Packages changed: Mesa Mesa-drivers criu fwupd (1.7.9 -> 1.7.10) gdb gspell (1.11.1 -> 1.12.0) kernel-source (5.19.10 -> 5.19.12) keylime (6.4.2 -> 6.5.0) libXtst (1.2.3 -> 1.2.4) libXxf86vm (1.1.4 -> 1.1.5) mozjs102 net-snmp nghttp2 (1.49.0 -> 1.50.0) open-iscsi openssl-1_1 orca (43.beta -> 43.0) pango (1.50.9 -> 1.50.10) patterns-containers podman (4.2.0 -> 4.2.1) qemu (7.0.0 -> 7.1.0) rust-keylime (0.1.0+git.1659977521.0186093 -> 0.1.0+git.1663769444.6318234) selinux-policy tracker vim (9.0.0500 -> 9.0.0626) xterm (372 -> 373) yast2 (4.5.14 -> 4.5.15) yast2-journal (4.5.1 -> 4.5.2) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - re-disable video codecs due to possible patent issues https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium Mesa-libva - re-disable video codecs due to possible patent issues https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15258 - Pass -Dvideo-codecs=h264dec,h264enc,h265dec,h265enc,vc1dec to meson, keep support for hardware codecs inside vaapi, vdpau and vulkan. These were previously enabled automatically. - enabled "swrast" and "amd" Vulkan drivers on riscv64, which is upstream default anyway ... ==== criu ==== - Disable LTO, as it results in segfaults (bsc#1203854) ==== fwupd ==== Version update (1.7.9 -> 1.7.10) Subpackages: fwupd-bash-completion libfwupd2 libfwupdplugin5 typelib-1_0-Fwupd-2_0 - Update to version 1.7.10: + Always check the BDP partitions when getting all the possible ESPs + Correctly detect CET IBT + Do not show HSI events where we changed the spec result value + Fix aligning up addresses greater than 4GB + Fix applying the latest DBX update on machines with 20200729.x64 installed + Fix checking for invalid depth requirements + Fix getting the new version number of the USI docking hardware + Fix HSI prefix for invalid chassis + Never save the Redfish auto-generated password to a user-readable file + Only create users using IPMI when we've tested the hardware + Only fail the kernel tainted HSI test for specific taint reasons + Only show changed events in the fwupdmgr security output + Recognize CSME version 16 and update vulnerable versions from CSMEVDT data + Write all the CCGX metadata block as intended ==== gdb ==== - Add patch to fix build with readline 8.2: * gdb-add-support-for-readline-8.2.patch - Patches added: * gdb-testsuite-fix-gdb.mi-mi-sym-info.exp-on-opensuse-tumbleweed.patch - Maintenance script qa.sh: * Add PR26873 kfails. - Maintenance script qa-remote.sh: * Make rpm matching yet more precise. - Update patch: * gdb-tdep-fix-powerpc-ieee-128-bit-format-arg-passing.patch - Add patches: * gdb-handle-pending-c-after-rl_callback_read_char.patch * gdb-testsuite-fix-have_mpx-test.patch * gdb-symtab-fix-handling-of-dw_tag_unspecified_type.patch * gdb-testsuite-fix-gdb.dwarf2-dw2-unspecified-type-foo.c-with-m32.patch ==== gspell ==== Version update (1.11.1 -> 1.12.0) - Update to version 1.12.0: + Use G_MODULE_EXPORT instead of the custom _GSPELL_EXTERN macro. + Small maintenance tasks, some minor simplifications. + Updated translations. ==== kernel-source ==== Version update (5.19.10 -> 5.19.12) - Linux 5.19.12 (bsc#1012628). - drm/i915: Extract intel_edp_fixup_vbt_bpp() (bsc#1012628). - drm/i915/pps: Split pps_init_delays() into distinct parts (bsc#1012628). - drm/i915/bios: Split parse_driver_features() into two parts (bsc#1012628). - drm/i915/bios: Split VBT parsing to global vs. panel specific parts (bsc#1012628). - drm/i915/bios: Split VBT data into per-panel vs. global parts (bsc#1012628). - drm/i915/dsi: filter invalid backlight and CABC ports (bsc#1012628). - drm/i915/dsi: fix dual-link DSI backlight and CABC ports for display 11+ (bsc#1012628). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1012628). - smb3: fix temporary data corruption in collapse range (bsc#1012628). - smb3: fix temporary data corruption in insert range (bsc#1012628). - usb: add quirks for Lenovo OneLink+ Dock (bsc#1012628). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (bsc#1012628). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1012628). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (bsc#1012628). - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (bsc#1012628). - xfrm: fix XFRMA_LASTUSED comment (bsc#1012628). - block: remove QUEUE_FLAG_DEAD (bsc#1012628). - block: stop setting the nomerges flags in blk_cleanup_queue (bsc#1012628). - block: simplify disk shutdown (bsc#1012628). - scsi: core: Fix a use-after-free (bsc#1012628). - drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1012628). - USB: core: Fix RST error in hub.c (bsc#1012628). - USB: serial: option: add Quectel BG95 0x0203 composition (bsc#1012628). - USB: serial: option: add Quectel RM520N (bsc#1012628). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (bsc#1012628). - ALSA: core: Fix double-free at snd_card_new() (bsc#1012628). - ALSA: hda/tegra: set depop delay for tegra (bsc#1012628). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (bsc#1012628). - ALSA: hda: Fix Nvidia dp infoframe (bsc#1012628). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (bsc#1012628). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (bsc#1012628). - ALSA: hda/realtek: Re-arrange quirk table entries (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (bsc#1012628). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (bsc#1012628). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (bsc#1012628). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (bsc#1012628). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (bsc#1012628). - iommu/vt-d: Check correct capability for sagaw determination (bsc#1012628). - exfat: fix overflow for large capacity partition (bsc#1012628). - btrfs: fix hang during unmount when stopping block group reclaim worker (bsc#1012628). - btrfs: fix hang during unmount when stopping a space reclaim worker (bsc#1012628). - btrfs: zoned: wait for extent buffer IOs before finishing a zone (bsc#1012628). - libperf evlist: Fix polling of system-wide events (bsc#1012628). - media: flexcop-usb: fix endpoint type check (bsc#1012628). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (bsc#1012628). - thunderbolt: Add support for Intel Maple Ridge single port controller (bsc#1012628). - efi: x86: Wipe setup_data on pure EFI boot (bsc#1012628). - efi: libstub: check Shim mode using MokSBStateRT (bsc#1012628). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (bsc#1012628). - gpio: mockup: fix NULL pointer dereference when removing debugfs (bsc#1012628). - gpio: mockup: Fix potential resource leakage when register a chip (bsc#1012628). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (bsc#1012628). - riscv: fix a nasty sigreturn bug.. (bsc#1012628). - riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning (bsc#1012628). - drm/i915/gem: Flush contexts on driver release (bsc#1012628). - drm/i915/gem: Really move i915_gem_context.link under ref protection (bsc#1012628). - xen/xenbus: fix xenbus_setup_ring() (bsc#1012628). - kasan: call kasan_malloc() from __kmalloc_*track_caller() (bsc#1012628). - can: flexcan: flexcan_mailbox_read() fix return value for drop = true (bsc#1012628). - net: mana: Add rmb after checking owner bits (bsc#1012628). ... changelog too long, skipping 331 lines ... - commit a267615 ==== keylime ==== Version update (6.4.2 -> 6.5.0) Subpackages: keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tpm_cert_store keylime-verifier python310-keylime - Remove keylime.conf.diff patch. Now the configuration file is generated during build time - The "config" subpackage shared only the logger configuration file - New "tenant" subpackage for the Tenant command line tool - Drop webapp service port in firewall XML service file - Update to version v6.5.0: * Bump up versions to 6.5.0 * Enable testing of Rust agent as well as Python by default * New readthedocs location for keylime * test_restful: Add test for /keys/verify endpoint to rust tests * test_restful: Fix testing with rust agent * run_tests: Install rust agent when RUST_TEST is defined * A fix for "per-agent verifier-issued epoch timestamp" * Move SQLite ref integrity pragma to keylime_db * Separate CA key store password from server key password * Generate missing key and certificates * verifier: Add a configuration option to set timeouts * config: Change default value for getfloat() to -1.0 * tenant: Add request_timeout configuration option * tpm_main: Move agent specific initialization to tpm_init() * failure: Do not read the verifier config on load * logging, verifier: Read configuration only when needed * tpm_ek_ca: Access tenant config file when needed * tpm_main: Only access agent configuration if needed * keylime_agent: Use a single tpm instance * config: Evaluate snippets in /usr/etc/keylime before /etc/keylime * Remove ignore_hostname argument from RequestsClient() calls * requests_client: Ignore hostname verification by default * web_util: Remove unneeded checks for absolute paths before joining * requests_client: remove RequestClient class variables * elchecking/policies: Use config.getlist() for measured_boot_imports * mappings: Add back missing option measured_boot_imports to verifier config * verifier: Fail earlier if mTLS cert is missing when required * crypto: Replace if block with conditional argument passing * config: Drop unused getdict() * config: Use python generator to strip strings in the list * verifier: Drop 'cloud' from 'cloudverifier_' variables * verifier: Always generate TLS context to contact the agent * ca_util: Replace if block with conditional argument * Drop broken auto-ipsec demos * tenant: Do not disable TLS when enable_agent_mtls = False * test_config: Reload configuration on tearDown * Change the meaning of trusted_client_ca=default for the agent * Install configuration files in test scripts * Add jinja2 as requirement for building and testing * tenant: Fix mention to old configuration section * tenant, verifier: Fix mTLS disablement * tenant: Do not try to verify EK cert when not required * Adjust test_restful to use the new configuration file * ima: Do not try to read excludelist if it is None * tenant: Use empty tpm_policy by default * Read measured boot configuration when needed * Add support for password encrypted keys * Change owner of config files and fix sed command in services installer * installer: Build and install split configuration files * Fix configuration unit tests * Remove trailing and leading white spaces in config.get_list() * Make changes to use the new configuration files * Add script to convert old config to new config * Ignore false positive for lints * Implement additional test to cover in-use deletion case * Enable referential integrity for foreign keys in Keylime DB * Prevent deletion of in-use allowlists via tenant + better error handling * Fixes #1046 by explicitly and carefully dealing with a corner case. * Fixes #1072 by explicitly and carefully dealing with yet another corner case. * Define context agent due to keylime-tests PR#193 * Adds two small utilities which are used by "Offline Attestation" (enhancement #73) * This commit solves #1091 by adding a per-agent verifier-issued epoch timestamp * Remove keylime-bot * Verifier log message improvements for large-scale testing. * Bump version to 6.4.3 * KEYLIME_DIR should not be clobbered in TEST_MODE * registrar: parse EK cert with pyasn1 * Reject invalid hash algorithms passed as arguments * Treat tpm_cert_store as absolute path * Fix for cloudverifier_tornado: 408 ('timeout') errors are retried instead of causing immediate attestation failure * Typo fix: the two certificates got copied over each other during the openssl process by mistake. * I downloaded the certs from here: * Remove cryptodome.py from keylime * Refactor allowlist handling on verifier to prevent premature DB writes * With this change, the `verifier` will now use the `tpm2_print` command to extract clock information from the quote. It will then uses this information to make decisions about the attestation of the agent (i.e., the quote timestamp has to monotonically grow in a TPM which wasn't restarted/reset). In order to make this comparison the clock information from the previous quote is stored on the database and then both timestamps are compared. * tpm_ek_ca: remove atmel keys * Throw an error if --exclude is used without --allowlist * Complete implementation of the Allowlists API * readme: minor fixes * Handle output file and algo validation errors * Fixes #1063 in a minimalistic way, by making log output configurable * Fix spacing * Update fmf plans to run test which checking tenant verify options * Fixes #1057 ensuring that the verifier can be restarted cleanly when mTLS for agents is disabled * Adds a per-agent counter for "successfull attestations" on Keylime. * Replace tabs with spaces * Keep original control structure, minimize change * Update installer.sh for RHEL8, PowerTools * Set swtpm context which is later used for test filtering * Update fmf plans to run tests which checking ek_certs * Minor fixes * Expand documentation for Measured Boot with additional info/examples. * Fix the project logo in the readme (#1049) * Add docs status to README ==== libXtst ==== Version update (1.2.3 -> 1.2.4) - Update to version 1.2.4 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * send_axes: Mark switch statement fallthrough as intentional * Resolve -Wsign-compare warnings * Variable scope reductions as suggested by cppcheck * Remove obsolete casts from Xmalloc() and Xcalloc() calls * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== libXxf86vm ==== Version update (1.1.4 -> 1.1.5) - modernize spec file, add license - Update to version 1.1.5 * Update README for gitlab migration * Update configure.ac bug URL for gitlab migration * Fix spelling/wording issues * gitlab CI: add a basic build test * Fix -Wsign-compare warning * Variable scope reductions as suggested by cppcheck * Update GetOldReq to use _XGetRequest() * autogen.sh: use quoted string variables * autogen: add default patch prefix * autogen.sh: use exec instead of waiting for configure to finish ==== mozjs102 ==== - Adjust name of ICU data file to fix build on big-endian platforms ==== net-snmp ==== Subpackages: libsnmp40 perl-SNMP snmp-mibs - Fixed python2 backward compability. add: * net-snmp-5.9.3-fixed-python2-bindings.patch ==== nghttp2 ==== Version update (1.49.0 -> 1.50.0) - update to 1.50.0: * https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/ This release adds nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables checking leading and trailing white spaces against HTTP field value. - disable asio by default as it is deprecated by upstream and will be removed in the next release ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Update to upstream version 2.1.8, which includes some bug fixes, and adds the ability to build using meson. The SPEC file was updated to use meson. Also, some files have moved: * the "lock" file has moved from /etc/iscsi to /var/lock/iscsi * the "database files" have moved from /etc/iscsi to /var/lib/iscsi ==== openssl-1_1 ==== Subpackages: libopenssl1_1 - Added openssl-1_1-paramgen-default_to_rfc7919.patch * bsc#1180995 * Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. ==== orca ==== Version update (43.beta -> 43.0) - Update to version 43.0: + General: - Prevent double-presentation of notifications. - Fix presentation of Nautilus items for Gtk 4. - Fix bug causing the wrong voice to be used. + Updated translations. ==== pango ==== Version update (1.50.9 -> 1.50.10) Subpackages: libpango-1_0-0 typelib-1_0-Pango-1_0 - Add 639.patch: layout: Fix crash when no font is installed. - Update to version 1.50.10: + Avoid some unnecessary strdups. + Fix line height computations with a non-trivial CTM. ==== patterns-containers ==== - Added Boolean operator to install distrobox if patterns-microos-desktop-common, but install toolbox if patterns-microos-desktop-common is not installed ==== podman ==== Version update (4.2.0 -> 4.2.1) Subpackages: podman-cni-config - Update to version 4.2.1: * Bump to v4.2.1 * Add release notes for v4.2.1 * remove SkipIfNotFedora() from events test * fix podman events with custom format * Drop stale config value resulting in asymmetric config * Fix list of default capabilities * Add container GID to additional groups * libpod: Ensure that generated container names are random * Fix bind-mount-option annotation in gen/play kube * Improved Windows compatibility for machine command * updated apiv2 tests to reflect hash compat fix * api: return imageID instead of imageName, for "Image" when Podman API is queried * Inhibit SIGTERM during Conmon startup * Fix example sections to follow the same format * Fix template name inconsistency * service: make move to sub-cgroup non fatal * Remove duplicate annotations in generated service yaml * Compat API image remove events now have 'delete' status * [CI:DOCS] Automatically set podman version in pkginstaller * Allow colons in windows file paths * Fixes isRootfull check using qemu machine on Windows * vendor containers/psgo@v1.7.3 * Allow podman to run in an environment with keys containing spaces * Document restrictions on transport in FROM * Improved Windows compatibility * pass environment variables to container clone * podman save: update --compress validation * sort hc.Binds returned from compat api * Cirrus: Update podman-machine comment * podman images and friends can take one image as argument * [CI:DOCS] Add .DS_Store to gitignore * podman-kube@.service.in: Remove Restart=never option with typo * Fix #15499 already connected network * [CI:DOCS] Cirrus: Update meta-task for EC2 image * fix CI: remove hardcodeded alpine version * fix CI: remove hardcodeded alpine version * Preserve all unknown PolicyRequirement fields on (podman image trust set) * Reorganize the types in policy.go a bit * Add support for showing keyPaths in (podman image trust show) * Support (image trust show) for sigstoreSigned entries * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements * Reorganize descriptionsOfPolicyRequirements a bit * Use the full descriptionsOfPolicyRequirements for the default scope * Rename haveMatchRegistry to registriesDConfigurationForScope * Rename tempTrustShowOutput to entry * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput * Recognize the new lookaside names for simple signing sigstore * Add a unit test for trust.PolicyDescription * Make the output of (podman image trust show) deterministic * Make most of pkg/trust package-private * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription * Add support for sigstoreSigned in (podman image trust set) * Create new policy entries together with validating input * Improve validation of data in ImageEngine.SetTrust * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries * Add a variable for scope * Make trust.CreateTempFile private * Reorganize pkg/trust * Remove an unused trust.ShowOutput type * Remove commented out code * libpod: UpdateContainerStatus: do not wait for container * Skip / update some tests under runc * Bump to v4.2.1-dev * test: update apply-podman-deltas for new tests * build: implement --cache-to,--cache-from and --cache-ttl * vendor: bump buildah to v1.27.0 ==== qemu ==== Version update (7.0.0 -> 7.1.0) - Runs of the test-suite seem much more stable now, in this version of QEMU. (bsc#1203610) We are also fine re-enabling running them in parallel. - Switch QEMU Linux user to emulate the same CPU as the one of the host by default. This is a bit conrtoversial and tricky, when thinking about system emulation/virtualization. But for linux-user, it should be just fine. (bsc#1203684) * Patches added: linux-user-use-max-as-default-CPU-model-.patch - Be less verbose when packaging documentation. In fact, with just a couple of (minor) re-arrangements, we can get rid of having to list all the files all the time - Package /etc/qemu/bridge.conf as '%config(noreplace). Next step will probably be to move it to /usr/etc/qemu (bsc#1201944) - Switch to %autosetup for all products (this required some changes in update_git.sh) - Run check-qtest sequentially, as it's more reliable, when in OBS - Build with libbpf, fdt and capstone support - Drop the patch adding our support document, and deal with that in the spec file directly * Patches dropped: doc-add-our-support-doc-to-the-main-proj.patch - Updated to latest upstream version 7.1 * https://wiki.qemu.org/ChangeLog/7.1 Be sure to also check the following pages: * https://qemu-project.gitlab.io/qemu/about/removed-features.html * https://qemu-project.gitlab.io/qemu/about/deprecated.html Some notable changes: * [x86] Support for architectural LBRs on KVM virtual machines * [x86] The libopcode-based disassembler has been removed. Use Capstone instead * [LoongArch] Add initial support for the LoongArch64 architecture. * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2 * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers * [ARM] The versal machine now models the Cortex-R5s in the Real-Time Processing Unit (RPU) subsystem * [ARM] The virt board now supports emulation of the GICv4.0 * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1 * [HPPA] Fix serial port pass-through from host to guest * [HPPA] Lots of general code improvements and tidy-ups * [RISC-V] RISC-V * [RISC-V] Add support for privileged spec version 1.12.0 * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default * [RISC-V] Allow software access to MIP SEIP * [RISC-V] Add initial support for the Sdtrig extension * [RISC-V] Optimisations and improvements for the vector extension * [VFIO] Experimental support for exposing emulated PCI devices over the new vfio-user protocol (a vfio-user client is not yet available in QEMU, though) * [QMP] The on-cbw-error option for copy-before-write filter, to specify behavior on CBW (copy before write) operation failure. * [QMP] The cbw-timeout option for copy-before-write filter, to specify timeout for CBW operation. * [QMP] New commands query-stats and query-stats-schema to retrieve statistics from various QEMU subsystems (right now only from KVM). * [QMP] The PanicAction can now be configured to report an exit-failure (useful for automated testing) * [Networking] QEMU can be compiled with the system slirp library even when using CFI. This requires libslirp 4.7. * [Migration] Support for zero-copy-send on Linux, which reduces CPU usage on the source host. Note that locked memory is needed to support this * Patches added: Revert-tests-qtest-enable-more-vhost-use.patch meson-remove-pkgversion-from-CONFIG_STAM.patch * Patches dropped: AIO-Reduce-number-of-threads-for-32bit-h.patch Makefile-Don-t-check-pc-bios-as-pre-requ.patch Revert-8dcb404bff6d9147765d7dd3e9c849337.patch Revert-qht-constify-qht_statistics_init.patch XXX-dont-dump-core-on-sigabort.patch acpi_piix4-Fix-migration-from-SLE11-SP2.patch configure-only-populate-roms-if-softmmu.patch configure-remove-pkgversion-from-CONFIG_.patch coroutine-ucontext-use-QEMU_DEFINE_STATI.patch coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch hostmem-default-the-amount-of-prealloc-t.patch hw-usb-hcd-ehci-fix-writeback-order.patch i8254-Fix-migration-from-SLE11-SP2.patch intc-exynos4210_gic-replace-snprintf-wit.patch modules-generates-per-target-modinfo.patch modules-introduces-module_kconfig-direct.patch pc-bios-s390-ccw-net-avoid-warning-about.patch pci-fix-overflow-in-snprintf-string-form.patch qemu-cvs-gettimeofday.patch qemu-cvs-ioctl_debug.patch qemu-cvs-ioctl_nodirection.patch qht-Revert-some-constification-in-qht.c.patch qom-handle-case-of-chardev-spice-module-.patch scsi-lsi53c895a-fix-use-after-free-in-ls.patch scsi-lsi53c895a-really-fix-use-after-fre.patch softmmu-Always-initialize-xlat-in-addres.patch sphinx-change-default-language-to-en.patch test-add-mapping-from-arch-of-i686-to-qe.patch tests-Fix-block-tests-to-be-compatible-w.patch tests-qtest-Move-the-fuzz-tests-to-x86-o.patch usb-Help-compiler-out-to-avoid-a-warning.patch ==== rust-keylime ==== Version update (0.1.0+git.1659977521.0186093 -> 0.1.0+git.1663769444.6318234) - Rebase bindgen.patch and upstream the change - Rebase keylime-agent.conf.diff - Store the configuration file in /usr/etc/keylime/agent.conf - Fix keylime user creation - Drop webapp service port in firewall XML service file - Update to version 0.1.0+git.1663769444.6318234: * Update comments in the configuration file * config: Align config locations with the python components * config: Add configuration file version * config: Add back support for KEYLIME_DIR env var * Change configuration format to TOML * Add support for using passphrase protected key * Do not try to load TPM data generated by another TPM * Allow using existing key and certificate * Remove the agent TPM data from the config struct * Rename the configuration options * Use password to generate EK when provided * Add tpm_ownerpassword option to keylime.conf * Add cargo audit to CI static tests * Add agent and faked_measured_boot_log tests context * Appease clippy ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Update fix_networkmanager.patch to ensure NetworkManager chrony dispatcher is properly labled and update fix_chronyd.patch to ensure chrony helper script has proper label to be used by NetworkManager. Also allow NetworkManager_dispatcher_custom_t to query systemd status (bsc#1203824) - Update fix_xserver.patch to add greetd support (bsc#1198559) - Revamped rtorrent module ==== tracker ==== Subpackages: libtracker-sparql-3_0-0 tracker-data-files - Add tracker-no-egrep.patch: Replace usage of egrep with grep -E ==== vim ==== Version update (9.0.0500 -> 9.0.0626) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.0626, fixes the following problems - fix boo#1203924 - CVE-2022-3352 * Error for modifying a const is not detected at compile time. * Leaking argument type array. * Too many delete() calls in tests. * When quitting the cmdline window with CTRL-C it remains visible. * Warning for using uninitialized value in mouse test. * A closure in a nested loop in a :def function does not work. * Build failure. * Various problems with 'nosplitscroll'. * Line number argument for :badd does not work. * Command line cleared when using :redrawstatus in CmdlineChanged autocommand event. * When the channel test fails there is no clue why. * Confusing error for "saveas" command with "nofile" buffer. * Chatito files are not recognized. * Unnecessary scrolling for message of only one line. * Cannot redraw the status lines when editing a command. * May not be able to use a pattern ad the debug prompt. * Terminal test sometimes hangs. * Virtual text highlight starts too early when 'number' is set. * Virtual text "above" highlights gap after it. * When at the command line :redrawstatus does not work well. * Virtual text highlight starts too early with 'nowrap' and 'number' set. * The win_line() function is much too long. * Declaring a loop variable at the start of a block is clumsy. * Compiler warns for unused argument in small version. * Build fails on Appveyor. * more compiler warnings for arguments in small version * Manually deleting temp test files. * Long sign text may overflow buffer. * Appveyor setup contains outdated lines. * Using freed memory when autocmd changes mark. * The win_line() function is much too long. * Edit test is flaky when run under valgrind. * The win_line() function is much too long. * Line number is displayed at virtual text "above". * Closure gets wrong value in for loop with two loop variables. * The do_set() function is much too long. * Manually deleting test temp files. * Long message test can be flaky. * Assigning stack variable to argument confuses Coverity. * Terminal pwd test fails with a very long path name. * Insufficient testing for assert and test functions. * Minor issues with setting a string option. * When a test is slow and CI times out there is no time info. * Supporting Ruby 1.8 makes code complicated. * Looping over empty out_loop[] entries. * reduce() with a compiled lambda could be faster. * Duplicated code in calling a :def function. * Crash when closing a tabpage and buffer is NULL. * Mode message is delayed when :echowin was used. (Maxim Kim) * Crash when using NUL in buffer that uses :source. * No error for "|" after "{" in lamda. * Using freed memory when command follows lambda. * Scrolling with 'nosplitscroll' in callback changing curwin. * Leaking memory with nested functions. * Valgrind reports possibly leaked memory. * Coverity warns for possibly using NULL pointer. * Timer test may get stuck at hit-enter prompt. * Elapsed time since testing started is not visible. * When a test gets stuck it just hangs forever. * HSL playlist files are not recognized. * Timer_info() test fails. * Cscope test causes problems when code for test timeout timer is included (even when commented out). * Nim files are not recognized. * 'completeopt' "longest" is not used for complete(). * Autocmd code is indented more than needed. * Cannot easily get out when using "vim file | grep word". * Insert complete tests leave a mapping behind. * Outdated dependencies go unnoticed. * Timer garbage collect test hangs on Mac M1. * The getchar() function behaves strangely with bracketed paste. * Unused loop variables. * Buffer underflow with unexpected :finally. * Using freed memory when 'tagfunc' wipes out buffer that holds 'complete'. * Adding a character for incsearch fails at end of line. * Only recognizing .m3u8 files is inconsistent. * Cscope test with wrong executable name fails. * When long message test fails the error message is not visible. * Missing change in test. * Unicode tables are outdated. * After exiting Insert mode spelling is not checked in the next line. * Message window popup shows on only one tab page. (Naruhiko Nishino) * Display not cleared when scrolling back in messages, a background color is set and t_ut is empty. * Makefile error message causes a shell error. * Extra newline in messages after a verbose shell message. * Cannot close a tab page with the middle mouse button. * Using negative array index with negative width window. * Latexmkrc files are not recognized. * GYP files are not recognized. * Too much indent. * New TypeScript extensions are not recognized. * With 'nosplitscroll' folds are not handled correctly. * Luacheckrc file is not recognized. * Dump file missing. * system() opens a terminal window when using the GUI and "!" is in ... changelog too long, skipping 15 lines ... * matchaddpos() can only add up to 8 matches. ==== xterm ==== Version update (372 -> 373) Subpackages: xterm-bin xterm-resize - update to 373: * improve rendering of TrueType fonts: + add resource xftTrackMemUsage to enable/disable a new feature of Xft which improves performance. + add resources xftMaxGlyphMemory and xftMaxUnrefFonts to customize memory-usage of Xft and fontconfig. + provide for display of colored fonts in libXft 2.3.5 + allow for an extra TrueType font to be specified using the -fa option, as an override to the fontconfig scheme of fallback fonts (request by Nickolas Raymond Kaczynski). + improve caching of TrueType missing-glyph tests. + allow no more than 255 fonts to be scanned for a fontset. + eliminate a table-lookup in findXftGlyph * improvements status-line feature: + save/restore wraparound flag when updating the status-line (report by Rajeev V. Pillai). + avoid clearing the status-line when switching between normal and alternate screens (report by Valtteri Vuorikoski). + remove adjustment from update_winsize leftover from initial work (report by Valtteri Vuorikoski). * modify wcwidth tables to separate Unicode Cf category as formatting control-characters, to better match the guideline for unsupported characters (report by Tim Chase). * add configure option --disable-exec-selection. * use mkstemp where mkdtemp is unavailable, when initializing colored cursor. * adapt fixes from OpenBSD xenocara: + improve ifdef's for a few optional features. + correct #ifdef to #if in a few uses of OPT_PRINT_ON_EXIT. * set StartupWMClass in “.desktop” files, e.g., to help cinnamon-session notice that xterm sets WM_CLASS and use its icon (patch by Richard de Boer). * disable pixel computation when rgb width is greater than 8, to work with depth 30 (patch by Denis Kaganovich). * improve color-computation for SGR 2 faint/dim (patch by Boian Bonev). Add resource faintIsRelative to specify if the modified computation should be used (prompted by discussion with Matthieu Herrb). * correct comparison-length for environment variable cleanup (patch by Brendan O' Dea). * correct dsl capability for dec+sl block in terminfo (report by Rajeev V. Pillai). * improve output formatting by vttests/utf8.pl * repair test/demo scripts still using "vxt-" prefix, some cleanup with shellcheck. * enable page-number for DECXCPR response in VT330. * amend change for combining characters in patch #371 to limit it to the currently-defined codes (report by Thomas Wolff). * add directory-template parameter to mktemp in shell-scripts to improve portability to older systems (patch by Ryan Schmidt). * mention webpage XTerm – bracketed-paste in ctlseqs.ms * update manual-page descriptions for allowPasteControls and disallowedPasteControls (patch #363). * further extended list of environment variables to purge on startup (suggested by Thomas Wolff). * update config.guess, config.sub ==== yast2 ==== Version update (4.5.14 -> 4.5.15) Subpackages: yast2-logs - Better detection of YaST2 Journal (related to bsc#1199840). - 4.5.15 ==== yast2-journal ==== Version update (4.5.1 -> 4.5.2) - Localize date range in Change Filter dialog (B S Srinidhi, bsc#1081459) - 4.5.2