Removed rpms
============
- busybox
- busybox-coreutils
- busybox-findutils
- busybox-grep
- busybox-gzip
- busybox-psmisc
- busybox-sed
- busybox-util-linux
- busybox-xz
Added rpms
==========
Package Source Changes
======================
alsa-oss
-- Add upstream patch to fix build with current glibc:
- * alsa-drop-libio.patch
+- use https for urls
+
+- Drop the superfluous buildreq alsa-topology-devel again;
+ it's no longer mandatory
+
+- Fix build breakage by the new alsa update; now it requires
+ alsa-topology-devel
+
+- Avoid repetition of name in summary. Update description.
+
+- Update to alsa-oss 1.1.8 (bsc#1181571):
+ Fix the build with the recent glibc
+- Remove obsoleted patch:
+ remove-libio.patch:
+
+- remove-libio.patch: don't use obsolete <libio.h>
+
+- Remove old kludges
+- Run spec-cleaner
+
+- Update to alsa-oss 1.1.6:
+ * Change FSF address (Franklin Street)
+- Use %license file tag
-- Revert 0001-Fix-path-to-libaoss.so.patch, as this causes
- regressions on multi-arch (bnc#874331)
-
-- Backport upstream fixes:
- 0001-Fix-path-to-libaoss.so.patch
- 0002-Add-AM_MAINTAINER_MODE-enable-to-configure.in.patch
-
-- stop recommending alsa-oss-32bit
-
-- updated to version 1.0.25;
- pcm: check for XRUN state for GETxSPACE and GETxPTR ioctls
- select: better check for null bit arrays
-
-- add libtool as buildrequire to make the spec file more reliable
-
-- Remove redundant tags/sections from specfile
-- Use %_smp_mflags for parallel build
-
-- package baselibs.conf
-
btrfsprogs
+- Ignore multipath devices when probing devices for a btrfs filesystem (bsc#1192983)
+ * 0001-btrfs-progs-Add-optional-dependency-on-libudev.patch
+ * 0002-btrfs-progs-Ignore-devices-representing-paths-in-mul.patch
+ * 0003-btrfs-progs-Add-fallback-code-for-path-device-ignore.patch
+
chrony
+- Fix config file handling in the spec file and remove "ntsdumpdir"
+ from default config, because augeas-lenses cannot parse it during
+ installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
+
expat
+- Security fixes:
+ * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
+ breaks biboumi, ClairMeta, jxmlease, libwbxml,
+ openleadr-python, rnv, xmltodict
+ - Added expat-CVE-2022-25236-relax-fix.patch
+
+- Security fixes:
+ * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
+ attackers to insert namespace-separator characters into
+ namespace URIs
+ - Added expat-CVE-2022-25236.patch
+ * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
+ 2.4.5 does not check whether a UTF-8 character is valid in a
+ certain context.
+ - Added expat-CVE-2022-25235.patch
+ * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
+ build_model() via uncontrolled recursion
+ - Added expat-CVE-2022-25313.patch
+ - The fix upstream introduced a regression that was later
+ amended in 2.4.6 version
+ + Added expat-CVE-2022-25313-fix-regression.patch
+ * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
+ - Added expat-CVE-2022-25314.patch
+ * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
+ - Added expat-CVE-2022-25315.patch
+
firewalld
+- Provide dummy firewalld-prometheus-config package (bsc#1197042)
+
+- Add patch which fixes the zone configuration (bsc#1191837)
+ * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch
+
gstreamer
+- Update to version 1.20.1:
+ + deinterlace: various bug fixes for yadif, greedy and scalerbob
+ methods
+ + gtk video sink: Fix rotation not being applied when paused
+ + gst-play-1.0: Fix trick-mode handling in keyboard shortcut
+ + jpegdec: fix RGB conversion handling
+ + matroskademux: improved ProRes video handling
+ + matroskamux: Handle multiview-mode/flags/pixel-aspect-ratio
+ caps fields correctly when checking caps equality on input caps
+ changes
+ + videoaggregator fixes (negative rate handling, current position
+ rounding)
+ + soup http plugin: Lookup libsoup dylib files on Apple
+ platforms; fix Cerbero static build on Android and iOS
+ + Support build against libfreeaptx in openaptx plugin
+ + Fix linking issues on Illumos distros
+ + GstPlay: Fix new error + warning parsing API (was unusuable
+ before)
+ + mpegtsmux: VBR muxing fixes
+ + nvdecoder: Various fixes for 4:4:4 and high-bitdepth decoding
+ + Support build against libfreeaptx in openaptx plugin
+ + webrtc: Various fixes to the webrtc-sendrecv python example
+ + macOS: support a relocatable `GStreamer.framework` on macOS
+ + macOS: fix applemedia plugin failing to load on ARM64 macOS
+ + windows: ship wavpack library
+ + gst-python: Fix build with Python 3.11
+ + various bug fixes, memory leak fixes, and other stability and
+ reliability improvements
+ + plugin loader: show the reason when spawning of
+ gst-plugin-scanner fails
+ + registry, plugin loading: fix dynamic relocation if
+ GST_PLUGIN_SUBDIR (libdir) is not a single subdirectory;
+ improve GST_PLUGIN_SUBDIR handling
+ + context: fix transfer annotation on
+ gst_context_writable_structure() for bindings
+ + baseparse: Don't truncate the duration to milliseconds in
+ gst_base_parse_convert_default()
+ + bufferpool: Deactivate pool and get rid of references to other
+ objects from dispose instead of finalize
+
+- Update to version 1.20.0:
+ + Development in GitLab was switched to a single git repository
+ containing all the modules
+ + GstPlay: new high-level playback library, replaces GstPlayer
+ + WebM Alpha decoding support
+ + Encoding profiles can now be tweaked with additional
+ application-specified element properties
+ + Compositor: multi-threaded video conversion and mixing
+ + RTP header extensions: unified support in RTP depayloader and
+ payloader base classes
+ + SMPTE 2022-1 2-D Forward Error Correction support
+ + Smart encoding (pass through) support for VP8, VP9, H.265 in
+ encodebin and transcodebin
+ + Runtime compatibility support for libsoup2 and libsoup3
+ (libsoup3 support experimental)
+ + Video decoder subframe support
+ + Video decoder automatic packet-loss, data corruption, and
+ keyframe request handling for RTP / WebRTC / RTSP
+ + mp4 and Matroska muxers now support profile/level/resolution
+ changes for H.264/H.265 input streams (i.e. codec data changing
+ on the fly)
+ + mp4 muxing mode that initially creates a fragmented mp4 which
+ is converted to a regular mp4 on EOS
+ + Audio support for the WebKit Port for Embedded (WPE) web page
+ source element
+ + CUDA based video color space convert and rescale elements and
+ upload/download elements
+ + NVIDIA memory:NVMM support for OpenGL glupload and gldownload
+ elements
+ + Many WebRTC improvements
+ + The new VA-API plugin implementation fleshed out with more
+ decoders and new postproc elements
+ + AppSink API to retrieve events in addition to buffers and
+ buffer lists
+ + AppSrc gained more configuration options for the internal queue
+ (leakiness, limits in buffers and time, getters to read current
+ levels)
+ + Updated Rust bindings and many new Rust plugins
+ + Improved support for custom minimal GStreamer builds
+ + Support build against FFmpeg 5.0
+ + Linux Stateless CODEC support gained MPEG-2 and VP9
+ + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support
+ + Lots of new plugins, features, performance improvements and bug
+ fixes
+- Use ldconfig_scriptlets macro for post(un) handling where
+ possible.
+- Update Source url.
+
gstreamer-plugins-base
+- Add 5a074a11f90e3d70b24bf0c535ab0480fad9e701.patch: playsink:
+ Complete reconfiguration on pad release.
+- Use ldconfig_scriptlets macro for post(un) handling.
+
+- Update to version 1.20.1:
+ + typefindfunctions: Fix WebVTT format detection for very short
+ files
+ + gldisplay: Reorder GST_GL_WINDOW check for egl-device
+ + rtpbasepayload: Copy all buffer metadata instead of just
+ GstMetas for the input meta buffer
+ + codec-utils: Avoid out-of-bounds error
+ + navigation: Fix Since markers for mouse scroll events
+ + videoaggregator: Fix for unhandled negative rate
+ + videoaggregator: Use floor() to calculate current position
+ + video-color: Fix for missing clipping in PQ EOTF function
+ + gst-play-1.0: Fix trick-mode handling in keyboard shortcut
+ + audiovisualizer: shader: Fix out of bound write
+
+- Update to version 1.20.0:
+ + Development in GitLab was switched to a single git repository
+ containing all the modules
+ + GstPlay: new high-level playback library, replaces GstPlayer
+ + WebM Alpha decoding support
+ + Encoding profiles can now be tweaked with additional
+ application-specified element properties
+ + Compositor: multi-threaded video conversion and mixing
+ + RTP header extensions: unified support in RTP depayloader and
+ payloader base classes
+ + SMPTE 2022-1 2-D Forward Error Correction support
+ + Smart encoding (pass through) support for VP8, VP9, H.265 in
+ encodebin and transcodebin
+ + Runtime compatibility support for libsoup2 and libsoup3
+ (libsoup3 support experimental)
+ + Video decoder subframe support
+ + Video decoder automatic packet-loss, data corruption, and
+ keyframe request handling for RTP / WebRTC / RTSP
+ + mp4 and Matroska muxers now support profile/level/resolution
+ changes for H.264/H.265 input streams (i.e. codec data changing
+ on the fly)
+ + mp4 muxing mode that initially creates a fragmented mp4 which
+ is converted to a regular mp4 on EOS
+ + Audio support for the WebKit Port for Embedded (WPE) web page
+ source element
+ + CUDA based video color space convert and rescale elements and
+ upload/download elements
+ + NVIDIA memory:NVMM support for OpenGL glupload and gldownload
+ elements
+ + Many WebRTC improvements
+ + The new VA-API plugin implementation fleshed out with more
+ decoders and new postproc elements
+ + AppSink API to retrieve events in addition to buffers and
+ buffer lists
+ + AppSrc gained more configuration options for the internal queue
+ (leakiness, limits in buffers and time, getters to read current
+ levels)
+ + Updated Rust bindings and many new Rust plugins
+ + Improved support for custom minimal GStreamer builds
+ + Support build against FFmpeg 5.0
+ + Linux Stateless CODEC support gained MPEG-2 and VP9
+ + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support
+ + Lots of new plugins, features, performance improvements and bug
+ fixes
+- Rebase add_wayland_dep_to_tests.patch.
+- Drop gstreamer-plugins-base-gl-deps.patch: Fixed upstream
+- Stop using service due to upstreams new mono-repo, just use
+ tarballs for now.
+
kernel-default
+- powerpc/rtas: Keep MSR RI set when calling RTAS (bsc#1197174
+ ltc#196362).
+- commit be99d79
+
+- watch_queue: Actually free the watch (CVE-2022-0995
+ bsc#1197246).
+- watch_queue: Fix NULL dereference in error cleanup
+ (CVE-2022-0995 bsc#1197246).
+- commit 9f97636
+
+- ALSA: pcm: Fix races among concurrent prealloc proc writes
+ (CVE-2022-1048 bsc#1197331).
+- commit 7ca9b7d
+
+- ALSA: pcm: Fix races among concurrent prepare and
+ hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
+- commit bdcd5ee
+
+- ALSA: pcm: Fix races among concurrent read/write and buffer
+ changes (CVE-2022-1048 bsc#1197331).
+- commit 8bb5c1f
+
+- ALSA: pcm: Fix races among concurrent hw_params and hw_free
+ calls (CVE-2022-1048 bsc#1197331).
+- commit 4ce87ae
+
+- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
+ bsc#1197331).
+- commit 15a1bad
+
libsolv
+- reworked choice rule generation to cover more usecases
+- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
+ [bsc#1196514]
+- support parsing of Debian's Multi-Arch indicator
+- bump version to 0.7.22
+
libzypp
-- Fix package signature check (bsc#184501)
+- ZConfig: Update solver settings if target changes (bsc#1196368)
+- version 17.30.0 (22)
+
+- Fix possible hang in singletrans mode (bsc#1197134)
+- Do 2 retries if mount is still busy.
+- version 17.29.7 (22)
+
+- Fix package signature check (bsc#1184501)
nvme-cli
+- Fix install conflict caused by new bash completion script
+ location (bsc#1197365).
+
openssl-1_1
+- FIPS: Additional PBKDF2 requirements for KAT [bsc#1197280]
+ * The IG 10.3.A and SP800-132 require some minimum parameters for
+ the salt length, password length and iteration count. These
+ parameters should be also used in the KAT.
+ * Add openssl-1_1-FIPS-PBKDF2-KAT-requirements.patch
+
+- Security Fix: [bsc#1196877, CVE-2022-0778]
+ * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
+ * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
+
+- Added openssl-1_1-use-include-directive.patch so that the default
+ /etc/ssl/openssl.cnf file will include any configuration files that
+ other packages might place into /etc/ssl/engines.d/ and
+ /etc/ssl/engdef.d/ This is a fix for bsc#1004463 where scripting was
+ being used to modify the openssl.cnf file. The scripting would fail
+ if either the default openssl.cnf file, or the sample openssl-ibmca
+ configuration file would be changed by upstream.
+- Updated spec file to create the two new necessary directores for
+ the above patch. [bsc#1194187, bsc#1004463]
+
+- FIPS: add openssl-1_1-fips-bsc1190652_release_num_in_version_string.patch
+ * bsc#1190652 - Provide a service to output module name/identifier
+ and version
+
+- Security fix: [bsc#1192820, CVE-2002-20001]
+ * Fix DHEATER: The Diffie-Hellman Key Agreement Protocol allows
+ remote attackers (from the client side) to send arbitrary
+ numbers that are actually not public keys, and trigger
+ expensive server-side DHE calculation.
+ * Stop recommending the DHE in SSL_DEFAULT_SUSE_CIPHER_LIST
+ * Rebase openssl-DEFAULT_SUSE_cipher.patch
+
+- FIPS: Reintroduce the FFC and ECC checks in openssl-DH.patch
+ that were removed in the update to 1.1.1l [bsc#1185313]
+
+- FIPS: Fix sn_objs and ln_objs in crypto/objects/obj_mac.num
+ * Rebase openssl-DH.patch [bsc#1194327]
+- Merge openssl-keep_EVP_KDF_functions_version.patch into
+ openssl-1.1.1-evp-kdf.patch
+- Add function codes for pbkdf2, hkdf, tls and ssh selftests.
+ Rebase patches:
+ * openssl-fips-kdf-hkdf-selftest.patch
+ * openssl-kdf-selftest.patch
+ * openssl-kdf-ssh-selftest.patch
+ * openssl-kdf-tls-selftest.patch
+
+- Pull libopenssl-1_1 when updating openssl-1_1 with the same
+ version. [bsc#1195792]
+
+- FIPS: Fix function and reason error codes [bsc#1182959]
+ * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
+
+- Enable zlib compression support [bsc#1195149]
+
+- Remove the openssl-has-RSA_get0_pss_params provides as it is
+ now fixed in the nodejs16 side [bsc#1192489]
+
+- FIPS: Move the HMAC-SHA2-256 used for integrity test [bsc#1185320]
+ * Add openssl-FIPS-KAT-before-integrity-tests.patch
+
+- FIPS: Add missing KAT for HKDF/TLS 1.3/IPSEC IKEv2 [bsc#1192442]
+ * Add openssl-fips-kdf-hkdf-selftest.patch
+
pam
+- Between allocating the variable "ai" and free'ing them, there are
+ two "return NO" were we don't free this variable. This patch
+ inserts freaddrinfo() calls before the "return NO;"s.
+ [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
+
+- Define _pam_vendordir as "/%{_sysconfdir}/pam.d"
+ The variable is needed by systemd and others.
+ [bsc#1196093, macros.pam]
+
protobuf
+- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
+ bsc#1195258
+ * Add protobuf-CVE-2021-22570.patch
+
python-rpm
-- Add no-hardocded-python2.diff to avoid hardcoding of python2
- (jsc#SLE-16747)
-
+- update to rpm-4.11.1
+
rpm
+- Revert unwanted /usr/bin/python -> /usr/bin/python2 change we
+ got with the update to 4.14.3 [bsc#1194968]
+ new patch: no-python2.diff
+
+- Backport header check changes so that old rpms get no longer
+ rejected [bsc#1190824]
+ updated patch: headerchk3.diff
+
+- Add explicit requirement on python-rpm-macros to avoid widespread
+ breakage by package mistakenly ignoring their requirement of
+ python-rpm-macros (bsc#1180125, bsc#1193711).
+
+- backport zstd detection fix [bsc#1187670]
+ new patch: zstddetection.diff
+- backport ndb rofs support [bsc#1188548]
+ new patch: ndbrofs.diff
+- backport pgp hardening changes from upstream [bsc#1185299]
+ new patch: pgpharden.diff
+- fix deadlock when multiple rpm processes try tp acquire the
+ database lock [bsc#1183659]
+ new patch: deadlock.diff
+
sudo
+- Add sudo-1.9.9-honor-T_opt.patch
+ * the -T option of sudo does nothing even when
+ 'Defaults user_command_timeouts' is present in the configuration.
+ * [bsc#1193446]
+ * Credit to Jaroslav Jindrak <dzejrou@gmail.com>
+
+- Restrict use of sudo -U other -l to people who have permission
+ to run commands as that user (bsc#1181703, jsc#SLE-22569)
+ * feature-upstream-restrict-sudo-U-other-l.patch
+
zlib
+- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
+ * bsc1197459.patch
+