can be compiled
+ with CRYPTOKI_GNU. Fixes GnuTLS builds. [jsc#PED-6705]
+ * Add p11-kit-pkcs11-gnu-Enable-testing-with-p11-kit-pkcs11x.h.patch
+
-- new version 0.20.3
- * Fix problems reinitializing managed modules after fork
- * Fix bad bookeeping when fail initializing one of the modules
- * Fix case where module would be unloaded while in use [#74919]
- * Remove assertions when module used before initialized [#74919]
- * Fix handling of mmap failure and mapping empty files [#74773]
- * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
- * Require automake 1.12 or later
- * Build fixes for Windows [#76594 #74149]
-- apply patches to avoid errors from certificates with invalid public key
- (fdo#82328, bnc#890908,
- trust-Dont-use-invalid-public-keys-for-looking-up-.patch,
- trust-Print-label-of-certificate-when-complaining-.patch)
-
perl-Cpanel-JSON-XS
+- updated to 4.37
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+ 4.37 2023-07-04 (rurban)
+ - Fix NAN/INF for AIX (Tux: AIX-5.3, tested by XSven on AIX-7.3) GH #165
+ - Fix empty string result in object stringification (PR #221 jixam)
+ - Allow \' in strings when allow_singlequote is enabled (PR #217 warpspin)
+
poppler
-- security update
-- added patches
- fix CVE-2023-34872 [bsc#1213888], remote denial-of-service in OutlineItem::open in Outline.cc
- + poppler-CVE-2023-34872.patch
+- Add patch to let it build with the heavily patched tiff 4.0.9
+ we have in SLE 15:
+ * reduce-libtiff-required-version.patch
+
+- version update to 23.10.0
+ core:
+ * cairo: update type 3 fonts for cairo 1.18 api
+ * Fix crash on malformed files
+ build system:
+ * Make a few more dependencies soft-mandatory
+ * Add more supported gnupg releases
+ * Check if linker supports version scripts
+- modified patches
+ % reduce-boost-required-version.patch (refreshed)
+
+- build with gpgmepp for signing documents (bsc#1215632)
+
+- Update to version 23.09.0:
+ * core:
+ - Add Android-specific font matching functionality
+ - Fix digital signatures for NeedAppearance=true
+ - Forms: Don't look up same glyph multiple times
+ - Provide the key location for certificates you can sign with
+ - Add ToUnicode support for similarequal
+ - Fix crash on malformed files
+ * qt5:
+ - Provide the key location for certificates you can sign with
+ - Allow to force a rasterized overprint preview during PS
+ conversion
+ * qt6:
+ - Provide the key location for certificates you can sign with
+ - Allow to force a rasterized overprint preview during PS
+ conversion
+ * pdfsig:
+ - Provide the key location for certificates you can sign with
+- Changes from version 23.08.0:
+ * core:
+ - Fix GWG 19.2 - DeviceN Overprint (White)
+ - Splash: avoid bogus memory allocation size in
+ doTilingPatternFill
+ - Fix use-of-uninitialized-value in XRef
+ - Fix float-cast-overflow error in Catalog
+ - Cleanup gpgme backend code
+ - Version symbols in poppler core
+ * glib:
+ - Improve poppler_get_available_signing_certificates
+ - Add new members to PopplerCertificateInfo
+ * utils:
+ - pdftotext: small improvement to man page
+- Bump poppler_sover to 131 following upstream changes.
+
+- update to 23.07.0:
+ core:
+ * Fix reading of utf8-with-bom files
+ * Fix crash if CERT_ExtractPublicKey doesn't return a public
+ key
+ * Fix rendering of some malformed documents. Issue #1395
+ * Allow for stream compression and compress font streams in
+ forms Remove method Hints::getPageRanges
+ qt5:
+ * Fix crash when overprint preview is enabled
+ * Don't fail signature basics tests if backend is not
+ configured
+ qt6:
+ * Fix crash when overprint preview is enabled
+ * Don't fail signature basics tests if backend is not
+ configured
+ utils:
+ * pdfsig: Allow showung and selecting signature backend
+ * pdfsig: Describe signature dump format in manual page
+
+- update to 23.06.0 (bsc#1212255):
+ * CairoOutputDev: Fix crash when doing type3 rendering
+ * Fix crash with unknown signature hashing algorithms
+ * Add gpgme backend for signature handling
+ * FontInfo: Make it return proper information about font
+ substitution
+ * FontInfo: Try harder to get Type 3 font name
+ * Store embedded fonts widths table in a more effective manner
+ * Skip font lookup for nonprintable characters
+ * Fix crash on malformed files
+ * Add API to allow selecting signature backend (nss or gpgme)
+ * Convert embedded files to bytearray a bit smarter
+
+- update to 23.05.0:
+ * Fix crash when filling some forms
+ * Set SigFlags when signing unsigned signature
+ * Add some infrastructure code to support multiple signing
+ backends
+ * Fix potential stack overflow in PostScriptFunction::parseCode
+ * Fix some minor uninitialised memory reads
+
+- update to 23.04.0:
+ * Fix memory issue when signing fails. Issue #1372
+ * Internal improvements of signature related code
+ * CairoOutputDev: improve type3 font rendering
+ * Fix memory leak in
+ GlobalParams::findSystemFontFileForFamilyAndStyle
+ * pdftocairo: Fix crash in some special situations
+ * pdfsig: allow holes in -dump signature list
+ * pdfsig: Support --help
+
+- update to 23.03.0:
+ core:
+ * PngWriter: Fix potential uninitialized memory use
+
+- Update to version 23.02.0:
+ + core:
+ * CairoOutputDev:
+ . Fix rendering of color type 3 fonts
+ . Add handling matte entry
+ * Fix segfault on wrong nssdir
+ * Fix "NSS could not shutdown"
+ + utils: pdfsig: Point out supports PKCS#11 URIs as nickname
postfix
+- (bsc#1218304) VUL-0: postfix: new SMTP smuggling attack
+ (bsc#1218314) SMTP Smuggling - Spoofing E-Mails Worldwide
+ Apply patch containing the feature smtpd_forbid_unauth_pipelining
+ as default yes.
+ add patch:
+ postfix-3.7-patch06
+- Security: the Postfix SMTP server optionally disconnects remote
+ SMTP clients that violate RFC 2920 (or 5321) command pipelining
+ constraints. The server replies with "554 5.5.0 Error: SMTP protocol
+ synchronization" and logs the unexpected remote SMTP client input.
+ Specify "smtpd_forbid_unauth_pipelining = yes" to enable.
+- Workaround to limit collateral damage from OS distributions that
+ crank up security to 11, increasing the number of plaintext email
+ deliveries. This introduces basic OpenSSL configuration file support,
+ with two new parameters "tls_config_file" and "tls_config_name".
+ Details are in the postconf(5) manpage under "tls_config_file" and
+ "tls_config_name".
+
python-pip
+- Add CVE-2023-5752-r-param-hg.patch to fix bsc#1217353
+ (CVE-2023-5752) avoiding injection of arbitrary configuration
+ through Mercurial parameter.
+
python3-cryptography
+- Add CVE-2023-49083.patch to fix A null-pointer-dereference and
+ segfault could occur when loading certificates from a PKCS#7 bundle.
+ bsc#1217592
+
sg3_utils
+- Make sure initrd is rebuilt when sg3_utils is updated
+ (bsc#1215772)
+
+- Update to version 1.47+15.b6898b8:
+ * rescan-scsi-bus.sh: remove /tmp/rescan-scsi-mpath-info.txt
+ (gh#doug-gilbert/sg3_utils#44)
+ * rescan_scsi_bus.sh: fix multipath issue when called with -s and
+ without -u (bsc#1215720, bsc#1216355)
+
webkit2gtk3
+- Update to version 2.42.4 (boo#1218032):
+ + Fix incorrect random images incorrectly displayed as
+ backgrounds of elements.
+ + Fix videos displayed aliased after being resized e.g. in
+ YouTube.
+ + Fix several crashes and rendering issues.
+ + Security fixes: CVE-2023-42883.
+
+- Update to version 2.42.3 (boo#1217844):
+ + Fix flickering while playing videos with DMA-BUF sink.
+ + Fix color picker being triggered in the inspector when typing
+ "tan".
+ + Do not special case the "sans" font family name.
+ + Fix build failure with libxml2 version 2.12.0 due to an API
+ change.
+ + Fix several crashes and rendering issues.
+ + Security fixes: CVE-2023-42916, CVE-2023-42917.
+
- boo#1215868 boo#1215869 boo#1215870):
+ boo#1215868 boo#1215869 boo#1215870 boo#1218033):
- + Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-32359.
+ + Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-32359,
+ CVE-2023-42890.
wireless-regdb
+- Define %{_firmwaredir} if not defined. This fixes RPM build errors.
+
+- Update to version 20230901:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
+
+- Update to version 20230721:
+ * wireless-regdb: Update regulatory info for Türkiye (TR)
+ * wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
+
+- Update to version 20230601:
+ * wireless-regdb: Update regulatory rules for Philippines (PH)
+
+- Update to version 20230503:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory rules for Hong Kong (HK)
+ * wireless-regdb: update regulatory rules for India (IN)
+ * wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
+ * Update regulatory info for Russia (RU) on 6GHz
+
+- Update to version 20230213:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
+
+- Update to version 20221205:
+ * wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
+ * wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
+
+- Update to version 20221012:
+ * wireless-regdb: update regulatory rules for Switzerland (CH)
+ * wireless-regdb: Update regulatory rules for Brazil (BR)
+
+- Update to version 20220812:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: update 5 GHz rules for PK and add 60 GHz rule
+ * wireless-regdb: add 5 GHz rules for GY
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Unify 6 GHz rules for EU contries
+ * wireless-regdb: Remove AUTO-BW from 6 GHz rules
+ * wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
+ * Regulatory update for 6 GHz operation in FI
+ * Regulatory update for 6 GHz operation in United States (US)
+ * Regulatory update for 6 GHz operation in Canada (CA)
+
+- Update to version 20220606:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Unify 6 GHz rules for EU contries
+ * wireless-regdb: Remove AUTO-BW from 6 GHz rules
+
+- Update to version 20220527:
+ * wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
+ * Regulatory update for 6 GHz operation in FI
+ * Regulatory update for 6 GHz operation in United States (US)
+ * Regulatory update for 6 GHz operation in Canada (CA)
+
+- Update to version 20220408:
+ * wireless-regdb: add db files missing from previous commit
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory rules for Australia (AU)
+ * wireless-regdb: add missing spaces for US S1G rules
+
+- Update to version 20220324:
+ * wireless-regdb: Update regulatory rules for Israel (IL)
+
+- Update to version 20220218:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
+ * wireless-regdb: Update regulatory rules for China (CN)
+ * wireless-regdb: Update regulatory rules for South Korea (KR)
+ * Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
+ * wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
+ * wireless-regdb: add 802.11ah bands to world regulatory domain
+ * wireless-regdb: add support for US S1G channels
+ * wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
+ * wireless-regdb: Update regulatory rules for South Korea (KR)
+
+- Update to version 20220108:
+ * wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
+
+- Update to version 20211209:
+ * wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
+
+- Update to version 20210828:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * Update regulatory rules for Ecuador (EC)
+ * wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
+ * wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
+ * wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
+ * wireless-regdb: recent FCC report and order allows 5850-5895 immediately
+ * wireless-regdb: update 5725-5850 MHz rule for GB
+
+- Update to version 20210421:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: re-add source url and info for CU
+
+- Update to version 20210407:
+ * wireless-regdb: Update regulatory rules for Cuba (CU) on 5GHz
+ * wireless-regdb: Do not hardcode 'sforshee' in the certificate commonName
+
+- Update to version 20210129:
+ * wireless-regdb: Update regulatory rules for Ukraine (UA)
+ * wireless-regdb: update CNAF regulation url for ES
+
+- leverage %{_firmwaredir} to install firmware into correct location (boo#1029961)
+
+- Update to version 20201120:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
+ * wireless-regdb: update 5.8 GHz regulatory rule for GB
+ * wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
+ * wireless-regdb: Update regulatory rules for Croatia (HR)
+ * wireless-regdb: restore channel 12 & 13 limitation in the US
+ * wireless-regdb: update regulatory rules for Egypt (EG)
+
+- Fixes for %_libexecdir changing to /usr/libexec
+
+- Update to version 20200429:
+ * wireless-regdb: update regulatory database based on preceding changes
+ * wireless-regdb: update rules for US on 2.4/5G
+ * GB: Extend to cover DMG channels 5 & 6
+ * wireless-regdb: Update regulatory rules for Singapore (SG)
+ * wireless-regdb: Update regulatory rules for Indonesia (ID)
+
+- Update to version 20191029:
+ * regdb: fix compatibility with python2
+ * wireless-regdb: Update regulatory rules for Russia (RU)
+ * wireless-regdb: Harmonize ranges of CEPT countries (stand of July 2019)
+ * wireless-regdb: Fix ranges of EU countries as they are harmonized since 2014
+ * wireless-regdb: Extend 5470-5725 MHz range to 5730 MHz for Taiwan (TW)
+ * wireless-regdb: Fix overlapping ranges for Switzerland and Liechtenstein
+ * wireless-regdb: update regulatory database based on preceding changes
+- Switch to _service
+- Update project url
+
xfsprogs
+- update to v6.5.0 (bsc#1217575, bsc#1217576):
+ - libxfs: fix atomic64_t detection on x86_32
+ - libxfs: use XFS_IGET_CREATE when creating new files
+ - libfrog: fix overly sleep workqueues
+ - xfs_db: use directio for device access
+ - libxfs: make platform_set_blocksize optional with directio
+ - mkfs: add a config file for 6.6 LTS kernels
+ - mkfs: enable reverse mapping by default
+ - mkfs: enable large extent counts by default
+ - xfs_db: create unlinked inodes
+ - xfs_db: dump unlinked buckets
+ - xfsprogs: don't allow udisks to automount XFS filesystems with no prompt
+ - xfs_repair: fix repair failure caused by dirty flag being abnormally set on buffer
+- drop:
+ - 0001-repair-shift-inode-back-into-place-if-corrupted-by-b.patch
+ - xfsprogs-mkfs-disable-reflink-support-by-default.patch
+ - xfsprogs-mkfs-don-t-trample-the-gid-set-in-the-protofile.patch
+ - xfsprogs-mkfs-enable-bigtime-by-default.patch
+ - xfsprogs-mkfs-prevent-corruption-of-passed-in-suboption-strin.patch
+ - xfsprogs-mkfs-terminate-getsubopt-arrays-properly.patch
+ - xfsprogs-xfs_repair-ignore-empty-xattr-leaf-blocks.patch
+- mkfs: disable inobtcnt and nrext64 features by default
+ - add xfsprogs-mkfs-disable-inobtcnt-and-nrext64-features-by-defaul.patch
+
xorg-x11-server
+- Add missing fixes on U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
+ (bsc#1217765).
+
+- U_bsc1217765-Xi-allocate-enough-XkbActions-for-our-buttons.patch
+ * Out-of-bounds memory write in XKB button actions (CVE-2023-6377,
+ ZDI-CAN-22412, ZDI-CAN-22413, bsc#1217765)
+- U_bsc1217766-randr-avoid-integer-truncation-in-length-check-of-Pr.patch
+ * Out-of-bounds memory read in RRChangeOutputProperty and
+ RRChangeProviderProperty (CVE-2023-6478, ZDI-CAN-22561,
+ bsc#1217766)
+
xscreensaver
+- Update xscreensaver-disable-upgrade-nagging-message.patch to
+ cover new messages. (boo#1206345, bsc#1217318)
+
yast2-bootloader
-- support 32 bit UEFI firmware on x86_64/i386 architecture (bsc#1208003,
- jsc#PED-2569)
-- 4.6.3
+- Backport:
+-- support 32 bit UEFI firmware on x86_64/i386 architecture
+ (bsc#1208003, jsc#PED-2569)
+- 4.6.4
-- Persist zfcp.allow_lun_scan kernel option for s390 arch
- (needed for gh#openSUSE/agama#626).
-- 4.6.2
+- Branch package for SP6 (bsc#1208913)
-- 4.6.1
-
-- Bump version to 4.6.0 (bsc#1208913)
+- 4.5.9
yast2-network
+- Read all the driver modules from hwinfo instead of just the first
+ driver ones (bsc#1217652).
+- 4.6.7
+
yast2-s390
-- Fix detection of the zFCP controller running mode to check
- whether the controller is doing auto LUN scan (related to
- gh#openSUSE/agama#634).
-- 4.6.4
+- onpanic: add support for multipathed zfcp-attached SCSI disks
+ (bsc#1020336, also related to bsc#1216257).
+- 4.6.5
-- Add info about allow_lun_scan option (related to
- gh#openSUSE/agama#626).
-- 4.6.3
-
-- Expose zFCP core functionallity (related to
- gh#openSUSUE/agama#594)
-- 4.6.2
+- Branch package for SP6 (bsc#1208913)
-- 4.6.1
-
-- Bump version to 4.6.0 (bsc#1208913)
+- 4.5.3
zbar
+- security update:
+ * CVE-2023-40889 [bsc#1214770]
+ Fix heap based buffer overflow in qr_reader_match_centers()
+ + zbar-CVE-2023-40889.patch
+ * CVE-2023-40890 [bsc#1214771]
+ Fix stack based buffer overflow in lookup_sequence()
+ + zbar-CVE-2023-40890.patch
+