Removed rpms ============ Added rpms ========== - man-pages-el - man-pages-fi - man-pages-hu - man-pages-id - man-pages-nb - man-pages-sv Package Source Changes ====================== MozillaFirefox +- Firefox Extended Support Release 91.6.1 ESR + * Fixed: Security fix +- Mozilla Firefox ESR 91.6.1 + MFSA 2022-09 (bsc#1196809) + * CVE-2022-26485 (bmo#1758062) + Use-after-free in XSLT parameter processing + * CVE-2022-26486 (bmo#1758070) + Use-after-free in WebGPU IPC Framework + +- Firefox Extended Support Release 91.6.0 ESR + * Fixed: Various stability, functionality, and security fixes + MFSA 2022-05 (bsc#1195682) + * CVE-2022-22753 (bmo#1732435) + Privilege Escalation to SYSTEM on Windows via Maintenance + Service + * CVE-2022-22754 (bmo#1750565) + Extensions could have bypassed permission confirmation during + update + * CVE-2022-22756 (bmo#1317873) + Drag and dropping an image could have resulted in the dropped + object being an executable + * CVE-2022-22759 (bmo#1739957) + Sandboxed iframes could have executed script if the parent + appended elements + * CVE-2022-22760 (bmo#1740985, bmo#1748503) + Cross-Origin responses could be distinguished between script + and non-script content-types + * CVE-2022-22761 (bmo#1745566) + frame-ancestors Content Security Policy directive was not + enforced for framed extension pages + * CVE-2022-22763 (bmo#1740534) + Script Execution during invalid object state + * CVE-2022-22764 (bmo#1742682, bmo#1744165, bmo#1746545, + bmo#1748210, bmo#1748279) + Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 + +- Firefox Extended Support Release 91.5.1 ESR (bsc#1195230) + * Fixed: Fixed an issue that allowed unexpected data to be + submitted in some of our search telemetry (bmo#1752317) + MozillaThunderbird +- Mozilla Thunderbird 91.6.2 + * fixed: Temporary files from opened attachments were saved + with world-readable permission + * fixed: Various security fixes + MFSA 2022-09 (bsc#1196809) + * CVE-2022-26485 (bmo#1758062) + Use-after-free in XSLT parameter processing + * CVE-2022-26486 (bmo#1758070) + Use-after-free in WebGPU IPC Framework + apache2 +- security update +- added patches + fix CVE-2021-44224 [bsc#1193943], NULL dereference or SSRF in forward proxy configurations + + apache2-CVE-2021-44224.patch + fix CVE-2021-44790 [bsc#1193942], buffer overflow when parsing multipart content in mod_lua + + apache2-CVE-2021-44790.patch + ark +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Fix multivolume archive creation (kde#448065) + * zip: Fix setting un-initialized access time (kde#450125) + * Fix build when libzip is missing + * libzip: Implement proper cancelation, using libzip 1.6 + * CreateJob: Clean up temp file after cancellation + * libzipplugin: Prevent crash when canceling archive creation (kde#446926) + autoyast2 +- Properly handle the "dopackages" option in the openFile + method of the AyastSetup module (bsc#1196566). +- 4.4.35 + +- Avoid login while running AutoYaST init-scripts (bsc#1196594 and + related to bsc#1195059). +- 4.4.34 + +- Consider user selected packages as optional to not block the + installation (bsc#1195747). +- 4.4.33 + +- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910) +- 4.4.32 + +- Modified init-scripts service dependencies fixing a root login + systemd timeout when installing with ssh (bsc#1195059) +- 4.4.31 + baloo5-widgets +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + bluez +- Install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) + cyrus-sasl +- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store + in plugins/sql.c (bsc#1196036) + o add upstream patch: + 0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch + dolphin +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2.1: + * Fix rating pixmap alignment on high-dpi screens + elfutils +- Add support for zstd, needed to inspect kernel modules (bsc#1196510) + ffmpegthumbs +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + firewalld +- Fix modprobe.d directory for SLE15 SP3 +- Always own %_modprobedir (bsc#1196275, jsc#SLE-20639) + grub2 +- Support saving grub environment for POWER signed grub images (jsc#SLE-23854) + * 0001-Add-grub_envblk_buf-helper-function.patch + * 0002-Add-grub_disk_write_tail-helper-function.patch + * 0003-grub-install-support-prep-environment-block.patch + * 0004-Introduce-prep_load_env-command.patch + * 0005-export-environment-at-start-up.patch +- Use enviroment variable in early boot config to looking up root device + * grub2.spec + +- Remove obsolete openSUSE 12.2 conditionals in spec file +- Clean up powerpc certificate handling. + +- Set grub2-check-default shebang to "#!/bin/bash", as the the code + uses many instructions which are undefined for a POSIX sh. + (boo#1195794). + gwenview5 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Prevent users from "losing" the thumbnail bar + icewm-theme-branding:openSUSE +- Add fix-font-configuration.patch: + Fix font configuration after google-droid-fonts update + (boo#1195328 bsc#1196336) + kaccounts-integration +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kalzium +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kamera +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kanagram +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kate +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Fix stashing not working when Kate is quit using Ctrl+Q (kde#449229) + kbruch +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Link explicitly to KCoreAddons + kcalc +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kcharselect +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kcolorchooser +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kde-print-manager +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kdeedu-data +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kdegraphics-thumbnailers +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kdenetwork-filesharing +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kdialog +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kernel-default +- ibmvnic: Allow queueing resets during probe (bsc#1196516 + ltc#196391). +- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). +- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). +- ibmvnic: register netdev after init of adapter (bsc#1196516 + ltc#196391). +- ibmvnic: complete init_done on transport events (bsc#1196516 + ltc#196391). +- ibmvnic: define flush_reset_queue helper (bsc#1196516 + ltc#196391). +- ibmvnic: initialize rc before completing wait (bsc#1196516 + ltc#196391). +- ibmvnic: free reset-work-item when flushing (bsc#1196516 + ltc#196391). +- commit 0236fcc + +- Update kabi files. +- commit c453b5c + +- netfilter: nf_tables_offload: incorrect flow offload action + array size (bsc#1196299 CVE-2022-25636). +- commit f8ec613 + +- mm/page_alloc: Do not prefetch buddies during bulk free + (bnc#1193239,bnc#1193199,bnc#1193329). +- commit 40059fa + +- nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: send uevent on connection up (jsc#SLE-23643). +- commit d19ac19 + +- Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch + (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138). + Use the secondary keyring rather than platform keyring for KEXEC_SIG on + powerpc. Platform keyring is not available on powerpc. +- commit 78a342a + +- Delete + patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch + (bsc#1196589). + We did not have enough time to stablize ADL-P graphics so restore the + experimental flag. +- commit 0cc030f + +- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). +- commit 0c858b7 + kernel-kvmsmall +- ibmvnic: Allow queueing resets during probe (bsc#1196516 + ltc#196391). +- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391). +- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391). +- ibmvnic: register netdev after init of adapter (bsc#1196516 + ltc#196391). +- ibmvnic: complete init_done on transport events (bsc#1196516 + ltc#196391). +- ibmvnic: define flush_reset_queue helper (bsc#1196516 + ltc#196391). +- ibmvnic: initialize rc before completing wait (bsc#1196516 + ltc#196391). +- ibmvnic: free reset-work-item when flushing (bsc#1196516 + ltc#196391). +- commit 0236fcc + +- Update kabi files. +- commit c453b5c + +- netfilter: nf_tables_offload: incorrect flow offload action + array size (bsc#1196299 CVE-2022-25636). +- commit f8ec613 + +- mm/page_alloc: Do not prefetch buddies during bulk free + (bnc#1193239,bnc#1193199,bnc#1193329). +- commit 40059fa + +- nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). + Refresh: + - patches.suse/0006-nvme-Implement-In-Band-authentication.patch +- nvme: send uevent on connection up (jsc#SLE-23643). +- commit d19ac19 + +- Update patches.suse/powerpc-kexec_file-Add-KEXEC_SIG-support.patch + (jsc#SLE-18145 bsc#1192295 bsc#1195993 jsc#SLE-18138). + Use the secondary keyring rather than platform keyring for KEXEC_SIG on + powerpc. Platform keyring is not available on powerpc. +- commit 78a342a + +- Delete + patches.suse/drm-i915-adlp-Remove-require_force_probe-protection.patch + (bsc#1196589). + We did not have enough time to stablize ADL-P graphics so restore the + experimental flag. +- commit 0cc030f + +- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478). +- commit 0c858b7 + kgeography +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + khangman +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + khelpcenter5 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Mark as SingleMainWindow in desktop file + kig +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Empty Coordinates are Kind of Valid (kde#448700) + kio-extras5 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Add missing "truncating" parameter. (kde#450198) + kio_audiocd +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kipi-plugins +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kiten +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kleopatra +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + klettres +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmag +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmahjongg +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmime +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmines +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmousetool +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kmplot +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kompare +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + konsole +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + konversation +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * KStatusNotifierItem new API need to be guarded with KNotifications version + kpat +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kpimtextedit +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kqtquickcharts +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kreversi +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + ksudoku +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + ktouch +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + kwalletmanager5 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Desktop file: fix to announce taking local files only, not URLs + * Fix skipping the first wallet arg name on the commandline + * Fix QCommandLineParser setup, wallet names are taken as positional args + kwordquiz +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libcaca +- If an image has a size of 0x0, when exporting, no data is written + and space is allocated for the header only, not taking into + account that sprintf appends a NUL byte. + [CVE-2021-30498, CVE-2021-30499, bsc#1184751, bsc#1184752, + bsc1184751-add-space-for-NUL-byte.patch] + libkcddb +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkcompactdisc +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkdcraw +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkdegames +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Make the installed files reproducible + libkeduvocdocument +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkexiv2 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkipi +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkleo +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libkmahjongg +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Make the installed files reproducible + libkomparediff2 +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + libnvme +- Update License information. The library is released under + LGPL-2.1-or-later and not LGPL-2.1-only. + +- Update to version 1.0-rc5: + * ioctl: Set lsp to action in nvme_get_log_persistent_event (bsc#1196121) + * tree: Ignore traddr case in nvme_lookup_ctrl() (bsc#1194025) + * fabrics: Do not swap bytes for system uuid (bsc#1196565) + * documentation updates + +- Update to version 1.0-rc4: + * fabrics: add default port number for NVMe/TCP I/O controllers + * linux: Update size when telemetry controller initiated data is unavailable + * add cdw13 for set_feature_args structure + * Add support for TP8010 + * Documentation cleanups + +- Update to version v1.0-rc3: + * Properly create manuals/documentation + * Fix memleaks in __nvme_free_ns() and nvme_scan_subsystem() + * nvme: get log domain id included in Log Specific Identifier + * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns + * ioctl: Add identify ioctl for CNS 09h, 0Ah + * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) + * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) + * tree: do not set dhchap_key to 'none' + * tree: restart controller lookup + * tree: fixup memory leak in nvme_scan_ctrl() + * Rename nvme_path_get_subsystem() + * Remove nvme_reset_topology() +- Use precompiled documentation instead regenerating it + +- Update to version 1.0~2: + * Add fabrics config option 'tls' + * Logging infrastructure reworked (API break) + * Changed argument structs layout (API break) + * Changed scan API (API break) + * Fixed ctrl_loss_tmo handling concerning values of '-1' + * Various build fixes + libqt5-qtbase - place missed in the first version (boo#1195386, CVE-2022-23853): + place missed in the first version (boo#1195386, CVE-2022-23853, + boo#1196501, CVE-2022-25255): - (boo#1195386, CVE-2022-23853): + (boo#1195386, CVE-2022-23853, boo#1196501, CVE-2022-25255): libseccomp +- add python-rpm-macros (bsc#1194758). + libstorage-ng +- merge gh#openSUSE/libstorage-ng#862 +- log some environment variables +- 4.4.93 + +- Translated using Weblate (French) (bsc#1149754) +- 4.4.92 + +- Translated using Weblate (French) (bsc#1149754) +- 4.4.91 + +- Translated using Weblate (German) (bsc#1149754) +- 4.4.90 + +- Translated using Weblate (Spanish) (bsc#1149754) +- 4.4.89 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.4.88 + +- Translated using Weblate (German) (bsc#1149754) + +- merge gh#openSUSE/libstorage-ng#861 +- allow by-id/mmc-* and by-path/platform-* links for disks + (bsc#1195692) +- 4.4.87 + +- Translated using Weblate (Chinese (Taiwan) (zh_TW)) (bsc#1149754) +- 4.4.86 + +- Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754) +- 4.4.85 + +- Translated using Weblate (Italian) (bsc#1149754) +- 4.4.84 + +- Translated using Weblate (German) (bsc#1149754) +- 4.4.83 + +- Translated using Weblate (Chinese (China) (zh_CN)) (bsc#1149754) +- 4.4.82 + +- merge gh#openSUSE/libstorage-ng#860 +- added integration test +- use in-class member initialization +- 4.4.81 + +- merge gh#openSUSE/libstorage-ng#859 +- Modify mount point if mount_type changes +- Mount/unmount if needed when mount type changes +- 4.4.80 + +- Translated using Weblate (Finnish) (bsc#1149754) +- 4.4.79 + +- merge gh#openSUSE/libstorage-ng#858 +- Add glibc-locale buildrequires for testsuite on SUSE distros +- 4.4.78 + +- Translated using Weblate (Portuguese (Brazil)) (bsc#1149754) +- 4.4.77 + libyui +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + libyui:libyui-ncurses +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + libyui:libyui-ncurses-pkg +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + libyui:libyui-qt +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + libyui:libyui-qt-graph +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + libyui:libyui-qt-pkg +- Update also the stylesheet (theme) for the RichText content when + changing the UI theme (bsc#1196296) +- 4.3.2 + manpages-l10n +- Update to version 4.13+56: + * Remove files with non-commercial licenses from sources. + * Improve appearance and readability of the addendum. + * Updated translations. + +- Update to version 4.13: + * New language: Vietnamese. + * New distribution: Fedora 36. + * Fix addendum creation for mdoc based files. + * Updated many translations. +- Drop update path from Leap 15.2 since it has reached EOL. +- Update license to GPL-3.0-or-later as per Debian packaging. + +- Update to version 4.12.1: + * Bugfix: Enable new languages in po/Makefile.am. +- Changes from version 4.12.0: + * New languages: Finnish, Greek, Indonesian, Norwegian bokmål, + Swedish, Serbian. + * Persian (fa) is in a very early state; still disabled. + * Updated and added many translations. +- Upgrade macros: Build for Leap has been upgraded to 15.4 - build + for 15.3 has been dropped upstream. + +- Update to version 4.11.0: + * Enable Hungarian translation. + * Updated and added many translations. + +- Update to version 4.10.0: Updated many translations. + marble +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + mdadm +- Monitor: print message before quit for no array to monitor + (bsc#1183229) + 0120-Monitor-print-message-before-quit-for-no-array-to-mo.patch + mobipocket +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + ndctl +- Install modprobe.conf file to %_modprobedir (bsc#1196275, jsc#SLE-20639) + nvme-cli -- nvmf: Remove --matching from systemd service file (bsc#1195665) - * add 0001-nvmf-Remove-matching-from-systemd-service-file.patch +- Update to version 2.0-rc5: + * nvme: passthru bugfix(wrong jump, wrong file descriptor) + * nvme-cli: Ignore traddr case (bsc#1194025) + * nvme: fix segfault in nvme telemetry-log error handling + * fabrics: ensure zero kato for non-persistent controllers + * documenation updates + +- Update to version 2.0-rc4: + * netapp-nvme: free the nsdescs pointer after use + * netapp-nvme: fix ontapdevices segfault in json output + * nvme-print: fix 'nvme list -o json' segfault + * nvme: get_ns_id command fails on nvme device + * wdc: updated products list for telemetry (--type) argument + * docs: fix typo in Data Set Management section + * Fix ctrlist for attach-ns and detach-ns + * netapp-nvme: fix nvme ns desc uuid handling for ontapdevices + * wdc: Fix use-after-free access of cbs_data + * Fixed regression with 'open namespace exclusive' (bsc#1195945) + +- Update to version v2.0-rc3: + * nvme-print: Fix json output for list-subsys + * nvme: Allow --verbose flag to increase log level + * Added telemetry log fetch support for SN810, SN530 and SN740 series NVMe SSDs through wdc vs-internal-log command + * nvmf: Remove --matching from systemd service file (bsc#1195665) + * nvme: Fix --force flag inversion (bsc#1195637) + * nvme: Add support for data area 4 to get-telemetry-log + * nvme: Add Supported Capacity Configuration List log page(LID: 0x11) + * nvme: Add Enhanced Controller Meta Data(FID: 0x7D) + * nvme-print: Add NVME_FEAT_FID_ENH_CTRL_METADATA to nvme_feature_to_string + * nvme-print: remove unused nvme_show_id_ctrl function + * nvme: Add nvm-id-ns-lba-format(CNS 0Ah) command from TP4095 + * nvme: Add NVM Command Set specific identify namespace command + * nvme: Add id-ns-lba-format(CNS 09h) command from TP4095 + * nvme: Add nulbaf(Number of Unique Capability LBA Formats) field on nvmd_id_ns +- Include precompiled documentation + +- Update to version 2.0~2: + * Adapt to logging API changes in libnvme + * Adapt to scan API changes in libnvme + * Reworked error message handling + * Fix 'list-ns' (bsc#1195151) + * Add 'gen-tls-key' and 'check-tls-key' + * Add Media Unit Status log page support + * Cleanups and build fixes +- Fix path to systemctl (bsc#1193699) okular +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- Changes since 21.12.2: + * Fix wrong default font string for annotation tools + openvpn -- bsc#1185279, CVE-2020-15078, openvpn-CVE-2020-15078.patch: - Authentication bypass with deferred authentication. -- bsc#1169925, CVE-2020-11810, openvpn-CVE-2020-11810.patch: - race condition between allocating peer-id and initializing data - channel key -- bsc#1085803, CVE-2018-7544, openvpn-CVE-2018-7544.patch: - Cross-protocol scripting issue was discovered in the management - interface +- Fix license tag in spec file. -- CVE-2018-9336, bsc#1090839: Fix potential double-free() in - Interactive Service (openvpn-CVE-2018-9336.patch). +- update to 2.5.5: + * SWEET32/64bit cipher deprecation change was postponed to 2.7 + * improve "make check" to notice if "openvpn --show-cipher" crashes + * improve argv unit tests + * ensure unit tests work with mbedTLS builds without BF-CBC ciphers + * include "--push-remove" in the output of "openvpn --help" + * fix error in iptables syntax in example firewall.sh script + * fix "resolvconf -p" invocation in example "up" script + * fix "common_name" environment for script calls when + "--username-as-common-name" is in effect (Trac #1434) + * move "push-peer-info" documentation from "server options" to "client" + * correct "foreign_option_{n}" typo in manpage + * README.down-root: fix plugin module name + +- Drop 0001-preform-deferred-authentication-in-the-background.patch + Upstream has meanwhile solved this differently and the two + implementations interfere (boo#1193017). +- Obsoleted SLE patches up to this point: + * openvpn-CVE-2020-15078.patch + * openvpn-CVE-2020-11810.patch + * openvpn-CVE-2018-7544.patch + * openvpn-CVE-2018-9336.patch + +- Avoid bashisms and use POSIX sh syntax. +- Use more efficient find commands. +- Trim marketing filler words from description. + +- update to 2.5.4: + * fix prompting for password on windows console if stderr redirection + is in use - this breaks 2.5.x on Win11/ARM, and might also break + on Win11/adm64 when released. + * fix setting MAC address on TAP adapters (--lladdr) to use sitnl + (was overlooked, and still used "ifconfig" calls) + * various improvements for man page building (rst2man/rst2html etc) + * minor bugfix with IN6_IS_ADDR_UNSPECIFIED() use (breaks build on + at least one platform strictly checking this) + * fix minor memory leak under certain conditions in add_route() and + add_route_ipv6() + * documentation improvements + * copyright updates where needed + * better error reporting when win32 console access fails + +- Update to 2.5.3: + * Removal of BF-CBC support in default configuration + * ** POSSIBLE INCOMPATIBILITY *** + See section "DATA CHANNEL CIPHER NEGOTIATION" in openvpn(8). + * Connections setup is now much faster + * Support ChaCha20-Poly1305 cipher in the OpenVPN data channel + * Improved TLS 1.3 support when using OpenSSL 1.1.1 or newer + * Client-specific tls-crypt keys (--tls-crypt-v2) + * Improved Data channel cipher negotiation + * HMAC based auth-token support for seamless reconnects to + standalone servers or a group of servers + * Asynchronous (deferred) authentication support for auth-pam + plugin + * Asynchronous (deferred) support for client-connect scripts and + plugins + * Support IPv4 configs with /31 netmasks + * 802.1q VLAN support on TAP servers + * Support IPv6-only tunnels + * New option --block-ipv6 to reject all IPv6 packets (ICMPv6) + * Support Virtual Routing and Forwarding (VRF) + * Netlink integration (OpenVPN no longer needs to execute + ifconfig/route or ip commands) + * Obsoletes openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch +- bsc#1062157: The fix for bsc#934237 causes problems with the + crypto self-test of newer openvpn versions. + Remove openvpn-2.3.x-fixed-multiple-low-severity-issues.patch . + +- update to 2.4.11 (bsc#1185279): + * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements + * This bug allows - under very specific circumstances - to trick a server using + delayed authentication (plugin or management) into returning a PUSH_REPLY + before the AUTH_FAILED message, which can possibly be used to gather + information about a VPN setup. + * In combination with "--auth-gen-token" or an user-specific token auth + solution it can be possible to get access to a VPN with an + otherwise-invalid account. + * Fix potential NULL ptr crash if compiled with DMALLOC +- drop sysv init support, it hasn't build successfully in ages + and is build-disabled in devel project + +- update 'rcopenvpn' to work without /etc/rc.status (boo#1185273) + +- update to 2.4.10: + - OpenVPN client will now announce the acceptable ciphers to the server + (IV_CIPHER=...), so NCP cipher negotiation works better + - Parse static challenge response in auth-pam plugin + - Accept empty password and/or response in auth-pam plugin + - Log serial number of revoked certificate + - Fix tls_ctx_client/server_new leaving error on OpenSSL error stack + - Fix auth-token not being updated if auth-nocache is set + (this should fix all remaining client-side bugs for the combination + "auth-nocache in client-config" + "auth-token in use on the server") + - Fix stack overflow in OpenSolaris and *BSD NEXTADDR() + - Fix error detection / abort in --inetd corner case (#350) + - Fix TUNSETGROUP compatibility with very old Linux systems (#1152) + - Fix handling of 'route remote_host' for IPv6 transport case + (#1247 and #1332) + - Fix --show-gateway for IPv6 on NetBSD/i386 (#734) + - A number of documentation improvements / clarification fixes. + - Fix line number reporting on config file errors after segments + - Fix fatal error at switching remotes (#629) + - socks.c: fix alen for DOMAIN type addresses, bump up buffer sizes (#848) + - Switch "ks->authenticated" assertion failure to returning false (#1270) +- refresh 0001-preform-deferred-authentication-in-the-background.patch + openvpn-2.3.x-fixed-multiple-low-severity-issues.patch against 2.4.10 + +- update to 2.4.9 (CVE-2020-11810, bsc#1169925O): + * Allow unicode search string in --cryptoapicert option (Windows) + * Skip expired certificates in Windows certificate store (Windows) (trac #966) + * OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623) + * fix condition where a client's session could "float" to a new IP address that is not authorized ("fix illegal client float"). + This can be used to disrupt service to a freshly connected client (no session + keys negotiated yet). It can not be used to inject or steal VPN traffic. + CVE-2020-11810). + * fix combination of async push (deferred auth) and NCP (trac #1259) + * Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228) + * Fix OpenSSL error stack handling of tls_ctx_add_extra_certs + * mbedTLS: Make sure TLS session survives move (trac #880) + * Fix OpenSSL private key passphrase notices + * Fix building with --enable-async-push in FreeBSD (trac #1256) + * Fix broken fragmentation logic when using NCP (trac #1140) + +- Modernize openvpn.service + * /var/run has been obsoleted since a long time. + * on reload, send HUP signal directly rather than relying on + killproc to look for the main process. + +- Explicitly requires sysvinit-tools as some of the tools shipped by + this package are used in various places regardless of whether + openvpn is built for systemd or non systemd systems. + For the context: sysvinit-tools was pulled in by systemd since 2014 + but it's no longer the case so better to be safe than sorry. + +- Fix inconsistency in openvpn.service: + * It uses the unescape instance name as config file basename, + so use that in the description as well + +- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to + shortcut through the -mini flavors. +- Use %systemd_ordering instead of systemd_requires: in fact, + systemd is not a hard requirement for openvpn. But in case a + system is being installed with systemd, we want systemd to be + there before openvpn is being installed. + +- Update to version 2.4.8: + * mbedtls: fix segfault by calling mbedtls_cipher_free() in + cipher_ctx_free() + * cleanup: Remove RPM openvpn.spec build approach + * docs: Update INSTALL + * build: Package missing mock_msg.h + * Increase listen() backlog queue to 32 + * Force combinationation of --socks-proxy and --proto UDP to use + IPv4. + * Wrong FILETYPE in .rc files + * Do not set pkcs11-helper 'safe fork mode' + * tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex. + * Fix various compiler warnings + * Fix regression, reinstate LibreSSL support. + * man: correct the description of --capath and --crl-verify + regarding CRLs + * Fix typo in NTLM proxy debug message + * Ignore --pull-filter for --mode server + * openssl: Fix compilation without deprecated OpenSSL 1.1 APIs + * Better error message when script fails due to script-security + setting + * Correct the return value of cryptoapi RSA signature callbacks + * Handle PSS padding in cryptoapicert + * cmocka: use relative paths + * Fix documentation of tls-verify script argument + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. + +- Add p11kit build time dependency for pkcs providers autodetection + +- Clarify in the service file that the reload action doesn't work + when dropping root privileges (boo#1142830). + +- Updated openvpn.keyring with public key downloaded from + https://swupdate.openvpn.net/community/keys/security-key-2019.asc + +- Drop use of $FIRST_ARG in openvpn.spec + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +- Update to 2.4.7: + Adam Ciarcin?ski (1): + * Fix subnet topology on NetBSD (2.4). + Antonio Quartulli (3): + * add support for %lu in argv_printf and prevent ASSERT + * buffer_list: add functions documentation + * ifconfig-ipv6(-push): allow using hostnames + Arne Schwabe (7): + * Properly free tuntap struct on android when emulating persist-tun + * Add OpenSSL compat definition for RSA_meth_set_sign + * Add support for tls-ciphersuites for TLS 1.3 + * Add better support for showing TLS 1.3 ciphersuites in --show-tls + * Use right function to set TLS1.3 restrictions in show-tls + * Add message explaining early TLS client hello failure + * Fallback to password authentication when auth-token fails + Christian Ehrhardt (1): + * systemd: extend CapabilityBoundingSet for auth_pam + David Sommerseth (1): + * plugin: Export base64 encode and decode functions + Gert Doering (3): + * Add %d, %u and %lu tests to test_argv unit tests. + * Fix combination of --dev tap and --topology subnet across multiple platforms. + * Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6. + Gert van Dijk (1): + * Minor reliability layer documentation fixes + James Bekkema (1): + * Resolves small IV_GUI_VER typo in the documentation. + Jonathan K. Bullard (1): + * Clarify and expand management interface documentation + Lev Stipakov (5): + * Refactor NCP-negotiable options handling + * init.c: refine functions names and description + * interactive.c: fix usage of potentially uninitialized variable + * options.c: fix broken unary minus usage + * Remove extra token after #endif + Richard van den Berg via Openvpn-devel (1): + * Fix error message when using RHEL init script + Samy Mahmoudi (1): + * man: correct a --redirection-gateway option flag + Selva Nair (7): + * Replace M_DEBUG with D_LOW as the former is too verbose + * Correct the declaration of handle in 'struct openvpn_plugin_args_open_return' + * Bump version of openvpn plugin argument structs to 5 + * Move get system directory to a separate function + * Enable dhcp on tap adapter using interactive service + * Pass the hash without the DigestInfo header to NCryptSignHash() + * White-list pull-filter and script-security in interactive service + Simon Rozman (2): + * Add Interactive Service developer documentation + * Detect TAP interfaces with root-enumerated hardware ID + Steffan Karger (7): + * man: add security considerations to --compress section + * mbedtls: print warning if random personalisation fails + * Fix memory leak after sighup + * travis: add OpenSSL 1.1 Windows build + * Fix --disable-crypto build + * Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth' + * buffer_list_aggregate_separator(): simplify code + +- Update to 2.4.6: + * CVE-2018-9336, bsc#1090839: Fix potential double-free() in + Interactive Service + * Delete the IPv6 route to the "connected" network on tun close + * Management: warn about password only when the option is in use + * Avoid overflow in wakeup time computation + +- Remove --askpass again, because it was also asking for a password + when none was needed. As a workaround for keys that need a + password, the "askpass" statement should be added to the config + file (bsc#1078026). +- Use Type=notify in openvpn.service to reflect what openvpn is + actually doing. +- Import the new signing key from upstream. +- Remove obsolete configure switch --enable-password-save . + +- Update to 2.4.5 + * New features + + The new option --tls-cert-profile can be used to restrict the + set of allowed crypto algorithms in TLS certificates in mbed + TLS builds. The default profile is 'legacy' for now, which + allows SHA1+, RSA-1024+ and any elliptic curve certificates. + The default will be changed to the 'preferred' profile in the + future, which requires SHA2+, RSA-2048+ and any curve. + + openvpnserv: Add support for multi-instances (to support + multiple parallel OpenVPN installations, like EduVPN and + regular OpenVPN) + + Use P_DATA_V2 for server->client packets too (better packet + alignment) + + improve management interface documentation + (bsc#1085803, CVE-2018-7544) + + rework registry key handling for OpenVPN service, notably + making most registry values optional, falling back to + reasonable defaults + + accept IPv6 address for pushed "dhcp-option DNS ..." (make + OpenVPN 2 option compatible with OpenVPN 3 iOS and Android + clients) + * Bug fixes + + Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+ + + Fix lots of compiler warnings (format string, type casts, ...) + + reload HTTP proxy credentials when moving to the next + connection profile + + Fix build with LibreSSL (multiple times) + + Remove non-useful warning on pushed tun-ipv6 option. + + autoconf: Fix engine checks for openssl 1.1 + + lz4: Rebase compat-lz4 against upstream v1.7.5 + + lz4: Fix broken builds when pkg-config is not present but + system library is + + Fix '--bind ipv6only' + + Allow learning iroutes with network made up of all 0s +- Includes 2.4.4 + * Bug fixes + + Fix issues when a pushed cipher via the Negotiable Crypto + Parameters (NCP) is rejected by the remote side + + Ignore --keysize when NCP have resulted in a changed cipher + + Configurations using --auth-nocache and the management + interface to provide user credentials (like NetworkManager) + on client side with servers implementing authentication + tokens (for example, using --auth-gen-token) will now behave + correctly and not query the user for an, to them, unknown + authentication token on renegotiations of the tunnel. + + Invalid or corrupt SOCKS port number when changing the proxy + via the management interface. + + man page should now have proper escaping of hyphen/minus + characters and other minor corrections. + * User-visible Changes + + Linux servers with systemd which use the openvpn-server@.service + unit file for server configurations will now utilize the + automatic restart feature in systemd. If the OpenVPN server + process dies unexpectedly, systemd will ensure the OpenVPN + configuration will be restarted automatically. + * Deprecated + + --no-replay (will be removed in 2.5) + + --keysize (will be removed in 2.6) + * Security + + CVE-2017-12166: Fix bounds check for configurations using + - -key-method 1. Before this fix, attackers could send a + malformed packet to trigger a stack overflow. This is + considered to be a low risk issue, as --key-method 2 has + been the default since 2.0 (released on 2005-04-17). This + option is already deprecated in v2.4 and will be completely + removed in v2.5. +- Rebase openvpn-fips140-2.3.2.patch +- Drop 0002-Fix-bounds-check-in-read_key.patch + * upstreamed in c7e259160b28e94e4ea7f0ef767f8134283af255 +- Partial cleanup with spec-cleaner + +- Add --askpass to ExecStart, so that the user name and password + are correctly being queried from the user. + (bsc#1078026, boo#985798, boo#1031748) +- Use %service_add/del macros throughout (bsc#1038406). pciutils +- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch + Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch + (bsc#1192862) + powerpc-utils +- Fix lsslot showing "Unknown slot type" for recent PCIe slot types (bsc#1196411 ltc#196505). + - lsslot-Add-new-DRC-type-description-strings.patch + +- Fix setting HNV primary slave with NM (bsc#1195404 ltc#196259). + - 0007-Fix-NM-HNV-setting-primary-slave.patch + python-pip +- Add wheel subpackage with the generated wheel for this package + (bsc#1176262, CVE-2019-20916). +- Make wheel a separate build run to avoid the setuptools/wheel build + cycle. + rdma-core +- install modprobe.conf files to %_modprobedir (bsc#1196275, jsc#SLE-20639) + ristretto +- Update to version 0.12.2 + * Add support for shared thumbnail repositories + (gxo#apps/ristretto#82) + * Add thumbnail flavor support (gxo#apps/ristretto#81) + * Use TreeModel IFace to walk the image list + * Add index and list link to RsttoImageListIter + * Switch to GQueue in RsttoImageList + * Cleanup and simplifications around thumbnail size + * Redistribute thumbnail sizes uniformly + * Disable debug checks in release mode + * Remove unused APIs in RsttoImageList + * Fix and complete file change monitoring + * Thumbnailer: Rework queue management + * Thumbnailer: Properly set the number of visible items + * Take the device scale into account to limit rendering quality + * Avoid multi-threading issue with X11 (gxo#apps/ristretto#76) + * Translation Updates + spectacle +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + step +- Update to 21.12.3 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/21.12.3/ +- No code change since 21.12.2 + systemd +- Fix the default target when it's been incorrectly set to one of the runlevel + targets (bsc#1196567) + The script 'upgrade-from-pre-210.sh' used to initialize the default target + during migration from sysvinit to systemd. However it created symlinks to + runlevel targets, which are deprecated and might be missing when + systemd-sysvcompat package is not installed. If such symlinks are found the + script now renames them to point to 'true' systemd target units. +- When migrating from sysvinit to systemd (it probably won't happen anymore), + let's use the default systemd target, which is the graphical.target one. In + most cases it will do the right thing anyway. + +- systemd.spec: minor simplification by assuming that %{bootstrap} is always + defined. + +- Make sure to create 'systemd-coredump' system user when systemd-coredump is + installed (follow-up for the split of the sysusers config files). + tigervnc +- x11vnc: no longer explicitely require python3, since it's already + required implicitely via autogenerated RPM requires + +- x11vnc requires python3 (bsc#1196623) + util-linux +- Prevent root owning of /var/lib/libuuid/clock.txt + (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). + +- Make uuidd lock state file usable and time based UUIDs safe again + (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). + +- Fix "su -s" bash completion + (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). + util-linux-systemd +- Prevent root owning of /var/lib/libuuid/clock.txt + (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch). + +- Make uuidd lock state file usable and time based UUIDs safe again + (bsc#1194642, util-linux-uuidd-fix-lock-state.patch). + +- Fix "su -s" bash completion + (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). + vim +- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: + Heap-based Buffer Overflow in vim prior to 8.2. + / vim-8.0.1568-CVE-2022-0413.patch +- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in + normal.c / vim-8.0.1568-CVE-2021-3796.patch +- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in + win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch +- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to + Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch +- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to + Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch +- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to + Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch +- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting + could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch +- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c + / vim-8.0.1568-CVE-2021-3778.patch +- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read + / vim-8.0.1568-CVE-2021-4193.patch +- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability + exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which + causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch +- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim + prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch +- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() + / vim-8.0.1568-CVE-2022-0351.patch +- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim + prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch +- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c + / vim-8.0.1568-CVE-2022-0413.patch + wpa_supplicant +- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, + CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch + SAE/EAP-pwd side-channel attack update 2 + (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733) + xfce4-whiskermenu-plugin +- Update to version 2.7.1 + * Fix not selecting second icon in search results. + (gxo#panel-plugins/xfce4-whiskermenu-plugin#50) + * Fix incorrect selection when leaving treeview. + * Fix skipping first treeview item. + * Fix unnecessary button size changes. + * Translation updates + xorg-x11-server +- U_xfree86-Fix-NULL-pointer-dereference-crash.patch + * Fix a regression in + u_xfree86-Change-displays-array-to-pointers-array-to-f.patch + (boo#1196577) + * Credits go to Simon Lees for finding the fix! +- renamed u_xfree86-Change-displays-array-to-pointers-array-to-f.patch + to U_xfree86-Change-displays-array-to-pointers-array-to-f.patch + since it's a backport from an upstream patch + yast2 +- Reverted LD_PRELOAD change (GitHub PR#1236) (bsc#1196326) +- 4.4.46 + +- New doc: Invoking External Commands in YaST (in doc/) + yast2-installation +- Avoid terminal login prompt when running Second Stage service + (bsc#1196594 and related to bsc#1195059). +- 4.4.47 + +- Fixed crash when starting the expert console (bsc#1196724) +- 4.4.46 + +- Fixed the start of the VNC server during installation. Done by + Joan Torres López (bsc#1196201). +- 4.4.45 + +- Use the default UI theme in SSH installation, the + "installation_slim" theme does not exist anymore (bsc#1196287) +- memsample-archive-to-csv - handle "ps" errors in the data file +- 4.4.44 + +- Modified Second Stage service dependencies fixing a root login + systemd timeout when installing with ssh (bsc#1195059) +- 4.4.43 + +- Do not create a Btrfs snapshot at the end of the installation + or upgrade when the root filesystem is mounted as read-only + (jsc#SLE-22560). +- 4.4.42 + yast2-network +- Write NetworkManager s390 options to the ethernet section instead + of the connection one (bsc#1196582) +- 4.4.44 + +- Added connection config writers for Qeth and Hipersocket + devices (bsc#1196582) +- 4.4.43 + +- Revert last change going back to skip DHCP setup completely if + the network is already configured through iBFT (bsc#1194911) +- 4.4.42 + +- Related to bsc#1194911: + - Skip iBFT interfaces as DHCP candidates but configure DHCP if + there is no active and ifcfg file configured interface +- 4.4.41 + +- Fixed active configuration detection (bsc#1196276, bsc#1194911) +- 4.4.40 + yast2-packager +- Properly set the repository alias for the Full medium add-ons + (bsc#1193214) +- 4.4.24 + yast2-security +- Stop using 'lsm' kernel boot parameter even for the + "None" Major Linux Security Module (bsc#1194332, bsc#1196274). +- 4.4.12 + yast2-theme +- Include the light SLE installation theme + (jsc#SLE-20547, jsc#SLE-20564) +- SLE theme fixes: + - Fixed partly hidden push buttons in some popups (bsc#1184778) + - Fixed missing logo and "SUSE" label in the header in the + non-default installation themes (bsc#1196312) + - Fixed CheckBoxFrame indicator size (bsc#1184780) +- 4.4.7 + yast2-trans +- Update to version 84.87.20220305.ba29422b84: + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Swedish) + * Translated using Weblate (Swedish) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Swedish) + * Translated using Weblate (Finnish) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Finnish) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Finnish) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * New POT for text domain 'autoinst'. + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Slovak) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (German) + +- Update to version 84.87.20220227.6bd7ce0ef2: + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Japanese) + * Translated using Weblate (Japanese) + * Translated using Weblate (Slovak) + +- Leap 15.4 Beta translations poo#99990 bump to version 84.87.20220224.fc95951c18: + * Translated using Weblate (Catalan) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Dutch) + * Translated using Weblate (French) + * Translated using Weblate (Catalan) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * New POT for text domain 'registration'. + * New POT for text domain 'nis_server'. + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * New POT for text domain 'installation'. + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (French) + * Translated using Weblate (French) + * Translated using Weblate (Spanish) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Spanish) + * Translated using Weblate (French) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (German) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (German) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (French) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (French) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (Italian) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Spanish) + * Translated using Weblate (Slovak) + * Translated using Weblate (Slovak) + * Translated using Weblate (Dutch) + * Translated using Weblate (Catalan) + * Translated using Weblate (Japanese) + * Translated using Weblate (Spanish) + * Translated using Weblate (Spanish) + * New POT for text domain 'installation'. + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Ukrainian) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (French) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Dutch) + * Translated using Weblate (Japanese) + * Translated using Weblate (German) + * Translated using Weblate (Catalan) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Portuguese (Brazil)) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (German) + * Translated using Weblate (Spanish) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Spanish) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Italian) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (Taiwan) (zh_TW)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Italian) + * Translated using Weblate (Finnish) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Vietnamese) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * Translated using Weblate (Chinese (China) (zh_CN)) + * New POT for text domain 'autoinst'. + * Translated using Weblate (German) + * Translated using Weblate (Chinese (China) (zh_CN)) +