-CVE-2021-3517.patch
+
+- Security fix: [bsc#1185409, CVE-2021-3516]
+ * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal()
+ * Add libxml2-CVE-2021-3516.patch
+
radvd
-- fix the radvd.service file to use /etc/sysconfig/radvd
- (bnc#854316)
-
-- Update to version 1.9.7
- * ioctl bug fix for getting the hardware address and mtu of an interface
-- Update to version 1.9.6
- * Check AdvSendAdvert before sending an advertisement
-- Update to version 1.9.5
- * IPv6 forwarding setting should be 1 or 2
- * Performance fix in netlink message processing
- * fix for kernels with no NETLINK_NO_ENOBUFS defined
- * distributing gz, bz2 and xz tarballs
- * also distributing md5, sha1, sha256 and gpg signatures
-- Update to version 1.9.4
- * IPv6 forwarding setting should be 1 or 2
- * Performance fix in netlink message processing
- * fix for kernels with no NETLINK_NO_ENOBUFS defined
- * distributing gz, bz2 and xz tarballs
- * also distributing md5, sha1, sha256 and gpg signatures
-- Update to version 1.9.3
- * check for sys/sysctl.h availability
- * radvdump fix to interpret MTU and Route
-- Update to version 1.9.2
- * A few minor Makefile.am fixes
-- Update to version 1.9.1
- * Replacing a '==' in configure with '=' for better shell portability
-- added .asc (gpg key not yet found)
-
-- Don't start daemon after package installation, the default config is almost
- useless and previous package versions installed even bad ones into
- /etc/radvd.conf (it would never be fixed since the file is
- %ghost %config(noreplace)
-- Fix try-restart to only restart the daemon if it's actually running. Allow
- condrestart, which is LSB
-
-- Add radvd-tmpfile-grpname.patch: On openSUSE, the radvd user is
- added to the 'daemon' group (not a specific 'radvd' group). Thus
- adjusting the groupname in for the file to be installed in
- tmpfiles.d. Otherwise, the systemd-tmpfiles service fails to
- start (and radvd can't find the /var/run folder).
-
-- Remove URL from source as this is a git snapshot
-
-- Update to version 1.9rc1.xxx
- * Support systemd tmpfiles.d
- * add Native systemd units for this service
- * Uses libdaemon to deamonize and store PID file.
- * Use setsockopt NETLINK_NO_ENOBUFS
- * fixes debian bug 634485
-
-- add automake as buildrequire to avoid implicit dependency
-
-- Update to version 1.8.3:
- + proper tracking of buffer usage in send_ra
-- Drop diff_release_1_8_2..44ee01c7.patch: fixed upstream.
-
-- Update to version 1.8.3-rc1
-- additional patches up to commit 44ee01c7 to fully fix the
- path traversal CVE-2011-3602 (bnc#721968)
-
-- Update to version 1.8.1 for details see NEWS
-- Fix package building in factory, creating /var/run/radvd before
- being marked as %ghost
-- Run spec cleaner
-
-- new version 1.7:
- - Fix an unintentional change in 1.3: RAs were accidentally often unicast to
- solicitors instead of being multicast. This is still compliant with the
- specification but is not optimal.
- - Allow radvd.conf prefix, clients, route, and RDNSS options to be in any order.
- - exit if the number of prefixes/routes/etc. would grow too much.
- - Fix radvd skipping multiple interfaces when UnicastOnly is on or
- AdvSendAdvert is off. This got broken in radvd 1.3.
- - Fix a segmentation fault on reload_config() timer list corruption that only
- occurs with multiple interfaces.
- - Add '-c' flag to test configuration.
- - Deprecate old, pre-RFC5006 parameters. Support RFC6106 by adding DNS Search List support.
-- run as user radvd by default (bnc#691456)
-- clean up init script
-- install a small default config that advertises ULAs. Default prefix is
- autogenerated to get a different for on each installation.
-- start even if forwarding is not on to be able to work with ULAs only
-
-- Update to version 1.3:
- - mainly compilation fixes
- - decreased the default valid and preferred lifetimes
- - support for arbitrary interface names
-
rsyslog
+- fix groupname retrieval for large groups (bsc#1178490)
+ * add 0001-rainerscript-call-getgrnam_r-repeatedly-to-get-all-g.patch
+
ruby2
+- Update to 2.5.9 (boo#1184644)
+ https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/
+ - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability
+ in WEBrick
+ - CVE-2021-28965: XML round-trip vulnerability in REXML
+ Complete list of changes at
+ https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9
+- Update suse.patch:
+ Remove fix for CVE-2020-25613 as it is included in the update
+
shim
+- Include suse-signed shim for AArch64 (bsc#1185621)
+
systemd
+- add conversion script for moving legacy collect based udev rules
+ to chzdev based ones (bsc#1183984)
+
systemd-presets-common-SUSE
+- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155).
+
tcsh
+- Add patch tcsh-6.20.00-toolong.patch which is an upstream commit
+ ported back to 6.20.00 to fix bsc#1179316 about history file growing
+
vlc
+- Update to version 3.0.13:
+ + Demux:
+ - Adaptive: fix artefacts in HLS streams with wrong profiles/levels
+ - Fix regression on some MP4 files for the audio track
+ - Fix MPGA and ADTS probing in TS files
+ - Fix Flac inside AVI files
+ - Fix VP9/Webm artefacts when seeking
+ + Codec:
+ - Support SSA text scaling
+ - Fix rotation on Android rotation
+ - Fix WebVTT subtitles that start at 00:00
+ + Access:
+ - Update libnfs to support NFSv4
+ - Improve SMB2 integration
+ - Fix Blu-ray files using Unicode names on Windows
+ - Disable mcast lookups on Android for RTSP playback
+ + Video Output: Rework the D3D11 rendering wait, to fix
+ choppiness on display
+ + Interfaces:
+ - Fix VLC getting stuck on close on X11 (#21875)
+ - Improve RTL on preferences on macOS
+ - Add mousewheel horizontal axis control
+ - Fix crash on exit on macOS
+ - Fix sizing of the fullscreen controls on macOS
+ + Misc:
+ - Improve MIDI fonts search on Linux
+ - Update Soundcloud, Youtube, liveleak
+ - Fix compilation with GCC11
+ - Fix input-slave option for subtitles
+ + Updated translations.
+- Drop vlc-gcc11.patch: fixed upstream.
+- Extend vlc-srto_tsbpddelay.patch: allow srt >= 1.3 for openSUSE.
+
+- Guard post scriptlets to only run %{_libdir}/vlc/vlc-cache-gen if
+ it already (or still, in case of uninstall) exists.
+
+- Add vlc-gcc11.patch: Fix build using gcc11 (boo#1181918).
+
+- Drop libpcre-devel BuildRequires: not been used in a while.
+
+- Limit libplacebo to is_openssue: vlc does not exist in SLE, which
+ makes the usage of is_opensuse valid; backports has is_opensuse
+ set to 1. This is mostly interesting for 3rd party build service
+ instances.
+
+- Enable libplacebo support (the core rendering algorithms and
+ ideas of mpv rewritten as an independent library):
+ + Add pkgconfig(libplacebo) BuildRequires
+ + Pass --enable-libplacebo to %configure
+
+- Update to version 3.0.12:
+ + Access: Add new RIST access module compliant with simple
+ profile (VSF_TR-06-1).
+ + Access Output: Add new RIST access output module compliant with
+ simple profile (VSF_TR-06-1).
+ + Demux: Fixed adaptive's handling of resolution settings.
+ + Audio output: Fix audio distortion on macOS during start of
+ playback.
+ + Video Output: Direct3D11: Fix some potential crashes when using
+ video filters.
+ + Misc:
+ - Several fixes in the web interface, including privacy and
+ security improvements
+ - Update YouTube and Vocaroo scripts.
+ + Updated translations.
+- Drop vlc-CVE-2020-26664.patch: fixed upstream.
+- Drop fix-missing-includes-with-qt-5.15.patch: fixed upstream.
+
vsftpd
+- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp
+ sandbox, fixes bsc#1179553
+ Also in the same patch, fix the architecture offset from 4 to 5,
+ this change was documented in https://lore.kernel.org/patchwork/patch/554803/
+
+- Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and
+ "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch",
+ which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the
+ configuration file. Both options default to true. [SLE-4182]
+
+- Use %{_prefix}/lib instead of misused %{_libexecdir}.
+
+- Add pam_keyinit.so to PAM config file.
+ [vsftpd.pam, bsc#1144062]
+
+- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation
+ fault that occurred while trying to write to an invalid TLS
+ context. [bsc#1125951]
+
+- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
+ shortcut the build queues by allowing usage of systemd-mini
+
+- firewall-macros should be BuildRequires, not Requires(post)
+ (the macro gets expanded during package build)
+
-- force using fork() instead of clone() on s390 - fixes bnc#890469
- * vsftpd-3.0.2-s390.patch
-
-- Cleanup with spec-cleaner
-- Remove conditions about init files as we do not build for < 12.1
- anyway.
-- Update the README.SUSE file to describe more the listen option.
-
-- Add socket service for vsftpd to avoid the need for xinetd here.
-
-- Add comment about listen variables for xinetd configuration.
- Fixes bnc#872221.
-- Add default configuration as arg to xinetd started vsftpd.
-- Updated patch:
- * vsftpd-2.0.4-xinetd.diff
-
-- Move the enabling of timeofday and alarm one level deeper to
- be sure it is whitelisted everytime.
- Also should possibly fix bnc#872215.
-- Updated patch:
- * vsftpd-enable-gettimeofday-sec.patch
-
-- Remove forking from service type as it hangs in endless loop.
-
-- Fix warning about dangling symlink on rcvsftpd from rpmlint and
- remove also clean section while at it.
-
-- Add patch to allow gettimeofday and alarm calls with seccomp
- enabled. bnc#870122
-- Added patch:
- * vsftpd-enable-gettimeofday-sec.patch
-
-- Specify that the service type is forking
-
-- changed license to SUSE-GPL-2.0-with-openssl-exception
- * suggested by legal team
-
-- add allow_root_squashed_chroot option to enable chroot on nsf
- mounted with squash_root option (fate#311051)
- * vsftpd-root-squashed-chroot.patch
-
-- build with OPENSSL_NO_SSL_INTERN this hides internal struct
- members or functions that if changed in future openssl versions
- will break the ABI of the calling applications.
-
-- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1)
- * this enabled a sendto on /dev/log socket when syslog is enabled
-- provide more verbose explanation about isolate_network and seccomp_sanbox in
- config file template
-- don't install init file on openSUSE 13.1+
-- drop a build support for SL 10 and older
-
-- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38)
- * drop CLONE_NEWPID from clone to enable audit system
-- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406)
- * unconditionally enable F_SETFL patch - might be safe to do
-
-- add isolate_network and seccomp_sandbox options to template to make them
- easier to find (bnc#786024)
-
-- add vsftpd-allow-dev-log-socket.patch (bnc#786024)
- * whitelist /dev/log related socket syscall
-
-- Verify GPG signature.
-
-- Fix useradd invocation: -o is useless without -u and newer
- versions of pwdutils/shadowutils fail on this now.
-
-- update to 3.0.2 (bnc#786024)
- * Fix some seccomp related build errors on certain CentOS and Debian versions.
- * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort()
- opens and maps /proc/meminfo but only for larger item counts?
- * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names.
- * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin
- Xu <tixu@cs.ucsd.edu>.
- * Force cast to unsigned char in is* char functions.
- * Fix harmless integer issues in strlist.c.
- * Started on a (possibly ill-advised?) crusade to compile cleanly with
- Wconversion. Decided to suspend the effort half-way through.
- * One more seccomp policy fix: mremap (denied).
- * Support STOU with no filename, uses a STOU. prefix.
-
-- make seccomp sandbox enabled by default
- * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch
-
-- fix building on 11.4 x86_64 and lower
- * fix where, when, & how __USE_GNU gets #defined
- * make seccomp optional and disable it on 10.3 and lower
-
-- update to upstream 3.0.0:
- * Make listen mode the default.
- * Fix missing "const" in ssl.c
- * Add seccompsandbox.c to support a seccomp filter sandbox; works against
- Ubuntu 12.04 ABI.
- * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with
- seccompsandbox.c
- * Rename deprecated "sandbox" to "ptrace_sandbox".
- * Add a few more state checks to the privileged helper processes.
- * Add tunable "seccomp_sandbox", default on.
- * Use hardened build flags.
- * Retry creating a PASV socket upon port reuse race between bind() and
- listen(), patch from Ralph Wuerthner <ralph.wuerthner@de.ibm.com>.
- * Don't die() if recv() indicates a closed remote connection. Problem report
- on a Windows client from Herbert van den Bergh,
- <herbert.van.den.bergh@oracle.com>.
- * Add new config setting "allow_writeable_chroot" to help people in a bit of
- a spot with the v2.3.5 defensive change. Only applies to non-anonymous.
- * Remove a couple of fixed things from BUGS.
- * strlen() trunction fix -- no particular impact.
- * Apply some tidyups from mmoufid@yorku.ca.
- * Fix delete_failed_uploads if there is a timeout. Report from Alejandro
- Hernández Hdez <aalejandrohdez@gmail.com>.
- * Fix other data channel bugs such as failure to log failure upon timeout.
- * Use exit codes a bit more consistently.
- * Fix bad interaction between SSL and trans_chunk_size.
- * Redo data timeout to fire properly for SSL sessions.
- * Redo idle timeout to fire properly for SSL sessions.
- * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing.
- * Use 10 minutes as a max linger time just in case an alarm gets lost.
- * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook.
- * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility.
- Unfortunately the default vsftpd SSL confiuration still doesn't fully work with
- FileZilla, because FileZilla has a data connection security problem: no client
- certificate presentation and no session reuse. At least the error message is
- now very clear.
- * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst
- a data transfer is in progress.
- * Fix delete_failed_uploads for anonymous sessions.
- * Don't listen for urgent data if the control connection is SSL, due to possible
- protocol synchronization issues.
-- SUSE specific changes:
- * turn off the listen mode (listen=NO) by default and change README.SUSE
- * merge new hardended flags for build and linking
- * fix the wrong Type=forking from systemd service file
- * turn off the seccomp_sandbox off by default as SUSE kernel does not support
- it (yet)
-
-- follow Systemd Packaging guidelines
- http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines
-- add $local_fs and $remote_fs to init script
-
-- use the original tarball, because the bz2 repacking madness disables
- gpg --verify
-- revert a part oc changes utf converting
-
-- update to upstream 2.3.5:
- * Try and force glibc to cache zoneinfo files in an attempt to work around
- glibc parsing vulnerability. Thanks to Kingcope.
- * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke
- <martin@meltin.net>.
- * Some simple fixes and cleanups from Thorsten Brehm <tbrehm@dspace.de>.
- * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to
- steve willing <eiji-gravion@hotmail.com>.
- * Handle connect() failures properly. Thanks to Takayuki Nagata
- <tnagata@redhat.com>.
- * Add stronger checks for the configuration error of running with a
- writeable root directory inside a chroot(). This may bite people who
- carelessly turned on chroot_local_user but such is life.
-- convert .changes file to unicode
-- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch
-- name patches explicitly without macro as per recommendations
-- remove INSTALL file from binary package
-- update license to GPL-2.0+
-- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file
-
-- fis copy/paste error in previous change
-
-- Add systemd unit
-
-- fix bnc#713588 - bogus logrotate config for vsftpd
- call /sbin/killproc -HUP /usr/sbin/vsftpd like init script
-- change the url and service file to the new location at
- security.appspot.com/vsftpd
-
-- Update to 2.3.4
-- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to
- Maksymilian Arciemowicz <cxib@securityreason.com>.
-- Some bugfixes from Raphaël Rigo <raphael.rigo@syscall.eu> -- good bugs but
- no apparent security impact.
-
-- Update to version 2.3.2
-- Fix silly regression re: log files being overwritten from the start.
-- Rename a few file-open functions to make it clearer what they do
-
-- Update to 2.3.0
-- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP
- protocol and headers, and likely has all sorts of other issues. The use case
- it might satisfy is if you need to serve simple static unathenticated content
- with large levels of paranoia.
-- Fix port_promiscuous breakage.
-- Minor FAQ update.
-- Use a larger address space limit if using text_userdb_names=YES
-- Always use CLONE_NEWNET if possible when in HTTP mode.
-- Change REST + STOR so that it's possible to overwrite part of file without
- truncating it.
-- Boot the session if we see a USER where encryption was required. May prevent
- the transmission of plaintext passwords by buggy clients.
-- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n
- fixups.
-
-- $remote_fs --> network-remotefs
-
-- updated to version 2.2.2
- * Change "File receive OK." to "Transfer complete." to placate some broken
- clients. Thanks Holger Kiehl <Holger.Kiehl@dwd.de>.
- * Fix erroneous "child died" upon FTP client connect, when under load. Awesome
- thanks to Holger Kiehl <Holger.Kiehl@dwd.de> for running diagnostic tests on
- his live server.
- * Boot the session if an overly long line is encountered.
-- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases
-- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch
- nowarn.patch
-
-- added use-ipv6-scope-id.patch to fix connection issues with
- ipv6-link local address (bnc#574366)
-
-- fix typo in the package description - and remove authors
-
webkit2gtk3
+- Per discussion with maintenance, let's not remove features that
+ customers could possibly be using:
+- Add webkit2gtk3-restore-npapi.patch: restore NPAPI plugin
+ support. Reverts webkit#215503.
+
+- Update to version 2.32.0 (boo#1184155):
+ + Fix the authentication request port when URL omits the port.
+ + Fix iframe scrolling when main frame is scrolled in async
+ scrolling mode.
+ + Stop using g_memdup.
+ + Show a warning message when overriding signal handler for
+ threading suspension.
+ - Fix the build on RISC-V with GCC 11.
+ - Fix several crashes and rendering issues.
+ + Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871
+ + Changes in version 2.30.6 (boo#1184262):
+ + Update user agent quirks again for Google Docs and Google Drive.
+ + Fix several crashes and rendering issues.
+ + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765
+ CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870.
+- Remove webkit-font-scaling.patch: contained in upstream
+- Drop original SLE 15 support from the spec. Drop
+ webkit-process.patch and old-wayland-scanner.patch; they are not
+ needed for SP2.
+- Pass ENABLE_GAMEPAD=OFF to cmake, since we don't have manette.
+- Add glproto-devel to BuildRequires: now needed for the build on
+ SLE 15.
+
+- Update _constraints for armv6/armv7 (bsc#1182719)
+
wpa_supplicant
+- Add CVE-2021-30004.patch -- forging attacks may occur because
+ AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c
+ (bsc#1184348)
+
+- Fix systemd device ready dependencies in wpa_supplicant@.service file.
+ (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)
+
xdg-desktop-portal
+- Ensure systemd rpm macros are called at install/uninstall times
+ for systemd user services.
+- Add BuildRequires on systemd-rpm-macros.
+
+- Update to version 1.8.0:
+ + openuri:
+ - Allow skipping the chooser for more URL tyles
+ - Robustness fixes
+ + filechooser: Return the current filter
+ + camera:
+ - Make the client node visible
+ - Don't leak pipewire proxy
+ + Fix file descriptor leaks
+ + Testsuite improvements
+ + Updated translations.
+- Changes from version 1.7.2:
+ + document:
+ - Reduce the use of open fds
+ - Add more tests and fix issues they found
+ + Fix the build with musl.
+- Changes from version 1.7.1:
+ + filechooser:
+ - Add a "directory" option
+ - Document the "writable" option
+ + document: Expose directories with their proper name
+- Changes from version 1.7.0:
+ + testsuite improvements
+ + background: Avoid a segfault
+ + screencast: Require pipewire 0.3
+ + document:
+ - Support exporting directories
+ - New fuse implementation
+ + Better support for snap and toolbox
+ + Updated translations.
+- Drop patches fixed upstream:
+ + xdg-dp-port-pipewire-3-api.patch
+ + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch
+ + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch
+ + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch
+
+- Require /usr/bin/fusermount: xdg-document-portal calls out to the
+ binary. Without it, files or dirs can be selected, but
+ whatever is done with or in them, will not have any effect
+ (boo#1175899).
+
+- Fixes for %_libexecdir changing to /usr/libexec
+
xdg-desktop-portal-gtk
+- Update to version 1.8.0:
+ + filechooser: Return the current filter
+ + screenshot: Fix cancellation
+ + appchooser: Avoid a crash
+ + wallpaper:
+ - Properly preview placement settings
+ - Drop the lockscreen option
+ + printing: Improve the notification
+ + Updated translations.
+- Changes from version 1.7.1:
+ + filechooser:
+ - Handle the "directory" option to select directories
+ - Only show preview when we have an image
+ + Updated translations.
+- Changes from version 1.7.0:
+ + screencast: Support mutter version 3
+ + settings: Fall back to gsettings for enable-animations
+ + Updated translations.
+- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream.
+
+- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump
+ supported Mutter version to 3 (New pipewire api ver 3).
+
xorg-x11-server
+- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch,
+ U_meson-Fix-another-reference-to-gl-9.2.0.patch
+ * fix build on sle15-sp3 with updated libglvnd/Mesa and their
+ new pkgconfig files
+ (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893)
+
+- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch
+ * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543)
+
+- U_Fix-XChangeFeedbackControl-request-underflow.patch
+ * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472,
+ ZDI-CAN-1259, bsc#1180128)
+
yast2-trans
+- Update to version 84.87.20210502.7b34dbceae:
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Turkish)
+ * Translated using Weblate (Portuguese (Brazil))
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Japanese)
+ * New POT for text domain 'network'.
+ * New POT for text domain 'installation'.
+ * New POT for text domain 'network'.
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Japanese)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+ * Translated using Weblate (Slovak)
+