Removed rpms ============ - google-arimo-fonts - google-cousine-fonts - google-noto-fonts-doc - google-tinos-fonts - noto-sans-cjk-fonts Added rpms ========== - google-noto-sans-cjk-fonts - google-noto-sans-jp-bold-fonts - google-noto-sans-jp-fonts - google-noto-sans-jp-regular-fonts - google-noto-sans-kr-bold-fonts - google-noto-sans-kr-fonts - google-noto-sans-kr-regular-fonts - google-noto-sans-sc-bold-fonts - google-noto-sans-sc-fonts - google-noto-sans-sc-regular-fonts - google-noto-sans-tc-bold-fonts - google-noto-sans-tc-fonts - google-noto-sans-tc-regular-fonts - google-noto-serif-jp-bold-fonts - google-noto-serif-jp-fonts - google-noto-serif-jp-regular-fonts - google-noto-serif-kr-bold-fonts - google-noto-serif-kr-fonts - google-noto-serif-kr-regular-fonts - google-noto-serif-sc-bold-fonts - google-noto-serif-sc-fonts - google-noto-serif-sc-regular-fonts - google-noto-serif-tc-bold-fonts - google-noto-serif-tc-fonts - google-noto-serif-tc-regular-fonts - hplip-udev-rules - libtiff6 - noto-arimo-fonts - noto-cousine-fonts - noto-tinos-fonts - plocate Package Source Changes ====================== AppStream +- Fix the documentation being put in the devel subpackage while + the doc subpackage was empty. I think the doc %files section was + probably removed inadvertently since it wasn't mentioned in the + changelog and the doc subpackage declaration was left around. +- Moved the appstreamcli-compose man page to the same package + as the binary. +- Make AppStream-compose-devel explicitly require + libappstream-compose0 to stop rpmlint from reporting an error. + +- Enable vala support when building in SLE-15 SP6 +- Fix condition in files section for the case where vala support + is disabled, where some files are being generated but were not + included + +- Update to 0.16.3: + Features: + * compose: Allow creating metadata with complete URLs and no base URL + Bugfixes: + * Fix tweaking of appstream.pc when building as subproject + * Do not override default-priority when parsing multiple metadata files + * Ensure stemmer always has the right locale and token-search works + * Require a more recent libxmlb to avoid crashes + Miscellaneous: + * Work around invalid null-dereference warning in GCC 13 +- Drop patch, merged upstream: + * 0001-Do-not-override-default-priority-when-parsing-multip.patch + +- Update to 0.16.2: + Features: + * Add API for asking whether the pool is empty + * Add DDE to known desktop-environment list + * validator: Check if Release Description is inside description tag + * Make AppStream use BCP47 for locale in XML data + Bugfixes: + * Add missing standard::is-hidden attribute to file search enumerator + * spdx: Accept brackets in spdx license expression check + * introspection: Bring back AS_FORMAT_STYLE_COLLECTION into its enum + * compose: Fix crash in asc_l10n_search_translations_qt() + * compose: Set lower-cased CID for synthesized components again + * Don't crash when non-YAML documents are read as YAML + Miscellaneous: + * sanitizers: Allow null-dereference check again +- Drop patch, merged upstream: + * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch +- Add upstream change: + * 0001-Do-not-override-default-priority-when-parsing-multip.patch + +- refresh patch for new glib-2.76 from upstream + +- Add upstream fix for new glib-2.76: + * bfa8fa6ac4ef645368a93384a6c16ac551a40922.patch + +- Update to version 0.16.1: + Specification: + * docs: Clarify the locations where catalog icons should be placed + * spec: Expand documentation for elements + * spec: Mention that is not part of the description + * spec: Give some guidance about tone in release descriptions + Bugfixes: + * Fix binding helper macro to behave correctly if a function is passed directly + * Override-merge icons and provided items correctly + * tests: Ensure locale is C.UTF-8 in pool tests + Miscellaneous: + * release: Add sanity checks at beginning of each function +- Add ldconfig_scriptlets for libappstream-compose + +- Update to version 0.16.0: + * Features: + + pool: Offer API to look up components by bundles + + Bump format version to 0.16 + + Add new AsSystemInfo to read information about the current OS and device + + Add helper to get device names from a modalias + + Implement support for external release metadata + + Add validation support for external release metadata + + compose: Validate external release metadata used for the catalog as well + + its: Add rule for standalone release metadata + + Add function to test if an AsRelation is satisfied on the current system + + cli: Add command to list category contents + + cli: Display colored checkmarks if possible + + cli: Add new is-satisfied check to test relations from the command-line + + cli: Add Markdown export support for metainfo-to-news + + qt: Add support for SystemInfo & relation satisfication checks + * Specification: + + spec: Specify a metadata format for external release descriptions + * Bugfixes: + + Fix build with Clang 15 + + Give a better error message if trying to list too many categories + + Adjust documentation of AsPool.get_components_by_categories to reflect reality + + validator: Validate merge component catalog data properly again + * Miscellaneous: + + Consistently name catalog metadata as such everywhere +- Update support-meson0.59.patch for latest version of AppStream +- Build AppStream with compose support as a separate package. + +- Use %ldconfig_scriptlets. Leap 15.3 is out of maintenance. + ImageMagick +- version update to 7.1.1.21 + https://github.com/ImageMagick/Website/blob/main/ChangeLog.md +- modified patches + [bsc#1217014][bsc#1216811] + % ImageMagick-s390x-disable-tests.patch (refreshed) +- deleted patches + - ImageMagick-correct-time-to-live.patch (upstreamed) +- added patches + https://github.com/ImageMagick/ImageMagick/commit/8f3c56fabc619c1672865257e5aafe33cbfaaf3e + https://github.com/ImageMagick/ImageMagick/commit/3a7b915d9a810ce742987b37c935f6ae8b36df10 + + ImageMagick-infinite-resource-time-limit.patch + curl + * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass + * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents + * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch + +- Security fixes: desktop-file-utils +- Add patches to support Desktop entry spec 1.5 (bsc#1216357): + * 0001-validate-support-SingleMainWindow-key-from-1.5.patch + * 0002-validate-Support-version-1.5.patch + e2fsprogs -- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add - sanity check to extent manipulation (bsc#1198446 CVE-2022-1304) +- libext2fs-add-sanity-check-to-extent-manipulation.patch: Merged upstream + in 1.46.6 +- References to old bugs fixed by updating to latest upstream version: + CVE-2015-0247 CVE-2015-1572 CVE-2019-5094 CVE-2019-5188 CVE-2022-1304 + bsc#1009532 bsc#1038194 bsc#1128383 bsc#1145716 bsc#1152101 bsc#1154295 + bsc#1160571 bsc#1160979 bsc#1170964 bsc#1183791 bsc#1198446 bsc#915402 + bsc#918346 bsc#960273 -- Add references from old package: - Autoreconf removed from the spec file, just without bsc reference - (bsc#1183791) - Fix po-remove-unnecessary-buggy-positional-parameter-spe.patch in 1.45.3 - (bsc#1170964) - Fix e2fsck-clarify-overflow-link-count-error-message.patch in 1.46.0 - (bsc#1160979) - Fix ext2fs-update-allocation-info-earlier-in-ext2fs_mkdi.patch in 1.46.0 - (bsc#1160979) - Fix ext2fs-implement-dir-entry-creation-in-htree-directo.patch in 1.46.0 - (bsc#1160979) - Fix tests-add-test-to-excercise-indexed-directories-with.patch in 1.46.0 - (bsc#1160979) - Fix tune2fs-update-dir-checksums-when-clearing-dir_index.patch in 1.46.0 - (bsc#1160979) - Fix e2fsck-abort-if-there-is-a-corrupted-directory-block.patch in 1.45.5 - (bsc#1160571 CVE-2019-5188) - Fix e2fsck-don-t-try-to-rehash-a-deleted-directory.patch in 1.45.5 - (bsc#1160571 CVE-2019-5188) - Fix resize2fs-Make-minimum-size-estimates-more-reliable.patch in 1.45.5 - (bsc#1154295) - Fix libsupport-add-checks-to-prevent-buffer-overrun-bugs.patch in 1.45.4 - (bsc#1152101 CVE-2019-5094) - Fix libext2fs-call-fsync-2-to-clear-stale-errors-for-a-n.patch in 1.44.3 - (bsc#1145716) - Fix e2fsck-check-and-fix-tails-of-all-bitmaps.patch in 1.45.1 (bsc#1128383) - Fix libext2fs-Fix-fsync-2-detection.patch in 1.44.0 (bsc#1038194) - Fix resize2fs-Fix-32-64-bit-overflow-when-multiplying-by-blocks-cl.patch - in 1.42.12 (bsc#1009532) - Fix libext2fs-fix-potential-buffer-overflow-in-closefs.patch - in 1.42.13 (bsc#918346 CVE-2015-1572) - Fix libext2fs-avoid-buffer-overflow-if-s_first_meta_bg-i.patch - in 1.42.12 (bsc#915402 CVE-2015-0247) - Got specfile fix through Factory (bsc#960273) - Fix libext2fs-don-t-ignore-fsync-errors.patch in 1.43.4 (bsc#1038194) +- mke2fs-Drop-metadata_csum_seed-and-orphan_file-from-.patch: Update + mke2fs.conf to create filesystems only with features supported + by tools in SLE15-SP4/5 by default. + +- Update specfile to make sure regenerate_initrd_post macro is defined + +- Update to 1.47.0: + * Add support for the orphan_file feature, which speeds up workloads + that are deleting or truncating a large number files in parallel. + This compat feature was first supported in the v5.15 Linux kernel. + * The mke2fs program (via the mke2fs.conf file) now enables the + metadata_csum_seed and orphan_file features by default. + The metadata_csum_seed feature is an incompat feature which is + first supported in the Linux kernel starting in the 4.4 kernel. + * Mke2fs now supports the extended option "assume_storage_prezeroed" + which causes mke2fs to skip zeroing the journal and inode tables + and to mark the inode tables as zeroed. + * Add support to tune2fs and e2label to set the label and UUID for + a mounted file system using a ioctl, which is more reliable than + modifying the superblock via writing to the block device. + The kernel support for setting the label landed in v5.17, while + the support for adding the UUID landed in v6.0. If the ioctls + are not supported, tune2fs and e2label will fall back old + strategy of directly modifying the superblock. + * Allow tune2fs to disable the casefold feature after scanning all + of the directories do not have the Casefold flag set. + +- Replace transitional %usrmerged macro with regular version check (boo#1206798) + +- Refresh e2fsprogs.keyring based on currently provided keys. + +- Spec file cleanup: + + Drop remainders regarding -mini packages, which was not a thing + since Jan 2014. + + Split build of fuse2fs out into a sep build (_multibuild + enabled). + +- enabled fuse2fs build which enable to mount ext2/3/4 via FUSE + +- avoid empty preuninstall script + +- Update to 1.46.5: + * better handling for resizing to fs sizes which would exceed inode limits + * fix crash in e2fsck fastcommit handling + * fix possibly lost quota limits when e2fsck corrects quota files + * fix tune2fs to properly transfer quota limits when convertion quota files + * add support for handling of version 0 quota files in tune2fs + * teach libss to use libreadline.so.8 + * optimize resize2fs cpu usage for large filesystems + * teach libuuid to use getrandom() or getentropy() if available +- libss-add-newer-libreadline.so.8-to-dlopen-path.patch: Remove, merged upstream +- quota-Add-support-to-version-0-quota-format.patch: Remove, merged upstream +- quota-Fold-quota_read_all_dquots-into-quota_update_l.patch: Remove, merged upstream +- quota-Rename-quota_update_limits-to-quota_read_all_d.patch: Remove, merged upstream +- tune2fs-Fix-conversion-of-quota-files.patch: Remove, merged upstream +- e2fsck-Do-not-trash-user-limits-when-processing-orph.patch: Remove, merged upstream +- debugfs-Fix-headers-for-quota-commands.patch: Remove, merged upstream +- quota-Drop-dead-code.patch: Remove, merged upstream + +- Drop ProtectClock hardening, can cause issues if other device acceess is needed glibc -- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to - page size (bsc#1215891, BZ #28676) +- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) -- gai-merge-continue-actions.patch: Simplify allocations and fix merge and - continue actions (CVE-2023-4813, bsc#1215286, BZ #28931) +- dtors-reverse-ctor-order.patch: Remove, has been reverted -- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) +- Avoid use of SSE in i586 build -- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache - invalidation if epoll is used (bsc#1212910, BZ #29415) +- Add systemd also to gshadow lookups (jsc#PED-5188) +- For SLE continue to use nsswitch.conf without systemd -- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses - in files database (bsc#1212819, BZ #25457) +- setxid-propagate-glibc-tunables.patch: Propagate GLIBC_TUNABLES in + setxid binaries +- tunables-string-parsing.patch: tunables: Terminate if end of input is + reached (CVE-2023-4911, bsc#1215501) + +- fstat-implementation.patch: io: Do not implement fstat with fstatat + +- getaddrinfo-memory-leak.patch: Fix leak in getaddrinfo introduced by the + fix for CVE-2023-4806 (CVE-2023-5156, bsc#1215714, BZ #30884) + +- getcanonname-use-after-free.patch: getaddrinfo: Fix use after free in + getcanonname (CVE-2023-4806, bsc#1215281, BZ #30843) +- Do not build any cross packages in SLES + +- no-aaaa-read-overflow.patch: Stack read overflow with large TCP + responses in no-aaaa mode (CVE-2023-4527, bsc#1215280, BZ #30842) + +- Add systemd to passwd, group and shadow lookups (jsc#PED-5188) + +- ppc64-flock-fob64.patch: io: Fix record locking contants for powerpc64 + with __USE_FILE_OFFSET64 (BZ #30804) +- libio-io-vtables.patch: libio: Fix oversized __io_vtables +- call-init-proxy-objects.patch: elf: Do not run constructors for proxy + objects +- dtors-reverse-ctor-order.patch: elf: Always call destructors in reverse + constructor order (BZ #30785) + +- intl-c-utf-8-like-c-locale.patch: intl: Treat C.UTF-8 locale like C + locale (BZ #16621) +- glibc-disable-gettext-for-c-utf8.patch: Removed + +- Add cross-ppc64le package + +- posix-memalign-fragmentation.patch: malloc: Enable merging of remainders + in memalign, remove bin scanning from memalign (BZ #30723) +- Limit build counter sync to i686 flavor, to reduce needs for rebuilds + +- Add cross-s390x package (bsc#1214460) + +- Require that elf/check-localplt does not fail +- glibc-2.3.90-langpackdir.diff: add hidden alias for __strcpy_chk +- cache-amd-legacy.patch: x86: Fix for cache computation on AMD legacy + cpus +- cache-intel-shared.patch: x86: Fix incorrect scope of setting + `shared_per_thread` (BZ# 30745) + +- Update to glibc 2.38 + * When C2X features are enabled and the base argument is 0 or 2, the + following functions support binary integers prefixed by 0b or 0B as + input + * PRIb*, PRIB* and SCNb* macros from C2X have been added to + . + * printf-family functions now support the wN format length modifiers for + arguments of type intN_t, int_leastN_t, uintN_t or uint_leastN_t + and the wfN format + length modifiers for arguments of type int_fastN_t or uint_fastN_t, as + specified in draft ISO C2X + * A new tunable, glibc.pthread.stack_hugetlb, can be used to disable + Transparent Huge Pages (THP) in stack allocation at pthread_create + * Vector math library libmvec support has been added to AArch64 + * The strlcpy and strlcat functions have been added + * CVE-2023-25139: When the printf family of functions is called with a + format specifier that uses an (enable grouping) and a + minimum width specifier, the resulting output could be larger than + reasonably expected by a caller that computed a tight bound on the + buffer size +- Enable build with _FORTIFY_SOURCE +- glibc-2.3.90-langpackdir.diff: avoid reference to __strcpy_chk +- iconv-error-verbosity.patch: iconv: restore verbosity with unrecognized + encoding names (BZ #30694) +- printf-grouping.patch, strftime-time64.patch, + getlogin-no-loginuid.patch, fix-locking-in-_IO_cleanup.patch, + gshadow-erange-rhandling.patch, system-sigchld-block.patch, + gmon-buffer-alloc.patch, check-pf-cancel-handler.patch, + powerpc64-fcntl-lock.patch, realloc-limit-chunk-reuse.patch, + dl-find-object-return.patch; Removed +- bsc#1211828 +- bsc#1212819 + +- gshadow-erange-rhandling.patch: gshadow: Matching sgetsgent, sgetsgent_r + ERANGE handling (BZ #30151) +- system-sigchld-block.patch: posix: Fix system blocks SIGCHLD erroneously + (BZ #30163) +- gmon-buffer-alloc.patch: gmon: Fix allocated buffer overflow + (CVE-2023-0687, bsc#1207975, BZ #29444) +- check-pf-cancel-handler.patch: __check_pf: Add a cancellation cleanup + handler (BZ #20975) +- powerpc64-fcntl-lock.patch: io: Fix F_GETLK, F_SETLK, and F_SETLKW for + powerpc64 +- realloc-limit-chunk-reuse.patch: realloc: Limit chunk reuse to only + growing requests (BZ #30579) +- dl-find-object-return.patch: elf: _dl_find_object may return 1 during + early startup (BZ #30515) -- remove-excessive-p-align-check.patch: elf: Remove excessive p_align - check on PT_LOAD segments (bsc#1211829, BZ #28688) -- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829, - BZ #28676) -- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the - first segment (BZ #30452) +- Need to build with GCC 12 as minimum -- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure - (bsc#1211828, BZ #30527) +- fix-locking-in-_IO_cleanup.patch: Update to final version -- ulp-prologue-into-asm-functions.patch: Add support for livepatches - in ASM written functions (bsc#1211726) +- ulp-prologue-into-asm-functions.patch: Add support for livepatches in + ASM written functions (bsc#1210777, bsc#1211726) -- amd-cacheinfo.patch: x86: Cache computation for AMD architecture - (bsc#1207957) - -- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow - (CVE-2023-0687, bsc#1207975, BZ #29444) - -- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition - check (bsc#1208358, BZ #25933) - -- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work - (bsc#1207571, BZ #16272) -- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors - with recent GCC - -- x86-shared-non-temporal-threshold.patch: Reversing calculation of - __x86_shared_non_temporal_threshold (bsc#1201942) +- Update to glibc 2.37 + * The getent tool now supports the --no-addrconfig option + * The dynamic linker no longer loads shared objects from the "tls" + subdirectories on the library search path or the subdirectory that + corresponds to the AT_PLATFORM system name, or employs the legacy AT_HWCAP + search mechanism, which was deprecated in version 2.33 +- printf-grouping.patch: Account for grouping in printf width (BZ #30068) +- strftime-time64.patch: Use 64-bit time_t interfaces in strftime and + strptime (BZ #30053) +- glibcextract-compile-c-snippet.patch, sys-mount-kernel-definition.patch, + sys-mount-usage.patch, nscd-netlink-cache-invalidation.patch, + syslog-large-messages.patch, dlmopen-libc-early-init.patch, + ldd-vdso-dependency.patch, syslog-extra-whitespace.patch, + errlist-edeadlock.patch, makeflags.patch, get-nscd-addresses.patch, + x86-64-avx2-string-functions.patch, nscd-aicache.patch, + dl-debug-bindings.patch, floatn.patch: Removed +- bsc#1207957 +- bsc#1208358 +- bsc#1212910 + +- Remove reference to obsolete %usrmerged macro (boo#1206798) + +- floatn.patch: Update _FloatN header support for C++ in GCC 13 + +- nscd: Convert to systemd-sysusers + +- dl-debug-bindings.patch: elf: Reinstate on DL_DEBUG_BINDINGS + _dl_lookup_symbol_x (bsc#1204710) + +- get-nscd-addresses.patch: get_nscd_addresses: Fix subscript typos (BZ + [#29605]) +- x86-64-avx2-string-functions.patch: check for required cpu features in + AVX2 string functions (BZ #29611) +- nscd-aicache.patch: nscd: Drop local address tuple variable (BZ #29607) + +- makeflags.patch: Makerules: fix MAKEFLAGS assignment for upcoming + make-4.4 (BZ# 29564) + +- errlist-edeadlock.patch: errlist: add missing entry for EDEADLOCK (BZ + [#29545]) + +- syslog-large-messages.patch: syslog: Fix large messages (CVE-2022-39046, + bsc#1203011, BZ #29536) +- dlmopen-libc-early-init.patch: elf: Call __libc_early_init for reused + namespaces (BZ #29528) +- ldd-vdso-dependency.patch: elf: Restore how vDSO dependency is printed + with LD_TRACE_LOADED_OBJECTS (BZ #29539) +- syslog-extra-whitespace.patch: syslog: Remove extra whitespace between + timestamp and message (BZ #29544) -- memcmp-power10.patch: powerpc: Optimized memcmp for power10 - (jsc#PED-987) - -- disable-check-consistency.patch: i386: Disable check_consistency for GCC - 5 and above (bsc#1201640, BZ #25788) +- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache + invalidation if epoll is used (boo#1199964, BZ #29415) -- static-tls-surplus.patch: Remove tunables (bsc#1201560) +- glibcextract-compile-c-snippet.patch: glibcextract.py: Add + compile_c_snippet +- sys-mount-kernel-definition.patch: linux: Mimic kernel definition for + BLOCK_SIZE +- sys-mount-usage.patch: linux: Fix sys/mount.h usage with kernel headers + +- Update to glibc 2.36 + Major new features: + * Support for DT_RELR relative relocation format has been added to + glibc + * On Linux, the pidfd_open, pidfd_getfd, and pidfd_send_signal functions + have been added + * On Linux, the process_madvise function has been added + * On Linux, the process_mrelease function has been added + * The “no-aaaa” DNS stub resolver option has been added + * On Linux, the fsopen, fsmount, move_mount, fsconfig, fspick, open_tree, + and mount_setattr have been added + * localedef now accepts locale definition files encoded in UTF-8 + * Support for the mbrtoc8 and c8rtomb multibyte/UTF-8 character conversion + functions has been added per the ISO C2X N2653 and C++20 P0482R6 proposals + * The functions arc4random, arc4random_buf, and arc4random_uniform have been + added + Deprecated and removed features, and other changes affecting compatibility: + * Support for prelink will be removed in the next release + * The Linux kernel version check has been removed along with the + LD_ASSUME_KERNEL environment variable + * On Linux, The LD_LIBRARY_VERSION environment variable has been removed +- get-nprocs-sched-uninit-read.patch, get-nprocs-inaccurate.patch, + strcmp-rtm-fallback.path, pt-load-invalid-hole.patch, + localedef-ld-monetary.patch, nptl-spurious-eintr.patch, + strncpy-power9-vsx.patch, nptl-cleanup-async-restore.patch, + read-chk-cancel.patch, wcrtomb-fortify.patch, + nptl-cleanup-async-restore-2.patch: Removed +- CVE-2023-4813, bsc#1215286 +- bsc#1198751 +- bsc#1200334 + +- nptl-cleanup-async-restore-2.patch: nptl: Fix + ___pthread_unregister_cancel_restore asynchronous restore (bsc#1200093, + BZ #29214) + +- read-chk-cancel.patch: debug: make __read_chk a cancellation point + (bsc#1200682, BZ #29274) +- wcrtomb-fortify.patch: wcrtomb: Make behavior POSIX compliant + (bsc#1200688) -- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for - optimizations (bsc#1200855, BZ #25051) +- Set SUSE_ZNOW=0 - __strncpy_power9 (bsc#1200334, BZ #29197) + __strncpy_power9 (BZ #29197) +- nptl-cleanup-async-restore.patch: nptl: Fix __libc_cleanup_pop_restore + asynchronous restore (bsc#1200093, BZ #29214) + +- nptl-spurious-eintr.patch: nptl: Handle spurious EINTR when thread + cancellation is disabled (BZ #29029) + +- Follow the distro default gcc version to build the cross + bootstrap packages. + +- switched to https urls + +- get-nprocs-sched-uninit-read.patch: linux: __get_nprocs_sched: do not + feed CPU_COUNT_S with garbage (BZ #28850) +- get-nprocs-inaccurate.patch: linux: fix accuracy of get_nprocs and + get_nprocs_conf (BZ #28865) +- strcmp-rtm-fallback.path: x86: Fallback {str|wcs}cmp RTM in the ncmp + overflow case (BZ #28896) +- pt-load-invalid-hole.patch: elf: Check invalid hole in PT_LOAD segments + (BZ #28838) +- localedef-ld-monetary.patch: localedef: Update LC_MONETARY handling (BZ + [#28845]) + +- Update to glibc 2.35 + Major new features: + * Unicode 14.0.0 Support + * Bump r_version in the debugger interface to 2 + * Support for the C.UTF-8 locale has been added to glibc + * functions that round their results to a narrower type, and + corresponding macros, are added from TS 18661-1:2014, TS + 18661-3:2015 and draft ISO C2X + * functions for floating-point maximum and minimum, + corresponding to new operations in IEEE 754-2019, and corresponding + macros, are added from draft ISO C2X + * macros for single-precision float constants are added as a + GNU extension + * The __STDC_IEC_60559_BFP__ and __STDC_IEC_60559_COMPLEX__ macros are + predefined as specified in TS 18661-1:2014 + * The exp10 functions in now have a corresponding type-generic + macro in + * The ISO C2X macro _PRINTF_NAN_LEN_MAX has been added to + * printf-family functions now support the %b format for output of + integers in binary, as specified in draft ISO C2X, and the %B variant + of that format recommended by draft ISO C2X + * A new DSO sorting algorithm has been added in the dynamic linker that uses + topological sorting by depth-first search (DFS), solving performance issues + of the existing sorting algorithm when encountering particular circular + object dependency cases + * A new tunable, glibc.rtld.dynamic_sort, can be used to select between + the two DSO sorting algorithms + * ABI support for a new function '__memcmpeq'. '__memcmpeq' is meant + to be used by compilers for optimizing usage of 'memcmp' when its + return value is only used for its boolean status + * Support for automatically registering threads with the Linux rseq + system call has been added + * A symbolic link to the dynamic linker is now installed under + /usr/bin/ld.so (or more precisely, '${bindir}/ld.so') + * All programs and the testsuite in glibc are now built as position independent + executables (PIE) by default on toolchains and architectures that support it + * On Linux, a new tunable, glibc.malloc.hugetlb, can be used to + either make malloc issue madvise plus MADV_HUGEPAGE on mmap and sbrk + or to use huge pages directly with mmap calls with the MAP_HUGETLB + flags) + * The printf family of functions now handles the flagged %#m conversion + specifier, printing errno as an error constant (similar to strerrorname_np) + * The function _dl_find_object has been added + * On Linux, the epoll_pwait2 function has been added + * The function posix_spawn_file_actions_addtcsetpgrp_np has been added, + enabling posix_spawn and posix_spawnp to set the controlling terminal in + the new process in a race free manner + * Source fortification (_FORTIFY_SOURCE) level 3 is now available for + applications compiling with glibc and gcc 12 and later + Deprecated and removed features, and other changes affecting compatibility: + * On x86-64, the LD_PREFER_MAP_32BIT_EXEC environment variable support + has been removed since the first PT_LOAD segment is no longer executable + due to defaulting to -z separate-code + * The r_version update in the debugger interface makes the glibc binary + incompatible with GDB + * Intel MPX support (lazy PLT, ld.so profile, and LD_AUDIT) has been removed + * The catchsegv script and associated libSegFault.so shared object have + been removed + * Support for prelink will be removed in the next release; this includes + removal of the LD_TRACE_PRELINKING, and LD_USE_LOAD_BIAS, environment + variables and their functionality in the dynamic loader + Changes to build and runtime requirements: + * The audit module interface version LAV_CURRENT is increased to enable + proper bind-now support + * The audit interface on aarch64 is extended to support both the indirect + result location register (x8) and NEON Q register + Security related changes: + * CVE-2022-23219: Passing an overlong file name to the clnt_create + legacy function could result in a stack-based buffer overflow when + using the "unix" protocol + * CVE-2022-23218: Passing an overlong file name to the svcunix_create + legacy function could result in a stack-based buffer overflow + * CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath + function could result in a memory leak and potential access of + uninitialized memory + * CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd + function may result in an off-by-one buffer underflow and overflow + when the current working directory is longer than PATH_MAX and also + corresponds to the / directory through an unprivileged mount + namespace +- copy-and-spawn-sgid-double-close.patch, + fcntl-time-bits-64-redirect.patch, gaiconf-init-double-free.patch, + gconv-parseconfdir-memory-leak.patch, getcwd-attribute-access.patch, + glibc-c-utf8-locale.patch, iconv-charmap-close-output.patch, + ld-show-auxv-colon.patch, ldconfig-leak-empty-paths.patch, + librt-null-pointer.patch, pthread-kill-fail-after-exit.patch, + pthread-kill-race-thread-exit.patch, pthread-kill-return-esrch.patch, + pthread-kill-send-specific-thread.patch, + pthread-mutexattr-getrobust-np-type.patch, + setxid-deadlock-blocked-signals.patch, + sysconf-nprocessors-affinity.patch, x86-string-control-test.patch: + Removed. +- bsc#1194640 +- bsc#1194768 +- bsc#1194770 +- bsc#1197718 +- bsc#1211829 +- bsc#1215891 -- selinux-deprecated.patch: Disable warnings due to deprecated libselinux - symbols used by nss and nscd (bsc#1197718) -- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP - (bsc#1197718, BZ #28771) - -- Add s390-add-z16-name.diff for bsc#1198751. - -- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1 - (CVE-2021-3999, bsc#1194640, BZ #28769) - -- 0001-powerpc-Optimized-strcpy-for-POWER9.patch, - 0002-powerpc-Optimized-stpcpy-for-POWER9.patch, - 0003-powerpc-Optimized-rawmemchr-for-POWER9.patch, - 0004-powerpc64le-add-optimized-strlen-for-P9.patch, - 0005-powerpc-fix-ifunc-implementation-list-for-POWER9-str.patch, - 0006-powerpc-Add-optimized-strncpy-for-POWER9.patch, - 0007-powerpc-Add-optimized-stpncpy-for-POWER9.patch, - 0008-powerpc-Add-optimized-ilogb-for-POWER9.patch, - 0009-powerpc-Add-optimized-llogb-for-POWER9.patch, - 0010-powerpc-Add-optimized-strlen-for-POWER10.patch, - 0011-powerpc64le-Optimized-memmove-for-POWER10.patch, - 0012-powerpc64le-Optimize-memcpy-for-POWER10.patch, - 0013-powerpc64le-Optimize-memset-for-POWER10.patch, - 0014-powerpc64le-Fix-ifunc-selection-for-memset-memmove-b.patch, - 0015-powerpc-Add-optimized-rawmemchr-for-POWER10.patch: ppc64le ifunc - improvements (bsc#1194785, jsc#SLE-18195) - -- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create - for "unix" (CVE-2022-23219, bsc#1194768, BZ #22542) -- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create - (CVE-2022-23218, bsc#1194770, BZ #28768) +- Enable building the cross packages in rings. +- Add ExtraBuildFlags for build flags that cannot be passed to configure. -- Enable livepatching on x86_64. -- 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch, - 0002-S390-Optimize-__memcpy_z196.patch, - 0003-S390-Optimize-__memset_z196.patch, - 0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch, - 0005-S390-Add-new-hwcap-values.patch, - 0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 - - GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) +- glibc.rpmlintrc: Update for rpmlint2 -- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify - (CVE-2021-33574, bsc#1186489, BZ #27896) +- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output + (BZ #282539 +- x86-string-control-test.patch: x86-64: Use testl to check + __x86_string_control +- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel + should not fail after exit (BZ #19193) +- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill + and thread exit (BZ #12889) +- getcwd-attribute-access.patch: posix: Fix attribute access mode on + getcwd (BZ #27476) +- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return + ESRCH for old programs (BZ #19193) +- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of + pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ + [#28036]) +- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with + blocked signals in thread exit (BZ #28361) +- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send + signals to a specific thread (BZ #28407) +- sysconf-nprocessors-affinity.patch: linux: Revert the use of + sched_getaffinity on get_nproc (BZ #28310) +- iconv-charmap-close-output.patch: renamed from + icon-charmap-close-output.patch + +- Don't create separate debuginfo packages for cross packages + +- ldconfig-leak-empty-paths.patch: ldconfig: avoid leak on empty paths in + config file +- gconv-parseconfdir-memory-leak.patch: gconv_parseconfdir: Fix memory leak +- gaiconf-init-double-free.patch: gaiconf_init: Avoid double-free in label + and precedence lists +- copy-and-spawn-sgid-double-close.patch: copy_and_spawn_sgid: Avoid + double calls to close() +- icon-charmap-close-output.patch: iconv_charmap: Close output file when + done +- fcntl-time-bits-64-redirect.patch: Linux: Fix fcntl, ioctl, prctl + redirects for _TIME_BITS=64 (BZ #28182) +- librt-null-pointer.patch: librt: fix NULL pointer dereference (BZ + [#28213]) + +- Add cross development packages for aarch64 and riscv64. + +- Update to glibc 2.34 + Major new features: + * When _DYNAMIC_STACK_SIZE_SOURCE or _GNU_SOURCE are defined, + PTHREAD_STACK_MIN is no longer constant and is redefined to + sysconf(_SC_THREAD_STACK_MIN) + * Add _SC_MINSIGSTKSZ and _SC_SIGSTKSZ + * The dynamic linker implements the --list-diagnostics option, printing + a dump of information related to IFUNC resolver operation and + glibc-hwcaps subdirectory selection + * On Linux, the function execveat has been added + * The ISO C2X function timespec_getres has been added + * The feature test macro __STDC_WANT_IEC_60559_EXT__, from draft ISO + C2X, is supported to enable declarations of functions defined in Annex F + of C2X + * Add support for 64-bit time_t on configurations like x86 where time_t + is traditionally 32-bit + * The main gconv-modules file in glibc now contains only a small set of + essential converter modules and the rest have been moved into a supplementary + configuration file gconv-modules-extra.conf in the gconv-modules.d directory + in the same GCONV_PATH + * On Linux, a new tunable, glibc.pthread.stack_cache_size, can be used + to configure the size of the thread stack cache + * The function _Fork has been added as an async-signal-safe fork replacement + since Austin Group issue 62 droped the async-signal-safe requirement for + fork (and it will be included in the future POSIX standard) + * On Linux, the close_range function has been added + * The function closefrom has been added + * The posix_spawn_file_actions_closefrom_np function has been added, enabling + posix_spawn and posix_spawnp to close all file descriptors great than or + equal to a giver integer + Deprecated and removed features, and other changes affecting compatibility: + * The function pthread_mutex_consistent_np has been deprecated + * The function pthread_mutexattr_getrobust_np has been deprecated + * The function pthread_mutexattr_setrobust_np has been deprecated + * The function pthread_yield has been deprecated + * The function inet_neta declared in has been deprecated + * Various rarely-used functions declared in and + have been deprecated + * The pthread cancellation handler is now installed with SA_RESTART and + pthread_cancel will always send the internal SIGCANCEL on a cancellation + request + * The symbols mallwatch and tr_break are now deprecated and no longer used in + mtrace + * The __morecore and __after_morecore_hook malloc hooks and the default + implementation __default_morecore have been removed from the API + * Debugging features in malloc such as the MALLOC_CHECK_ environment variable + (or the glibc.malloc.check tunable), mtrace() and mcheck() have now been + disabled by default in the main C library + * The deprecated functions malloc_get_state and malloc_set_state have been + moved from the core C library into libc_malloc_debug.so + * The deprecated memory allocation hooks __malloc_hook, __realloc_hook, + __memalign_hook and __free_hook are now removed from the API + Changes to build and runtime requirements: + * On Linux, the shm_open, sem_open, and related functions now expect the + file shared memory file system to be mounted at /dev/shm + Security related changes: + CVE-2021-27645: The nameserver caching daemon (nscd), when processing + a request for netgroup lookup, may crash due to a double-free, + potentially resulting in degraded service or Denial of Service on the + local system + CVE-2021-33574: The mq_notify function has a potential use-after-free + issue when using a notification type of SIGEV_THREAD and a thread + attribute with a non-default affinity mask + CVE-2021-35942: The wordexp function may overflow the positional + parameter number when processing the expansion resulting in a crash +- nss-database-check-reload.patch, nss-load-chroot.patch, + x86-isa-level.patch, nscd-netgroupcache.patch, + nss-database-lookup.patch, select-modify-timeout.patch, + nptl-db-libpthread-load-order.patch, rawmemchr-warning.patch, + tst-cpu-features-amx.patch, mq-notify-use-after-free.patch: Removed +- bsc#1181403 +- bsc#1184035 +- bsc#1187911 +- jsc#PED-987 -- wordexp-param-overflow.patch: wordexp: handle overflow in positional - parameter number (CVE-2021-35942, bsc#1187911, BZ #28011) +- Enable usrmerge in Factory always as it's default there +- Add conflict with pre-usrmerge filesystem package -- s390-memmove-ifunc-selector-arch13.patch: S390: Also check vector - support in memmove ifunc-selector (bsc#1184035, BZ #27511) +- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify + (CVE-2021-33574, bsc#1186489, BZ #27896) +- Drop glibc-usrmerge-bootstrap-helper package -- Update glibc-2.31-HTM-vzeroupper.diff with a AVX-SSE transition - fix. +- tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX + check -- Add glibc-2.31-HTM-vzeroupper.diff to avoid VZEROUPPER in the - AVX2 accelerated string routines which cause HTM transaction - aborts. Instead use EVEX or SSE. (bsc#1181403) +- rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr +- nptl-db-libpthread-load-order.patch: nptl_db: Support different + libpthread/ld.so load orders (bsc#1184214, BZ #27744) + +- Enable support for static PIE (bsc#1184646) +- select-modify-timeout.patch: linux: always update select timeout + (bsc#1184339, BZ #27706) + +- Don't remove -f[asynchronous-]unwind-tables during configure run, no + longer needed + +- nss-database-check-reload.patch: nsswitch: return result when nss + database is locked (BZ #27343) +- nss-load-chroot.patch: nss: Re-enable NSS module loading after chroot + (bsc#1182323, BZ #27389) +- x86-isa-level.patch: x86: Set minimum x86-64 level marker (bsc#1182522, + BZ #27318) +- nss-database-lookup.patch: nss: fix nss_database_lookup2's alternate + handling (bsc#1182247, BZ #27416) +- nss-revert-api.patch: remove -- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in - ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) +- Disable x86 ISA level for now (bsc#1182522, BZ #27318) +- nss-revert-api.patch: Workaround for nss-compat brokeness (bsc#1182247, + BZ #27416) + +- Fix build of utils flavor for usrmerge + +- Prepare for usrmerge (bsc#1029961) + +- Add --enable-memory-tagging for aarch64 + +- Update to glibc 2.33 + * The dynamic linker accepts the --list-tunables argument which prints + all the supported tunables. + * The dynamic linker accepts the --argv0 argument and provides opportunity + to change argv[0] string. + * The dynamic linker loads optimized implementations of shared objects + from subdirectories under the glibc-hwcaps directory on the library + search path if the system's capabilities meet the requirements for + that subdirectory. + * The new --help option of the dynamic linker provides usage and + information and library search path diagnostics. + * The mallinfo2 function is added to report statistics as per mallinfo, + but with larger field widths to accurately report values that are + larger than fit in an integer. + * Add to provide query macros for x86 CPU features. + * A new fortification level _FORTIFY_SOURCE=3 is available. + * The mallinfo function is marked deprecated. + * When dlopen is used in statically linked programs, alternative library + implementations from HWCAP subdirectories are no longer loaded. + * The deprecated header and the function vtimes have been + removed. + * On s390(x), the type float_t is now derived from the macro + __FLT_EVAL_METHOD__ that is defined by the compiler, instead of being + hardcoded to double. + * A future version of glibc will stop loading shared objects from the + "tls" subdirectories on the library search path, the subdirectory that + corresponds to the AT_PLATFORM system name, and also stop employing + the legacy AT_HWCAP search mechanism. + * CVE-2021-3326: An assertion failure during conversion from the + ISO-20220-JP-3 character set using the iconv function has been fixed. +- Remove obsolete, unused /etc/default/nss +- aarch64-static-pie.patch, euc-kr-overrun.patch, + get-nprocs-cpu-online-parsing.patch, iconv-redundant-shift.patch, + iconv-ucs4-loop-bounds.patch, ifunc-fma4.patch, + intl-codeset-suffixes.patch, nscd-gc-cycle.patch, + printf-long-double-non-normal.patch, strerrorname-np.patch, + syslog-locking.patch, sysvipc.patch: Removed +- bsc#1180557 +- bsc#1181505 +- bsc#1191592 +- bsc#1201942 -- sysvipc-sem-stat-any.patch: sysvipc: Fix SEM_STAT_ANY kernel argument - pass (bsc#1180557, BZ #26637) +- Remove support for %optimize_power +- Move to power4 baseline on ppc -- aarch64-getauxval.patch: aarch64: Accept PLT calls to __getauxval within - libc.so (bsc#1167939) +- aarch64-static-pie.patch: fix static PIE start code for BTI + (bsc#1179450, BZ #27068) -- power10-support.patch: Add support for POWER10 (jsc#SLE-13520) -- iconv-option-parsing.patch: Rewrite iconv option parsing - (CVE-2016-10228, bsc#1027496, BZ #19519) - -- Update to glibc 2.31 -- glibc-2.14-crypt.diff, crypt_blowfish-const.patch, - crypt_blowfish-1.2-sha.diff, crypt_blowfish-gensalt.patch, - crypt_blowfish-1.2-hack_around_arm.diff, glibc-nodate.patch, - powerpc-elision-enable-envvar.patch, s390-elision-enable-envvar.patch, - crt-nocompress-debug-sections.patch, resolv-context-leak.patch, - dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch, - math-c++-compat.patch, remove-nss-nis-compat.patch, - eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch, - assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch, - dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch, - nscd-libnsl.patch, malloc-tcache-leak.patch, - falkor-memcpy-memmove.patch, aarch64-cpu-features.patch, - nss-files-large-buffers.patch, sysconf-uio-maxiov.patch, - glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch, - spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch, - tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch, - malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch, - fillin-rpath-empty-tokens.patch, getcwd-absolute.patch, - memalign-overflow.patch, stack-guard-size-accounting.patch, - libgcc-rtld-now.patch, res-send-enomem.patch, - glibc-fix-avx512-mempcpy.patch, i386-memmove-sse2-unaligned.patch, - realpath-ssize-max-overflow.patch, localtime-2039.patch, - math-remove-slow-path.patch, aarch64-hwcap-atomics.patch, - glibc-fix-aarch64-build.diff, absolute-symbols.patch, - x86-haswell-string-flags.patch, - pthread-cond-broadcast-waiters-after-spinning.patch, - mman-map-sync.patch, mman-linux-map-shared-validate.patch, - nptl-setxid-error.patch, pthread-mutex-trylock-barrier.patch, - getaddrinfo-parse-ipv4-address.patch, japanese-era-name-may-2019.patch, - force-elision-race.patch, regex-read-overrun.patch, - regex-parse-reg-exp.patch, - 0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch, - 0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch, - 0003-S390-Unify-31-64bit-memcpy.patch, - 0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch, - 0005-S390-Remove-s390-specific-implementation-of-bcopy.patch, - 0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch, - 0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch, - 0008-S390-Add-z13-memmove-ifunc-variant.patch, - 0009-S390-Add-z13-strstr-ifunc-variant.patch, - 0010-S390-Add-z13-memmem-ifunc-variant.patch, - 0011-S390-Cleanup-ifunc-resolve.h.patch, - 0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch, - 0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch, - 0014-S390-Add-configure-check-to-detect-support-for-arch1.patch, - 0015-S390-Add-arch13-memmove-ifunc-variant.patch, - 0016-S390-Add-arch13-strstr-ifunc-variant.patch, - 0017-S390-Add-arch13-memmem-ifunc-variant.patch, - prefer-map-32bit-exec.patch, s390-strstr-page-boundary.patch, - ppc-tle-htm-nosc.patch, - posix-Add-internal-symbols-for-posix_spawn-interface.patch, - glibc-2.29-posix-Use-posix_spawn-on-popen.patch, - backtrace-powerpc.patch, pthread-rwlock-pwn.patch, - manual-memory-protection.patch, ldbl-96-rem-pio2l.patch, - dl-sort-maps.patch, dlopen-filter-object.patch, - glob-use-after-free.patch, nptl-setxid-race.patch, nscd-senfile.patch, - ldd-system-interp.patch, abort-no-flush.patch, - fnmatch-collating-elements.patch, nss-files-long-lines-2.patch, - iconv-reset-input-buffer.patch, nscd-prune.patch, syslog-locking.patch: - Removed. -- long-double-alias.patch, glibc-nsswitch-usr.diff, euc-kr-overrun.patch, - riscv-syscall-clobber.patch, nscd-gc-cycle.patch: Added. +- intl-codeset-suffixes.patch: intl: Handle translation output codesets + with suffixes (BZ #26383) +- strerrorname-np.patch: string: Fix strerrorname_np return value (BZ + [#26555]) +- sysvipc.patch: sysvipc: Fix SEM_STAT_ANY kernel argument pass (BZ + [#26637], BZ #26639, BZ #26636) + +- Use --enable-cet on x86_64 to instrument glibc for indirect branch + tracking and shadow stack use. Enable indirect branch tracking + and shadow stack in the dynamic loader (jsc#PM-2110, bsc#1175154) -- nscd-senfile.patch: Fix concurrent changes on nscd aware files - (bsc#1171878, BZ #23178) -- nscd-prune.patch: nscd: bump GC cycle during cache pruning (bsc#1171878, - BZ #26130) +- Keep nsswitch.conf in /etc for SLES15 +- ifunc-fma4.patch: x86-64: Fix FMA4 detection in ifunc (BZ #26534) -- nptl-setxid-race.patch: nptl: wait for pending setxid request also in - detached thread (bsc#1162930, BZ #25942) +- Update to glibc 2.32 + * Unicode 13.0.0 Support + * New locale added: ckb_IQ + * The GNU C Library now loads audit modules listed in the DT_AUDIT and + DT_DEPAUDIT dynamic section entries of the main executable + * powerpc64le supports IEEE128 long double libm/libc redirects when + using the -mabi=ieeelongdouble to compile C code on supported GCC + toolchains + * To help detect buffer overflows and other out-of-bounds accesses + several APIs have been annotated with GCC 'access' attribute + * On Linux, functions the pthread_attr_setsigmask_np and + pthread_attr_getsigmask_np have been added + * The GNU C Library now provides the header file + which declares the variable __libc_single_threaded + * The functions sigabbrev_np and sigdescr_np have been added + * The functions strerrorname_np and strerrordesc_np have been added + * AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + - -enable-standard-branch-protection (or if -mbranch-protection=standard + flag is passed when building both GCC target libraries and glibc, + in either case a custom GCC is needed) + * The deprecated header and the sysctl function have been + removed + * The sstk function is no longer available to newly linked binaries + * The legacy signal handling functions siginterrupt, sigpause, sighold, + sigrelse, sigignore and sigset, and the sigmask macro have been + deprecated + * ldconfig now defaults to the new format for ld.so.cache + * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev + are no longer available to newly linked binaries, and their declarations + have been removed from + * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr + are no longer available to newly linked binaries, and their declarations + have been removed from from + * Both strerror and strerror_l now share the same internal buffer in the + calling thread, meaning that the returned string pointer may be invalided + or contents might be overwritten on subsequent calls in the same thread or + if the thread is terminated + * Using weak references to libpthread functions such as pthread_create + or pthread_key_create to detect the singled-threaded nature of a + program is an obsolescent feature + * The "files" NSS module no longer supports the "key" database (used for + secure RPC) + * The __morecore and __after_morecore_hook malloc hooks and the default + implementation __default_morecore have been deprecated + * The hesiod NSS module has been deprecated and will be removed in a + future version of glibc + * CVE-2016-10228: An infinite loop has been fixed in the iconv program when + invoked with the -c option and when processing invalid multi-byte input + sequences + * CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack + corruption when they were passed a pseudo-zero argument + * CVE-2020-1752: A use-after-free vulnerability in the glob function when + expanding ~user has been fixed. + * CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and + memmove functions has been fixed +- riscv-syscall-clobber.patch, ldbl-96-rem-pio2l.patch, + long-double-alias.patch: Removed +- bsc#1027496 +- bsc#1162930 +- bsc#1166106 +- bsc#1167631 +- bsc#1167939 +- bsc#1194785, jsc#SLE-18195 +- bsc#1200855 +- bsc#1201560 +- bsc#1201640 +- bsc#1207571 +- jsc#SLE-13520 + +- long-double-alias.patch: Fix build with GCC 10 when long double = double +- nscd-gc-cycle.patch: nscd: bump GC cycle during cache pruning + (bsc#1171878, BZ #26130) + +- glibc-nsswitch-usr.diff: read /usr/etc/nsswitch.conf if + /etc/nsswitch.conf does not exist +- Install default nsswitch.conf in /usr/etc +- Don't install gai.conf in /etc -- glob-use-after-free.patch: Fix use-after-free in glob when expanding - ~user (CVE-2020-1752, bsc#1167631, BZ #25414) - -- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter - object to work (bsc#1166106, BZ #16272) +- Split off %lang_package +- riscv-syscall-clobber.patch: riscv: Avoid clobbering register parameters + in syscall -- pthread-rwlock-pwn.patch: Fix rwlock stall with - PREFER_WRITER_NONRECURSIVE_NP (bsc#1164505, BZ #23861) -- manual-memory-protection.patch: manual: Document mprotect and introduce - section on memory protection (bsc#1163184) +- nsswitch.conf: comment out initgroups setting, so that it defaults to + the group setting (bsc#1164075) -- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC - (CVE-2020-1751, bsc#1158996, BZ #25423) - -- posix-Add-internal-symbols-for-posix_spawn-interface.patch, - glibc-2.29-posix-Use-posix_spawn-on-popen.patch: Use posix_spawn on - popen (bsc#1149332, BZ #22834) +- fix-locking-in-_IO_cleanup.patch: update to latest version -- ppc-tle-htm-nosc.patch: powerpc: Fix syscalls during early process - initialization (SLE-8348, BZ #22685) +- Update to glibc 2.31 + * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to + enable features from the draft ISO C2X standard + * The functions that round their results to a narrower type now + have corresponding type-generic macros in + * The function pthread_clockjoin_np has been added, enabling join with a + terminated thread with a specific clock + * New locale added: mnw_MM (Mon language spoken in Myanmar). + * The DNS stub resolver will optionally send the AD (authenticated data) bit + in queries if the trust-ad option is set via the options directive in + /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options) + * The totalorder and totalordermag functions, and the corresponding + functions for other floating-point types, now take pointer arguments to + avoid signaling NaNs possibly being converted to quiet NaNs in argument + passing + * The obsolete function stime is no longer available to newly linked + binaries, and its declaration has been removed from + * The gettimeofday function no longer reports information about a + system-wide time zone + * If a lazy binding failure happens during dlopen, during the execution of + an ELF constructor, the process is now terminated +- malloc-info-whitespace.patch, riscv-vfork.patch, + prefer-map-32bit-exec.patch, backtrace-powerpc.patch, + ldconfig-dynstr.patch: Removed. +- bsc#1157893 +- bsc#1163184 +- fate#325815, fate#325879, fate#325880, fate#325881, fate#325882 +- fate#325962 -- s390-strstr-page-boundary.patch: S390: Fix handling of needles crossing - a page in strstr z15 ifunc-variant (bsc#1157893, BZ #25226) +- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC + (CVE-2020-1751, bsc#1158996, BZ #25423) +- Drop support for pluggable gconv modules (bsc#1159851) -- GNU1815 - Hardware support in toolchain (bsc#1151582) - 0001-S390-Add-configure-check-to-detect-z10-as-mininum-ar.patch - 0002-S390-Use-hwcap-instead-of-dl_hwcap-in-ifunc-resolver.patch - 0003-S390-Unify-31-64bit-memcpy.patch - 0004-S390-Refactor-memcpy-mempcpy-ifunc-handling.patch - 0005-S390-Remove-s390-specific-implementation-of-bcopy.patch - 0006-S390-Use-memcpy-for-forward-cases-in-memmove.patch - 0007-S390-Add-configure-check-to-detect-z13-as-mininum-ar.patch - 0008-S390-Add-z13-memmove-ifunc-variant.patch - 0009-S390-Add-z13-strstr-ifunc-variant.patch - 0010-S390-Add-z13-memmem-ifunc-variant.patch - 0011-S390-Cleanup-ifunc-resolve.h.patch - 0012-S390-Mark-vx-and-vxe-as-important-hwcap.patch - 0013-S390-Add-new-hwcap-values-for-new-cpu-architecture-a.patch - 0014-S390-Add-configure-check-to-detect-support-for-arch1.patch - 0015-S390-Add-arch13-memmove-ifunc-variant.patch - 0016-S390-Add-arch13-strstr-ifunc-variant.patch - 0017-S390-Add-arch13-memmem-ifunc-variant.patch - -- regex-parse-reg-exp.patch: ERE '0|()0|\1|0' causes regexec undefined - behavior (CVE-2009-5155, bsc#1127223, BZ #18986) -- regex-read-overrun.patch: regex: fix read overrun (CVE-2019-9169, - bsc#1127308, BZ #24114) +- nsswitch.conf: add usrfiles for services, protocols, rpc, ethers + and aliases for /usr/etc move -- crt-nocompress-debug-sections.patch: Don't compress debug sections in - crt*.o files (bsc#1123710) +- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module + (CVE-2019-25013, BZ #24973) -- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig - (bsc#1117993, BZ #23973) +- ldconfig-dynstr.patch: ldconfig: handle .dynstr located in separate + segment (bsc#1153149, BZ #25087) -- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting - to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275) +- Package gconv-modules.cache as %ghost +- Regenerate it also in the %post of glibc-local-base- + +- move mo files to glibc-locale as that's where all the other + informations for those locales are. glibc-locale-base only has English + anyways. + +- riscv-vfork.patch: Fix RISC-V vfork build with Linux 5.3 kernel headers + +- Remove NoSource tags (bsc#994835) + +- pwdutils is long gone and replaced by shadow + +- Update to glibc 2.30 + * Unicode 12.1.0 Support + * The dynamic linker accepts the --preload argument to preload shared + objects + * The twalk_r function has been added + * On Linux, the getdents64, gettid, and tgkill functions have been added + * Minguo (Republic of China) calendar support has been added + * The entry for the new Japanese era has been added + * Memory allocation functions malloc, calloc, realloc, reallocarray, valloc, + pvalloc, memalign, and posix_memalign fail now with total object size + larger than PTRDIFF_MAX + * The dynamic linker no longer refuses to load objects which reference + versioned symbols whose implementation has moved to a different soname + since the object has been linked + * Add new POSIX-proposed pthread_cond_clockwait, pthread_mutex_clocklock, + pthread_rwlock_clockrdlock, pthread_rwlock_clockwrlock and sem_clockwait + functions + * On AArch64 the GNU IFUNC resolver call ABI changed + * The copy_file_range function fails with ENOSYS if the kernel does not + support the system call of the same name + * The functions clock_gettime, clock_getres, clock_settime, + clock_getcpuclockid, clock_nanosleep were removed from the librt library + for new applications (on architectures which had them) + * The obsolete and never-implemented XSI STREAMS header files + and have been removed + * Support for the "inet6" option in /etc/resolv.conf and the RES_USE_INET6 + resolver flag (deprecated in glibc 2.25) have been removed + * The obsolete RES_INSECURE1 and RES_INSECURE2 option flags for the DNS stub + resolver have been removed from + * With --enable-bind-now, installed programs are now linked with the + BIND_NOW flag. + * On 32-bit Arm, support for the port-based I/O emulation and the + header have been removed + * The Linux-specific header and the sysctl function have been + deprecated and will be removed from a future version of glibc + * CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check + size + * CVE-2019-9169: Attempted case-insensitive regular-expression match + via proceed_next_node in posix/regexec.c leads to heap-based buffer + over-read +- pthread-rwlock-trylock-stalls.patch, + arm-systemtap-probe-constraint.patch, pthread-mutex-barrier.patch, + fork-handler-lock.patch, pthread-join-probe.patch, + riscv-clone-unwind.patch, add-new-Fortran-vector-math-header-file.patch, + regex-read-overrun.patch, japanese-era-name-may-2019.patch, + dl-show-auxv.patch, s390-vx-vxe-hwcap.patch, taisho-era-string.patch, + malloc-tracing-hooks.patch, pldd-inf-loop.patch, + malloc-large-bin-corruption-check.patch, wfile-sync-crash.patch, + malloc-tests-warnings.patch, fnmatch-collating-elements.patch, + iconv-reset-input-buffer.patch: Removed +- malloc-info-whitespace.patch: Remove unwanted leading whitespace in + malloc_info (BZ #24867) +- bsc#1100396 +- bsc#1130045 + +- Move /var/lib/misc/Makefile to /usr/share/misc/Makefile.makedb (bsc#1138726) + +- malloc-tests-warnings.patch: Fix warnings in malloc tests with GCC 9 + +- Set optflags for i686 after _lto_cflags is set (boo#1138807). + +- Disable LTO due to a usage of top-level assembler that + causes LTO issues (boo#1138807). + +- nss-files-long-lines-2.patch: Remove obsolete patch + +- dl-show-auxv.patch: Fix output of LD_SHOW_AUXV=1 +- s390-vx-vxe-hwcap.patch: S390: Mark vx and vxe as important hwcap +- taisho-era-string.patch: ja_JP: Change the offset for Taisho gan-nen + from 2 to 1 (BZ #24162) +- malloc-tracing-hooks.patch: malloc: Set and reset all hooks for tracing + (BZ #16573) +- pldd-inf-loop.patch: elf: Fix pldd (BZ#18035) +- malloc-large-bin-corruption-check.patch: malloc: Check for large bin + list corruption when inserting unsorted chunk (BZ #24216) +- wfile-sync-crash.patch: Fix crash in _IO_wfile_sync (BZ #20568) - Japanese era (bsc#1100396, BZ #22964) + Japanese era (BZ #22964) +- Replace glibc_post_upgrade with lua script -- pthread-mutex-trylock-barrier.patch: pthread_mutex_trylock does not use - the correct order of instructions while maintaining the robust mutex - list due to missing compiler barriers (bsc#1130045, BZ #24180) -- getaddrinfo-parse-ipv4-address.patch: getaddrinfo: Fully parse IPv4 - address strings (CVE-2016-10739, bsc#1122729, BZ #20018) - -- mman-map-sync.patch: Add MAP_SYNC from Linux 4.15 (bsc#1126590) -- mman-linux-map-shared-validate.patch: Add MAP_SHARED_VALIDATE from Linux - 4.15 (bsc#1126590) -- nptl-setxid-error.patch: nptl: Preserve error in setxid thread broadcast - in coredumps (bsc#1063675, BZ #22153) +- add-new-Fortran-vector-math-header-file.patch: Update from upstream -- x86-haswell-string-flags.patch: Fix Haswell CPU string flags - (bsc#1114984, BZ #23709) -- pthread-cond-broadcast-waiters-after-spinning.patch: Fix - waiters-after-spinning case (bsc#1114993, BZ #23538) +- regex-read-overrun.patch: fix read overrun (CVE-2019-9169, bsc#1127308, + BZ #24114) +- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig + (bsc#1117993, BZ #23973) + +- Add add-new-Fortran-vector-math-header-file.patch. -- absolute-symbols.patch: Don't relocate absolute symbols (bsc#1112570, BZ - [#19818]) +- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock + stalls (BZ #23844) +- arm-systemtap-probe-constraint.patch: arm: Use "nr" constraint for + Systemtap probes (BZ #24164) +- pthread-mutex-barrier.patch: Add compiler barriers around modifications + of the robust mutex list for pthread_mutex_trylock (BZ #24180) +- fork-handler-lock.patch: nptl: Avoid fork handler lock for + async-signal-safe fork (BZ #24161) +- pthread-join-probe.patch: nptl: Fix invalid Systemtap probe in + pthread_join (BZ #24211) +- riscv-clone-unwind.patch: RISC-V: Fix elfutils testsuite unwind failures + (BZ #24040) + +- Update to glibc 2.29 + * The getcpu wrapper function has been added, which returns the currently + used CPU and NUMA node + * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and tanf + * The reallocarray function is now declared under _DEFAULT_SOURCE, not just + for _GNU_SOURCE, to match BSD environments + * For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel + indicates that it will abort the transaction prior to entering the kernel + (PPC_FEATURE2_HTM_NOSC on hwcap2) + * The functions posix_spawn_file_actions_addchdir_np and + posix_spawn_file_actions_addfchdir_np have been added, enabling + posix_spawn and posix_spawnp to run the new process in a different + directory + * The popen and system do not run atfork handlers anymore (BZ#17490) + * strftime's default formatting of a locale's alternative year (%Ey) + has been changed to zero-pad the year to a minimum of two digits, + like "%y" + * As a GNU extension, the '_' and '-' flags can now be applied to + "%EY" to control how the year number is formatted + * The glibc.tune tunable namespace has been renamed to glibc.cpu and the + tunable glibc.tune.cpu has been renamed to glibc.cpu.name + * The type of the pr_uid and pr_gid members of struct elf_prpsinfo, defined + in , has been corrected to match the type actually used by + the Linux kernel + * An archaic GNU extension to scanf, under which '%as', '%aS', and '%a[...]' + meant to scan a string and allocate space for it with malloc, is now + restricted to programs compiled in C89 or C++98 mode with _GNU_SOURCE + defined +- unwind-ctor.patch, old-getdents64.patch, nss-files-leak.patch, + riscv-feholdexcept-setround.patch, + pthread-cond-broadcast-waiters-after-spinning.patch, + regex-uninit-memory-access.patch, spawni-maybe-script-execute.patch, + gethostid-gethostbyname-failure.patch, strstr-huge-needle.patch, + pthread-mutex-lock-elision-race.patch, x86-haswell-string-flags.patch, + if-nametoindex-descr-leak.patch, riscv-flush-icache.patch: Removed +- CVE-2016-10739 +- bsc#1114984 +- bsc#1114993 +- bsc#1122729 +- bsc#1131330 +- bsc#1149332 +- bsc#1151582 +- bsc#1164505 + +- fnmatch-collating-elements.patch: update +- riscv-flush-icache.patch: fix for compiling against 4.20 headers + +- if-nametoindex-descr-leak.patch: if_nametoindex: Fix descriptor leak for + overlong name (CVE-2018-19591, BZ #23927, bsc#1117603) + +- Fix typography for glibc-locale-base. + +- pthread-mutex-lock-elision-race.patch: Fix race in pthread_mutex_lock + while promoting to PTHREAD_MUTEX_ELISION_NP (BZ #23275) +- x86-haswell-string-flags.patch: x86: Fix Haswell CPU string flags (BZ + [#23709]) + +- unwind-ctor.patch: Add missing unwind information to ld.so on powerpc32 + (BZ #23707) +- old-getdents64.patch: Rewrite __old_getdents64 (BZ #23497) +- nss-files-leak.patch: Fix file stream leak in aliases lookup (BZ #23521) +- riscv-feholdexcept-setround.patch: Fix rounding save/restore bug +- pthread-cond-broadcast-waiters-after-spinning.patch: Fix + waiters-after-spinning case (BZ #23538) +- regex-uninit-memory-access.patch: fix uninitialized memory access (BZ + [#23578]) +- spawni-maybe-script-execute.patch: Fix segfault in maybe_script_execute +- gethostid-gethostbyname-failure.patch: Check for NULL value from + gethostbyname_r (BZ #23679) +- strstr-huge-needle.patch: Fix strstr bug with huge needles (BZ #23637) -- glibc-fix-aarch64-build.diff: Fix build on aarch64 with - binutils newer than 2.30. +- Add libpng-devel and zlib-devel for utils build -- aarch64-hwcap-atomics.patch: aarch64: add HWCAP_ATOMICS to - HWCAP_IMPORTANT (fate#325962) +- Update to glibc 2.28 + * The localization data for ISO 14651 is updated to match the 2016 + Edition 4 release of the standard, this matches data provided by + Unicode 9.0.0 + * Unicode 11.0.0 Support: Character encoding, character type info, and + transliteration tables are all updated to Unicode 11.0.0, using + generator scripts contributed by Mike FABIAN (Red Hat) + * functions that round their results to a narrower type are added + from TS 18661-1:2014 and TS 18661-3:2015 + * Two grammatical forms of month names are now supported + * The renameat2 function has been added, a variant of the renameat function + which has a flags argument + * The statx function has been added, a variant of the fstatat64 + function with an additional flags argument + * IDN domain names in getaddrinfo and getnameinfo now use the system libidn2 + library if installed + * Parsing of dynamic string tokens in DT_RPATH, DT_RUNPATH, DT_NEEDED, + DT_AUXILIARY, and DT_FILTER has been expanded to support the full + range of ELF gABI expressions including such constructs as + '$ORIGIN$ORIGIN' (if valid) + * Support for ISO C threads (ISO/IEC 9899:2011) has been added. + * The nonstandard header files and <_G_config.h> are no longer + installed + * The stdio functions 'getc' and 'putc' are no longer defined as macros + * All stdio functions now treat end-of-file as a sticky condition + * The macros 'major', 'minor', and 'makedev' are now only available from + the header + * The obsolete function ustat is no longer available to newly linked + binaries; the headers and have been removed + * The obsolete function nfsservctl is no longer available to newly linked + binaries + * The obsolete function name llseek is no longer available to newly linked + binaries + * The AI_IDN_ALLOW_UNASSIGNED and NI_IDN_ALLOW_UNASSIGNED flags for the + getaddrinfo and getnameinfo functions have been deprecated + * The AI_IDN_USE_STD3_ASCII_RULES and NI_IDN_USE_STD3_ASCII_RULES flags for + the getaddrinfo and getnameinfo functions have been deprecated + * The fcntl function now have a Long File Support variant named fcntl64 + * CVE-2016-6261, CVE-2016-6263, CVE-2017-14062: Various vulnerabilities have + been fixed by removing the glibc-internal IDNA implementation and using + the system-provided libidn2 library instead +- Split off all libcrypt related functions into package libxcrypt +- fix-locking-in-_IO_cleanup.patch, fnmatch-collating-elements.patch: + Rediff +- aarch64-sys-ptrace-update.patch, + crypt_blowfish-1.2-hack_around_arm.diff, crypt_blowfish-1.2-sha.diff, + crypt_blowfish-const.patch, crypt_blowfish-gensalt.patch, + glibc-2.14-crypt.diff, i386-memmove-sse2-unaligned.patch, + i386-sigaction-sa-restorer.patch, mempcpy-avx512.patch, + netgroup-cache-keys.patch, nss-database-multiple-dfn.patch, + pkey-get-reserved-name.patch, powerpc-sys-ptrace-undefine-macros.patch, + powerpc-sys-ptrace-update.patch, realpath-ssize-max-overflow.patch, + res-send-enomem.patch, riscv-fmax-fmin-nan.patch, + riscv-kernel-sigaction.patch, riscv-readelflib.patch, + riscv-tls-init.patch: Removed +- glibc_post_upgrade.c: Don't reload init (bsc#1103124) +- CVE-2009-5155, CVE-2015-8985 +- bsc#1092877 +- bsc#1102526 +- bsc#1112570 +- bsc#1126590 +- bsc#1127223 + +- Use python3-pexpect instead of python-pexpect -- math-remove-slow-path.patch: Remove slow paths from math routines - (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) +- riscv-kernel-sigaction.patch: fix struct kernel_sigaction to match the + kernel version (BZ #23069) -- localtime-2039.patch: Fix year 2039 bug for localtime with 64-bit time_t - (bsc#1102526, BZ #22639) +- glibc-2.3.90-langpackdir.diff: No longer search in /usr/share/locale-bundle -- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing - 2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644) +- mempcpy-avx512.patch: Don't write beyond destination in + __mempcpy_avx512_no_vzeroupper (CVE-2018-11237, bsc#1094154) -- glibc-fix-avx512-mempcpy.patch: replace with upstream version - -- Use %license also for COPYING and COPYING.LIB (bsc#1082318) - -- Add glibc-fix-avx512-mempcpy.patch as quick fix for mempcpy - buffer overwrite in memmove-avx512-no-vzeroupper.S for Knights - Landing CPUs (CVE-2018-11237, bnc#1094154, bnc#1092877, BZ #23196) +- Use %license also for COPYING, COPYING.LIB +- i386-memmove-sse2-unaligned.patch: Fix SSE2 memmove issue when crossing + 2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644) + -- Use %license (bsc#1082318) - -- stack-guard-size-accounting.patch: Fix stack guard size accounting - (bsc#1074208, BZ #22637) -- libgcc-rtld-now.patch: Open libgcc.so with RTLD_NOW during - pthread_cancel (bsc#1074208, BZ #22636) - -- Mark source0 as nosource in non-main source rpms - -- Add systemtap-headers to BuildRequires. -- Add --enable-systemtap to configure arguments. (fate#324969, - bsc#1073636) - -- memalign-overflow.patch: Fix integer overflows in internal memalign and - malloc functions (CVE-2018-6485, CVE-2018-6551, bsc#1079036, BZ #22343, - BZ #22774) +- pkey-get-reserved-name.patch: Linux: use reserved name __key in pkey_get + (BZ #22797) +- aarch64-sys-ptrace-update.patch: linux/aarch64: sync sys/ptrace.h with + Linux 4.15 (BZ #22433) +- powerpc-sys-ptrace-undefine-macros.patch: powerpc: Undefine Linux ptrace + macros that conflict with __ptrace_request +- powerpc-sys-ptrace-update.patch: linux/powerpc: sync sys/ptrace.h with + Linux 4.15 (BZ #22433, BZ #22807) +- netgroup-cache-keys.patch: Fix netgroup cache keys (BZ #22342) +- i386-sigaction-sa-restorer.patch: i386: Fix i386 sigaction sa_restorer + initialization (BZ #21269) +- riscv-tls-init.patch: RISC-V: Do not initialize $gp in TLS macros +- riscv-fmax-fmin-nan.patch: RISC-V: fmax/fmin: Handle signalling NaNs + correctly (BZ #22884) + +- nss-database-multiple-dfn.patch: Fix multiple definitions of + __nss_*_database (BZ #22918) + +- Use %license (boo#1082318) + +- Add systemtap-headers to BuildRequires +- Add --enable-systemtap to configure arguments (fate#324969, bsc#1073636) + +- riscv-readelflib.patch: Fix parsing flags in ELF64 files on riscv + +- Update to glibc 2.27 + * Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin, cosf, + sinf, sincosf and tan with FMA + * Optimized x86-64 trunc and truncf for processors with SSE4.1 + * Optimized generic expf, exp2f, logf, log2f, powf, sinf, cosf and + sincosf + * In order to support faster and safer process termination the malloc API + family of functions will no longer print a failure address and stack + backtrace after detecting heap corruption + * The abort function terminates the process immediately, without flushing + stdio streams + * On platforms where long double has the IEEE binary128 format (aarch64, + alpha, mips64, riscv, s390 and sparc), the math library now implements + _Float128 interfaces for that type, as defined by ISO/IEC TS 18661-3:2015 + These are the same interfaces added in version 2.26 for some platforms where + this format is supported but is not the format of long double + * On platforms with support for _Float64x (aarch64, alpha, i386, ia64, + mips64, powerpc64le, riscv, s390, sparc and x86_64), the math library now + implements interfaces for that type, as defined by ISO/IEC TS + 18661-3:2015 + * The math library now implements interfaces for the _Float32, _Float64 and + _Float32x types, as defined by ISO/IEC TS 18661-3:2015 + * glibc now implements the memfd_create and mlock2 functions on Linux + * Support for memory protection keys was added + * The copy_file_range function was added + * The ldconfig utility now processes `include' directives using the C/POSIX + collation ordering + * Support for two grammatical forms of month names has been added + * Support for the RISC-V ISA running on Linux has been added + * Statically compiled applications attempting to load locales compiled for the + GNU C Library version 2.27 will fail and fall back to the builtin C/POSIX + locale + * Support for statically linked applications which call dlopen is deprecated + and will be removed in a future version of glibc + * Support for old programs which use internal stdio data structures and + functions is deprecated + * On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer + defined by + * libm no longer supports SVID error handling (calling a user-provided + matherr function on error) or the _LIB_VERSION variable to control error + handling + * The libm functions pow10, pow10f and pow10l are no longer supported for + new programs + * The mcontext_t type is no longer the same as struct sigcontext + * The add-ons mechanism for building additional packages at the same time as + glibc has been removed + * The res_hnok, res_dnok, res_mailok and res_ownok functions now check that + the specified string can be parsed as a domain name + * In the malloc_info output, the element may contain another + element, "subheaps", which contains the number of sub-heaps + * In the malloc_info output, the element may contain another + element, "subheaps", which contains the number of sub-heaps + * The nonstandard header files and <_G_config.h> are deprecated + and will be removed in a future release + * CVE-2018-6485, CVE-2018-6551: The posix_memalign and memalign + functions, when called with an object size near the value of SIZE_MAX, + would return a pointer to a buffer which is too small, instead of NULL + (bsc#1079036) +- Support for Sun RPC is no longer available, use libtirpc instead +- glibc-nodate.patch, powerpc-elision-enable-envvar.patch, + s390-elision-enable-envvar.patch, resolv-context-leak.patch, + dl-runtime-resolve-opt-avx512f.patch, libpthread-compat-wrappers.patch, + math-c++-compat.patch, remove-nss-nis-compat.patch, + eh-frame-zero-terminator.patch, ld-so-hwcap-x86-64.patch, + assert-pedantic.patch, getaddrinfo-errno.patch, resolv-conf-oom.patch, + dynarray-allocation.patch, nearbyint-inexact.patch, nss-compat.patch, + nscd-libnsl.patch, malloc-tcache-leak.patch, + falkor-memcpy-memmove.patch, aarch64-cpu-features.patch, + nss-files-large-buffers.patch. sysconf-uio-maxiov.patch, + glob-tilde-overflow.patch, dl-runtime-resolve-xsave.patch, + spawni-assert.patch, x86-64-dl-platform.patch, glob64-s390.patch, + tst-tlsopt-powerpc.patch, powerpc-hwcap-bits.patch, + malloc-tcache-check-overflow.patch, dl-init-paths-overflow.patch, + fillin-rpath-empty-tokens.patch, getcwd-absolute.patch, + ldd-system-interp.patchabort-no-flush.patch: Removed +- All patches refreshed +- bsc#1063675 +- bsc#1074208 gnome-control-center +- Add gnome-control-center-network-fix-nmce-popup.patch: + network-connection-editor: Close the editor when nm-connection-editor + exits(bsc#1208193 glgo#GNOME/gnome-control-center!1956). + google-noto-fonts +fix: bsc#1202279 and gh#notofonts/Arimo#13 +- fix-arimo.patch + +fix: summary and descriptions not mentioning font being Serif + add: README.FAQ to answer some questions about Noto Fonts packaging + +feat: create new metapackage noto-fonts with all Noto Fonts except CJK and Emoji + +update: 20220524 -> 20220607 +- Noto Sans and Noto Sans Myanmar have been updated + fix(spec): add LICENSE to every package, remove redundant doc package +- It is likely a legal requirement that the license must be included with the package (rather than only recommends) +- Using the %license macro and including the license in every subpackage is the norm + fix(sh): prevent redundant .svn files from being compressed into archive + chore(spec): use install instead of mkdir and cp + chore(sh): fix typo + +- Add obsoletes and provides for google-{arimo,cousine,tinos}-fonts + +- Switch back to hinted ttf as unhinted otf causes blurring (boo#1199938) + +- Add obsoletes and provides for: + - noto-mono-fonts: Got merged into noto-sans-mono-fonts + - noto-sans-syriac* variants: Got merged into noto-sans-syriac-fonts + - noto-sans-tibetan-fonts: Got renamed to noto-serif-tibetan-fonts +- Update to version 20220524 + - Updated Noto Sans Myanmar and Noto Sans Tangsa Fonts + +- Clarify sources + +- Fix unversioned obsoletes +- Merge noto-sans-display-fonts into noto-sans-fonts + - Fixes inconsistent font family names see Github issue #2315 +- Bump version to 20220516 + - Start using OTF fonts to be in-line with Noto CJK and Emoji + - No new fonts + +- Update URL and source for zips +- Update to version 20220509 + - 96 new fonts, details at https://pastebin.com/ycnpAn88 + grub2 -- Fix failure to identify recent ext4 filesystem (bsc#1216010) - * 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch - * 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch -- Add patch to fix reading files from btrfs with "implicit" holes - * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch +- grub2.spec: Fix openQA test failure in SLE-15-SP6 due to missing + font in memdisk + +- Update the TPM2 patches to skip the persistent SRK handle if not + specified and improve the error messages + + 0003-protectors-Add-TPM2-Key-Protector.patch + + 0005-util-grub-protect-Add-new-tool.patch + + 0004-tpm2-Support-authorized-policy.patch + +- Fix XFS regression in 2.12~rc1 and support large extent counters + * 0001-fs-xfs-Incorrect-short-form-directory-data-boundary-.patch + * 0002-fs-xfs-Fix-XFS-directory-extent-parsing.patch + * 0003-fs-xfs-add-large-extent-counters-incompat-feature-su.patch - * 0001-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch + * 0001-kern-ieee1275-init-Restrict-high-memory-in-presence-.patch + +- Fix a potential error when appending multiple keys into the + synthesized initrd + * Fix-the-size-calculation-for-the-synthesized-initrd.patch + +- Fix Xen chainloding error of no matching file path found (bsc#1216081) + * grub2-efi-chainload-harder.patch + +- Use grub-tpm2 token to unlock keyslots to make the unsealing process more + efficient and secure. + * 0001-luks2-Use-grub-tpm2-token-for-TPM2-protected-volume-.patch +- Add patch to fix reading files from btrfs with "implicit" holes: + * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch + +- Update the TPM 2.0 patches to support more RSA and ECC algorithms + * 0002-tpm2-Add-TPM-Software-Stack-TSS.patch + * 0003-protectors-Add-TPM2-Key-Protector.patch + * 0005-util-grub-protect-Add-new-tool.patch + +- Remove build require for gcc-32bit, target platform didn't rely on libgcc + function shipped with compiler but rather using functions supplied in grub + directly. + +- Add BuildIgnore to break cycle with the branding package + +- Only build with fde-tpm-helper-rpm-macros for the architectures + supporting the newer UEFI and TPM 2.0. + * Also correct the location of %fde_tpm_update_requires + +- Add the new BuildRequires for EFI builds for the better FDE + support: fde-tpm-helper-rpm-macros + + Also add the the macros to %post and %posttrans + +- Correct the type of allocated EFI pages for ARM64 kernel (bsc#1215151) + * arm64-Use-proper-memory-type-for-kernel-allocation.patch + +- grub2-mkconfig-riscv64.patch: Handle riscv64 in mkconfig + +- Implement NV index mode for TPM 2.0 key protector + 0001-protectors-Implement-NV-index.patch +- Fall back to passphrase mode when the key protector fails to + unlock the disk + 0002-cryptodisk-Fallback-to-passphrase.patch +- Wipe out the cached key cleanly + 0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch +- Make diskfiler to look up cryptodisk devices first + 0004-diskfilter-look-up-cryptodisk-devices-first.patch + +- Change the bash-completion directory (bsc#1213855) + * grub2-change-bash-completion-dir.patch + +- Version bump to 2.12~rc1 (PED-5589) + * Added: + - grub-2.12~rc1.tar.xz + * Removed: + - grub-2.06.tar.xz + * Patch dropped merged by new version: + - grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch + - grub2-s390x-02-kexec-module-added-to-emu.patch + - grub2-efi-chainloader-root.patch + - grub2-Fix-incorrect-netmask-on-ppc64.patch + - 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch + - 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch + - 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch + - grub2-s390x-10-keep-network-at-kexec.patch + - 0001-Fix-build-error-in-binutils-2.36.patch + - 0001-emu-fix-executable-stack-marking.patch + - 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch + - 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch + - 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch + - 0001-Filter-out-POSIX-locale-for-translation.patch + - 0001-disk-diskfilter-Use-nodes-in-logical-volume-s-segmen.patch + - 0001-fs-xfs-Fix-unreadable-filesystem-with-v4-superblock.patch + - 0001-fs-btrfs-Make-extent-item-iteration-to-handle-gaps.patch + - 0001-grub-mkconfig-restore-umask-for-grub.cfg.patch + - 0001-ieee1275-Drop-HEAP_MAX_ADDR-and-HEAP_MIN_SIZE-consta.patch + - 0002-ieee1275-claim-more-memory.patch + - 0003-ieee1275-request-memory-with-ibm-client-architecture.patch + - 0001-RISC-V-Adjust-march-flags-for-binutils-2.38.patch + - 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch + - 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch + - 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch + - 0001-powerpc-do-CAS-in-a-more-compatible-way.patch + - 0001-libc-config-merge-from-glibc.patch + - 0001-video-Remove-trailing-whitespaces.patch + - 0002-loader-efi-chainloader-Simplify-the-loader-state.patch + - 0003-commands-boot-Add-API-to-pass-context-to-loader.patch + - 0004-loader-efi-chainloader-Use-grub_loader_set_ex.patch + - 0005-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch + - 0006-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch + - 0007-video-readers-png-Abort-sooner-if-a-read-operation-f.patch + - 0008-video-readers-png-Refuse-to-handle-multiple-image-he.patch + - 0009-video-readers-png-Drop-greyscale-support-to-fix-heap.patch + - 0010-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch + - 0011-video-readers-png-Sanity-check-some-huffman-codes.patch + - 0012-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch + - 0013-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch + - 0014-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch + - 0015-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch + - 0016-normal-charset-Fix-array-out-of-bounds-formatting-un.patch + - 0017-net-ip-Do-IP-fragment-maths-safely.patch + - 0018-net-netbuff-Block-overly-large-netbuff-allocs.patch + - 0019-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch + - 0020-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch + - 0021-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch + - 0022-net-tftp-Avoid-a-trivial-UAF.patch + - 0023-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch + - 0024-net-http-Fix-OOB-write-for-split-http-headers.patch + - 0025-net-http-Error-out-on-headers-with-LF-without-CR.patch + - 0026-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch + - 0027-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch + - 0028-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch + - 0029-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch + - 0030-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch + - 0031-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch + - 0032-Use-grub_loader_set_ex-for-secureboot-chainloader.patch + - 0001-luks2-Add-debug-message-to-align-with-luks-and-geli-.patch + - 0002-cryptodisk-Refactor-to-discard-have_it-global.patch + - 0003-cryptodisk-Return-failure-in-cryptomount-when-no-cry.patch + - 0004-cryptodisk-Improve-error-messaging-in-cryptomount-in.patch + - 0005-cryptodisk-Improve-cryptomount-u-error-message.patch + - 0006-cryptodisk-Add-infrastructure-to-pass-data-from-cryp.patch + - 0007-cryptodisk-Refactor-password-input-out-of-crypto-dev.patch + - 0008-cryptodisk-Move-global-variables-into-grub_cryptomou.patch + - 0009-cryptodisk-Improve-handling-of-partition-name-in-cry.patch + - 0001-crytodisk-fix-cryptodisk-module-looking-up.patch + - 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch + - 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch + - 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch + - 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch + - 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch + - 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch + - 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch + - efi-set-variable-with-attrs.patch + - 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch + - 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch + - 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch + - 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch + - 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch + - 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch + - 0002-mm-Defer-the-disk-cache-invalidation.patch + - 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch + - 0001-commands-efi-tpm-Refine-the-status-of-log-event.patch + - 0002-commands-efi-tpm-Use-grub_strcpy-instead-of-grub_mem.patch + - 0003-efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch + - 0001-ibmvtpm-Add-support-for-trusted-boot-using-a-vTPM-2..patch + - 0002-ieee1275-implement-vec5-for-cas-negotiation.patch + - 0001-font-Reject-glyphs-exceeds-font-max_glyph_width-or-f.patch + - 0002-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch + - 0003-font-Fix-several-integer-overflows-in-grub_font_cons.patch + - 0004-font-Remove-grub_font_dup_glyph.patch + - 0005-font-Fix-integer-overflow-in-ensure_comb_space.patch + - 0006-font-Fix-integer-overflow-in-BMP-index.patch + - 0007-font-Fix-integer-underflow-in-binary-search-of-char-.patch + - 0008-fbutil-Fix-integer-overflow.patch + - 0009-font-Fix-an-integer-underflow-in-blit_comb.patch + - 0010-font-Harden-grub_font_blit_glyph-and-grub_font_blit_.patch + - 0011-font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch + - 0012-normal-charset-Fix-an-integer-overflow-in-grub_unico.patch + - 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch + - 0001-ieee1275-Increase-initially-allocated-heap-from-1-4-.patch + - 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch + - grub2-add-module-for-boot-loader-interface.patch + - 0001-ieee1275-Further-increase-initially-allocated-heap-f.patch + - 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + - 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch + - 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch + - 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch + - 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch + - 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch + - 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch + * Patch modified to new base version: + - use-grub2-as-a-package-name.patch + - grub2-fix-menu-in-xen-host-server.patch + - grub2-secureboot-add-linuxefi.patch + - grub2-secureboot-chainloader.patch + - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch + - grub2-s390x-03-output-7-bit-ascii.patch + - grub2-s390x-04-grub2-install.patch + - grub2-use-rpmsort-for-version-sorting.patch + - grub2-getroot-treat-mdadm-ddf-as-simple-device.patch + - grub2-grubenv-in-btrfs-header.patch + - grub2-commands-introduce-read_file-subcommand.patch + - grub2-efi-chainload-harder.patch + - grub2-emu-4-all.patch + - grub2-util-30_os-prober-multiple-initrd.patch + - grub2-install-fix-not-a-directory-error.patch + - grub-install-force-journal-draining-to-ensure-data-i.patch + - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch + - grub2-btrfs-04-grub2-install.patch + - grub2-btrfs-05-grub2-mkconfig.patch + - grub2-btrfs-06-subvol-mount.patch + - grub2-efi-xen-chainload.patch + - grub2-efi-xen-cmdline.patch + - grub2-efi-xen-removable.patch + - grub2-suse-remove-linux-root-param.patch + - grub2-ppc64le-disable-video.patch + - grub2-install-remove-useless-check-PReP-partition-is-empty.patch + - 0004-efinet-UEFI-IPv6-PXE-support.patch + - 0007-efinet-Setting-network-from-UEFI-device-path.patch + - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch + - 0001-add-support-for-UEFI-network-protocols.patch + - grub2-mkconfig-default-entry-correction.patch + - grub2-s390x-11-secureboot.patch + - grub2-secureboot-install-signed-grub.patch + - grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch + - 0002-cmdline-Provide-cmdline-functions-as-module.patch + - 0001-efi-linux-provide-linux-command.patch + - 0001-Add-support-for-Linux-EFI-stub-loading-on-aarch64.patch + - 0004-arm-arm64-loader-Better-memory-allocation-and-error-.patch + - 0002-Arm-check-for-the-PE-magic-for-the-compiled-arch.patch + - 0001-Factor-out-grub_efi_linux_boot.patch + - 0003-Handle-multi-arch-64-on-32-boot-in-linuxefi-loader.patch + - 0015-test_asn1-test-module-for-libtasn1.patch + - 0021-appended-signatures-documentation.patch + - 0022-ieee1275-enter-lockdown-based-on-ibm-secure-boot.patch + - 0003-grub-install-support-prep-environment-block.patch + - 0004-Introduce-prep_load_env-command.patch + - 0001-grub-install-bailout-root-device-probing.patch + - 0001-install-fix-software-raid1-on-esp.patch + - 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch + - 0001-protectors-Add-key-protectors-framework.patch + - 0002-tpm2-Add-TPM-Software-Stack-TSS.patch + - 0004-cryptodisk-Support-key-protectors.patch + - 0008-linuxefi-Use-common-grub_initrd_load.patch + - 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch + - grub-read-pcr.patch + - tpm-record-pcrs.patch + - 0001-clean-up-crypttab-and-linux-modules-dependency.patch + * Patch refreshed: + - rename-grub-info-file-to-grub2.patch + - grub2-linux.patch + - grub2-simplefb.patch + - grub2-ppc-terminfo.patch + - grub2-pass-corret-root-for-nfsroot.patch + - grub2-efi-HP-workaround.patch + - grub2-secureboot-no-insmod-on-sb.patch + - grub2-linuxefi-fix-boot-params.patch + - grub2-s390x-05-grub2-mkconfig.patch + - grub2-xen-linux16.patch + - grub2-efi-disable-video-cirrus-and-bochus.patch + - grub2-vbe-blacklist-preferred-1440x900x32.patch + - grub2-mkconfig-aarch64.patch + - grub2-menu-unrestricted.patch + - grub2-mkconfig-arm.patch + - grub2-s390x-06-loadparm.patch + - grub2-s390x-07-add-image-param-for-zipl-setup.patch + - grub2-s390x-08-workaround-part-to-disk.patch + - grub2-diskfilter-support-pv-without-metadatacopies.patch + - grub2-getroot-support-nvdimm.patch + - grub2-s390x-skip-zfcpdump-image.patch + - grub2-btrfs-02-export-subvolume-envvars.patch + - grub2-btrfs-03-follow_default.patch + - grub2-btrfs-07-subvol-fallback.patch + - grub2-btrfs-08-workaround-snapshot-menu-default-entry.patch + - grub2-btrfs-09-get-default-subvolume.patch + - grub2-btrfs-10-config-directory.patch + - grub2-efi-xen-cfg-unquote.patch + - grub2-Add-hidden-menu-entries.patch + - grub2-SUSE-Add-the-t-hotkey.patch + - grub2-ppc64le-memory-map.patch + - grub2-ppc64-cas-reboot-support.patch + - grub2-ppc64-cas-new-scope.patch + - grub2-ppc64-cas-fix-double-free.patch + - 0003-bootp-New-net_bootp6-command.patch + - 0005-grub.texi-Add-net_bootp6-doument.patch + - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch + - 0012-tpm-Build-tpm-as-module.patch + - 0002-AUDIT-0-http-boot-tracker-bug.patch + - grub2-btrfs-help-on-snapper-rollback.patch + - grub2-video-limit-the-resolution-for-fixed-bimap-font.patch + - 0001-kern-mm.c-Make-grub_calloc-inline.patch + - 0001-Unify-the-check-to-enable-btrfs-relative-path.patch + - 0002-arm64-make-sure-fdt-has-address-cells-and-size-cells.patch + - 0003-Make-grub_error-more-verbose.patch + - 0001-ieee1275-Avoiding-many-unecessary-open-close.patch + - 0001-Workaround-volatile-efi-boot-variable.patch + - 0001-templates-Follow-the-path-of-usr-merged-kernel-confi.patch + - 0004-Try-to-pick-better-locations-for-kernel-and-initrd.patch + - 0004-Add-suport-for-signing-grub-with-an-appended-signatu.patch + - 0005-docs-grub-Document-signing-grub-under-UEFI.patch + - 0006-docs-grub-Document-signing-grub-with-an-appended-sig.patch + - 0007-dl-provide-a-fake-grub_dl_set_persistent-for-the-emu.patch + - 0008-pgp-factor-out-rsa_pad.patch + - 0010-posix_wrap-tweaks-in-preparation-for-libtasn1.patch + - 0011-libtasn1-import-libtasn1-4.18.0.patch + - 0014-libtasn1-compile-into-asn1-module.patch + - 0016-grub-install-support-embedding-x509-certificates.patch + - 0017-appended-signatures-import-GNUTLS-s-ASN.1-descriptio.patch + - 0018-appended-signatures-parse-PKCS-7-signedData-and-X.50.patch + - 0019-appended-signatures-support-verifying-appended-signa.patch + - 0020-appended-signatures-verification-tests.patch + - 0001-grub-install-Add-SUSE-signed-image-support-for-power.patch + - 0002-Add-grub_disk_write_tail-helper-function.patch + - 0005-export-environment-at-start-up.patch + - 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch + - 0003-protectors-Add-TPM2-Key-Protector.patch + - 0005-util-grub-protect-Add-new-tool.patch + - 0010-templates-import-etc-crypttab-to-grub.cfg.patch + - grub-install-record-pcrs.patch + - safe_tpm_pcr_snapshot.patch + - 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch + - 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch + - 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch + - 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch + - 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch + * New: + - 0001-xen_boot-add-missing-grub_arch_efi_linux_load_image_.patch + - 0001-font-Try-memdisk-fonts-with-the-same-name.patch + - 0001-Make-grub.cfg-compatible-to-old-binaries.patch + - 0001-disk-cryptodisk-Fix-missing-change-when-updating-to-.patch + * Embedding fonts in the grub.efi to get signed for secure boot + +- Fix error message "unknown command tpm_record_pcrs" with encrypted boot and + no tpm device present (bsc#1213547) + * 0002-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + +- add 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch, + 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch: + * support more featureful extX filesystems (backport from + upstream git) + +- Exclude the deprecated EFI location, /usr/lib64/efi/, from + Tumbleweed and ALP + +- Update TPM 2.0 key unsealing patches + * Add the new upstreaming patches + 0001-protectors-Add-key-protectors-framework.patch + 0002-tpm2-Add-TPM-Software-Stack-TSS.patch + 0003-protectors-Add-TPM2-Key-Protector.patch + 0004-cryptodisk-Support-key-protectors.patch + 0005-util-grub-protect-Add-new-tool.patch + * Add the authorized policy patches based on the upstreaming + patches + 0001-tpm2-Add-TPM2-types-structures-and-command-constants.patch + 0002-tpm2-Add-more-marshal-unmarshal-functions.patch + 0003-tpm2-Implement-more-TPM2-commands.patch + 0004-tpm2-Support-authorized-policy.patch + * Drop the old patches + 0010-protectors-Add-key-protectors-framework.patch + 0011-tpm2-Add-TPM-Software-Stack-TSS.patch + 0012-protectors-Add-TPM2-Key-Protector.patch + 0013-cryptodisk-Support-key-protectors.patch + 0014-util-grub-protect-Add-new-tool.patch + fix-tpm2-build.patch + tpm-protector-dont-measure-sealed-key.patch + tpm-protector-export-secret-key.patch + grub-unseal-debug.patch + 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch + 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch + 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch + 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch + 0005-tpm2-add-more-marshal-unmarshal-functions.patch + 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch + 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch + 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch + 0009-tpm2-remove-the-unnecessary-variables.patch + 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch + 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch + 0012-tpm2-initialize-the-PCR-selection-list-early.patch + 0013-tpm2-support-unsealing-key-with-authorized-policy.patch + * Refresh grub-read-pcr.patch + * Introduce a new build requirement: libtasn1-devel +- Only package grub2-protect for the architectures with EFI support + + * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch -- Fix installation over serial console ends up in infinite boot loop - (bsc#1187810) (bsc#1209667) (bsc#1209372) - * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch - +- Restrict cryptsetup key file permission for better security (bsc#1207499) + * 0001-loader-linux-Ensure-the-newc-pathname-is-NULL-termin.patch + * 0002-Restrict-cryptsetup-key-file-permission-for-better-s.patch + +- Meanwhile, memtest86+ gained EFI support, but using the grub + command line to run it manually is quite tedious... + Adapt 20_memtest86+ to provide a proper menu entry. Executing + memtest requires to turn security off in BIOS: (Boot Mode: Other OS). + +- Tolerate kernel moved out of /boot. (bsc#1184804) + * grub2-s390x-12-zipl-setup-usrmerge.patch + +- Discard cached key from grub shell and editor mode + * 0001-clean-up-crypttab-and-linux-modules-dependency.patch + * 0002-discard-cached-key-before-entering-grub-shell-and-ed.patch + -- Move unsupported zfs modules into 'extras' packages - (bsc#1205554) (PED-2947) +- Fix riscv64 error for relocation 0x13 is not implemented yet + * 0001-RISC-V-Handle-R_RISCV_CALL_PLT-reloc.patch +- Rediff + * safe_tpm_pcr_snapshot.patch +- Patch supersceded + * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + +- Refresh 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch to + handle the TPM2 responseCode correctly. + +- Add module for boot loader interface. Needed for load Unified Kernel + Image (UKI) + * grub2-add-module-for-boot-loader-interface.patch + +- Amend the TPM2 stack and add authorized policy mode to + tpm2_key_protector + * 0001-tpm2-adjust-the-input-parameters-of-TPM2_EvictContro.patch + * 0002-tpm2-declare-the-input-arguments-of-TPM2-functions-a.patch + * 0003-tpm2-resend-the-command-on-TPM_RC_RETRY.patch + * 0004-tpm2-add-new-TPM2-types-structures-and-command-const.patch + * 0005-tpm2-add-more-marshal-unmarshal-functions.patch + * 0006-tpm2-check-the-command-parameters-of-TPM2-commands.patch + * 0007-tpm2-pack-the-missing-authorization-command-for-TPM2.patch + * 0008-tpm2-allow-some-command-parameters-to-be-NULL.patch + * 0009-tpm2-remove-the-unnecessary-variables.patch + * 0010-tpm2-add-TPM2-commands-to-support-authorized-policy.patch + * 0011-tpm2-make-the-file-reading-unmarshal-functions-gener.patch + * 0012-tpm2-initialize-the-PCR-selection-list-early.patch + * 0013-tpm2-support-unsealing-key-with-authorized-policy.patch +- Fix GCC 13 build failure (bsc#1201089) + * 0002-AUDIT-0-http-boot-tracker-bug.patch + +- Move unsupported zfs modules into 'extras' packages + (bsc#1205554) (PED-2947) + +- Fix inappropriately including commented lines in crypttab (bsc#1206279) + * 0010-templates-import-etc-crypttab-to-grub.cfg.patch + +- Increase the path buffer in the crypttab command for the long + volume name (bsc#1206333) + * grub2-increase-crypttab-path-buffer.patch + -- Support grub2-install on LUKS2 encrypted device - * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch - * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch - * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch +- Make full utilization of btrfs bootloader area (bsc#1161823) + * 0001-fs-btrfs-Use-full-btrfs-bootloader-area.patch + * 0002-Mark-environmet-blocks-as-used-for-image-embedding.patch +- Patch removed + * 0001-i386-pc-build-btrfs-zstd-support-into-separate-modul.patch + +- Fix regression of reverting back to asking password twice when a keyfile is + already used (bsc#1205309) + * 0010-templates-import-etc-crypttab-to-grub.cfg.patch +- Removed 0001-linux-fix-efi_relocate_kernel-failure.patch as reported + regression in some hardware being stuck in initrd loading (bsc#1205380) + +- Fix password asked twice if third field in crypttab not present (bsc#1205312) + * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch + +- Fix efi pcr snapshot related funtion is defined but not used on powerpc + platform. + * safe_tpm_pcr_snapshot.patch +- Fix firmware oops after disk decrypting failure (bsc#1204037) + * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch + +- Add patch to fix kernel relocation error in low memory + * 0001-linux-fix-efi_relocate_kernel-failure.patch + +- Add safety measure to pcr snapshot by checking platform and tpm status + * safe_tpm_pcr_snapshot.patch + +- Fix installation failure due to unavailable nvram device on + ppc64le (bsc#1201361) + * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch + +- Add patches to dynamically allocate additional memory regions for + EFI systems (bsc#1202438) + * 0001-mm-Allow-dynamically-requesting-additional-memory-re.patch + * 0002-kern-efi-mm-Always-request-a-fixed-number-of-pages-o.patch + * 0003-kern-efi-mm-Extract-function-to-add-memory-regions.patch + * 0004-kern-efi-mm-Pass-up-errors-from-add_memory_regions.patch + * 0005-kern-efi-mm-Implement-runtime-addition-of-pages.patch +- Enlarge the default heap size and defer the disk cache + invalidation (bsc#1202438) + * 0001-kern-efi-mm-Enlarge-the-default-heap-size.patch + * 0002-mm-Defer-the-disk-cache-invalidation.patch + +- Add patches for ALP FDE support + * 0001-devmapper-getroot-Have-devmapper-recognize-LUKS2.patch + * 0002-devmapper-getroot-Set-up-cheated-LUKS2-cryptodisk-mo.patch + * 0003-disk-cryptodisk-When-cheatmounting-use-the-sector-in.patch + * 0004-normal-menu-Don-t-show-Booting-s-msg-when-auto-booti.patch + * 0005-EFI-suppress-the-Welcome-to-GRUB-message-in-EFI-buil.patch + * 0006-EFI-console-Do-not-set-colorstate-until-the-first-te.patch + * 0007-EFI-console-Do-not-set-cursor-until-the-first-text-o.patch + * 0008-linuxefi-Use-common-grub_initrd_load.patch + * 0009-Add-crypttab_entry-to-obviate-the-need-to-input-pass.patch + * 0010-templates-import-etc-crypttab-to-grub.cfg.patch + * grub-read-pcr.patch + * efi-set-variable-with-attrs.patch + * tpm-record-pcrs.patch + * tpm-protector-dont-measure-sealed-key.patch + * tpm-protector-export-secret-key.patch + * grub-install-record-pcrs.patch + * grub-unseal-debug.patch + +- Fix out of memory error cannot be prevented via disabling tpm (bsc#1202438) + * 0001-tpm-Disable-tpm-verifier-if-tpm-is-not-present.patch + +- Fix tpm error stop tumbleweed from booting (bsc#1202374) + * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch +- Patch Removed + * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch + +- Add tpm, tpm2, luks2 and gcry_sha512 to default grub.efi (bsc#1197625) +- Make grub-tpm.efi a symlink to grub.efi + * grub2.spec +- Log error when tpm event log is full and continue + * 0001-tpm-Log-EFI_VOLUME_FULL-and-continue.patch +- Patch superseded + * 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch + -- Fix installation failure due to unavailable nvram device on - ppc64le (bsc#1201361) - * 0001-grub-install-set-point-of-no-return-for-powerpc-ieee1275.patch - -- Update SBAT security contact (boo#1193282) +- Fix error message in displaying help on bootable snapshot (bsc#1199609) + +- Fix installation over serial console ends up in infinite boot loop + (bsc#1187810) (bsc#1209667) (bsc#1209372) + * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch +- Fix ppc64le build error for new IEEE long double ABI + * 0001-libc-config-merge-from-glibc.patch + +- use common SBAT values (boo#1193282) + +- Fix wrong order in kernel sorting of listing rc before final release + (bsc#1197376) + * grub2-use-rpmsort-for-version-sorting.patch + +- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) + * 0001-grub-probe-Deduplicate-probed-partmap-output.patch + +- Fix GCC 12 build failure (bsc#1196546) + * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch + * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch + * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch +- Revised + * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch + * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch + gstreamer-plugins-bad -- Add gstreamer-plugins-bad-CVE-2023-40474.patch: Backporting - ff91a3d8 from upstream, Fix possible overflow using - max_sub_layers_minus1 (CVE-2023-40474 bsc#1215793). +- Add gstreamer-plugins-bad-CVE-2023-40474.patch: + Backporting ce17e968 from upstream, Fix integer overflow causing + out of bounds writes when handling invalid uncompressed video. + (CVE-2023-40474 bsc#1215796) -- Add patch from upstream to fix a heap overwrite in PGS subtitle +- Add gstreamer-plugins-bad-CVE-2023-40476.patch: + Backporting ff91a3d8 from upstream, Fix possible overflow using + max_sub_layers_minus1. + (CVE-2023-40476 bsc#1215793) + +- Add 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch: + from upstream to fix a heap overwrite in PGS subtitle - execution (bsc#1213126, CVE-2023-37329): - * 0001-dvdspu-Make-sure-enough-data-is-allocated-for-the.patch + execution (CVE-2023-37329 bsc#1213126). hplip -- Add patch to fix hplip being vulnerable to a malicious printer - attribute handling which could provoke a buffer overflow if - CUPS returned a printer with too large name/location/uri/etc. - It seems upstream tried to fix this buffer overflow in 3.22.x - by using snprintf instead of strcpy and in the process they - introduced another similar issue (boo#1209866, lp#2013185). - This backport of the fix submitted to TW for boo#1209866 fixes - the buffer overflow correctly: +- hppsfilter: booklet printing: change insecure fixed /tmp file paths + (bsc#1214399) + * add hppsfilter-booklet-printing-change-insecure-fixed-tm.patch + +- Update to hplip 3.23.8 (jsc#PED-5846) +- Support for new printers: + * HP Color LaserJet Pro MFP 4301fdne + * HP Color LaserJet Pro MFP 4301fdwe + * HP Color LaserJet Pro MFP 4301cdwe + * HP Color LaserJet Pro MFP 4301cfdne + * HP Color LaserJet Pro MFP 4301cfdwe + * HP Color LaserJet Pro MFP 4302dwe + * HP Color LaserJet Pro MFP 4302fdne + * HP Color LaserJet Pro MFP 4302fdwe + * HP Color LaserJet Pro MFP 4302cdwe + * HP Color LaserJet Pro MFP 4302fdn + * HP Color LaserJet Pro MFP 4302fdw + * HP Color LaserJet Pro MFP 4303dw + * HP Color LaserJet Pro MFP 4303fdn + * HP Color LaserJet Pro MFP 4303fdw + * HP Color LaserJet Pro MFP 4303cdw + * HP Color LaserJet Pro MFP 4303cfdn + * HP Color LaserJet Pro MFP 4303cfdw + * HP Color LaserJet Pro 4201dne + * HP Color LaserJet Pro 4201dwe + * HP Color LaserJet Pro 4201cdne + * HP Color LaserJet Pro 4201cdwe + * HP Color LaserJet Pro 4202dne + * HP Color LaserJet Pro 4202dwe + * HP Color LaserJet Pro 4202dn + * HP Color LaserJet Pro 4202dw + * HP Color LaserJet Pro 4203dn + * HP Color LaserJet Pro 4203dw + * HP Color LaserJet Pro 4203cdn + * HP Color LaserJet Pro 4203cdw + * HP DeskJet 2800 All-in-One Printer series + * HP DeskJet 2800e All-in-One Printer series + * HP DeskJet Ink Advantage 2800 All-in-One Printer series + * HP DeskJet 4200 All-in-One Printer series + * HP DeskJet 4200e All-in-One Printer series + * HP DeskJet Ink Advantage 4200 All-in-One Printer series + * HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series + +- Update to hplip 3.23.5 + * added new CUPS filter hpcdmfax +- Support for new printers: + * HP Smart Tank 520_540 series + * HP Smart Tank 580-590 series + * HP Smart Tank 5100 series + * HP Smart Tank 210-220 series + * HP Color LaserJet Enterprise 6700dn + * HP Color LaserJet Enterprise 6700 + * HP Color LaserJet Enterprise 6701dn + * HP Color LaserJet Enterprise 6701 + * HP Color LaserJet Enterprise X654dn + * HP Color LaserJet Enterprise X65455dn + * HP Color LaserJet Enterprise X654 + * HP Color LaserJet Enterprise X65465dn + * HP Color LaserJet Enterprise X654 65 PPM + * HP Color LaserJet Enterprise X654 55 to 65ppm License + * HP Color LaserJet Enterprise X654 Down License + * HP Color LaserJet Enterprise MFP 6800dn + * HP Color LaserJet Enterprise Flow MFP 6800zf + * HP Color LaserJet Enterprise Flow MFP 6800zfsw + * HP Color LaserJet Enterprise Flow MFP 6800zfw+ + * HP Color LaserJet Enterprise MFP 6800 + * HP Color LaserJet Enterprise MFP 6801 + * HP Color LaserJet Enterprise MFP 6801 zfsw + * HP Color LaserJet Enterprise Flow MFP 6801zfw+ + * HP Color LaserJet Enterprise MFP X677 55 to 65ppm License + * HP Color LaserJet Enterprise MFP X677 65ppm + * HP Color LaserJet Enterprise MFP X677s + * HP Color LaserJet Enterprise Flow MFP X677z + * HP Color LaserJet Enterprise MFP X67765dn + * HP Color LaserJet Enterprise Flow MFP X67765zs + * HP Color LaserJet Enterprise Flow MFP X67765z+ + * HP Color LaserJet Enterprise MFP X677 + * HP Color LaserJet Enterprise MFP X67755dn + * HP Color LaserJet Enterprise Flow MFP X67755zs + * HP Color LaserJet Enterprise Flow MFP X67755z+ + * HP Color LaserJet Enterprise MFP X677dn + * HP Color LaserJet Enterprise Flow MFP X677zs + * HP Color LaserJet Enterprise Flow MFP X677z+ + * HP Color LaserJet Enterprise 5700dn + * HP Color LaserJet Enterprise 5700 + * HP Color LaserJet Enterprise X55745dn + * HP Color LaserJet Enterprise X55745 + * HP Color LaserJet Enterprise MFP 5800dn + * HP Color LaserJet Enterprise MFP 5800f + * HP Color LaserJet Enterprise Flow MFP 5800zf + * HP Color LaserJet Enterprise MFP 5800 + * HP Color LaserJet Enterprise MFP X57945 + * HP Color LaserJet Enterprise Flow MFP X57945zs + * HP Color LaserJet Enterprise MFP X57945dn + * HP Color LaserJet Enterprise Flow MFP X57945z + +- Add patch to fix hplip applying printf string format parsing to + printer attributes returned from CUPS (such as + "dnssd://foo%20series._ipp._tcp.local/?uuid=...") which results + in a segfault (boo#1209866, lp#2013185): -- Add hplip-3.20.6-python-includes.patch to fix C compiler flags - (boo#1198794) +- Update to 3.22.10 + * drop no-systray-failure-message.patch (fixed upstream) + * adapt Use-lsb_release-fallback-code-if-import-distro-fails.patch + (code moved to different source file upstream) + +- Update disable_hp-upgrade.patch: Log the 'openSUSE disabled this + for security message' is 'info', not 'error'. + +- Move the hplip-udev-rules requirement from hplip to hplip-hpijs. + The main package will get it via indirect dependencies then. + +- Split off hplip-udev-rules hplip-udev-rules so that you can install + hplip-sane only and scan as a normal user, fixes boo#1203811 + +- Update to 3.22.6 + Added support for following new Distro's: + * Mx Linux 21.1 + * Ubuntu 22.04 + * Fedora 36 + Added support for the following new Printers: + * HP Color LaserJet Managed MFP E785dn + * HP Color LaserJet Managed MFP E78523dn + * HP Color LaserJet Managed MFP E78528dn + * HP Color LaserJet Managed MFP E786dn + * HP Color LaserJet Managed MFP E786 Core Printer + * HP Color LaserJet Managed MFP E78625dn + * HP Color LaserJet Managed FlowMFP E786z + * HP Color LaserJet Managed Flow MFP E78625z + * HP Color LaserJet Managed MFP E78630dn + * HP Color LaserJet Managed Flow MFP E78630z + * HP Color LaserJet Managed MFP E78635dn + * HP Color LaserJet Managed Flow MFP E78635z + * HP LaserJet Managed MFP E731dn + * HP LaserJet Managed MFP E731 Core Printer + * HP LaserJet Managed MFP E73130dn + * HP LaserJet Managed Flow MFP E731z + * HP LaserJet Managed Flow MFP E73130z + * HP LaserJet Managed MFP E73135dn + * HP LaserJet Managed Flow MFP E73135z + * HP LaserJet Managed MFP E73140dn + * HP LaserJet Managed Flow MFP E73140z + * HP Color LaserJet Managed MFP E877dn + * HP Color LaserJet Managed MFP E877 Core Printer + * HP Color LaserJet Managed MFP E87740dn + * HP Color LaserJet Managed Flow MFP E877z + * HP Color LaserJet Managed Flow MFP E87740z + * HP Color LaserJet Managed MFP E87750dn + * HP Color LaserJet Managed Flow MFP E87750z + * HP Color LaserJet Managed MFP E87760dn + * HP Color LaserJet Managed Flow MFP E87760z + * HP Color LaserJet Managed MFP E87770dn + * HP Color LaserJet Managed Flow MFP E87770z + * HP LaserJet Managed MFP E826dn + * HP LaserJet Managed MFP E826 Core Printer + * HP LaserJet Managed MFP E82650dn + * HP LaserJet Managed Flow MFP E826z + * HP LaserJet Managed Flow MFP E82650z + * HP LaserJet Managed MFP E82660dn + * HP LaserJet Managed Flow MFP E82660z + * HP LaserJet Managed MFP E82670dn + * HP LaserJet Managed Flow MFP E82670z + * HP LaserJet Managed MFP E730dn + * HP LaserJet Managed MFP E73025dn + * HP LaserJet Managed MFP E73030dn + * HP LaserJet Pro MFP 3101fdwe + * HP LaserJet Pro MFP 3101fdw + * HP LaserJet Pro MFP 3102fdwe + * HP LaserJet Pro MFP 3102fdw + * HP LaserJet Pro MFP 3103fdw + * HP LaserJet Pro MFP 3104fdw + * HP LaserJet Pro MFP 3101fdne + * HP LaserJet Pro MFP 3101fdn + * HP LaserJet Pro MFP 3102fdne + * HP LaserJet Pro MFP 3102fdn + * HP LaserJet Pro MFP 3103fdn + * HP LaserJet Pro MFP 3104fdn + * HP LaserJet Pro 3001dwe + * HP LaserJet Pro 3001dw + * HP LaserJet Pro 3002dwe + * HP LaserJet Pro 3002dw + * HP LaserJet Pro 3003dw + * HP LaserJet Pro 3004dw + * HP LaserJet Pro 3001dne + * HP LaserJet Pro 3001dn + * HP LaserJet Pro 3002dne + * HP LaserJet Pro 3002dn + * HP LaserJet Pro 3003dn + * HP LaserJet Pro 3004dn + +- Add rebased hplip-3.20.6-python-includes.patch to fix the non- + functional scanning: libsane-hpaio.so.1: undefined symbol: _DBG + (fixes boo#1198794) + +- Update to 3.22.4 + Added support for following new Distro's: + * Manjaro 21.2 + Added support for the following new Printers: + * HP LaserJet Pro 4001ne + * HP LaserJet Pro 4001n + * HP LaserJet Pro 4001dne + * HP LaserJet Pro 4001dn + * HP LaserJet Pro 4001dwe + * HP LaserJet Pro 4001dw + * HP LaserJet Pro 4001d + * HP LaserJet Pro 4001de + * HP LaserJet Pro 4002ne + * HP LaserJet Pro 4002n + * HP LaserJet Pro 4002dne + * HP LaserJet Pro 4002dn + * HP LaserJet Pro 4002dwe + * HP LaserJet Pro 4002dw + * HP LaserJet Pro 4002d + * HP LaserJet Pro 4002de + * HP LaserJet Pro 4003dn + * HP LaserJet Pro 4003dw + * HP LaserJet Pro 4003n + * HP LaserJet Pro 4003d + * HP LaserJet Pro 4004d + * HP LaserJet Pro 4004dn + * HP LaserJet Pro 4004dw + * HP LaserJet Pro MFP 4101dwe + * HP LaserJet Pro MFP 4101dw + * HP LaserJet Pro MFP 4101fdn + * HP LaserJet Pro MFP 4101fdne + * HP LaserJet Pro MFP 4101fdw + * HP LaserJet Pro MFP 4101fdwe + * HP LaserJet Pro MFP 4102dwe + * HP LaserJet Pro MFP 4102dw + * HP LaserJet Pro MFP 4102fdn + * HP LaserJet Pro MFP 4102fdw + * HP LaserJet Pro MFP 4102fdwe + * HP LaserJet Pro MFP 4102fdne + * HP LaserJet Pro MFP 4102fnw + * HP LaserJet Pro MFP 4102fnwe + * HP LaserJet Pro MFP 4103dw + * HP LaserJet Pro MFP 4103dn + * HP LaserJet Pro MFP 4103fdn + * HP LaserJet Pro MFP 4103fdw + * HP LaserJet Pro MFP 4104dw + * HP LaserJet Pro MFP 4104fdw + * HP LaserJet Pro MFP 4104fdn + * HP ScanJet Pro 3600 f1 + * HP ScanJet Pro N4600 fnw1 + * HP ScanJet Pro 2600 f1 + * HP ScanJet Enterprise Flow N6600 fnw1 +- Changes from 3.22.2 + Added support for following new Distro's: + * Elementary OS 6.1 + * RHEL 8.5 + * Linux Mint 20.3 + Added support for the following new Printers: + * HP LaserJet Tank MFP 1602a + * HP LaserJet Tank MFP 1602w + * HP LaserJet Tank MFP 1604w + * HP LaserJet Tank MFP 2602dn + * HP LaserJet Tank MFP 2602sdn + * HP LaserJet Tank MFP 2602sdw + * HP LaserJet Tank MFP 2602dw + * HP LaserJet Tank MFP 2604dw + * HP LaserJet Tank MFP 2604sdw + * HP LaserJet Tank MFP 2603dw + * HP LaserJet Tank MFP 2603sdw + * HP LaserJet Tank MFP 2605sdw + * HP LaserJet Tank MFP 2606dn + * HP LaserJet Tank MFP 2606sdn + * HP LaserJet Tank MFP 2606sdw + * HP LaserJet Tank MFP 2606dw + * HP LaserJet Tank MFP 2606dc + * HP LaserJet Tank MFP 1005 + * HP LaserJet Tank MFP 1005w + * HP LaserJet Tank MFP 1005nw + * HP LaserJet Tank 1502a + * HP LaserJet Tank 1502w + * HP LaserJet Tank 1504w + * HP LaserJet Tank 2502dw + * HP LaserJet Tank 2502dn + * HP LaserJet Tank 2504dw + * HP LaserJet Tank 2503dw + * HP LaserJet Tank 2506dw + * HP LaserJet Tank 2506d + * HP LaserJet Tank 2506dn + * HP LaserJet Tank 1020 + * HP LaserJet Tank 1020w + * HP LaserJet Tank 1020nw +- Changes from 3.21.12 + Added support for following new Distro's: + * MX Linux 21 + * Elementary OS 6 + * Fedora 35 +- Drop photocard-fix-import-error-for-pcardext.patch, + because now in upstream. +- Rebase Use-lsb_release-fallback-code-if-import-distro-fails.patch, + bacause some is in upstream now. +- Reabse hplip-missing-drivers.patch javapackages-tools +- Added patches: + * 0005-Interpolate-properties-also-in-the-current-artifact.patch + + interpolate variables also in current artifactId, groupId and + version + * 0006-Test-variable-expansion-in-artifactId.patch + + test previous changes + * 0007-Test-that-we-don-t-bomb-on-relativePath.patch + + test gracious handling of empty in parent + reference of a pom file + +- Added patch: + * 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch + + make the aliases and dependencies lists so that the order is + kept + +- Added patch: + * 0003-Reproducible-exclusions-order-in-maven-metadata.patch + + sort exclusions in maven metadata + +- Modified patch: + * 0001-Make-the-alias-generation-reproducible.patch -> + 0001-Make-maven_depmap-order-of-aliases-reproducible.patch + + replace by the version of patch integrated by upstream +- Added patch: + * 0002-Do-not-bomb-on-relativePath-construct.patch + + integrated patch fixing parent recursion with empty + element + +- Upgrade to upstream version 6.2.0 + * Întegrate our changes from javapackages-6.1.0-maven-depmap.patch +- Removed patch: + * javapackages-6.1.0-maven-depmap.patch + + upstreamed +- Added patch: + * 0001-Make-the-alias-generation-reproducible.patch + + separate patch for our reproducible changes that was not + part of the integrated pull request + +- Modified patch: + * javapackages-6.1.0-maven-depmap.patch + + try to make the list of aliases more reproducible + +- Enable the tests also for older distributions +- Require python3-xml (python-xml for distributions that use + versioned modules), since module xml needed by some scripts. + less +- add zstd support to lessopen + +- Update to 643: + * Fix problem when a program piping into less reads from the tty, + like sudo asking for password (github #368). + * Fix search modifier ^E after ^W. + * Fix bug using negated (^N) search (github #374). + * Fix bug setting colors with -D on Windows build (github #386). + * Fix reading special chars like PageDown on Windows (github #378). + * Fix mouse wheel scrolling on Windows (github #379). + * Fix erroneous EOF when terminal window size changes (github #372). + * Fix compile error with some definitions of ECHONL (github #395). + * Fix crash on Windows when writing logfile (github #405). + * Fix regression in exit code when stdin is /dev/null and + output is a file (github #373). + * Add lesstest test suite to production release (github #344). + * Change lesstest output to conform with + automake Simple Test Format (github #399). + +- Update to 633 + * This release fixes a build problem found in less-632 on systems + which have termcap.h in a subdirectory (ncurses/termcap.h or + ncursesw/termcap.h). There is no functional difference between + less-632 and less-633 + +- Update to 632 (differences between 608 and 632) + * Add LESSUTFCHARDEF environment variable (github #275). + * Add # command (github #330). + * Add ^S search modifier (github #196). + * Add --wordwrap option (github #113). + * Add --no-vbell option (github #304). + * Add --no-search-headers option (github #44). + * Add --modelines option (github #89). + * Add --intr option (github #224). + * Add --proc-backspace, --proc-tab and --proc-return options (github #335). + * Add --show-preproc-errors option (github #258). + * Add LESS_LINES and LESS_COLUMNS environment variables (github #84). + * Add LESS_DATA_DELAY environment variable (github #337). + * Allow empty "lines" field in --header option. + * Update Unicode tables. + * Improve ability of ^X to interrupt F command (github #49). + * Status column (-J) shows off-screen matches. + * Parenthesized sub-patterns in searches are colored with unique colors, if supported by the regular expression library (github #196). + * Don't allow opening a tty as file input unless -f is set (github #309). + * Don't require newline input after +&... option (github #339). + * Fix incorrect handling of some Private Use Unicode characters. + * Fix ANSI color bug when overstriking with colored chars (github #276). + * Fix compiler const warning (github #279). + * Fix signal race in iread (github #280). + * Fix reading procfs files on Linux (github #282). + * Fix --ignore-case with ctrl-R (no regex) search (github #300). + * Fix bug doing repeat search after setting & filter (github #299). + * Fix bug doing repeat search before non-repeat search. + * Fix crash with -R and certain line lengths (github #338). + * Fix input of Windows dead keys (github #352). + * Don't retain search options from a cancelled search (github #302). + * Don't call realpath on fake filenames like "-" (github #289). + * Implement lesstest test suite. + * Convert function parameter definitions from K&R to C89 (github #316). +- Drop patch cve-2022-46663.patch (merged). + +- Refreshed all other patches with quilt to an uniform -p1 patch + style, which allows us to use %autosetup and simplify the spec + file a bit. + +- Update to 608: + * Add the --header option (github #43). + * Add the --no-number-headers option (github #178). + * Add the --status-line option. + * Add the --redraw-on-quit option (github #36). + * Add the --search-options option (github #213). + * Add the --exit-follow-on-close option (github #244). + * Add 'H' color type to set color of header lines. + * Add #version conditional to lesskey. + * Add += syntax to variable section in lesskey files. + * Allow option name in -- command to end with '=' in addition to '\n'. + * Add $HOME/.config to possible locations of lesskey file (github #153). + * Add $XDG_STATE_HOME and $HOME/.local/state to possible locations + of history file (github #223). + * Don't read or write history file in secure mode (github #201). + * Fix display of multibyte and double-width chars in prompt. + * Fix ESC-BACKSPACE command when BACKSPACE key does not send 0x08 + (github #188). + * Add more \k codes to lesskey format. + * Fix bug when empty file is modified while viewing it. + * Fix bug when parsing a malformed lesskey file (githb #234). + * Fix bug scrolling history when --incsearch is set (github #214). + * Fix buffer overflow when invoking lessecho with more than 63 -m/-n + options (github #198). + * Fix buffer overflow in bin_file (github #271). + * Fix bug restoring color at end of highlighted text. + * Fix bug in parsing lesskey file. + * Defer moving cursor to lower left in some more cases. + * Suppress TAB filename expansion in some cases where it doesn't make sense. + * Fix termlib detection when compiler doesn't accept + calls to undeclared functions. + * Escape filenames when invoking LESSCLOSE. + * Fix bug using multibyte UTF-8 char in search string + with --incsearch (github #273). + +- Which need one /usr/bin/which, not the package which libhugetlbfs +- Add libhugetlbfs-noexecstack.patch (bsc#1213639) +- Increase buffer size in libhugetlbfs-increase-mount-buffer.patch + as in the provided fix (bsc#1213639) + +- Add libhugetlbfs-increase-mount-buffer.patch for upstream issue gh#43 + (boo#1216576, bsc#1213639) + -- update to 2.17: - * PPC segement alignment restrictions can be disabled - * Added Aarch64 support - * Allow compiler overrides for 64 and 32 bit builds - * hugeadm now handles /etc/mtab being a simlink properly - * ppc64 fixes -- remove libhugetlbfs.ia64-libdir.patch: - ia64 is no longer supported by openSUSE -- add ignore-perl-modules.diff: do not install perl modules, unused - and are installed in the wrong place to be found anyway -- add ARM support -- add disable-rw-on-non-ldscripts.diff: Skip rw tests -- Do not install tests anymore - -- Tests compile fine for s390(x), also include them in the package, the same - way it is done for other archs as well. - libmbim +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + libosinfo -- jsc#PED-2104 [Virt Tools] Refresh Virtualization Tools for Xen +- Update to version 1.11.0 (jsc#PED-2104) + Changes in this release include: + * Several minor memory leak fixes + * Several CI improvements + * Several translations improvements +- Drop 3a0fef72.patch as it is now part of the tarball + +- jsc#PED-2113 [Virt Tools] Refresh Virtualization Tools for Xen librtas +- Update to version 2.0.5 (jsc#PED-554) + * librtas: fix buffer length determination in rtas_set_sysparm() + * librtasevent: 'format' function attribute for printf-style functions + * convert PAGE_SIZE to WORK_AREA_SIZE + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + mariadb +- Update to 10.11.6: + https://mariadb.com/kb/en/mariadb-10-11-6-release-notes/ + https://mariadb.com/kb/en/mariadb-10-11-6-changelog/ + * fixes for the following security vulnerabilities: + 10.11:6: CVE-2023-22084, (bsc#1217405) +- Refreshed patches: + * mariadb-10.4.12-fix-install-db.patch + poppler-data +- update to 0.4.12: + * updated files from the adobe-type-tools repositories + -- Update to version 0.4.5: - + New data from Adobe. - + New data from xpdf. - psmisc +- Fix version at configure time as there was no .tarball-version + rsync +- Update to latest version from Factory (3.2.7) +- Deleted the following patches, already included in that version: + - rsync-CVE-2020-14387.patch + - rsync-CVE-2022-29154-trust-sender-1.patch + - rsync-CVE-2022-29154-trust-sender-2.patch + - rsync-CVE-2022-29154.patch + - rsync-fix-delay-updates-never-updates-after-interruption.patch + +- Rename patch to follow naming patch policies: + fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch + +- Use "slp" for bcond, not "openslp", like we use for all other + packages, too. +- Disable slp patch and configure option if bcond slp is disabled. + +- add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249) + +- Disable openslp support on new distros (bsc#1214884) + +- Add support directory to %docdir. + Includes some upstream provided scripts such as rrsync. (bsc#1212198) + +- Switch rsyncd symlink to a wrapper script to allow setting a distinct + SELinux type (bsc#1209654) + +- New version fixes bug (boo#1203727): implicit containing directory + sometimes rejected as unrequested +- update to 3.2.7 + * BUG FIXES: + - Fixed the client-side validating of the remote sender's filtering behavior. + - More fixes for the "unrequested file-list name" name, including a copy of + "/" with `--relative` enabled and a copy with a lot of related paths with + `--relative` enabled (often derived from a `--files-from` list). + - When rsync gets an unpack error on an ACL, mention the filename. + - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if + "use chroot" is false). + * ENHANCEMENTS: + - Added negotiated daemon-auth support that allows a stronger checksum digest + to be used to validate a user's login to the daemon. Added SHA512, SHA256, + and SHA1 digests to MD5 & MD4. These new digests are at the highest priority + in the new daemon-auth negotiation list. + - Added support for the SHA1 digest in file checksums. While this tends to be + overkill, it is available if someone really needs it. This overly-long + checksum is at the lowest priority in the normal checksum negotiation list. + See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` + environment var for how to customize this. + - Improved the xattr hash table to use a 64-bit key without slowing down the + key's computation. This should make extra sure that a hash collision doesn't + happen. + - If the `--version` option is repeated (e.g. `-VV`) then the information is + output in a (still readable) JSON format. Client side only. + - The script `support/json-rsync-version` is available to get the JSON style + version output from any rsync. The script accepts either text on stdin + * *or** an arg that specifies an rsync executable to run with a doubled + `--version` option. If the text we get isn't already in JSON format, it is + converted. Newer rsync versions will provide more complete json info than + older rsync versions. Various tweaks are made to keep the flag names + consistent across versions. + - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" + so that rsync can use chroot when it works and a sanitized copy when chroot + is not supported (e.g., for a non-root daemon). Explicitly setting the + parameter to true or false (on or off) behaves the same way as before. + - The `--fuzzy` option was optimized a bit to try to cut down on the amount of + computations when considering a big pool of files. The simple heuristic from + Kenneth Finnegan resuled in about a 2x speedup. + - If rsync is forced to use protocol 29 or before (perhaps due to talking to an + rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync + now interprets this value as an unsigned integer so that a current year past + 2038 can continue to be represented. This does mean that years prior to 1970 + cannot be represented in an older protocol, but this trade-off seems like the + right choice given that (1) 2038 is very rapidly approaching, and (2) newer + protocols support a much wider range of old and new dates. + - The rsync client now treats an empty destination arg as an error, just like + it does for an empty source arg. This doesn't affect a `host:` arg (which is + treated the same as `host:.`) since the arg is not completely empty. The use + of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the + prior behavior of treating an empty destination arg as a ".". + * PACKAGING RELATED: + - The checksum code now uses openssl's EVP methods, which gets rid of various + deprecation warnings and makes it easy to support more digest methods. On + newer systems, the MD4 digest is marked as legacy in the openssl code, which + makes openssl refuse to support it via EVP. You can choose to ignore this + and allow rsync's MD4 code to be used for older rsync connections (when + talking to an rsync prior to 3.0.0) or you can choose to configure rsync to + tell openssl to enable legacy algorithms (see below). + - A simple openssl config file is supplied that can be installed for rsync to + use. If you install packaging/openssl-rsync.cnf to a public spot (such as + `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option + `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the + configured path in the OPENSSL_CONF environment variable (when the variable + is not already set). This will enable openssl's MD4 code for rsync to use. + - The packager may wish to include an explicit "use chroot = true" in the top + section of their supplied /etc/rsyncd.conf file if the daemon is being + installed to run as the root user (though rsync should behave the same even + with the value unset, a little extra paranoia doesn't hurt). + - I've noticed that some packagers haven't installed support/nameconvert for + users to use in their chrooted rsync configs. Even if it is not installed + as an executable script (to avoid a python3 dependency) it would be good to + install it with the other rsync-related support scripts. + - It would be good to add support/json-rsync-version to the list of installed + support scripts. + +- Use bundled SLP patch now that upstream fixed it: + * Remove rsync-3.2.5-slp.patch + +- update to 3.2.6: + * More path-cleaning improvements in the file-list validation code to avoid + rejecting of valid args. + * A file-list validation fix for a --files-from file that ends without a + line-terminating character. + * Added a safety check that prevents the sender from removing destination + files when a local copy using --remove-source-files has some files that are + shared between the sending & receiving hierarchies, including the case + where the source dir & destination dir are identical. + * Fixed a bug in the internal MD4 checksum code that could cause the digest + to be sporadically incorrect (the openssl version was/is fine). + * A minor tweak to rrsync added "copy-devices" to the list of known args, but + left it disabled by default. + +- Build SLE version with g++-11 + to work around nondeterministic g++-7 (boo#1193895) + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +- Add upstream patch rsync-3.2.5-slp.patch, as the one included in + the released tarball doesn't fully apply. +- Drop patch rsync-CVE-2022-29154.patch, already included upstream. +- Update to 3.2.5 + * SECURITY FIXES: + - Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. + - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). + * BUG FIXES: + - Fixed the handling of filenames specified with backslash-quoted wildcards + when the default remote-arg-escaping is enabled. + - Fixed the configure check for signed char that was causing a host that + defaults to unsigned characters to generate bogus rolling checksums. This + made rsync send mostly literal data for a copy instead of finding matching + data in the receiver's basis file (for a file that contains high-bit + characters). + - Lots of manpage improvements, including an attempt to better describe how + include/exclude filters work. + - If rsync is compiled with an xxhash 0.8 library and then moved to a system + with a dynamically linked xxhash 0.7 library, we now detect this and disable + the XX3 hashes (since these routines didn't stabilize until 0.8). + * ENHANCEMENTS: + - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the + extra file-list safety checking (should that be required). + * PACKAGING RELATED: + - A note to those wanting to patch older rsync versions: the changes in this + release requires the quoted argument change from 3.2.4. Then, you'll want + every single code change from 3.2.5 since there is no fluff in this release. + - The build date that goes into the manpages is now based on the developer's + release date, not on the build's local-timezone interpretation of the date. + * DEVELOPER RELATED: + - Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the + build on a host that has strlcpy() in the main libc but not defined in the + main string.h file. + - * Added patch rsync-rsync-CVE-2022-29154.patch + * Added patch rsync-CVE-2022-29154.patch + +- Removed %config flag for files in /usr directory. + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +- Update to 3.2.4 + * A new form of arg protection was added that works similarly to + the older `--protect-args` (`-s`) option but in a way that + avoids breaking things like rrsync. + * A long-standing bug was preventing rsync from figuring out the + current locale's decimal point character, which made rsync + always output numbers using the "C" locale. + * Too many changes to list, see included NEWS.md file. +- Drop rsync-CVE-2020-14387.patch, already included upstream. + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * rsyncd.service sqlite3 +- Sync version 3.44.0 from Factory + * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow + * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86. + * Obsoletes sqlite-CVE-2022-46908.patch + * Obsoletes sqlite-src-3390000-func7-pg-181.patch + squashfs +- For reference: previous updates fixed + * CVE-2021-40153 (bsc#1189936) + * CVE-2015-4645, CVE-2015-4646 (bsc#935380) + +- update to 4.6.1: + * Race condition which can cause corruption of the "fragment + table" fixed. This is a regression introduced in August 2022, + and it has been seen when tailend packing is used (-tailends option). + * Fix build failure when the tools are being built without + extended attribute (XATTRs) support. + * Fix XATTR error message when an unrecognised prefix is + found + * Fix incorrect free of pointer when an unrecognised XATTR + prefix is found. + * Major improvements in extended attribute handling, + pseudo file handling, and miscellaneous new options and + improvements + * Extended attribute handling improved in Mksquashfs and + Sqfstar + * New Pseudo file xattr definition to add extended + attributes to files. + * New xattrs-add Action to add extended attributes to files + * Extended attribute handling improved in Unsquashfs + * Other major improvements + * Unsquashfs can now output Pseudo files to standard out. + * Mksquashfs can now input Pseudo files from standard in. + * Squashfs filesystems can now be converted (different + block size compression etc) without unpacking to an + intermediate filesystem or mounting, by piping the output of + Unsquashfs to Mksquashfs. + * Pseudo files are now supported by Sqfstar. + * "Non-anchored" excludes are now supported by Unsquashfs. + +- Do not repeat openSUSE / SLE version tests +- Actually format and package the man pages + +- set LZMA_XZ_SUPPORT=1 so you can (un)squash -comp lzma images + +- update to 4.5.1 (bsc#1190531, CVE-2021-41072): + * This release adds Manpages for Mksquashfs(1), Unsquashfs(1), + Sqfstar(1) and Sqfscat(1). + * The -help text output from the utilities has been improved + and extended as well (but the Manpages are now more + comprehensive). + * CVE-2021-41072 which is a writing outside of destination + exploit, has been fixed. + * The number of hard-links in the filesystem is now also + displayed by Mksquashfs in the output summary. + * The number of hard-links written by Unsquashfs is now + also displayed in the output summary. + * Unsquashfs will now write to a pre-existing destination + directory, rather than aborting. + * Unsquashfs now allows "." to used as the destination, to + extract to the current directory. + * The Unsquashfs progress bar now tracks empty files and + hardlinks, in addition to data blocks. + * -no-hardlinks option has been implemented for Sqfstar. + * More sanity checking for "corrupted" filesystems, including + checks for multiply linked directories and directory loops. + * Options that may cause filesystems to be unmountable have + been moved into a new "experts" category in the Mksquashfs + help text (and Manpage). + * Maximum cpiostyle filename limited to PATH_MAX. This + prevents attempts to overflow the stack, or cause system + calls to fail with a too long pathname. + * Don't always use "max open file limit" when calculating + length of queues, as a very large file limit can cause + Unsquashfs to abort. Instead use the smaller of max open + file limit and cache size. + * Fix Mksquashfs silently ignoring Pseudo file definitions + when appending. + * Don't abort if no XATTR support has been built in, and + there's XATTRs in the filesystem. This is a regression + introduced in 2019 in Version 4.4. + * Fix duplicate check when the last file block is sparse. + +- update to 4.5: + * Mksquashfs now supports "Actions". + * New sqfstar command which will create a Squashfs image from a tar archive. + * Tar style handling of source pathnames in Mksquashfs. + * Cpio style handling of source pathnames in Mksquashfs. + * New option to throttle the amount of CPU and I/O. + * Mksquashfs now allows no source directory to be specified. + * New Pseudo file "R" definition which allows a Regular file + o be created with data stored within the Pseudo file. + * Symbolic links are now followed in extract files + * Unsquashfs now supports "exclude" files. + * Max depth traversal option added. + * Unsquashfs can now output a "Pseudo file" representing the + input Squashfs filesystem. + * New -one-file-system option in Mksquashfs. + * New -no-hardlinks option in Mksquashfs. + * Exit code in Unsquashfs changed to distinguish between + non-fatal errors (exit 2), and fatal errors (exit 1). + * Xattr id count added in Unsquashfs "-stat" output. + * Unsquashfs "write outside directory" exploit fixed. + * Error handling in Unsquashfs writer thread fixed. + * Fix failure to truncate destination if appending aborted. + * Prevent Mksquashfs reading the destination file. + tiff -- security update: - * CVE-2023-38289 [bsc#1213589] - + tiff-CVE-2023-38289.patch - * CVE-2023-38288 [bsc#1213590] - + tiff-CVE-2023-38288.patch - * CVE-2023-3576 [bsc#1213273] - + tiff-CVE-2023-3576.patch - * CVE-2020-18768 [bsc#1214574] - + tiff-CVE-2020-18768.patch - * CVE-2023-26966 [bsc#1212881] - + tiff-CVE-2023-26966.patch - * CVE-2023-3618 [bsc#1213274] - + tiff-CVE-2023-3618.patch - * CVE-2023-2908 [bsc#1212888] - + tiff-CVE-2023-2908.patch - * CVE-2023-3316 [bsc#1212535] - + tiff-CVE-2023-3316.patch +- Update to version 4.6.0: + * API/ABI breaks: none + * WebP decoder: validate WebP blob width, height, band count against + TIFF parameters to avoid use of uninitialized variable, or decoding + corrupted content without explicit error (fixes issue #581, issue #582). + * WebP codec: turn exact mode when creating lossless files to avoid + altering R,G,B values in areas where alpha=0 + * Fix TransferFunction writing of only two transfer functions. + * TIFFReadDirectoryCheckOrder: avoid integer overflow. When it occurs, + it should be harmless in practice though + * tiffcp: remove -i option (ignore errors) + * This version removes a big number of utilities that have suffered from + lack of maintenance over the years and were the source of various + reported security issues: + + fax2ps + + fax2tiff + + pal2rgb + + ppm2tiff + + raw2tiff + + rgb2ycbcr + + thumbnail + + tiff2bw + + tiff2rgba + + tiffcmp + + tiffcrop + + tiffdither + + tiffgt + + tiffmedian + + tiff2ps + + tiff2pdf +- Remove no longer needed tiff-4.0.3-compress-warning.patch. + +- Update to version 4.5.1: + * Definition of tags reformatted (clang-format off) for better readability of tag comments in tiff.h and tif_dirinfo.c + * Do not install libtiff-4.pc when tiff-install is reset. + * Add versioninfo resource files for DLL and tools compiled with Windows MSVC and MINGW. + * Disable clang-formatting for tif_config.h.cmake.in and tiffconf.h.cmake.in because sensitive for CMake scripts. + * CMake: make WebP component name compatible with upstream ConfigWebP.cmake + * CMake: make Findliblzma with upstream CMake config file + * CMake: FindDeflate.cmake: fix several errors (issue #526). + * CMake: FindLERC.cmake: version string return added. + * CMake: export TiffConfig.cmake and TiffConfigVersion.cmake files + * CMake: fix export of INTERFACE_INCLUDE_DIRECTORIES + * Hardcode HOST_FILLORDER to FILLORDER_LSB2MSB and make 'H' flag of TIFFOpen() to warn and an alias of FILLORDER_MSB2LSB. tif_lerc.c: use WORDS_BIGENDIAN instead of HOST_BIGENDIAN. + * Optimize relative seeking within TIFFSetDirectory() by using the learned list of IFD offsets. + * Improve internal IFD offset and directory number map handling. + * Behavior of TIFFOpen() mode "r+" in the Windows implementation adjusted to that of Linux. + * TIFFDirectory td_fieldsset type changed from unsigned long, which can be 32 or 64 bits, to uint32_t (fixes issue #484). + * tif_ojpeg.c: checking for division by zero (fixes issue #554). + * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (fixes issue #548). + * Fixed runtime error: applying zero offset to null pointer in countInkNamesString(). + * Fixing crash in TIFFUnlinkDirectory() when called with directory number zero ("TIFFUnlinkDirectory(0)") as well as fixing incorrect behaviour when unlinking the first directory. + * tif_luv: check and correct for NaN data in uv_encode() (issue #530). + * TIFFClose() avoid NULL pointer dereferencing (issue #515). + * tif_hash_set.c: include tif_hash_set.h after tif_config.h to let a chance for GDAL symbol renaming trick. + * Fax3: fix failure to decode some fax3 number_of_images and add test for Fax3 decoding issues (issue #513). + * TIFFSetDirectory() and TIFFWriteDirectorySec() avoid harmless unsigned-integer-overflow (due to gdal oss-fuzz #54311 and #54343). + * tif_ojpeg.c: fix issue #554 by checking for division by zero in OJPEGWriteHeaderInfo(). + * LZWDecode(): avoid crash when trying to read again from a strip whith a missing end-of-information marker (issue #548). +- Drop no longer needed patches: + * tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch + * tiff-CVE-2022-48281.patch + * tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch - * CVE-2023-25433 [bsc#1212883] +- Update to 4.5.0: + * tdir_t type updated to uint32_t. This type is now used for the return + value of TIFFCurrentDirectory() and TIFFNumberOfDirectories(), and as + the argument of TIFFSetDirectory() and TIFFUnlinkDirectory() + * Addition of an open option concept with the new functions TIFFOpenExt(), + TIFFOpenWExt(), TIFFFdOpenExt(), TIFFClientOpenExt(), TIFFOpenOptionsAlloc(), + TIFFOpenOptionsFree() + * Leveraging above mentioned open option concept, addition of a new capability + to limit the size of a single dynamic memory allocation done by the library + with TIFFOpenOptionsSetMaxSingleMemAlloc() + * Related to IFD-Loop detection refactoring, the number of IFDs that libtiff + can browse through has been extended from 65535 to 1048576. This value is + a build-time setting that can be configured with CMake's TIFF_MAX_DIR_COUNT + variable or autoconf's --with-max-dir-count option. + * Whole code base reformatting of .c/.h files using new .clang-format format + * Documentation changed from static HTML and man pages to + Restructured Text (rst). HTML and man pages are now build artifacts. + * SONAME version bumped to 6 due to changes in symbol versioning. + * autoconf/cmake: detect (not yet released) libjpeg-turbo 2.2 to take into + its capability of handling both 8-bit JPEG and 12-bit JPEG in a single build. + * autoconf/cmake: detect sphinx-build to build HTML and man pages + * CMakeLists.txt: fix warning with -Wdev + * CMake: correctly set default value of 'lzma' option when liblzma is detected + * CMake: Moved linking of CMath::CMath into CMath_LIBRARY check. + * Fix CMake build to be compatible with FetchContent. + * cmake: Correct duplicate definition of _CRT_SECURE_NO_WARNINGS + * cmake: Fixes for Visual Studio 2022. + * Adds Requires.private generation so that pkg-config can correctly find + the dependencies of libtiff. + * Fix dependency on libm on Android + * Fix build in tif_lzw.c + * CMake: Add options for disabling tools, tests, contrib and docs. + * tiffcrop: Fix memory allocation to require a larger buffer (CVE-2022-3570, CVE-2022-3598) + [bsc#1205422] + * tiffcrop: disable incompatibility of -Z, -X, -Y, -z options with any PAGE_MODE_x option + (CVE-2022-3627, CVE-2022-3597, CVE-2022-3626) + * tiffcrop: fix floating-point exception (CVE-2022-2056, CVE-2022-2057, CVE-2022-2058) + * _TIFFCheckFieldIsValidForCodec(): return FALSE when passed a codec-specific tag + and the codec is not configured (CVE-2022-34526) + * Revised handling of TIFFTAG_INKNAMES and related TIFFTAG_NUMBEROFINKS value (CVE-2022-3599) + * tiffcrop: -S option mutually exclusive (CVE-2022-2519, CVE-2022-2520, CVE-2022-2521) +- Drop tiff-CVE-2022-3597,CVE-2022-3626,CVE-2022-3627.patch +- Drop tiff-CVE-2022-34526.patch +- Drop tiff-CVE-2022-3599.patch +- Drop tiff-CVE-2022-3598.patch +- Drop tiff-CVE-2022-3970.patch +- Drop tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch +- Drop tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch + - * CVE-2022-3570 [bsc#1205422] - * CVE-2022-3598 [bsc#1204642] - + tiff-CVE-2022-3598,3570.patch + * CVE-2022-3970 [bsc#1205392] + + tiff-CVE-2022-3970.patch - * CVE-2022-3970 [bsc#1205392] - + tiff-CVE-2022-3970.patch + * CVE-2022-3598 [bsc#1204642] + + tiff-CVE-2022-3598.patch - * CVE-2022-2867 [bsc#1202466] - * CVE-2022-2868 [bsc#1202467] - * CVE-2022-2869 [bsc#1202468] - + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch - -- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]: - Rename tiff-CVE-2022-0561.patch to - tiff-CVE-2022-0561,CVE-2022-34266.patch - This CVE is actually a duplicate. +- update to 4.4.0: + * TIFFIsBigTiff() function added. + * Functions TIFFFieldSetGetSize() and TIFFieldSetGetCountSize() added. + * LZWDecode(): major speed improvements (~30% faster) + * Predictor 2 (horizontal differenciation): support 64-bit + * Support libjpeg 9d + * avoid hang in TIFFRewriteDirectory() if a classic file > 4 GB is attempted + to be created + * tif_jbig.c: fix crash when reading a file with multiple IFD in + memory-mapped mode and when bit reversal is needed + * TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and + size of zero + * TIFFWriteDirectoryTagData(): turn assertion on data length into a runtime + check + * TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer + and size of zero + * TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and + size of zero + * TIFFYCbCrToRGBInit(): avoid Integer-overflow + * TIFFGetField(TIFFTAG_STRIPBYTECOUNTS/TIFFTAG_STRIPOFFSETS): return error if + returned pointer is NULL (fixes #342) + * OJPEG: avoid assertion when using TIFFReadScanline() + * TIFFReadDirectory: fix OJPEG hack + * LZW codec: fix support for strips/tiles > 2 GB on Windows + * TIFFAppendToStrip(): fix rewrite-in-place logic + * Fix TIFFRewriteDirectory discarding directories. + * TIFFReadCustomDirectory(): avoid crash when reading SubjectDistance tag on + a non EXIF directory + * Fix Segmentation fault printing GPS directory if Altitude tag is present + * tif_jpeg.c: do not emit progressive scans with mozjpeg. (#266) + * _TIFFRewriteField(): fix when writing a IFD with a single tile that is a + sparse one, on big endian hosts + * Fix all remaining uses of legacy Deflate compression id and warn on use. + * CVE-2022-22844 bsc#1194539 + * CVE-2022-2867 bsc#1202466 + * CVE-2022-2868 bsc#1202467 + * CVE-2022-2869 bsc#1202468 +- drop tiff-CVE-2022-0907.patch, tiff-CVE-2022-0561.patch, tiff-CVE-2022-0562.patch, + tiff-CVE-2022-0865.patch, tiff-CVE-2022-0909.patch, tiff-CVE-2022-0924.patch, + tiff-CVE-2022-0908.patch, tiff-CVE-2022-1056,CVE-2022-0891.patch: all upstream +- add signature validation, adds tiff.keyring + +- security update: + * CVE-2022-0907 [bsc#1197070] + + tiff-CVE-2022-0907.patch + + * CVE-2022-34266 [bsc#1201723] [bsc#1201971] -- security update: Fix buffer overwrite - * CVE-2019-17546[bsc#1154365] - + tiff-CVE-2019-17546.patch -- security update: Fix heap based buffer overflow in pal2rgb - * CVE-2017-17095[bsc#1071031] - + tiff-CVE-2017-17095.patch -- security update: Fix OOB in _TIFFmemcpy - * CVE-2022-22844[bsc#1194539] - + tiff-CVE-2022-22844.patch -- security update: Fix memory allocation failure in tif_read.c - * CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809] - + tiff-CVE-2020-35521,CVE-2020-35522.patch -- security update: Fix DOS via invertImage() - * CVE-2020-19131[bsc#1190312] - + tiff-CVE-2020-19131.patch -- security update: Fix heap-based buffer overflow in TIFF2PDF tool - * CVE-2020-35524[bsc#1182812] - + tiff-CVE-2020-35524.patch -- security update: Fix integer overflow in tif_getimage - * CVE-2020-35523 [bsc#1182811] - + tiff-CVE-2020-35523.patch - -- security update: amend patch to fix test -- modified patches - % tiff-CVE-2019-14973.patch (refreshed) - -- security update: Fix integer overflow in _TIFFCheckMalloc() - * CVE-2019-14973 [bsc#1146608] - + tiff-CVE-2019-14973.patch +- switch source url to https + +- version update to 4.3.0 + * Build and usage of the library and its utilities requires a C99 + capable compiler. + * New optional codec for the LERC (Limited Error Raster Compression) + compression scheme. To have it available, configure libtiff against + the SDK available at https://github.com/esri/lerc + * Removal of unused, or now useless due to C99 availability, + functions in port/ + * tiffcmp: fix comparaison with pixels that are + fractional number of bytes + * tiff2ps: exit the loop in case of error + * tiff2pdf: check that tiff_datasize fits in a signed tsize_t + +- version update to 4.2.0 + Major changes: + * Optional support for using libdeflate is added. + * Many of the tools now support a memory usage limit. + See http://www.simplesystems.org/libtiff/v4.2.0.html for more. + * CVE-2020-35521 bsc#1182808 + * CVE-2020-35522 bsc#1182809 + * CVE-2020-35523 bsc#1182811 + * CVE-2020-35524 bsc#1182812 + +- Drop webp support as it would introduce build cycle + +- Enable zstd and webp support + +- version update to 4.1.0 + * fixes several CVEs mentioned below and more, + see ChangeLog + * CVE-2019-17546 bsc#1154365 + * CVE-2017-17095 bsc#1071031 + * CVE-2019-14973 bsc#1146608 + * CVE-2020-19131 bsc#1190312 +- deleted patches + - tiff-CVE-2018-12900.patch (upstreamed) + - tiff-CVE-2018-17000,19210.patch (upstreamed) + - tiff-CVE-2019-6128.patch (upstreamed) + - tiff-CVE-2019-7663.patch (upstreamed) +- amend tiff-CVE-2018-12900.patch: fix wrong error message + [bsc#1099257] + +- Support only SLE12+ and remove the no longer needed conditions + - * CVE-2018-18661 [bsc#1113672] - + tiff-CVE-2018-18661.patch - * CVE-2018-18557 [bsc#1113094] - + tiff-CVE-2018-18557.patch -- asan_build: build ASAN included -- debug_build: build more suitable for debugging +- upddated to 4.0.10: + * fixes several CVEs mentioned below plus CVE-2018-18557 [bsc#1113094] + and CVE-2018-18661 [bsc#1113672] and more +- removed patches + * tiff-CVE-2017-11613,CVE-2018-16335,15209.patch + * tiff-CVE-2017-18013.patch + * tiff-CVE-2017-9935,CVE-2018-17795.patch + * tiff-CVE-2018-10779.patch + * tiff-CVE-2018-10963.patch + * tiff-CVE-2018-17100.patch + * tiff-CVE-2018-17101.patch + * tiff-CVE-2018-7456.patch + * tiff-CVE-2018-8905.patch + * tiff-4.0.9-bsc1081690-CVE-2018-5784.patch - * CVE-2018-17100 [bsc#1108637] - + tiff-CVE-2018-17100.patch - * CVE-2018-17101 [bsc#1108627] - + tiff-CVE-2018-17101.patch + * CVE-2018-17100 [bsc#1108637] + + tiff-CVE-2018-17100.patch + * CVE-2018-17101 [bsc#1108627] + + tiff-CVE-2018-17101.patch + +- remove pal2rgb tool [bsc#1071031] + +- security update traceroute +- security update +- added patches + fix CVE-2023-46316 [bsc#1216591], wrapper scripts do not properly parse command lines + + traceroute-CVE-2023-46316.patch + upower +- Update to version 0.99.17 (bsc#1217052): + + New ChargeCycles D-Bus property + + New async GLib APIs + + Various fixes + xerces-c +- Fix CVE-2023-37536: an integer overflow could potentially lead to + out-of-bounds memory accesses (bsc#1216156). + * Add xerces-c-CVE-2023-37536.patch. + xxhash +- Update to release 0.8.2 + * ARM NEON speed improvements; on M1 Pro it is +20% speed for + XXH3 and XXH128 (from 30.0 GB/s to 36 GB/s). + * Added support for ARM's SVE vector extension. + * Resolved some issues with XXH3's s390x vector implementation. +- Delete xxhash-avoid-armv6-unaligned-access.patch (should be + fixed by c0dd448b), delete 836f4e735cf368542f14005e41d2f84ec29dfd60.patch + (merged), delete 15ce80f9f2760609d8cc68cea76d3f3217ab70e1.patch + aka xxhash-ppc64le-gcc7.patch (merged) + +- Add 15ce80f9f2760609d8cc68cea76d3f3217ab70e1.patch: fix build + failure on ppc64le when using gcc 7 (boo#1208794). + yast2-trans +- Update to version 84.87.20231121.7869d671a6: + * New POT for text domain 'hana-ha'. + +- Update to version 84.87.20231117.f12231d4de: + * New POT for text domain 'cc'. + +- Update to version 84.87.20231104.b73ad6fbc9: + * Translated using Weblate (Slovak) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'storage'. + * New POT for text domain 'installation'. + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * New POT for text domain 'update'. + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + +- Update to version 84.87.20231027.a9c9df2125: + * Translated using Weblate (Galician) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Macedonian) + * Translated using Weblate (Italian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Czech) + * Translated using Weblate (Czech) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * New POT for text domain 'storage'. + * New POT for text domain 'country'. + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * Translated using Weblate (French) + * New POT for text domain 'qt-pkg'. + +- Update to version 84.87.20231004.bd479b5f2d: + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + +- Update to version 84.87.20230930.5f9e01162a: + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * New POT for text domain 'storage'. + +- Update to version 84.87.20230922.91d997adab: + * New POT for text domain 'packager'. + * New POT for text domain 'iscsi-client'. + +- Update to version 84.87.20230913.43f962446c: + * Translated using Weblate (Indonesian) + * New POT for text domain 'control'. + +- Update to version 84.87.20230909.35988571be: + * Translated using Weblate (Swedish) + * Translated using Weblate (Swedish) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Russian) + +- Update to version 84.87.20230901.be24cb382f: + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * Translated using Weblate (Czech) + * Translated using Weblate (Catalan) + * New POT for text domain 'bootloader'. + * Translated using Weblate (Kurdish) + * Translated using Weblate (Kurdish) + +- Update to version 84.87.20230818.ea489402e5: + * Translated using Weblate (Latvian) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + * Translated using Weblate (Catalan) + +- Update to version 84.87.20230811.13616e3be9: + * Translated using Weblate (Georgian) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Czech) + * Translated using Weblate (Dutch) + * Translated using Weblate (Czech) + * New POT for text domain 'users'. + * New POT for text domain 'storage'. + * New POT for text domain 'sap-installation-wizard'. + * New POT for text domain 'qt-pkg'. + * New POT for text domain 'qt'. + * New POT for text domain 'pam'. + * New POT for text domain 'ncurses'. + * New POT for text domain 'migration_sle'. + * New POT for text domain 'kdump'. + * New POT for text domain 'installation'. + * New POT for text domain 'control'. + +- Update to version 84.87.20230729.64eca7e0a1: + * Translated using Weblate (Kurdish) + * Translated using Weblate (Czech) + +- Update to version 84.87.20230720.09601d9b28: + * Translated using Weblate (English (United Kingdom)) + * Translated using Weblate (English (United Kingdom)) + * Translated using Weblate (Russian) + +- Update to version 84.87.20230714.966688ddd0: + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + +- Update to version 84.87.20230708.d1de37aed1: + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Kurdish) + +- Update to version 84.87.20230630.ccfa6add46: + * Translated using Weblate (Indonesian) + * Translated using Weblate (Finnish) + +- Update to version 84.87.20230619.113a4fdc71: + * Translated using Weblate (Kurdish) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Indonesian) + * Translated using Weblate (Kurdish) + * Translated using Weblate (Kurdish) + * Translated using Weblate (Kurdish) + * Translated using Weblate (Kurdish) + * Translated using Weblate (Arabic) + * Translated using Weblate (Kurdish) + * Translated using Weblate (Italian) + * New POT for text domain 'users'. + * New POT for text domain 's390'. + * New POT for text domain 'storage'. + * New POT for text domain 'apparmor'. + +- Update to version 84.87.20230602.240a95214f: + * New POT for text domain 'control'. + * Translated using Weblate (Macedonian) + * New POT for text domain 'autoinst'. +