Removed rpms
============
- clang11-devel
- clang11-devel-32bit
- cluster-md-kmp-preempt
- dlm-kmp-preempt
- fedfs-utils-admin
- gfs2-kmp-preempt
- glibc-livepatches
- hypre-gnu-mpich-hpc-devel
- hypre-gnu-mvapich2-hpc-devel
- hypre-gnu-openmpi2-hpc-devel
- hypre-gnu-openmpi3-hpc-devel
- hypre-gnu-openmpi4-hpc-devel
- kernel-64kb-livepatch-devel
- kernel-azure-livepatch-devel
- kernel-debug-livepatch-devel
- kernel-default-livepatch
- kernel-default-livepatch-devel
- kernel-docs-rt
- kernel-docs-rt-html
- kernel-kvmsmall-livepatch-devel
- kernel-preempt
- kernel-preempt-devel
- kernel-preempt-extra
- kernel-preempt-livepatch-devel
- kernel-preempt-optional
- kernel-rt-livepatch
- kernel-rt-livepatch-devel
- kernel-rt_debug-livepatch-devel
- kernel-vanilla
- kernel-vanilla-base
- kernel-vanilla-devel
- kernel-vanilla-livepatch-devel
- kselftests-kmp-preempt
- libboost_graph_parallel1_66_0-devel
- libboost_mpi1_66_0-devel
- libboost_mpi_python-py3-1_66_0-devel
- libebl-devel
- libscalapack2-gnu-mpich-hpc
- libscalapack2-gnu-mpich-hpc-devel
- libscalapack2-gnu-mvapich2-hpc
- libscalapack2-gnu-mvapich2-hpc-devel
- libscalapack2-gnu-openmpi2-hpc
- libscalapack2-gnu-openmpi2-hpc-devel
- libscalapack2-gnu-openmpi3-hpc
- libscalapack2-gnu-openmpi3-hpc-devel
- libscalapack2-gnu-openmpi4-hpc
- libscalapack2-gnu-openmpi4-hpc-devel
- libsvrcore0-32bit
- libtrilinos-gnu-mpich-hpc
- libtrilinos-gnu-mvapich2-hpc
- libtrilinos-gnu-openmpi2-hpc
- libtrilinos-gnu-openmpi3-hpc
- libtrilinos-gnu-openmpi4-hpc
- libtrilinos_13_2_0-gnu-mpich-hpc
- libtrilinos_13_2_0-gnu-mpich-hpc13
- libtrilinos_13_2_0-gnu-mvapich2-hpc
- libtrilinos_13_2_0-gnu-mvapich2-hpc13
- libtrilinos_13_2_0-gnu-openmpi2-hpc
- libtrilinos_13_2_0-gnu-openmpi2-hpc13
- libtrilinos_13_2_0-gnu-openmpi3-hpc
- libtrilinos_13_2_0-gnu-openmpi3-hpc13
- libtrilinos_13_2_0-gnu-openmpi4-hpc
- libtrilinos_13_2_0-gnu-openmpi4-hpc13
- lldb11-devel
- mumps-gnu-mpich-hpc-devel
- mumps-gnu-mpich-hpc-doc
- mumps-gnu-mpich-hpc-examples
- mumps-gnu-mvapich2-hpc-devel
- mumps-gnu-mvapich2-hpc-doc
- mumps-gnu-mvapich2-hpc-examples
- mumps-gnu-openmpi2-hpc-devel
- mumps-gnu-openmpi2-hpc-doc
- mumps-gnu-openmpi2-hpc-examples
- mumps-gnu-openmpi3-hpc-devel
- mumps-gnu-openmpi3-hpc-doc
- mumps-gnu-openmpi3-hpc-examples
- mumps-gnu-openmpi4-hpc-devel
- mumps-gnu-openmpi4-hpc-doc
- mumps-gnu-openmpi4-hpc-examples
- mumps_5_3_5-gnu-mpich-hpc-devel
- mumps_5_3_5-gnu-mpich-hpc-devel-static
- mumps_5_3_5-gnu-mpich-hpc-doc
- mumps_5_3_5-gnu-mpich-hpc-examples
- mumps_5_3_5-gnu-mvapich2-hpc-devel
- mumps_5_3_5-gnu-mvapich2-hpc-devel-static
- mumps_5_3_5-gnu-mvapich2-hpc-doc
- mumps_5_3_5-gnu-mvapich2-hpc-examples
- mumps_5_3_5-gnu-openmpi2-hpc-devel
- mumps_5_3_5-gnu-openmpi2-hpc-devel-static
- mumps_5_3_5-gnu-openmpi2-hpc-doc
- mumps_5_3_5-gnu-openmpi2-hpc-examples
- mumps_5_3_5-gnu-openmpi3-hpc-devel
- mumps_5_3_5-gnu-openmpi3-hpc-devel-static
- mumps_5_3_5-gnu-openmpi3-hpc-doc
- mumps_5_3_5-gnu-openmpi3-hpc-examples
- mumps_5_3_5-gnu-openmpi4-hpc-devel
- mumps_5_3_5-gnu-openmpi4-hpc-devel-static
- mumps_5_3_5-gnu-openmpi4-hpc-doc
- mumps_5_3_5-gnu-openmpi4-hpc-examples
- mypy
- nanopb-source
- nemo-extension-compare
- netty-javadoc
- netty-poms
- ocaml-cppo
- ocaml-cppo-devel
- ocfs2-kmp-preempt
- openssl-1_1-livepatches
- petsc-gnu-mpich-hpc-devel
- petsc-gnu-mvapich2-hpc-devel
- petsc-gnu-openmpi2-hpc-devel
- petsc-gnu-openmpi3-hpc-devel
- petsc-gnu-openmpi4-hpc-devel
- postgresql15-devel-mini
- python3-ibus
- python3-libxml2-python
- python3-tagpy
- reiserfs-kmp-preempt
- ruby2.5-rubygem-cf-uaac
- ruby2.5-rubygem-cf-uaac-doc
- ruby2.5-rubygem-cf-uaac-testsuite
- sassc
- svrcore-devel
- systemd-mini
- tftpboot-installation-openSUSE-Leap-15.5-Beta-aarch64
- tftpboot-installation-openSUSE-Leap-15.5-Beta-ppc64le
- tftpboot-installation-openSUSE-Leap-15.5-Beta-s390x
- tftpboot-installation-openSUSE-Leap-15.5-Beta-x86_64
- tycho-extras
- tycho-extras-javadoc
- xml-commons-resolver10
- xml-commons-resolver11
- xml-commons-resolver12
- zypper-migration-plugin
Added rpms
==========
- aardvark-dns
- libbpf0
- libbpf0-32bit
- liblmdb-0_9_17
- liblmdb-0_9_17-32bit
- tftpboot-installation-openSUSE-Leap-15.5-aarch64
- tftpboot-installation-openSUSE-Leap-15.5-ppc64le
- tftpboot-installation-openSUSE-Leap-15.5-s390x
- tftpboot-installation-openSUSE-Leap-15.5-x86_64
Package Source Changes
======================
avahi
+- Add avahi-CVE-2023-1981.patch: emit error if requested service
+ is not found (boo#1210328 CVE-2023-1981).
+
+- switch to use _multibuild
+- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
+- use https urls
+
bcache-tools
+- bcache-tools: improve is_zoned_device() (bsc#1208425)
+ 0029-bcache-tools-improve-is_zoned_device.patch
+
-- removed unnecessary openssl-devel buildrequires
-
chromium
+- Chromium 112.0.5615.165 (boo#1210618):
+ * CVE-2023-2133: Out of bounds memory access in Service Worker API
+ * CVE-2023-2134: Out of bounds memory access in Service Worker API
+ * CVE-2023-2135: Use after free in DevTools
+ * CVE-2023-2136: Integer overflow in Skia
+ * CVE-2023-2137: Heap buffer overflow in sqlite
+- drop chromium-112-feed_protos.patch
+
+- Fix Leap 15.4 build failures from default comparison operators
+ defined outside of the class definition, a C++20 feature
+ adding chromium-112-default-comparison-operators.patch
+
clamav-database
+- database refresh on 2023-04-24 (bsc#1084929)
+
containerized-data-importer
+- Use recent golang compiler (bsc#1208916)
+
dmidecode
+- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
+ which would prevent root from using the --from-dump option since
+ the latest security fixes (bsc#1210418).
+
+Security fixes (CVE-2023-30630)
+- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
+ Clean up function dmi_table so that it does only one thing
+ (bsc#1210418).
+- dmidecode-write-the-whole-dump-file-at-once.patch: When option
+ - -dump-bin is used, write the whole dump file at once, instead of
+ opening and closing the file separately for the table and then
+ for the entry point (bsc#1210418).
+- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
+ Make sure that the file passed to option --dump-bin does not
+ already exist (bsc#1210418).
+- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
+ check on the type of the mem device file we are asked to read
+ from, if we are root (bsc#1210418).
+ 3 recommended fixes from upstream:
+- dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a
+ user-visible string.
+- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
+ the SMBIOS entry point is long enough to include all the fields
+ we need.
+- dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode
+ the last field of HPE OEM record type 237.
+
dtb-aarch64
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
grub2
+- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
+ * 0001-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
+ * 0002-kern-ieee1275-init-Extended-support-in-Vec5.patch
+
hawk2
+- Update sass-ansible dependency in the hawk2.spec:
+ * Unable to activate sass-rails-5.1.0 (bsc#1208533)
+
indent
+- Fix memory safety issues, bsc#1209718
+ * fix-buffer-overflow-print_comment.patch
+ * fix-buffer-overread-found_keyword.patch
+ * fix-use-after-free.patch
+
-- Fix compiler warnings.
-
jettison
+- Upgrade to version 1.5.4
+ * Fixes:
+ + Fixing issue 60: Infinite recursion triggered when
+ constructing a JSONArray from a Collection (bsc#1209605,
+ CVE-2023-1436)
+
kernel-64kb
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-azure
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-debug
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-default
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-default-base
+- Do not build on s390 (bsc#1210729)
+
kernel-docs
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-kvmsmall
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-obs-build
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-obs-qa
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-rt
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-rt_debug
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-source
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-source-azure
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-source-rt
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-syms
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kernel-syms-azure
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-syms-rt
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
+- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
+ (bsc#1210158).
+- commit bca1250
+
+- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
+ It grows and the build fails recently on SLE15-SP4/5.
+- commit 8ba35ca
+
kernel-zfcpdump
+- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
+ bsc#1209615).
+- commit 92426ca
+
+- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
+- commit 507557e
+
+- Update CVE reference to
+ patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
+ (git-fixes bsc#1210454 CVE-2023-2019).
+- commit 75fc91b
+
+- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
+ (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
+ jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 bsc#1210453
+ CVE-2023-2008).
+- commit 342d08e
+
+- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
+ condition (git-fixes bsc#1210337 CVE-2023-1990).
+- commit 12594bd
+
kubevirt
+- Use recent golang compiler (bsc#1208916)
+- Limit operator secrets permission (CVE-2023-26484, bsc#1209359)
+ 0003-Vulnerability-fix-limit-operator-secrets-permission.patch
+
libxml2
+- Security update:
+ * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
+ isn't deterministic
+ - Added patch libxml2-CVE-2023-29469.patch
+ * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
+ xmlSchemaFixupComplexType
+ - Added patch libxml2-CVE-2023-28484-1.patch
+ - Added patch libxml2-CVE-2023-28484-2.patch
+
+- Remove unneeded dependency (bsc#1209918).
+
libxml2:python
+- Security update:
+ * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
+ isn't deterministic
+ - Added patch libxml2-CVE-2023-29469.patch
+ * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
+ xmlSchemaFixupComplexType
+ - Added patch libxml2-CVE-2023-28484-1.patch
+ - Added patch libxml2-CVE-2023-28484-2.patch
+
+- Remove unneeded dependency (bsc#1209918).
+
mariadb
+- Update to 10.6.12:
+ https://mariadb.com/kb/en/library/mariadb-10612-release-notes
+ https://mariadb.com/kb/en/library/mariadb-10612-changelog
+ https://mariadb.com/kb/en/library/mariadb-10611-release-notes
+ https://mariadb.com/kb/en/library/mariadb-10611-changelog
+ * fixes for the following security vulnerabilities:
+ 10.6.12: none
+ 10.6.11: none
+- Update mariadb.keyring
+- Update list of skipped tests
+
mozilla-nss
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
+ fixes to PBKDF2 parameter validation.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
+ validate extra PBKDF2 parameters according to FIPS 140-3.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
+ update session->lastOpWasFIPS before destroying the key after
+ derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
+ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
+ CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
+- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
+ excess code.
+
+- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
+
+- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
+ checks. Thanks to Martin for the DHKey parts.
+
+- Add manpages to mozilla-nss-tools (bsc#1208242)
+
netty
+- Upgrade to latest upstream version 4.1.75
+- Modified patches:
+ * 0001-Remove-optional-dep-Blockhound.patch
+ * 0002-Remove-optional-dep-conscrypt.patch
+ * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+ * 0004-Remove-optional-dep-tcnative.patch
+ * 0005-Remove-optional-dep-log4j.patch
+ * 0006-revert-Fix-native-image-build.patch
+ * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ + rebase
+
+- Do not build against the log4j12 packages
+
+- Upgrade to latest upstream version 4.1.72
+ * fixes: bsc#1190610, CVE-2021-37136: Bzip2Decoder doesn't allow
+ setting size restrictions for decompressed data
+ * fixes: bsc#1190613, CVE-2021-37137: SnappyFrameDecoder doesn't
+ restrict chunk length any may buffer skippable chunks in an
+ unnecessary way
+ * fixes: bsc#1193672, CVE-2021-43797: possible HTTP request
+ smuggling due to insufficient validation against control
+ characters
+ * fixes: bsc#1184203, CVE-2021-21409: request smuggling via
+ content-length header
+- Modified patches:
+ * 0001-Remove-optional-dep-Blockhound.patch
+ * 0002-Remove-optional-dep-conscrypt.patch
+ * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+ * 0004-Remove-optional-dep-tcnative.patch
+ * 0005-Remove-optional-dep-log4j.patch
+ * 0006-revert-Fix-native-image-build.patch
+ * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ * no-werror.patch
+ + rediff to changed context
+- Added patch:
+ * no-brotli-zstd.patch
+ + disable Brotli and Zstd compression, since we lack
+ the dependencies needed to build them
+
+- Upgrade to latest upstream version 4.1.60
+ * fixes: bsc#1183262, CVE-2021-21295: HTTP/2 request
+ Content-Length header field is not validated by
+ 'Http2MultiplexHandler'
+- Modified patches:
+ * 0001-Remove-optional-dep-Blockhound.patch
+ * 0002-Remove-optional-dep-conscrypt.patch
+ * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+ * 0004-Remove-optional-dep-tcnative.patch
+ * 0005-Remove-optional-dep-log4j.patch
+ * 0006-revert-Fix-native-image-build.patch
+ + rediff to changed context
+- Added patch:
+ * 0007-Revert-Support-session-cache-for-client-and-server-w.patch
+ + revert optional disabled cache implementation that conflicts
+ with our 0004-Remove-optional-dep-tcnative.patch
+
+- Upgrade to latest upstream version 4.1.59
+- Removed patches:
+ * netty-CVE-2020-11612.patch
+ * netty-CVE-2021-21290.patch
+ + fixes integrated in the upstream sources
+ * 0001-Remove-OpenSSL-parts-depending-on-tcnative.patch
+ * 0002-Remove-NPN.patch
+ * 0003-Remove-conscrypt-ALPN.patch
+ * 0004-Remove-jetty-ALPN.patch
+ + replaced by new patches
+- Added patches:
+ * 0001-Remove-optional-dep-Blockhound.patch
+ * 0002-Remove-optional-dep-conscrypt.patch
+ * 0003-Remove-optional-deps-jetty-alpn-and-npn.patch
+ * 0004-Remove-optional-dep-tcnative.patch
+ * 0005-Remove-optional-dep-log4j.patch
+ + remove various optional dependencies that we do not need
+ * 0006-revert-Fix-native-image-build.patch
+ + Revert changes that introduce a new dependency that we
+ do not have
+ * no-werror.patch
+ + Do not treat warnings as errors
+- Build -poms and -javadoc as noarch packages, since they do not
+ install anything in arch-dependent directories
+
- * netty-CVE-2021-21295.patch
- + backport of upstream fixes for bsc#1183262, CVE-2021-21295:
- HTTP/2 request Content-Length header field is not validated
- by 'Http2MultiplexHandler'
+ * netty-CVE-2021-21290.patch
+ + bsc#1182103, CVE-2021-21290
newt
-- Make it build with latest TeXLive 2012 with new package layout
-
-- update to 0.52.14:
- + fix returning strings in whiptail and whiptcl (rh#752818)
- + fix configure to work with multiple python versions (rh#737998)
-- removed newt-0.52.13-python_version.patch : fixed upstream
-- compile with fPIC - fixes problems with _snackmodule.so
- thanks to Joerg Steffens (bnc#734171)
-- newt-doc recommends the main package as the examples need it
-- added newt-0.52.14-incorrect-fsf-address.patch
-
-- Remove redundant tags/sections per specfile guideline suggestions
-
-- update to 0.52.13:
- + add support for changing colors in individual labels, scrollbars, entries,
- textboxes and scales, add custom colorsets
- + add support for NEWT_COLORS and NEWT_COLORS_FILE variables (rh#689903)
- + allow resizing of form
- + fix errors found by coverity
- + fix va_list usage (Gwenole Beauchesne)
- + fix building and installing on Mac OS X (rh#652479)
- + check for slang.h header, support DESTDIR variable, add --without-python
- option (Otavio Salvador)
- + add Persian, Low German translations
-- added newt-0.52.13-python_version.patch to fix detection of
- python version in configure script
-
-- add comment to keep static lib
-
-- fix baselibs.conf
- o newt > libnewt0_52
-- fix naming
- o define libname libnewt
- o define libsoname {libname}0_52
-- fix deps
- o add pkg-config
- o move {py_requires} to subpkg python-newt
-- remove Author from description
-
-- update to 0.52.12:
- + fix whiptail --gauge and its description in man page (#620083)
- + remove space after \n in whiptail texts (#620083)
- + remove NLS code from snack (#599608)
- + expose more keys to python as shortcuts in dialogs (Jakob Kemi)
- + release python global-thread-lock during dialog displays (Jakob Kemi)
- + fix warnings in whiptcl.c and include Tcl_PkgProvide() call (Mikhail T.)
- + don't NULL deref when an invalid array is specified in checkboxtree
- (Arnaldo Carvalho de Melo)
-- build on older distributions by owning locale/as
-
-- package baselibs.conf
-
-- update to 0.52.11
- * fix buffer overflow in textbox when reflowing (#523955, CVE-2009-2905)
- * use full textbox width when reflowing and allow minimal width 1
- * fix writing lines longer than width in textbox
- * don't use va_list in newtvwindow more than once (#523696)
- * bind \E[Z to back-tab in built-in keymap (#468046)
- * terminate string after reading file in whiptail
- * add newtRadioSetCurrent function (Thomas Jarosch)
- * add pkgconfig support (Thomas Jarosch)
- * add Malay, Malayalam, Assamese, Gujarati, Bengali India, Kannada, Telugu
- translations
- * include tutorial in txt format
- * include debian patches
- - fix crash in textbox SetText when topLines != 0
- - don't link modules with libraries already linked with libnewt
- - add Asturian and Marathi translations
-- cleanup spec
- * sorted TAGS
- * macros __make, __install, ...
- name -> {name}
- version -> {version}
- buildroot -> {buildroot}
- _defaultdocdir -> {_defaultdocdir}
- ....
-- removed obsolete newt-CVE-2009-2905.patch
-
-- fix heap-based buffer overflow in function doReflow in textbox.c
- (fix bnc#540930 and CVE-2009-2905 : newt-CVE-2009-2905.patch)
-
openssl-ibmca
+- Applies a patch (bsc#1210359)
+ * openssl-ibmca-engine-noregister.patch
+- Updated the '#dynamic_path' line, as it was before, with the comment '#'.
+
ovmf
+- Add ovmf-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch
+ to check result of GetEfiGlobalVariable2 (CVE-2019-14560, bsc#1174246)
+
+- Add ovmf-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch
+ for MdeModulePkg/PiSmmCore: SmmEntryPoint underflow (CVE-2021-38578)
+ (bsc#1196741)
+
package-translations
+- Update to version 89.87.20230417.43910d3:
+ * Translated using Weblate (Czech)
+ * Added translation using Weblate (Georgian)
+ * Translated using Weblate (Finnish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Polish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Spanish)
+ * Translated using Weblate (Swedish)
+ * Added translation using Weblate (Georgian)
+
parsec
+- Update to 1.2.0:
+ * Closed issue since 1.2.0-rc1:
+ - Parsec 1.1 fails to build with meta-security master branch
+
+- Disable jwt-svid-authenticator (SPIFFE) until fixed upstream
+ with gcc13 - https://github.com/parallaxsecond/parsec/issues/672
+
+- Update to 1.2.0-rc1
+- Drop upstream patch:
+ * 664.patch
+
+- Add patch to fix build on Tumbleweed (update tss-esapi to 7.2.0):
+ * 664.patch
+- Add true to _service to apply
+ security updates
+- Use cargo-packaging for all flavors
+- Enable cargo_audit
+
parsec-tool
+- Update to 0.6.0:
+ * Update (embedded) changelog
+
+- Update to 0.6.0-rc2:
+ * Align crates version with parsec-service
+
+- Update to 0.6.0-rc1:
+ * Bump parsec-client
+ * Allow to exclude algorithms for encryption/decryption tests
+ * Add support for RSA OAEP into parsec-tool and parsec-cli-tests.sh
+ * Fix clippy needless_borrow warnings
+ * Update lib.rs to remove const_err
+- Add true to _service to apply
+ security updates
+- Use cargo-packaging for all flavors
+- Enable cargo_audit
+
podman
+- Update to version 4.4.4:
+ * Bump to v4.4.4
+ * Release notes for v4.4.4
+ * libpod: always use direct mapping
+ * macos pkginstaller: do not fail when podman-mac-helper fails
+ * podman-mac-helper: install: do not error if already installed
+ * Bump to v4.4.4-dev
+- spec: Bump required version for libcontainers-common (bsc#1209495)
+
+- Update to version 4.4.3:
+ * Bump to v4.4.3
+ * Release notes for v4.4.3
+ * compat: /auth: parse server address correctly
+ * vendor github.com/containers/common@v0.51.1
+ * pkginstaller: bump Qemu to version 7.2.0
+ * podman machine: Adjust Chrony makestep config
+ * [v4.4] fix --health-on-failure=restart in transient unit
+ * podman logs passthrough driver support --cgroups=split
+ * journald logs: simplify entry parsing
+ * podman logs: read journald with passthrough
+ * journald: remove initializeJournal()
+ * netavark: only use aardvark ip as nameserver
+ * compat API: network create return 409 for duplicate
+ * fix "podman logs --since --follow" flake
+ * system service --log-level=trace: support hijack
+ * podman-mac-helper: exit 1 on error
+ * bump golang.org/x/net to v0.8.0
+ * Fix package restore
+ * Quadlet - use the default runtime
+ * Bump to v4.4.3-dev
+- Remove patch (merged upstream):
+ * Quadlet-use-the-default-runtime.patch
+ (https://github.com/containers/podman/pull/17601)
+
rp-pppoe
+- Require iproute2 instead of net-tools
+
-- updated patches to apply with fuzz=0
-
runc
-- Update to runc v1.1.4. Upstream changelog is available from
- https://github.com/opencontainers/runc/releases/tag/v1.1.4.
- * Fix mounting via wrong proc fd. When the user and mount namespaces are
- used, and the bind mount is followed by the cgroup mount in the spec,
- the cgroup was mounted using the bind mount's mount fd.
- * Switch kill() in libcontainer/nsenter to sane_kill().
- * Fix "permission denied" error from runc run on noexec fs.
- * Fix failed exec after systemctl daemon-reload. Due to a regression
- in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
- was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
- (boo#1202821)
+- Update to runc v1.1.5. Upstream changelog is available from
+ .
+ Includes fixes for the following CVEs:
+ - CVE-2023-25809 bsc#1209884
+ - CVE-2023-27561 bsc#1208962
+ - CVE-2023-28642 bsc#1209888
+ * Fix the inability to use `/dev/null` when inside a container.
+ * Fix changing the ownership of host's `/dev/null` caused by fd redirection
+ (a regression in 1.1.1). bsc#1168481
+ * Fix rare runc exec/enter unshare error on older kernels.
+ * nsexec: Check for errors in `write_log()`.
+- Drop version-specific Go requirement.
sddm
+- Add patch to fix delays on shutdown (boo#1210391):
+ * 0001-Avoid-starting-a-new-session-on-exit.patch
+
+- Replace proper_pam.diff with installation of source files:
+ * sddm.pam, sddm-autologin.pam, sddm-greeter.pam
+- PAM services:
+ * Make use of substack for common-*
+ * Include postlogin-*
+ * Run pam_keyinit before common-session
+ * Deny password in sddm-greeter
+- /run/sddm is owned by root:root
+- Add patch to fix possible deadlock:
+ * 0001-Process-all-available-auth-messages-in-a-loop.patch
+- Add missing dependencies on update-alternatives
+
+- Migration of PAM settings to /usr/lib/pam.d.
+
+- Honor /etc/nologin like login, sshd, xdm and gdm do
+ * added: auth requisite pam_nologin.so to proper_pam.diff
+ * see: man 5 nologin
+
slang
-- add automake as buildrequire to avoid implicit dependency
-
-- fix baselibs.conf
-
-- disabled parallel build again, still broken
-
-- updated to version 2.2.2
- + new languag features
- * ternary expressions
- * break and condition statements can now work on several levels
- of loops
- * multiline strings
- * List_Type objects can now also be indexed using an array of
- indices
- + new modules: zlib, fork, sysconf
- + new intrinsic functions: sumsq, expm1, log1p, list_to_array,
- string_matches, _close, _fileno, dup2, getsid, killpg,
- getpriority, setpriority, ldexp, frexp
- + provides pkg-info file
- + many bugfixes
-- split package to conform to library naming policy
-- rebased patches, removed obsolete slang-2.2.1-format.patch
-- added patch slang-2.2.2-makefile.patch from Fedora which fixes
- shared libs permissions, the slang shared library symlink, and
- parallel build dependency issues and removes rpath
-- build pcre, png, and zlib modules
-- removed incorrect license information
-- more accurate summary and description
-- further cleanup
-
-- unbreak occasional build failures by disabling parallel make.
-
-- fixed better
-
-- include headers to fix build
-
-- add baselibs.conf as a source
-- enable parallel build
-
trilinos
+- Add an 'Obsoletes:/Provides:' for a bogus package name that
+ was released to SLE/Leap by accident.
+ This may be removed once we move past version 13.2.0.
+
+- Tie %python_flavor to python3 on Leap/SLE 15 < SP3
+ (bsc#1197781).
+
+- Make use of the newly introduced %%hpc_pyton_sitelib macro.
+
+- Fix python modules to use the right include and lib dir:
+ Make-include-and-library-path-configurable-using-Cmake-variables.patch
+ See also: https://github.com/gsjaardema/seacas/pull/279
+- Make sure python modules for serial and MPI variants don't
+ overlap.
+ NOTE: mpi-selector is not setting PYTHONPATH!
+- Free package of all python2 traces.
+
+- Lower disk and memory constraints to match actual requirements,
+ dito %limit_build (now 16 GByte disk and 5 GByte memory).
+- Add memoryperjob constraint for a worker preselection, so
+ limit_build only lowers the number of jobs slightly.
+- Fix cmake files for non-HPC MPI build.
+- Add openmpi4 non-HPC flavor
+
+ See also: https://github.com/trilinos/Trilinos/issues/10100
valgrind
+- Build without -z now (bsc#1208407)
+
valgrind:client-headers
+- Build without -z now (bsc#1208407)
+
wireshark
+- Wireshark 3.6.13:
+ * CVE-2023-1992: RPCoRDMA dissector crash (bsc#1210405).
+ * CVE-2023-1993: LISP dissector large loop (bsc#1210404).
+ * CVE-2023-1994: GQUIC dissector crash (bsc#1210403).
+- Further features, bug fixes and updated protocol support as listed in:
+ https://www.wireshark.org/docs/relnotes/wireshark-3.6.13.html
+