Removed rpms ============ - glibc-locale-base-32bit - libavahi-common3-32bit - libcrypt1-32bit - libcups2-32bit - libndr-krb5pac0-32bit - libndr-standard0-32bit - libopenssl1_1-32bit - libsamdb0-32bit - libsystemd0-32bit - perl-base-32bit - libavahi-client3-32bit - libbz2-1-32bit - libhogweed4-32bit - libmount1-32bit - libsamba-errors0-32bit - libudev1-32bit - libuuid1-32bit - openslp-32bit - samba-libs-32bit - samba-winbind-32bit - systemd-32bit - typelib-1_0-Flatpak-1_0 Added rpms ========== - glibc-locale-base-32bit - libavahi-client3-32bit - libbz2-1-32bit - libhogweed4-32bit - libmount1-32bit - libsamba-errors0-32bit - libudev1-32bit - libuuid1-32bit - openslp-32bit - samba-libs-32bit - samba-winbind-32bit - systemd-32bit - libSPIRV-Tools-suse15 - libavahi-common3-32bit - libcrypt1-32bit - libcups2-32bit - libglslang-suse9 - libndr-krb5pac0-32bit - libndr-standard0-32bit - libopenssl1_1-32bit - libplacebo43 - libsamdb0-32bit - libshaderc_shared1 - libsystemd0-32bit - libwoff2common1_0_2 - libwoff2dec1_0_2 - openSUSE-signkey-cert - perl-base-32bit Package Source Changes ====================== ImageMagick + fix CVE-2021-20309 [bsc#1184624], Division by zero in WaveImage() of MagickCore/visual-effects.c + + ImageMagick-CVE-2021-20309.patch + fix CVE-2021-20311 [bsc#1184626], Division by zero in sRGBTransformImage() in MagickCore/colorspace.c + + ImageMagick-CVE-2021-20311.patch + fix CVE-2021-20312 [bsc#1184627], Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c + + ImageMagick-CVE-2021-20312.patch + fix CVE-2021-20313 [bsc#1184628], Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c + + ImageMagick-CVE-2021-20313.patch + +- security update +- added patches MozillaFirefox +- Firefox Extended Support Release 78.10.0 ESR + * Fixed: Various stability, functionality, and security fixes +- Mozilla Firefox ESR 78.10 + MFSA 2021-15 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + MozillaThunderbird +- Mozilla Thunderbird 78.10 + * fixed: Usability & theme improvements on Windows + * fixed: Various security fixes + MFSA 2021-14 (bsc#1184960) + * CVE-2021-23994 (bmo#1699077) + Out of bound write due to lazy initialization + * CVE-2021-23995 (bmo#1699835) + Use-after-free in Responsive Design Mode + * CVE-2021-23998 (bmo#1667456) + Secure Lock icon could have been spoofed + * CVE-2021-23961 (bmo#1677940) + More internal network hosts could have been probed by a + malicious webpage + * CVE-2021-23999 (bmo#1691153) + Blob URLs may have been granted additional privileges + * CVE-2021-24002 (bmo#1702374) + Arbitrary FTP command execution on FTP servers using an + encoded URL + * CVE-2021-29945 (bmo#1700690) + Incorrect size computation in WebAssembly JIT could lead to + null-reads + * CVE-2021-29946 (bmo#1698503) + Port blocking could be bypassed + * CVE-2021-29948 (bmo#1692899) + Race condition when reading from disk while verifying + signatures + +- Mozilla Thunderbird 78.9.1 + * new: Support recipient aliases for OpenPGP encryption. + Documentation can be found https://wiki.mozilla.org/ + Thunderbird:OpenPGP:Aliases. + * fixed: The key and signature parts of the message security + popup on a received message could not be selected for + copy/paste. + * fixed: Various UX and theme improvements + MFSA 2021-13 (bsc#1184536) + * CVE-2021-23991 (bmo#1673240) + An attacker may use Thunderbird's OpenPGP key refresh + mechanism to poison an existing key + * MOZ-2021-23992 (bmo#1666236) + A crafted OpenPGP key with an invalid user ID could be used + to confuse the user + * CVE-2021-23993 (bmo#1666360) + Inability to send encrypted OpenPGP email after importing a + crafted OpenPGP key + +- Mozilla Thunderbird 78.9 + * fixed: New mail notification displayed old messages that were + unread + * fixed: Spaces following soft line breaks in messages using + quoted-printable and format=flowed were incorrectly encoded; + existing messages which were previously incorrectly encoded + may now display with some words not separated by a space + * fixed: Some fields were unreadable in the Dark theme in the + General preferences panel + * fixed: Sending a message containing an anchor tag with an + invalid data URI failed + * fixed: When switching tabs, input focus was not moved to the + new tab + * fixed: Address Book: Syncing a read-only Google address book + via CardDAV failed + * fixed: Address Book: Importing VCards with non-ascii + characters would fail + * fixed: Address Book: Some values may not have been parsed + when syncing from Google address books. + * fixed: Add-ons Manager did not show if an addon used + experiment APIs + * fixed: Calendar: Removing a recurring task was not possible + * fixed: Various security fixes + MFSA 2021-12 (bsc#1183942) + * CVE-2021-23981 (bmo#1692832) + Texture upload into an unbound backing buffer resulted in an + out-of-bound read + * MOZ-2021-0002 (bmo#1691547) + Angle graphics library out of date + * CVE-2021-23982 (bmo#1677046) + Internal network hosts could have been probed by a malicious + webpage + * CVE-2021-23984 (bmo#1693664) + Malicious extensions could have spoofed popup information + * CVE-2021-23987 (bmo#1513519, bmo#1683439, bmo#1690169, + bmo#1690718) + Memory safety bugs fixed in Thunderbird 78.9 +- cleaned up and fixed mozilla.sh.in for wayland (boo#1177542) + NetworkManager +- Add nm-fix-dhcp-client-timeout.patch: Better handle dhclient's + timeout so that a recorded lease can be used when dhcp server + is down(glfo#NetworkManager/NetworkManager!811, bsc#1183202). +- Modified NetworkManager.conf: Use dhclient as the default dhcp + client(glfo#NetworkManager/NetworkManager!811, bsc#1183202). + +- Add NM-restore-MAC-on-release-only-when-cloned.patch: bond: + restore MAC on release only when there is a cloned MAC address + (glfo#NetworkManager/NetworkManager!775, bsc#1183967). + avahi +- Add avahi-CVE-2021-3468.patch: avoid infinite loop by handling + HUP event in client_work (boo#1184521 CVE-2021-3468). + https://github.com/lathiat/avahi/pull/330 + bzip2 -- update bzip2-1.0.6-CVE-2019-12900.patch to accept as many - selectors as the file format allows. This relaxes the previous - fix for CVE-2019-12900 so that bzip2 allows decompression of bz2 - files that use (too) many selectors again. It fixes a bzip2 and - lbzip2 incompatibility caused by previous patch [bsc#1139083] - [CVE-2019-12900] - -- add bzip2-1.0.6-CVE-2019-12900.patch to fix an out-of-bounds - write in decompress.c when there are many nSelectors used in a - loop to access selectorMtf [bsc#1139083] [CVE-2019-12900] - -- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after - free vulnerability that was reported in bzip2recover [bsc#985657] - [CVE-2016-3189] - -- Update autotools patchset: - D bzip2-1.0.6-autoconfiscated.patch - A bzip2-1.0.6.2-autoconfiscated.patch - -- Use %license (boo#1082318) - -- Fix build on Fedora and Mageia - -- Update bzip2-1.0.6-autoconfiscated.patch: - * Bump version to 1.0.6. - * Fix script symlinks on platforms with EXEEXT. - -- Drop implicit pie building -- Try profiled build -- Move autoreconf to build section - -- cleanup with spec-cleaner - -- add bzip2-1.0.6-bzgrep_return_value.patch to fix bzgrep wrapper - that always returns 0 as an exit code when grepping multiple - archives [bsc#970260] - -- Remove bzip2-faster.patch, it causes a crash with libarchive and - valgrind points out uninitialized memory. See - https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576 - -- Avoid noarch sub package in SLE_11 - -- Cleanup a bit. -- Remove the profiling stuff as it should not be used nowdays. - At least even factory builds without it. -- Provide libbz2.so.1.0 as other distros do, so we can run tiny - things like steam. -- Respect cflags again, borked by previous commit. - -- build with PIE - -- fix basisms in bzgrep and bznew -- add patches: - * bzip2-1.0.6-fix-bashisms.patch - ceph +- Update to 15.2.11-83-g8a15f484c2: + + (bsc#1184231) cephadm: Allow to use paths in all <_devices> drivegroup sections + +- Update to 15.2.11-82-g7c6356e178: + + upstream Octopus v15.2.11 release + see https://ceph.io/releases/v15-2-11-octopus-released/ + * (bsc#1183074) - (CVE-2021-20288) ceph: Unauthorized global_id reuse + + cephadm: Update Grafana container image from 7.0.3 to 7.3.1 + +- Update to 15.2.10-81-g29303934a5: + + upstream Octopus v15.2.10 release, see https://ceph.io/releases/v15-2-10-octopus-released/ + * bluestore: fix huge reads/writes at BlueFS (bsc#1183899) + +- Update to 15.2.9-83-g4275378de0: + + cephadm: fix 'inspect' and 'pull' (bsc#1182766) + +- Update to 15.2.9-82-gee18977364: + + upstream Octopus v15.2.9 release, see https://ceph.io/releases/v15-2-9-octopus-released/ + * (bsc#1179997) (CVE-2020-27839) mgr/dashboard: Use secure cookies to store JWT Token + * (bsc#1178905) (CVE-2020-25678) Do not add sensitive information in Ceph log files + * (bsc#1172926) mgr/orchestrator: Sort 'ceph orch device ls' by host + * (bsc#1176390, bsc#1176679) mgr/dashboard: enable different URL for users + of browser to Grafana + * (bsc#1176489) mgr/cephadm: lock multithreaded access to OSDRemovalQueue + * (bsc#1176828) cephadm: command_unit: call systemctl with verbose=True + * (bsc#1177360) cephadm: silence "Failed to evict container" log msg + * (bsc#1177857) mgr/cephadm: upgrade: fail gracefully, if daemon redeploy fails + * (bsc#1178837) rgw: cls/user: set from_index for reset stats calls + * (bsc#1178860) mgr/dashboard: Disable TLS 1.0 and 1.1 + * (bsc#1178932, bsc#1179569) cephadm: reference the last local image by digest + cifs-utils +- cifs.upcall: fix regression in kerberos mount; (bsc#1184815). + * add 0015-cifs.upcall-fix-regression-in-kerberos-mount.patch + +- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in + container; (bsc#1183239); CVE-2021-20208. + cups +- When cupsd creates directories with specific owner group + and permissions (usually owner is 'root' and group matches + "configure --with-cups-group=lp") specify same owner group and + permissions in the RPM spec file to ensure those directories + are installed by RPM with the right settings because if those + directories were installed by RPM with different settings then + cupsd would use them as is and not adjust its specific owner + group and permissions which could lead to privilege escalation + from 'lp' user to 'root' via symlink attacks e.g. if owner is + falsely 'lp' instead of 'root' CVE-2021-25317 (bsc#1184161) + cups-filters +- fix_upstream_issue348.patch fixes + https://github.com/OpenPrinting/cups-filters/issues/348 + foomatic-rip segfaults with 'job-sheets=none,none' + but works with 'job-sheets=none' + (bsc#1182893) + dhcp +- bsc#1185157: + Use /run instead of /var/run for PIDFile in dhcrelay.service. + dracut +- Update to version 049.1+suse.187.g63c1504f: + * fix(shutdown): add timeout to umount calls (bsc#1178219) + e2fsprogs +- Remove autoreconf call from e2fsprogs.spec (bsc#1183791) + flatpak +- Update to version 1.10.2: + + This is a security update which fixes a potential attack where + a flatpak application could use custom formated .desktop files + to gain access to files on the host system. + + Fix memory leaks + + Some test fixes + + Documentation updates + + G_BEGIN/END_DECLS added to library headders for c++ use + + Fix for X11 cookies on OpenSUSE + + Spawn portal better handles non-utf8 filenames + +- Flatpak only requires glib 2.44, not 2.60 +- Update ostree version required to 2020.8 + +- Update to version 1.10.1: + + Fix flatpak build on systems with setuid bwrap + + Fix some compiler warnings + + Fix crash on updating apps with no deploy data + + Updated translations. +- Remove deprecated texinfo packaging macros. +- Switch to upstream release tarball. + +- Update to version 1.10.0: + + The major new feature in this series compared to 1.8 is the + support for the new repo format which should make updates + faster and download less data. + + The systemd generator snippets now call flatpak + - -print-updated-env in place of a bunch of shell for better + login performance. + + The .profile snippets now disable GVfs when calling flatpak to + avoid spawning a gvfs daemon when logging in via ssh. + + Build fixes for GCC 11. + + Flatpak now finds the pulseaudio sockets better in uncommon + configurations. + + Sandboxes with network access it now also has access to the + systemd-resolved socket to do dns lookups. + + Flatpak supports unsetting env vars in the sandbox using + - -unset-env, and --env=FOO= now sets FOO to the empty string + instead of unsetting it. + + Similarly the spawn portal has an option to unset an env var. + + The spawn portal now has an option to share the pid namespace + with the sub-sandbox. + +- Update to version 1.8.5 (CVE-2021-21261): + + This is a security update that fixes a sandbox escape where a + malicious application can execute code outside the sandbox by + controlling the environment of the "flatpak run" command when + spawning a sub-sandbox (boo#1180996) + +- Update to version 1.8.4: + + Fix support for ppc64. + +- Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, + allow to remove python3 dependency on main package. + +- Enable LTO (boo#1133124) as gobject-introspection works fine with LTO. + +- Update to version 1.8.3: + + Fixed progress reporting for OCI and extra-data. + + The in-memory summary cache is more efficient. + + Fixed authentication getting stuck in a loop in some cases. + + Fixed authentication error reporting. + + We now extract OCI info for runtimes as well as apps. + + Fixed crash if anonymous authentication fails and -y is + specified. + + flatpak info now only looks at the specified installation if + one is specified. + + Better error reporting for server HTTP errors during download. + + Uninstall now removes applications before the runtime it + depends on. + + Fixed test-suite to pass with the latest OSTree version. + + Fixed dbus environment variables in flatpak enter. + + Avoid updating metadata from the remote when uninstalling. + + Fixed error message handling in various places. + + FlatpakTransaction now verifies all passed in refs to avoid. + + potential issues with invalid names. + + Updated translations. + +- Update to version 1.8.2: + + Added validation of collection id settings for remotes. + + Fix seccomp filters on s390. + + Robustness fixes to the spawn portal. + + Fix support for masking update in the system installation. + + Better support for distros with uncommon models of merged /usr. + + Cache responses from localed/AccountService. + + Fix hangs in cases where xdg-dbus-proxy fails to start. + + Fix double-free in cups socket detection. + + OCI authenticator now doesn't ask for auth in case of http + errors. + +- Fix invalid usage of %{_libexecdir} to reference systemd + directories. + +- Update to version 1.8.1: + * Avoid calling authenticator in update if ref didn't change + * Don't fail transaction if ref is already installed (after + transaction start) + * Fix flatpak run handling of userns in the --device=all case + * Fix handling of extensions from different remotes + * Fix flatpak run --no-session-bus + * Updated translations +- Update to version 1.8.0: + * FlatpakTransaction has a new signal "install-authenticator" + which clients can handle to install authenticators needed for + the transaction. This is done in the CLI commands. + * We now always expose the host timezone data, allowing us the + expose the host /etc/localtime in a way that works better, + fixing several apps that had timezone issues. + * Fix flatpak enter which didn't work in some cases. + * We now ship a systemd unit (not installed by default) to + automatically detect plugged in usb sticks with sideload repos. + * By default we no longer install the gdm env.d file, as the + systemd generators work better. + * create-usb now exports partial commits by default + * Fix handling of docker media types in oci remotes + * Fix subjects in remote-info --log output +- Remove source file used to generate a flatpak user on the system + since it's now included by upstream: + * system-user-flatpak.conf + +- Fixes for %_libexecdir changing to /usr/libexec + +- Update to version 1.6.4: + + This release backports some of the OCI authenticator fixes from + the 1.7 series, and should now be able to host flatpak images + on e.g. docker hub. + + Other changes: + - Fix a use-after free in libflatpak. + - Don't list p2p downgrades in list of available updates. + +- jsc#SLE-7171 giflib +- Enable Position Independent Code and inherit CFLAGS from the build system. + * Added giflib-PIE.patch (bsc#1184123). + -- Update to new upstream release 5.0.4 - * Fix for a rare misrendering bug when a GIF overruns the - decompression-code table. -- Make patches have -p1, as requested by - http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines - -- Added url as source. - Please see http://en.opensuse.org/SourceUrls - -- add giflib-automake-1_13.patch, fix build with automake-1.13.1 - -- Remove "Obsoletes: giflib", because libgif6 must not obsolete - libgif4 (it would do that by way of libgif4's "Provides: giflib"). - -- Adjust baselibs.conf for libgif6, remove libungif rpm symbols - since they are now no longer provided. - -- Version 5.0.3 - * The library is now purely reentrant and thread-safe - * Adds an EGifSetGifVersion() entry point - * All names of exported functions now have a Gif, DGif, or EGif prefix. -- packaging changes: - * soname is now libgif6 - * Compatibility with ancient "libungif" via rpm spec file hacks - is no longer included, if there is any application around - that still requires this it has to be fixed. - -- Remove redundant tags/sections - -- annotate functions from gif_lib_private.h with visibility - hidden so they are not exported. - -- add libtool as buildrequire to make the spec file more reliable - -- Correct project URL -- Implement shlib naming (libgif4) -- Apply packaging guidelines (remove redundant/obsolete - tags/sections from specfile, etc.) - -- Do not use __Date__ and __TIME__ , make build-compare - happier - -- add baselibs.conf as a source - gnome-session +- Add gnome-session-exit-when-lost-name-on-bus.patch: gnome-session + exit immediately when lost name on bus + (bsc#1175622 glgo!GNOME/gnome-session!60). + gnome-shell-extension-desktop-icons +- Add desktop-icons-show-iso-file-icon.patch: Show ISO file icon as + default icon. + (bsc#1183504 glgo#GNOME/World/ShellExtensions/desktop-icons!196) + gpgme +- Fix t-json test in SP3: https://dev.gnupg.org/T4820 [bsc#1183801] + * tests/json: Bravo key does not have secret key material + * tests/json: Do not check for keygrip of pubkeys + * core: Make sure the keygrip is available in WITH_SECRET mode +- Add gpgme-test-json.patch + gzip +- fix DFLTCC segfault [bsc#1177047] +- added patches + fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc + + gzip-1.10-fix-DFLTCC-segfault.patch + irqbalance +- not balancing interrupts in Xen guests (bsc#1178477, bsc#1183405) + A procinterrupts-check-xen-dyn-event-more-flexible.patch + kimageformats +- Add patch to fix OOB write (oss-fuzz#33742): + * 0001-xcf-Fix-Stack-buffer-overflow-WRITE-on-broken-files.patch + kyotocabinet +- Add yet an other patch kyotocabinet-pie.patch + * link all executables as pie (bsc#1185033) + +- Update to version 1.2.77: + * kcthread.cc (CondVar::wait): a bug on Win32 was fixed. + * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating + existing records was fixed. + * kcdb.h (DB::check): new function. +- Drop no longer needed gcc6-fix-errors.patch +- Modernise spec file + -- update version 1.2.76 - * kcthread.cc (CondVar::wait): a bug on Win32 was fixed. - * kcdbext.h (IndexDB::set, IndexDB::replace): a bug of updating existing records was fixed. - * kcdb.h (DB::check): new function. - -- Make kyotocabinet installation work on SLE_11 - -- Remove redundant tags/sections per specfile guideline suggestions -- Add autotools BuildRequires for factory/12.2 - -- updated to 1.2.52 - -- updated to 1.2.50 - -- created package (version 1.2.47) - libcap +- Add explicit dependency on libcap2 with version to libcap-progs + and pam_cap (bsc#1184690) + -- Update to libcap 2.22 -- libcap 2.22 includes: - * Clarified License file (with version 2 of the GPL) - * Support getting/setting capabilities on large files - * After --chroot command, change working directory to "/". -- libcap 2.21 includes: - * Introduce cap_get_bound() and cap_drop_bound() functions. - also include a macro CAP_IS_SUPPORTED(cap) for capabilities -- libcap 2.20 includes: - * Latest kernel capabilites supported: now includes CAP_SYSLOG - * $(CFLAGS) Makefile fixes - * Default to installing setcap with an inheritable capability. - libhugetlbfs +- Hardening: Link as PIE (bsc#1184123). + -- There are no tests installed in s390(x) case, therefore there are no - files in %{_libdir}/libhugetlbfs - Remove the directory from the file list to fix package build for s390(x) - -- Add support of ppc64le with 4 patches - libhugetlbfs-ppc64le.patch - libhugetlbfs.ppc64le.step2.patch - libhugetlbfs.ppc64le.step3.patch - libhugetlbfs.ppc64le.step4.patch - -- Update to version 2.16: - Features: - * ARM Support - * s390x Dynamic TASK_SIZE support - Bug Fixes: - * find_mounts() now properly NULL terminates mount point names - -- Update to version 2.15 - Features: - * Some System z functionality went into 2.15 - * Updated man pages - * Added basic events for core_i7 to oprofile_map_events - Fixes: - * Disable Unable to verify address range warning when offset < page_size - * Remove sscanf in library setup to avoid heap allocation before _morecore - override - * Revert heap exhaustion patch - * hugectl no longer clips LD_LIBRARY_PATH variable - * Fix clean on failure code to avoid closing stdout - -- Add excludearch for arm due to lacking support - -- Update to version 2.13 - * hugeadm can now be used to control Transparent Huge Page tunables - * New morecore mode to better support THP - * Check permissions on hugetlbfs mount point before marking it as - available - * Fix shm tests to use random address instead of fixed, old address - failed on ARM - -- Update to version 2.12 - * libhugetlbfs usages can now be restricted to certain binary names - * libhugetlbfs now supports static linking - * hugeadm uses more human readable directory names for mount points - * Fix segfault if specified user was not in passwd, failuer in - getpwuid() is now checked - * Added tests for static linking to testcase - * Added missing tests to driver script - -- Do not include the 268MB testcase /usr/lib/libhugetlbfs/tests/obj32/linkhuge_rw. - -- Update to version 2.11 - Bugfixes and new features are listed in the NEWS file in - /usr/share/doc/packages/libhugetlbfs/NEWS - -- Update to version 2.9: - * Add --no-reseve to hugectl to request mmap'd pages are not reserved - for kernels newer than 2.6.34 - * Add --obey-numa-mempol to hugeadm to request static pool pages are - allocated following the process NUMA memory policy - * Add switch to let administrator limit new mount points by size or inodes - * cpupcstat now caches the value returned by tlmiss_cost.sh to avoid - rerunning the script - * When specifying huge page pool sizes with hugeadm, memory sizes can - be used as well as the number of huge pages - * DEFAULT is now a valid huge page pool for resizing, it will adjust - the pool for the default huge page size - * tlbmiss_cost.sh in the contrib/ sub directory will estimate the cost - in CPU cycles of a TLB miss on the arch where it is run - * Add python script which automates huge page pool setup with minimal - input required from user - * cpupcstat now supports data collection using the perf tool as well as - oprofile - * --explain reports if min_free_kbytes is too small - * add --set-min_free_kbytes to hugeadm - -- strip test binaries to fix build - -- Removed unused files - -- add workarounds for broken Makefile logic to detect arch - -- Package baselibs.conf - -- Fix typo in requires. - -- Update from version 2.0 to 2.5 - libmodulemd +- Update to 2.12.0 + + Add support for 'buildorder' to Packager documents + + Fix issue with ModuleIndex when input contains only Obsoletes documents + + Extend read_packager_[file|string]() to support overriding the module name + and stream. + + Ignore Packager documents when running ModuleIndex.update_from_*() + + Add python overrides for XMD in PackagerV3 + + Add python override to ignore the GType return when reading packager files + + Add PackagerV3.get_mdversion() +- Drop patch incorporated in this release + + Patch: 0001-Fix-integer-size-issue-on-32-bit-platforms.patch + libostree +- Enable LTO (boo#1133120) as it works now. + +- Update to version 2020.8: + + This release mostly contains scalability improvements and + bugfixes. + + Caching-related HTTP headers are now supported on summaries and + signatures, so that they do not have to be re-downloaded if not + changed in the meanwhile. + + Summaries and delta have been reworked to allow more + fine-grained fetching. + + Finally, this fixes several bugs related to atomic variables, + HTTP timeouts, and 32-bit architectures. +- Changes from version 2020.7: + + Static deltas can now be signed to more easily support offline + verification. + + There's now support for multiple initramfs images; the idea + here is that one can have a "main" initramfs image and a + secondary one which represents local configuration. + + The documentation is now moved to + https://ostreedev.github.io/ostree/ + + Lot of preparatory cleanups to the pull code landed for + upcoming work on indexing deltas outside of the summary. + + On the bugfix side, the biggest one is a fix for an assertion + failure when upgrading from systems before ostree supported + devicetree. + + Also notable is that ostree no longer hardlinks zero sized + files to avoid hitting filesystem maximum link counts. +- Changes from version 2020.6: + + One notable feature: ostree now supports / and /boot being on + the same filesystem. + + Other than that it's mostly bugfixes; there is one quite + important one for anyone using the readonly=true for /sysroot + (which is still just Fedora CoreOS I suspect). + + There's some improvements to the GObject Introspection + metadata, some (cosmetic) static analyzer fixes, a fix for the + immutable bit on s390x, dropping a deprecated bit in the + systemd unit file, etc. +- Changes from version 2020.5: + + This release primarily fixes a regression in 2020.4 where the + "readonly sysroot" changes incorrectly left the sysroot + read-only on systems that started out with a read-only / (most + of them, e.g. Fedora Silverblue/IoT at least). + + There's some additions to the pull API to aid flatpak. + + There were a few fixes to the man pages, and ostree show now + displays the parent commit. + + The default dracut config now enables reproducibility. + + On the "feature" side, there is a new ostree admin unlock + - -transient. We expect this to be a foundation for further + support for "live" updates. +- Changes from version 2020.4: + + By far the biggest change in this release is new ed25519 + signing support, powered by libsodium. + + stree commit gained a new --base argument, which significantly + simplifies constructing "derived" commits, particularly for + systems using SELinux. + + Handling of the read-only sysroot was reimplemented to run in + the initramfs and be more reliable. Enabling the readonly=true + flag in the repo config is recommended. + + Several bugs were fixed in locking for the temporary "staging" + directories OSTree creates, particularly on NFS. + + lib: Coerce flags enums to GIR bitfields changed some values to + be (correctly) flags - this may show up as incompatible for + GObject Introspection consumers (but not C). + + A new timestamp-check-from-rev option was added for pulls, + which makes downgrade protection more reliable and will be used + by Fedora CoreOS. + + Several fixes and enhancements were made for "collection" pulls + including a new --mirror option. + + The ostree commit command learned a new --mode-ro-executables + which enforces W^R semantics on all executables. + + A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE) + was added to help standardize the architecture of the OSTree + commit. This could be used on the client side for example to + sanity-check that the commit matches the architecture of the + machine before deploying. + +- Stop invalid usage of %_libexecdir: + + Use %{_prefix}/lib where appropriate. + + Use _systemdgeneratordir for the systemd-generators. + + Define _dracutmodulesdir based on dracut.pc. Add + BuildRequires(dracut) for this to work. + librsvg +- Update to version 2.46.5: + + Update dependent crates that had security vulnerabilities: + generic-array to 0.12.4 - RUSTSEC-2020-0146 + smallvec to 0.6.14 - RUSTSEC-2021-0003 - CVE-2021-25900 + + There are no changes to the library code. + + Fix bash-isms in Makefile.am (Tin-Wei Lan). + + Fix Visual Studio build (Chun-wei Fan). +- bsc#1183403 - CVE-2021-25900 - buffer overflow in the smallvec crate. + libsolv +- fix rare segfault in resolve_jobrules() that could happen + if new rules are learnt +- fix a couple of memory leaks in error cases +- fix error handling in solv_xfopen_fd() +- bump version to 0.7.19 + +- fixed regex code on win32 +- fixed memory leak in choice rule generation +- repo_add_conda: add flag to skip v2 packages +- bump version to 0.7.18 + libxml2 +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + libzypp +- Properly handle permission denied when providing optional files + (bsc#1185239) +- Fix sevice detection with cgroupv2 (bsc#1184997) +- version 17.25.10 (22) + +- Add missing includes for GCC 11 (bsc#1181874) +- Fix unsafe usage of static in media verifier. +- Solver: Avoid segfault if no system is loaded (bsc#1183628) +- MediaVerifier: Relax media set verification in case of a single + not-volatile medium (bsc#1180851) +- Do no cleanup in custom cache dirs (bsc#1182936) +- ZConfig: let pubkeyCachePath follow repoCachePath. +- version 17.25.9 (22) + -- Patch: Identify well-known category names (bsc#117984) +- Patch: Identify well-known category names (bsc#1179847) -- Add missing includes for GCC 11 compatibility. +- Add missing includes for GCC 11 compatibility. (bsc#1181874) lvm2 +- Add metadata-based autoactivation property for VG and LV (bsc#1178680) + + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch + mpfr +- Add cummulative patch mpfr-4.0.2-p6.patch fixing various bugs. + +- Add floating-point-format-no-lto.patch in order to fix assembler scanning + (boo#1141190). + +- Update to mpfr 4.0.2 + * Cummulative bugfix release, includes mpfr-4.0.1-cummulative-patch.patch. + +- Fix %install_info_delete usage: + * It has to be performed in %preun not in %postun. + * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete. + +- Add mpfr-4.0.1-cummulative-patch.patch. Fixes + * A subtraction of two numbers of the same sign or addition of two + numbers of different signs can be rounded incorrectly (and the + ternary value can be incorrect) when one of the two inputs is + reused as the output (destination) and all these MPFR numbers + have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits + on 32-bit machines, 64 bits on 64-bit machines). + * The mpfr_fma and mpfr_fms functions can behave incorrectly in case + of internal overflow or underflow. + * The result of the mpfr_sqr function can be rounded incorrectly + in a rare case near underflow when the destination has exactly + GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit + machines, 64 bits on 64-bit machines) and the input has at most + GMP_NUMB_BITS bits of precision. + * The behavior and documentation of the mpfr_get_str function are + inconsistent concerning the minimum precision (this is related to + the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The + get_str patch fixes this issue in the following way: the value 1 + can now be provided for n (4th argument of mpfr_get_str); if n = 0, + then the number of significant digits in the output string can now + be 1, as already implied by the documentation (but the code was + increasing it to 2). + * The mpfr_cmp_q function can behave incorrectly when the rational + (mpq_t) number has a null denominator. + * The mpfr_inp_str and mpfr_out_str functions might behave + incorrectly when the stream is a null pointer: the stream is + replaced by stdin and stdout, respectively. This behavior is + useless, not documented (thus incorrect in case a null pointer + would have a special meaning), and not consistent with other + input/output functions. + -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Update to version 3.1.2. - * Bug fixes - * Updated examples to the MPFR 3.x API - -- Update to version 3.1.1. - * Bug fixes - -- patch license to follow spdx.org standard - -- Remove redundant tags/sections per specfile guideline suggestions - -- Update to version 3.1.0. - * The mpfr_urandom and mpfr_urandomb functions now return identical - values on processors with different word size. - * Speed improvement for the mpfr_sqr and mpfr_div functions using - Mulders' algorithm. - * Much faster formatted output (mpfr_printf, etc.) with %Rg and similar. - * New divide-by-zero exception (flag) and associated functions. -- Remove bogus provides/obsoletes for old shared library version. -- Fix license, it is LGPL v3 or later. - -- Update to version 3.0.1. - * Minor bugfixes. - -- Update to version 3.0.0. - * Bump SO version to 4. - -- use %_smp_mflags - -- PA-Risc is not threadsafe just as sparc - -- add baselibs.conf to specfile as source - -- Do not use --enable-thread-safe on SPARC (Fedora does the same) - - the tests segfault if TS is enabled - -- Update to version 2.4.2. - * Bug and documentation fixes. - -- Add x86 baselibs entry. - -- Update to version 2.4.1 (no changes). -- Apply current cummulative bugfixing patch. - * mpfr_fmod, mpfr_remainder and mpfr_remquo rounding issues. - * incorrect type in vasprintf.c. - * wrong type in mpfr_zeta_ui. - nautilus +- Update set_trusted.sh: Use the right value in gio command + (bsc#1185026). + +- Update to version 3.34.3 (bsc#1171506): + + Revert icon emblem fixes in order to prevent performance + issues. + + Fix crashes often happening when searching. + + Fix crashes after conflict dialog response. + openexr + fix CVE-2021-23215 [bsc#1185216], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + fix CVE-2021-26260 [bsc#1185217], Integer-overflow in Imf_2_5:DwaCompressor:initializeBuffers + + openexr-CVE-2021-23215,26260.patch + +- security update +- modified patches + % openexr-CVE-2021-3474.patch (splitted into openexr-CVE-2021-20296.patch) +- added patches + fix CVE-2021-20296 [bsc#1184355], Segv on unknown address in Imf_2_5:hufUncompress - Null Pointer dereference + + openexr-CVE-2021-20296.patch + fix CVE-2021-3477 [bsc#1184353], Heap-buffer-overflow in Imf_2_5::DeepTiledInputFile::readPixelSampleCounts + + openexr-CVE-2021-3477.patch + fix CVE-2021-3479 [bsc#1184354], Out-of-memory caused by allocation of a very large buffer + + openexr-CVE-2021-3479.patch + +- security update +- added patches + fix CVE-2021-3474 [bsc#1184174], Undefined-shift in Imf_2_5::FastHufDecoder::FastHufDecoder + + openexr-CVE-2021-3474.patch + fix CVE-2021-3475 [bsc#1184173], Integer-overflow in Imf_2_5::calculateNumTiles + + openexr-CVE-2021-3475.patch + fix CVE-2021-3476 [bsc#1184172], Undefined-shift in Imf_2_5::unpack14 + + openexr-CVE-2021-3476.patch + +- security update +- added patches openldap2 +- bsc#1182791 - improve proxy connection timout options to correctly + prune connections. + * 0225-ITS-8625-Separate-Avlnode-and-TAvlnode-types.patch + * 0226-ITS-9197-back-ldap-added-task-that-prunes-expired-co.patch + * 0227-ITS-9197-Increase-timeouts-in-test-case-due-to-spora.patch + * 0228-ITS-9197-fix-typo-in-prev-commit.patch + * 0229-ITS-9197-Fix-test-script.patch + * 0230-ITS-9197-fix-info-msg-for-slapd-check.patch + openslp -- Add missing group(daemon) prerequires to the openslp-server - package [bnc#1165050] -- Add missing openslp requires to the openslp-server package - [bnc#1165121] - -- Add missing zlib build dependency, which used to be pulled in - by libopenssl-devel. The package fails to build since the openssl - upgrade to 1.1.1 (bsc#1149792) - -- Use tcp connects to talk with other DAs [bnc#1117969] - new patch: openslp.tcpknownda.diff -- Fix segfault in predicate match if a registered service has - a malformed attribute list [bnc#1136136] - new patch: openslp.nullattr.diff - -- Fix memory corruption when the sendbuf gets reallocated - [bnc#1090638] [CVE-2017-17833] - new patch: openslp.sendbuf_move.diff -- Fix out of bounds reads in message parsing - new patch: openslp.parseoob.diff - -- move systemd notification before the chroot() call, otherwise - the notify function cannot reach systend's unix domain socket - [bnc#1089097] - -- Use %license (boo#1082318) -- fix slpd using the peer address as local address for TCP - connections [bnc#1076035] - new patch: openslp.localaddr.diff -- use tcp connections for unicast requests [bnc#1080964] - new patch: openslp.tcpunicast.diff - -- add separate source openslp.logrotate.systemd to - use systemctl reload for logrotate configuration - -- Add support for OpenSSL 1.1. Commit from upstream [bsc#1042665] - new patch: openslp.openssl-1.1.diff - -- Also update openslp.sd_notify.diff to use the new systemd lib - -- Replace pkgconfig(libsystemd-*) with pkgconfig(libsystemd) - Nowadays pkgconfig(libsystemd) replaces all libsystemd-* libs, which - are obsolete. - -- Fix bounds check in SLPFoldWhiteSpace - [bnc#1001600] [CVE-2016-7567] - new patch: openslp.foldws.diff - -- remove convenience code as changes bytes in the message - buffer breaking the verification code [bnc#994989] - new patch: openslp.noconvenience.diff -- fix storage handling in predicate code, it clashed with gcc's - fortify_source extension [bnc#909195] - new patch: openslp.predicatestorage.diff -- bring back allowDoubleEqualInPredicate option - new patch: openslp.doubleequal.diff -- fix bug in openslp.initda.diff patch -- fix rcopenslp helper -- fix _xrealloc not checking the malloc return value - [bnc#980722] [CVE-2016-4912] - new patch: openslp.xrealloc.diff - -- Do not depend on fillup and insserv if the package build with - systemd support; the dependencies are not needed in that case - openssl-1_1 +- Don't list disapproved cipher algorithms while in FIPS mode + * openssl-1.1.1-fips_list_ciphers.patch + * bsc#1161276 + p7zip +- Add almost-upstream CVE-2021-3465.patch (bsc#1184699, CVE-2021-3465) + patterns-base +- Recommending openSUSE-signkey-cert in the base pattern bsc#1182641 + perl-Image-ExifTool +- Update to version 12.25 fixes (boo#1185547) + * JPEG XL support is now official + * Added read support for Medical Research Council (MRC) image + files + * Added ability to write a number of 3gp tags in video files + * Added a new Sony PictureProfile value (thanks Jos Roost) + * Added a new Sony LensType (thanks LibRaw) + * Added a new Nikon LensID (thanks Niels Kristian Bech Jensen) + * Added a new Canon LensType + * Decode more GPS information from Blackvue dashcam videos + * Decode a couple of new NikonSettings tags (thanks Warren + Hatch) + * Decode a few new RIFF tags + * Improved Validate option to add minor warning if standard + XMP is missing xpacket wrapper + * Avoid decoding some large arrays in DNG images to improve + performance unless the -m option is used + * Patched bug that could give runtime warning when trying to + write an empty XMP structure + * Fixed decoding of ImageWidth/Height for JPEG XL images + * Fixed problem were Microsoft Xtra tags couldn't be deleted + version 12.24: + * Added a new PhaseOne RawFormat value (thanks LibRaw) + * Decode a new Sony tag (thanks Jos Roost) + * Decode a few new Panasonic and FujiFilm tags (thanks LibRaw + and Greybeard) + * Patched security vulnerability in DjVu reader + * Updated acdsee.config in distribution (thanks StarGeek) + * Recognize AutoCAD DXF files + * More work on experimental JUMBF read support + * More work on experimental JPEG XL read/write support + version 12.23: + * Added support for Olympus ORI files + * Added experimental read/write support for JPEG XL images + * Added experimental read support for JUMBF metadata in JPEG + and Jpeg2000 images + * Added built-in support for parsing GPS track from Denver + ACG-8050 videos + with the -ee option + * Added a some new Sony lenses (thanks Jos Roost and LibRaw) + * Changed priority of Samsung trailer tags so the first + DepthMapImage takes + precedence when -a is not used + * Improved identification of M4A audio files + * Patched to avoid escaping ',' in "Binary data" message when + - struct is used + * Removed Unknown flag from MXF VideoCodingSchemeID tag + * Fixed -forcewrite=EXIF to apply to EXIF in binary header of + EPS files + * API Changes: + + Added BlockExtract option + version 12.22: + * Added a few new Sony LensTypes and a new SonyModelID (thanks + Jos Roost and LibRaw) + * Added Extra BaseName tag + * Added a new CanonModelID (thanks LibRaw) + * Decode timed GPS from unlisted programs in M2TS videos with + the -ee3 option + * Decode more Sony rtmd tags + * Decode some tags for the Sony ILME-FX3 (thanks Jos Roost) + * Allow negative values to be written to XMP-aux:LensID + * Recognize HEVC video program in M2TS files + * Enhanced -b option so --b suppresses tags with binary data + * Improved flexibility when writing GPS coordinates: + + Now pulls latitude and longitude from a combined + GPSCoordinates string + + Recognizes the full word "South" and "West" to write + negative coordinates + * Improved warning when trying to write an integer QuickTime + date/time tag and Time::Local is not available + * Convert GPSSpeed from mph to km/h in timed GPS from Garmin + MP4 videos + version 12.21: + * Added a few new iOS QuickTime tags + * Decode a couple more Sony rtmd tags + * Patch to avoid possible "Use of uninitialized value" warning + when attempting to write QuickTime date/time tags with an + invalid value + * Fixed problem writing Microsoft Xtra tags + * Fixed Windows daylight savings time patch for file times + that was broken in 12.19 (however directory times will not + yet handle DST properly) + version 12.20: + * Added ability to write some Microsoft Xtra tags in MOV/MP4 + videos + * Added two new Canon LensType values (thanks Norbert Wasser) + * Added a new Nikon LensID + * Fixed problem reading FITS comments that start before column + 11 + version 12.19: + * Added -list_dir option + * Added the "ls-l" Shortcut tag + * Extract Comment and History from FITS files + * Enhanced FilePermissions to include device type (similar to + "ls -l") + * Changed the name of Apple ContentIdentifier tag to + MediaGroupUUID (thanks Neal Krawetz) + * Fixed a potential "substr outside of string" runtime error + when reading corrupted EXIF + * Fixed edge case where NikonScanIFD may not be copied + properly when copying MakerNotes to another file + * API Changes: + + Added ability to read/write System tags of directories + + Enhanced GetAllGroups() to support family 7 and take + optional ExifTool reference + + Changed QuickTimeHandler option default to 1 + version 12.18: + * Added a new SonyModelID + * Decode a number of Sony tags for the ILCE-1 (thanks Jos + Roost) + * Decode a couple of new Canon tags (thanks LibRaw) + * Patched to read differently formatted UserData:Keywords as + written by iPhone + * Patched to tolerate out-of-order Nikon MakerNote IFD entries + when obtaining tags necessary for decryption + * Fixed a few possible Condition warnings for some + NikonSettings tags + version 12.17: + * Added a new Canon FocusMode value + * Added a new FujiFilm FilmMode value + * Added a number of new XMP-crs tags (thanks Herb) + * Decode a new H264 MDPM tag + * Allow non-conforming lower-case XMP boolean "true" and + "false" values to be written, but only when print conversion + is disabled + * Improved Validate option to warn about non-capitalized + boolean XMP values + * Improved logic for setting GPSLatitude/LongitudeRef values + when writing + * Changed -json and -php options so the -a option is implied + even without the -g option + * Avoid extracting audio/video data from AVI videos when -ee + - u is used + * Patched decoding of Canon ContinuousShootingSpeed for newer + firmware versions of the EOS-1DXmkIII + * Re-worked LensID patch of version 12.00 (github issue #51) + * Fixed a few typos in newly-added NikonSettings tags (thanks + Herb) + * Fixed problem where group could not be specified for + PNG-pHYs tags when writing + version 12.16: + * Extract another form of video subtitle text + * Enhanced -ee option with -ee2 and -ee3 to allow parsing of + the H264 video stream in MP4 files + * Changed a Nikon FlashMode value + * Fixed problem that caused a failed DPX test on Strawberry + Perl + * API Changes: + + Enhanced ExtractEmbedded option + version 12.15: + * Added a couple of new Sony LensType values (thanks LibRaw + and Jos Roost) + * Added a new Nikon FlashMode value (thanks Mike) + * Decode NikonSettings (thanks Warren Hatch) + * Decode thermal information from DJI RJPEG images + * Fixed extra newline in -echo3 and -echo4 outputs added in + version 12.10 + * Fixed out-of-memory problem when writing some very large PNG + files under Windows + version 12.14: + * Added support for 2 more types of timed GPS in video files + (that makes 49 different formats now supported) + * Added validity check for PDF trailer dictionary Size + * Added a new Pentax LensType + * Extract metadata from Jpeg2000 Association box + * Changed -g:XX:YY and -G:XX:YY options to show empty strings + for non-existent groups + * Patched to issue warning and avoid writing date/time values + with a zero month or day number + * Patched to avoid runtime warnings if trying to set FileName + to an empty string + * Fixed issue that could cause GPS test number 12 to fail on + some systems + * Fixed problem extracting XML as a block from Jpeg2000 + images, and extract XML tags in the XML group instead of XMP +- Update URL + +- update to 12.13: + - Add time zone automatically to most string-based QuickTime date/time tags + when writing unless the PrintConv option is disabled + - Added -i HIDDEN option to ignore files with names that start with "." + - Added a few new Nikon ShutterMode values (thanks Jan Skoda) + - Added ability to write Google GCamera MicroVideo XMP tags + - Decode a new Sony tag (thanks LibRaw) + - Changed behaviour when writing only pseudo tags to return an error and avoid + writing any other tags if writing FileName fails + - Print "X image files read" message even if only 1 file is read when at least + one other file has failed the -if condition + - Added ability to geotag from DJI CSV log files + - Added a new CanonModelID + - Added a couple of new Sony LensType values (thanks LibRaw) + - Enhanced -csvDelim option to allow "\t", "\n", "\r" and "\\" + - Unescape "\b" and "\f" in imported JSON values + - Fixed bug introduced in 12.10 which generated a "Not an integer" warning + when attempting to shift some QuickTime date/time tags + - Fixed shared-write permission problem with -@ argfile when using -stay_open + and a filename containing special characters on Windows + - Added -csvDelim option + - Added new Canon and Olympus LensType values (thanks LibRaw) + - Added a warning if ICC_Profile is deleted from an image (github issue #63) + - EndDir() function for -if option now works when -fileOrder is used + - Changed FileSize conversion to use binary prefixes since that is how the + conversion is currently done (eg. MiB instead of MB) + - Patched -csv option so columns aren't resorted when using -G option and one + of the tags is missing from a file + - Fixed incompatiblity with Google Photos when writing UserData:GPSCoordinates + to MP4 videos + - Fixed problem where the tags available in a -p format string were limited to + the same as the -if[NUM] option when NUM was specified + - Fixed incorrect decoding of SourceFileIndex/SourceDirectoryIndex for Ricoh + models + +- Update to 12.10 + * Added -validate test for proper TIFF magic number in + JPEG EXIF header + * Added support for Nikon Z7 LensData version 0801 + * Added a new XMP-GPano tag + * Decode ColorData for the Canon EOS 1DXmkIII + * Decode more tags for the Sony ILCE-7SM3 + * Automatically apply QuickTimeUTC option for CR3 files + * Improved decoding of XAttrMDLabel from MacOS files + * Ignore time zones when writing date/time values and + using the -d option + * Enhanced -echo3 and -echo4 options to allow exit status + to be returned + * Changed -execute so the -q option no longer suppresses + the "{ready}" message when a synchronization number is used + * Added ability to copy CanonMakerNotes from CR3 images + to other file types + * Added read support for ON1 presets file (.ONP) + * Added two new CanonModelID values + * Added trailing "/" when writing QuickTime:GPSCoordinates + * Added a number of new XMP-crs tags + * Added a new Sony LensType (thanks Jos Roost) + * Added a new Nikon Z lens (thanks LibRaw) + * Added a new Canon LensType + * Decode ColorData for Canon EOS R5/R6 + * Decode a couple of new HEIF tags + * Decode FirmwareVersion for Canon M50 + * Improved decoding of Sony CreativeStyle tags + * Improved parsing of Radiance files to recognize comments + * Renamed GIF AspectRatio tag to PixelAspectRatio + * Patched EndDir() feature so subdirectories are always + processed when -r is used (previously, EndDir() would + end processing of a directory completely) + * Avoid loading GoPro module unnecessarily when reading MP4 videos + from some other cameras + * Fixed problem with an incorrect naming of CodecID tags in some + MKV videos + * Fixed verbose output to avoid "adding" messages for + existing flattened XMP tags + * Added a new Sony LensType + * Recognize Mac OS X xattr files + * Extract ThumbnailImage from MP4 videos of more dashcam models + * Improved decoding of a number of Sony tags + * Fixed problem where the special -if EndDir() function didn't + work properly for directories after the one in which + it was initially called + * Patched to read DLL files which don't have a .rsrc section + * Patched to support new IGC date format when geotagging + * Patched to read DLL files with an invalid size in the header + * Added support for GoPro .360 videos + * Added some new Canon RF and Nikkor Z lenses + * Added some new Sony LensType and CreativeStyle values + and decode some ILCE-7C tags + * Added a number of new Olympus SceneMode values + * Added a new Nikon LensID + * Decode more timed metadata from Insta360 videos + * Decode timed GPS from videos of more Garmin dashcam models + * Decode a new GoPro video tag + * Reformat time-only EventTime values when writing and prevent + arbitrary strings from being written + * Patched to accept backslashes in SourceFile entries for -csv option + +- update to 12.06 + - Added read support for Lyrics3 metadata (and fixed problem + where APE metadata may be ignored if Lyrics3 exists) + - Added a new Panasonic VideoBurstMode value + - Added a new Olympus MultipleExposureMode value + - Added a new Nikon LensID + - Added back conversions for XMP-dwc EventTime that were removed + in 12.04 with a patch to allow time-only values + - Decode GIF AspectRatio + - Decode Olympus FocusBracketStepSize + - Extract PNG iDOT chunk in Binary format with the + name AppleDataOffsets + - Process PNG images which do not start with mandatory + IHDR chunk + - Added a new Panasonic SelfTimer value + - Decode a few more DPX tags + - Extract AIFF APPL tag as ApplicationData + - Fixed bug writing QuickTime ItemList 'gnre' Genre values + - Fixed an incorrect value for Panasonic VideoBurstResolution + - Fixed problem when applying a time shift to some invalid + makernote date/time values + +- update to 12.04: + * See /usr/share/doc/packages/perl-Image-ExifTool/Change + +- update to 11.50, see Image-ExifTool-11.50.tar.gz for details + +- Update to version 11.30: + * Add a new Sony/Minolta LensType. + * Decode streaming metadata from TomTom Bandit Action Cam MP4 + videos. + * Decode Reconyx HF2 PRO maker notes. + * Decode ColorData for some new Canon models. + * Enhanced -geotag feature to set AmbientTemperature if + available. + * Remove non-significant spaces from some DICOM values. + * Fix possible "'x' outside of string" error when reading + corrupted EXIF. + * Fix incorrect write group for GeoTIFF tags. + +- Update to version 11.29 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.27 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.24 + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to version 11.11 (changes since 11.01): + * See /usr/share/doc/packages/perl-Image-ExifTool/Changes + +- Update to 11.01: + * Added a new ProfileCMMType + * Added a Validate warning about non-standard EXIF or XMP in + PNG images + * Added a new Canon LensType + * Decode a couple more PanasonicRaw tags + * Patched to avoid adding tags to QuickTime videos with multiple + 'mdat' atoms --> avoids potential corruption of these videos! + +- Update to 11.00: + * Added read support for WTV and DVR-MS videos + * Added print conversions for some ASF date/time tags + * Added a new SonyModelID + * Decode a new PanasonicRaw tag + * Decode some new Sony RX100 VI tags + * Made Padding and OffsetSchema tags "unsafe" so they + aren't copied by default + permissions +- Update to version 20181225: + * etc/permissions: remove unnecessary entries (bsc#1182899) + plasma5-desktop +- Add upstream patch to fix renaming files on the desktop via the + keyboard shortcut (boo#1174487, kde#425436): + * 0001-Fix-renaming-shortcut-for-files-selected-via-selecti.patch + plasma5-workspace +- Add upstream patch to fix broken/missing "Switch User" + functionality with systemd 246 (boo#1177223, kde#427777): + * Fix-missing-Switch-User-with-systemd-246.patch + plymouth +- Pickup plymouth-only_use_fb_for_cirrus_bochs.patch: Currently our + kernel hardware support need this fix, and boo#1172028 will be + fix seperately (bnc#888590 boo#1172028 bsc#1181913). + procps +- Add upstream patch procps-3.3.17-bsc1181976.patch based on + commit 3dd1661a to fix bsc#1181976 that is change descripton + of psr, which is for 39th field of /proc/[pid]/stat + python-libxml2-python +- Security fix: [bsc#1185408, CVE-2021-3518] + * Fix use-after-free in xinclude.c:xmlXIncludeDoProcess() + * Add libxml2-CVE-2021-3518.patch + +- Security fix: [bsc#1185410, CVE-2021-3517] + * Fix heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3517.patch + +- Security fix: [bsc#1185409, CVE-2021-3516] + * Fix use-after-free in entities.c:xmlEncodeEntitiesInternal() + * Add libxml2-CVE-2021-3516.patch + radvd -- fix the radvd.service file to use /etc/sysconfig/radvd - (bnc#854316) - -- Update to version 1.9.7 - * ioctl bug fix for getting the hardware address and mtu of an interface -- Update to version 1.9.6 - * Check AdvSendAdvert before sending an advertisement -- Update to version 1.9.5 - * IPv6 forwarding setting should be 1 or 2 - * Performance fix in netlink message processing - * fix for kernels with no NETLINK_NO_ENOBUFS defined - * distributing gz, bz2 and xz tarballs - * also distributing md5, sha1, sha256 and gpg signatures -- Update to version 1.9.4 - * IPv6 forwarding setting should be 1 or 2 - * Performance fix in netlink message processing - * fix for kernels with no NETLINK_NO_ENOBUFS defined - * distributing gz, bz2 and xz tarballs - * also distributing md5, sha1, sha256 and gpg signatures -- Update to version 1.9.3 - * check for sys/sysctl.h availability - * radvdump fix to interpret MTU and Route -- Update to version 1.9.2 - * A few minor Makefile.am fixes -- Update to version 1.9.1 - * Replacing a '==' in configure with '=' for better shell portability -- added .asc (gpg key not yet found) - -- Don't start daemon after package installation, the default config is almost - useless and previous package versions installed even bad ones into - /etc/radvd.conf (it would never be fixed since the file is - %ghost %config(noreplace) -- Fix try-restart to only restart the daemon if it's actually running. Allow - condrestart, which is LSB - -- Add radvd-tmpfile-grpname.patch: On openSUSE, the radvd user is - added to the 'daemon' group (not a specific 'radvd' group). Thus - adjusting the groupname in for the file to be installed in - tmpfiles.d. Otherwise, the systemd-tmpfiles service fails to - start (and radvd can't find the /var/run folder). - -- Remove URL from source as this is a git snapshot - -- Update to version 1.9rc1.xxx - * Support systemd tmpfiles.d - * add Native systemd units for this service - * Uses libdaemon to deamonize and store PID file. - * Use setsockopt NETLINK_NO_ENOBUFS - * fixes debian bug 634485 - -- add automake as buildrequire to avoid implicit dependency - -- Update to version 1.8.3: - + proper tracking of buffer usage in send_ra -- Drop diff_release_1_8_2..44ee01c7.patch: fixed upstream. - -- Update to version 1.8.3-rc1 -- additional patches up to commit 44ee01c7 to fully fix the - path traversal CVE-2011-3602 (bnc#721968) - -- Update to version 1.8.1 for details see NEWS -- Fix package building in factory, creating /var/run/radvd before - being marked as %ghost -- Run spec cleaner - -- new version 1.7: - - Fix an unintentional change in 1.3: RAs were accidentally often unicast to - solicitors instead of being multicast. This is still compliant with the - specification but is not optimal. - - Allow radvd.conf prefix, clients, route, and RDNSS options to be in any order. - - exit if the number of prefixes/routes/etc. would grow too much. - - Fix radvd skipping multiple interfaces when UnicastOnly is on or - AdvSendAdvert is off. This got broken in radvd 1.3. - - Fix a segmentation fault on reload_config() timer list corruption that only - occurs with multiple interfaces. - - Add '-c' flag to test configuration. - - Deprecate old, pre-RFC5006 parameters. Support RFC6106 by adding DNS Search List support. -- run as user radvd by default (bnc#691456) -- clean up init script -- install a small default config that advertises ULAs. Default prefix is - autogenerated to get a different for on each installation. -- start even if forwarding is not on to be able to work with ULAs only - -- Update to version 1.3: - - mainly compilation fixes - - decreased the default valid and preferred lifetimes - - support for arbitrary interface names - rsyslog +- fix groupname retrieval for large groups (bsc#1178490) + * add 0001-rainerscript-call-getgrnam_r-repeatedly-to-get-all-g.patch + ruby2 +- Update to 2.5.9 (boo#1184644) + https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-5-9-released/ + - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability + in WEBrick + - CVE-2021-28965: XML round-trip vulnerability in REXML + Complete list of changes at + https://github.com/ruby/ruby/compare/v2_5_8...v2_5_9 +- Update suse.patch: + Remove fix for CVE-2020-25613 as it is included in the update + shim +- Include suse-signed shim for AArch64 (bsc#1185621) + systemd +- add conversion script for moving legacy collect based udev rules + to chzdev based ones (bsc#1183984) + systemd-presets-common-SUSE +- Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). + tcsh +- Add patch tcsh-6.20.00-toolong.patch which is an upstream commit + ported back to 6.20.00 to fix bsc#1179316 about history file growing + vlc +- Update to version 3.0.13: + + Demux: + - Adaptive: fix artefacts in HLS streams with wrong profiles/levels + - Fix regression on some MP4 files for the audio track + - Fix MPGA and ADTS probing in TS files + - Fix Flac inside AVI files + - Fix VP9/Webm artefacts when seeking + + Codec: + - Support SSA text scaling + - Fix rotation on Android rotation + - Fix WebVTT subtitles that start at 00:00 + + Access: + - Update libnfs to support NFSv4 + - Improve SMB2 integration + - Fix Blu-ray files using Unicode names on Windows + - Disable mcast lookups on Android for RTSP playback + + Video Output: Rework the D3D11 rendering wait, to fix + choppiness on display + + Interfaces: + - Fix VLC getting stuck on close on X11 (#21875) + - Improve RTL on preferences on macOS + - Add mousewheel horizontal axis control + - Fix crash on exit on macOS + - Fix sizing of the fullscreen controls on macOS + + Misc: + - Improve MIDI fonts search on Linux + - Update Soundcloud, Youtube, liveleak + - Fix compilation with GCC11 + - Fix input-slave option for subtitles + + Updated translations. +- Drop vlc-gcc11.patch: fixed upstream. +- Extend vlc-srto_tsbpddelay.patch: allow srt >= 1.3 for openSUSE. + +- Guard post scriptlets to only run %{_libdir}/vlc/vlc-cache-gen if + it already (or still, in case of uninstall) exists. + +- Add vlc-gcc11.patch: Fix build using gcc11 (boo#1181918). + +- Drop libpcre-devel BuildRequires: not been used in a while. + +- Limit libplacebo to is_openssue: vlc does not exist in SLE, which + makes the usage of is_opensuse valid; backports has is_opensuse + set to 1. This is mostly interesting for 3rd party build service + instances. + +- Enable libplacebo support (the core rendering algorithms and + ideas of mpv rewritten as an independent library): + + Add pkgconfig(libplacebo) BuildRequires + + Pass --enable-libplacebo to %configure + +- Update to version 3.0.12: + + Access: Add new RIST access module compliant with simple + profile (VSF_TR-06-1). + + Access Output: Add new RIST access output module compliant with + simple profile (VSF_TR-06-1). + + Demux: Fixed adaptive's handling of resolution settings. + + Audio output: Fix audio distortion on macOS during start of + playback. + + Video Output: Direct3D11: Fix some potential crashes when using + video filters. + + Misc: + - Several fixes in the web interface, including privacy and + security improvements + - Update YouTube and Vocaroo scripts. + + Updated translations. +- Drop vlc-CVE-2020-26664.patch: fixed upstream. +- Drop fix-missing-includes-with-qt-5.15.patch: fixed upstream. + vsftpd +- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp + sandbox, fixes bsc#1179553 + Also in the same patch, fix the architecture offset from 4 to 5, + this change was documented in https://lore.kernel.org/patchwork/patch/554803/ + +- Apply "0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch" and + "0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch", + which add the "ssl_tlsv1_1" and "ssl_tlsv1_2" options to the + configuration file. Both options default to true. [SLE-4182] + +- Use %{_prefix}/lib instead of misused %{_libexecdir}. + +- Add pam_keyinit.so to PAM config file. + [vsftpd.pam, bsc#1144062] + +- Apply "vsftpd-avoid-bogus-ssl-write.patch" to fix a segmentation + fault that occurred while trying to write to an invalid TLS + context. [bsc#1125951] + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut the build queues by allowing usage of systemd-mini + +- firewall-macros should be BuildRequires, not Requires(post) + (the macro gets expanded during package build) + -- force using fork() instead of clone() on s390 - fixes bnc#890469 - * vsftpd-3.0.2-s390.patch - -- Cleanup with spec-cleaner -- Remove conditions about init files as we do not build for < 12.1 - anyway. -- Update the README.SUSE file to describe more the listen option. - -- Add socket service for vsftpd to avoid the need for xinetd here. - -- Add comment about listen variables for xinetd configuration. - Fixes bnc#872221. -- Add default configuration as arg to xinetd started vsftpd. -- Updated patch: - * vsftpd-2.0.4-xinetd.diff - -- Move the enabling of timeofday and alarm one level deeper to - be sure it is whitelisted everytime. - Also should possibly fix bnc#872215. -- Updated patch: - * vsftpd-enable-gettimeofday-sec.patch - -- Remove forking from service type as it hangs in endless loop. - -- Fix warning about dangling symlink on rcvsftpd from rpmlint and - remove also clean section while at it. - -- Add patch to allow gettimeofday and alarm calls with seccomp - enabled. bnc#870122 -- Added patch: - * vsftpd-enable-gettimeofday-sec.patch - -- Specify that the service type is forking - -- changed license to SUSE-GPL-2.0-with-openssl-exception - * suggested by legal team - -- add allow_root_squashed_chroot option to enable chroot on nsf - mounted with squash_root option (fate#311051) - * vsftpd-root-squashed-chroot.patch - -- build with OPENSSL_NO_SSL_INTERN this hides internal struct - members or functions that if changed in future openssl versions - will break the ABI of the calling applications. - -- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) - * this enabled a sendto on /dev/log socket when syslog is enabled -- provide more verbose explanation about isolate_network and seccomp_sanbox in - config file template -- don't install init file on openSUSE 13.1+ -- drop a build support for SL 10 and older - -- add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) - * drop CLONE_NEWPID from clone to enable audit system -- add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) - * unconditionally enable F_SETFL patch - might be safe to do - -- add isolate_network and seccomp_sandbox options to template to make them - easier to find (bnc#786024) - -- add vsftpd-allow-dev-log-socket.patch (bnc#786024) - * whitelist /dev/log related socket syscall - -- Verify GPG signature. - -- Fix useradd invocation: -o is useless without -u and newer - versions of pwdutils/shadowutils fail on this now. - -- update to 3.0.2 (bnc#786024) - * Fix some seccomp related build errors on certain CentOS and Debian versions. - * Seccomp filter sandbox: missing munmap() -- oops. Did you know that qsort() - opens and maps /proc/meminfo but only for larger item counts? - * Seccomp filter sandbox: deny socket() gracefully for text_userdb_names. - * Fix various NULL crashes with nonsensical config settings. Noted by Tianyin - Xu . - * Force cast to unsigned char in is* char functions. - * Fix harmless integer issues in strlist.c. - * Started on a (possibly ill-advised?) crusade to compile cleanly with - Wconversion. Decided to suspend the effort half-way through. - * One more seccomp policy fix: mremap (denied). - * Support STOU with no filename, uses a STOU. prefix. - -- make seccomp sandbox enabled by default - * dropped vsftpd-3.0.0-turn-seccomp-sandbox-off.patch - -- fix building on 11.4 x86_64 and lower - * fix where, when, & how __USE_GNU gets #defined - * make seccomp optional and disable it on 10.3 and lower - -- update to upstream 3.0.0: - * Make listen mode the default. - * Fix missing "const" in ssl.c - * Add seccompsandbox.c to support a seccomp filter sandbox; works against - Ubuntu 12.04 ABI. - * Rearrange ftppolicy.c a bit so the syscall list is easily comparable with - seccompsandbox.c - * Rename deprecated "sandbox" to "ptrace_sandbox". - * Add a few more state checks to the privileged helper processes. - * Add tunable "seccomp_sandbox", default on. - * Use hardened build flags. - * Retry creating a PASV socket upon port reuse race between bind() and - listen(), patch from Ralph Wuerthner . - * Don't die() if recv() indicates a closed remote connection. Problem report - on a Windows client from Herbert van den Bergh, - . - * Add new config setting "allow_writeable_chroot" to help people in a bit of - a spot with the v2.3.5 defensive change. Only applies to non-anonymous. - * Remove a couple of fixed things from BUGS. - * strlen() trunction fix -- no particular impact. - * Apply some tidyups from mmoufid@yorku.ca. - * Fix delete_failed_uploads if there is a timeout. Report from Alejandro - Hernández Hdez . - * Fix other data channel bugs such as failure to log failure upon timeout. - * Use exit codes a bit more consistently. - * Fix bad interaction between SSL and trans_chunk_size. - * Redo data timeout to fire properly for SSL sessions. - * Redo idle timeout to fire properly for SSL sessions. - * Make sure PROT_EXEC isn't allowed, thanks to Will Drewry for noticing. - * Use 10 minutes as a max linger time just in case an alarm gets lost. - * Change PR_SET_NO_NEW_PRIVS define, from Kees Cook. - * Add AES128-SHA to default SSL cipher suites for FileZilla compatibility. - Unfortunately the default vsftpd SSL confiuration still doesn't fully work with - FileZilla, because FileZilla has a data connection security problem: no client - certificate presentation and no session reuse. At least the error message is - now very clear. - * Add restart_syscall to seccomp policy. Triggers reliably if you strace whilst - a data transfer is in progress. - * Fix delete_failed_uploads for anonymous sessions. - * Don't listen for urgent data if the control connection is SSL, due to possible - protocol synchronization issues. -- SUSE specific changes: - * turn off the listen mode (listen=NO) by default and change README.SUSE - * merge new hardended flags for build and linking - * fix the wrong Type=forking from systemd service file - * turn off the seccomp_sandbox off by default as SUSE kernel does not support - it (yet) - -- follow Systemd Packaging guidelines - http://en.opensuse.org/openSUSE:Systemd_packaging_guidelines -- add $local_fs and $remote_fs to init script - -- use the original tarball, because the bz2 repacking madness disables - gpg --verify -- revert a part oc changes utf converting - -- update to upstream 2.3.5: - * Try and force glibc to cache zoneinfo files in an attempt to work around - glibc parsing vulnerability. Thanks to Kingcope. - * Only report CHMOD in SITE HELP if it's enabled. Thanks to Martin Schwenke - . - * Some simple fixes and cleanups from Thorsten Brehm . - * Only advertise "AUTH SSL" if one of SSLv2, SSLv3 is enabled. Thanks to - steve willing . - * Handle connect() failures properly. Thanks to Takayuki Nagata - . - * Add stronger checks for the configuration error of running with a - writeable root directory inside a chroot(). This may bite people who - carelessly turned on chroot_local_user but such is life. -- convert .changes file to unicode -- refresh vsftpd-2.0.4-conf.diff to vsftpd-2.3.5-conf.patch -- name patches explicitly without macro as per recommendations -- remove INSTALL file from binary package -- update license to GPL-2.0+ -- mark /etc/sysconfig/SuSEfirewall2/services/vsftpd as config file - -- fis copy/paste error in previous change - -- Add systemd unit - -- fix bnc#713588 - bogus logrotate config for vsftpd - call /sbin/killproc -HUP /usr/sbin/vsftpd like init script -- change the url and service file to the new location at - security.appspot.com/vsftpd - -- Update to 2.3.4 -- Avoid consuming excessive CPU when matching filenames to patterns. Thanks to - Maksymilian Arciemowicz . -- Some bugfixes from Raphaël Rigo -- good bugs but - no apparent security impact. - -- Update to version 2.3.2 -- Fix silly regression re: log files being overwritten from the start. -- Rename a few file-open functions to make it clearer what they do - -- Update to 2.3.0 -- Add extremely simply HTTP support. It's very experimental, ignorant of HTTP - protocol and headers, and likely has all sorts of other issues. The use case - it might satisfy is if you need to serve simple static unathenticated content - with large levels of paranoia. -- Fix port_promiscuous breakage. -- Minor FAQ update. -- Use a larger address space limit if using text_userdb_names=YES -- Always use CLONE_NEWNET if possible when in HTTP mode. -- Change REST + STOR so that it's possible to overwrite part of file without - truncating it. -- Boot the session if we see a USER where encryption was required. May prevent - the transmission of plaintext passwords by buggy clients. -- Fix failure to transmit a large ASCII file over SSL, if it contains \n -> \r\n - fixups. - -- $remote_fs --> network-remotefs - -- updated to version 2.2.2 - * Change "File receive OK." to "Transfer complete." to placate some broken - clients. Thanks Holger Kiehl . - * Fix erroneous "child died" upon FTP client connect, when under load. Awesome - thanks to Holger Kiehl for running diagnostic tests on - his live server. - * Boot the session if an overly long line is encountered. -- see Changelog file for changes in 2.1.0, 2.1.1, 2.1.2 and 2.2.0 releases -- deprecated use-ipv6-scope-id.patch,libcap2-fix.diff,write_race.patch - nowarn.patch - -- added use-ipv6-scope-id.patch to fix connection issues with - ipv6-link local address (bnc#574366) - -- fix typo in the package description - and remove authors - webkit2gtk3 +- Per discussion with maintenance, let's not remove features that + customers could possibly be using: +- Add webkit2gtk3-restore-npapi.patch: restore NPAPI plugin + support. Reverts webkit#215503. + +- Update to version 2.32.0 (boo#1184155): + + Fix the authentication request port when URL omits the port. + + Fix iframe scrolling when main frame is scrolled in async + scrolling mode. + + Stop using g_memdup. + + Show a warning message when overriding signal handler for + threading suspension. + - Fix the build on RISC-V with GCC 11. + - Fix several crashes and rendering issues. + + Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 + + Changes in version 2.30.6 (boo#1184262): + + Update user agent quirks again for Google Docs and Google Drive. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 + CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. +- Remove webkit-font-scaling.patch: contained in upstream +- Drop original SLE 15 support from the spec. Drop + webkit-process.patch and old-wayland-scanner.patch; they are not + needed for SP2. +- Pass ENABLE_GAMEPAD=OFF to cmake, since we don't have manette. +- Add glproto-devel to BuildRequires: now needed for the build on + SLE 15. + +- Update _constraints for armv6/armv7 (bsc#1182719) + wpa_supplicant +- Add CVE-2021-30004.patch -- forging attacks may occur because + AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c + (bsc#1184348) + +- Fix systemd device ready dependencies in wpa_supplicant@.service file. + (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844) + xdg-desktop-portal +- Ensure systemd rpm macros are called at install/uninstall times + for systemd user services. +- Add BuildRequires on systemd-rpm-macros. + +- Update to version 1.8.0: + + openuri: + - Allow skipping the chooser for more URL tyles + - Robustness fixes + + filechooser: Return the current filter + + camera: + - Make the client node visible + - Don't leak pipewire proxy + + Fix file descriptor leaks + + Testsuite improvements + + Updated translations. +- Changes from version 1.7.2: + + document: + - Reduce the use of open fds + - Add more tests and fix issues they found + + Fix the build with musl. +- Changes from version 1.7.1: + + filechooser: + - Add a "directory" option + - Document the "writable" option + + document: Expose directories with their proper name +- Changes from version 1.7.0: + + testsuite improvements + + background: Avoid a segfault + + screencast: Require pipewire 0.3 + + document: + - Support exporting directories + - New fuse implementation + + Better support for snap and toolbox + + Updated translations. +- Drop patches fixed upstream: + + xdg-dp-port-pipewire-3-api.patch + + 0001-Fix-use-after-free-in-xdg_get_app_info_from_pid.patch + + 0002-add-AssumedAppArmorLabel-key-to-D-Bus-service-files.patch + + 0003-Fix-criticals-if-no-default-handler-for-desired-type.patch + +- Require /usr/bin/fusermount: xdg-document-portal calls out to the + binary. Without it, files or dirs can be selected, but + whatever is done with or in them, will not have any effect + (boo#1175899). + +- Fixes for %_libexecdir changing to /usr/libexec + xdg-desktop-portal-gtk +- Update to version 1.8.0: + + filechooser: Return the current filter + + screenshot: Fix cancellation + + appchooser: Avoid a crash + + wallpaper: + - Properly preview placement settings + - Drop the lockscreen option + + printing: Improve the notification + + Updated translations. +- Changes from version 1.7.1: + + filechooser: + - Handle the "directory" option to select directories + - Only show preview when we have an image + + Updated translations. +- Changes from version 1.7.0: + + screencast: Support mutter version 3 + + settings: Fall back to gsettings for enable-animations + + Updated translations. +- Drop xdg-dpg-support-mutter-pipewire-3-api.patch: Fixed upstream. + +- Add xdg-dpg-support-mutter-pipewire-3-api.patch: screencast: Bump + supported Mutter version to 3 (New pipewire api ver 3). + xorg-x11-server +- U_build-glx-Lower-gl-version-to-work-with-libglvnd.patch, + U_meson-Fix-another-reference-to-gl-9.2.0.patch + * fix build on sle15-sp3 with updated libglvnd/Mesa and their + new pkgconfig files + (https://gitlab.freedesktop.org/xorg/xserver/-/issues/893) + +- U_xwayland-Do-not-crash-if-gbm_bo_create-fails.patch + * xwayland: Do not crash if gbm_bo_create() fails (boo#1184072) (boo#1184543) + +- U_Fix-XChangeFeedbackControl-request-underflow.patch + * Fix XChangeFeedbackControl() request underflow (CVE-2021-3472, + ZDI-CAN-1259, bsc#1180128) + yast2-trans +- Update to version 84.87.20210502.7b34dbceae: + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Turkish) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * New POT for text domain 'network'. + * New POT for text domain 'installation'. + * New POT for text domain 'network'. + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) +