Packages changed: Mesa (18.0.4 -> 18.1.0) Mesa-drivers (18.0.4 -> 18.1.0) babl (0.1.46 -> 0.1.50) biosdevname filesystem gdbm (1.13 -> 1.14.1) gegl (0.4.0 -> 0.4.2) git hyper-v kernel-firmware (20180507 -> 20180518) ldb (1.3.2 -> 1.3.3) libaio liborcus libsmbios libstorage-ng (3.3.292 -> 3.3.294) libvirt mozjs52 oath-toolkit openldap2 openssh (7.6p1 -> 7.7p1) parted perl (5.26.1 -> 5.26.2) perl-DateTime (1.48 -> 1.49) perl-Error (0.17025 -> 0.17026) postfix (3.3.0 -> 3.3.1) python (2.7.14 -> 2.7.15) python-base (2.7.14 -> 2.7.15) python-typing samba (4.8.1+git.28.de67ff4c74d -> 4.8.2+git.30.690aa93c189) systemd-rpm-macros timezone timezone-java tslib (1.15 -> 1.16) util-linux util-linux-systemd vim (8.0.1568 -> 8.1.0020) wireshark (2.6.0 -> 2.6.1) xdg-utils (20170508 -> 20180510) xen (4.10.0_20 -> 4.10.1_02) xf86-video-fbdev xf86-video-intel xf86-video-sis zstd === Details === ==== Mesa ==== Version update (18.0.4 -> 18.1.0) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 libwayland-egl1 - Add patch U_dri3-Stricter-SBC-wraparound-handling.patch This fixes an error with timestamps, avoiding near infinite client hangs with the new X server 1.20 release and some clients, the most prominent being plasmashell & steam Bugentry: FDO#106351 - Fix python3-Mako dependency on <= Leap 42.3. - Temporarily replace mesa-18.1.0.tar.xz.sig with mesa-18.1.0.tar.xz.sha1sum. The sig file uses EDDSA which is not supported by gpg in OBS at the moment. ==== Mesa-drivers ==== Version update (18.0.4 -> 18.1.0) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_intel libvulkan_radeon libxatracker2 - Add patch U_dri3-Stricter-SBC-wraparound-handling.patch This fixes an error with timestamps, avoiding near infinite client hangs with the new X server 1.20 release and some clients, the most prominent being plasmashell & steam Bugentry: FDO#106351 - Fix python3-Mako dependency on <= Leap 42.3. - Temporarily replace mesa-18.1.0.tar.xz.sig with mesa-18.1.0.tar.xz.sha1sum. The sig file uses EDDSA which is not supported by gpg in OBS at the moment. ==== babl ==== Version update (0.1.46 -> 0.1.50) - Improvements to speed and precision of indexed code, improvements to mesonbuild. - Update to version 0.1.48: + Fix u8 <-> double conversions for chroma, SSE2 version of RGBA float to CIE L / Lab. + Build with -Ofast by default. ==== biosdevname ==== - Prevent infinite recursion in dmidecode.c::smbios_setslot by checking that subordinate bus has a number greater than the current bus. [bsc#1093625, dmidecode-prevent-infinite-recursion.patch] ==== filesystem ==== - pretrans lua script: try to move away /var/run and /var/lock unless they are already symlinks (bsc#1084119) ==== gdbm ==== Version update (1.13 -> 1.14.1) Subpackages: gdbm-devel gdbm-lang libgdbm_compat4 - Version update to 1.14.1: * Manpage formating issues * Make gdbm_error thread-safe * Improve database reproducibility * Fix build with --enable-gdbm-export - Rebase patch gdbm-no-build-date.patch ==== gegl ==== Version update (0.4.0 -> 0.4.2) Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Update to version 0.4.2: + Build: Abort early if autoreconf fails, remove unused bits, default to -Ofast as CFLAGS. + GeglBuffer: - Improve concurrency for trimming and destruction of tile caches. Improve cache invalidation during partial mipmap regeneration. - Do new cheap clones of buffers with new internal gegl-buffer backed tile-backend. - Do not keep cached sampler in buffer it makes cache invalidation hard, and for performance/threading it is better to create ones own samplers anyways. The old API still exists, though parts of it is now deprecated. The single special case where gegl_buffer_sample remains somewhat performant is with the NEAREST sampler, for all other samplers creating a caching sampler is better. + Operations: - operation: add GeglOperationAreaFilter::get_abyss_policy() vfunc Copyright notice improvements to spherize, color-overlay. ff-save: implement defines handling compilation with ffmpeg 2.3-2.7, 4.0 compat. - Improved multi-threaded performance of panorama-projection and other transformation operations through optimizations in buffer and base-classes. - Drop gegl-port-ffmpeg4.patch: Fixed upstream. ==== git ==== Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk - Fix docless build to not fail on find/chmod not having any files - Require just python3-base not full python for build ==== hyper-v ==== - Update lsvmbus interpreter from env(1) to python3(1) (bsc#1093910) ==== kernel-firmware ==== Version update (20180507 -> 20180518) Subpackages: ucode-amd - Update to version 20180518: * linux-firmware: Update firmware file for Intel Bluetooth,8265 * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B5/B6) * linux-firmware: Update firmware patch for Intel Bluetooth 7260 (B3/B4) * linux-firmware: Update firmware file for Intel Bluetooth,9260 * linux-firmware:Update firmware patch for Intel Bluetooth 7265 (D1) * linux-firmware: Update firmware file for Intel Bluetooth,9560 * linux-firmware: Update AMD cpu microcode * amdgpu: sync up polaris12 firmware with 18.10 release * amdgpu: sync up polaris11 firmware with 18.10 release * amdgpu: sync up polaris10 firmware with 18.10 release * amdgpu: sync up vega10 firmware with 18.10 release * amdgpu: sync up carrizo firmware with 18.10 release * amdgpu: sync up topaz firmware with 18.10 release * amdgpu: sync up stoney firmware with 18.10 release * amdgpu: sync up tonga firmware with 18.10 release * amdgpu: sync up fiji firmware with 18.10 release * amdgpu: sync up raven firmware with 18.10 release * nfp: Add symlink for Agilio CX 1x40GbE flower firmware * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.9.A.16 * linux-firmware: liquidio: update firmware to v1.7.2 ==== ldb ==== Version update (1.3.2 -> 1.3.3) Subpackages: libldb1 libldb1-32bit - Update to 1.3.3 + Fix failure to upgrade to the GUID index DB format; (bso#13306). ==== libaio ==== Subpackages: libaio-devel libaio1 - Use %license instead of %doc [bsc#1082318] ==== liborcus ==== - boost_1_67.patch: fix building with Boost 1.67 (bsc#1089811) ==== libsmbios ==== - Make the lang_package installable by providing the symbol required on the libname subpackage - Add obsoletes for libsmbios2 to ease upgrading - Adhere to the packaging guidelines * As we build only against tumbleweed do not fuzz around with supporting Fedora and Centos * Use explicit filelists as it is way more readable * Do not play around with %release as it behaves differently compared to RH - Use package names as mandated by python packaging guidelines - Use full url to fetch tarball from github... - Do not mess with permission in %prep phase, the perms on directories and files look correct both in tarball and github - Make build run parallel make and just configure/make without any hassle - Do not mess with locale generating, it is properly created by make already - Do not install buildlog on user systems, we have OBS for that - Install manpage with each binary, do not just put all mans in python3 subpackage - Actually run tests rather than playing around with valgrind - Make sure to do -fPIE build ==== libstorage-ng ==== Version update (3.3.292 -> 3.3.294) Subpackages: libstorage-ng-ruby libstorage-ng1 - Translated using Weblate (Russian) - 3.3.294 - Translated using Weblate (Slovak) - 3.3.293 ==== libvirt ==== Subpackages: libvirt-client libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-driver-uml libvirt-daemon-driver-vbox libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - cpu: add support for 'ssbd' and 'virt-ssbd' CPUID feature bits CVE-2018-3639 1dbca2ec-CVE-2018-3639.patch, 92673422-CVE-2018-3639.patch bsc#1092885 ==== mozjs52 ==== - Fix armv6 build by fixing armv6 detection: * fix_armv6_build.patch ==== oath-toolkit ==== - Fix build for openSUSE Leap 42.2 and 42.3 ==== openldap2 ==== Subpackages: libldap-2_4-2 libldap-2_4-2-32bit libldap-data openldap2-client openldap2-devel - Don't require systemd explicit, spec file can handle both cases correct and in containers we don't have systemd. ==== openssh ==== Version update (7.6p1 -> 7.7p1) Subpackages: openssh-helpers - Upgrade to 7.7p1 (bsc#1094068) Most important changes (more details below): * Drop compatibility support for pre-2001 SSH implementations * sshd(1) does not load DSA keys by default Distilled upstream log: - --- Potentially-incompatible changes * ssh(1)/sshd(8): Drop compatibility support for some very old SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The support in question isn't necessary for RFC-compliant SSH implementations. - --- New Features * experimental support for PQC XMSS keys (Extended Hash-Based Signatures), not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow listening on different routing domains. This is supported only on OpenBSD and Linux at present. * sshd_config(5): Add RDomain directive to allow the authenticated session to be placed in an explicit routing domain. This is only supported on OpenBSD at present. * sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys. * ssh(1): Add a BindInterface option to allow binding the outgoing connection to an interface's address (basically a more usable BindAddress) * ssh(1): Expose device allocated for tun/tap forwarding via a new %T expansion for LocalCommand. This allows LocalCommand to be %used to prepare the interface. * sshd(8): Expose the device allocated for tun/tap forwarding via a new SSH_TUNNEL environment variable. This allows automatic setup of the interface and surrounding network configuration automatically on the server. * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g. ssh://user@host or sftp://user@host/path. Additional connection parameters that use deporecated MD5 are not implemented. * ssh-keygen(1): Allow certificate validity intervals that specify only a start or stop time (instead of both or neither). * sftp(1): Allow "cd" and "lcd" commands with no explicit path argument. lcd will change to the local user's home directory as usual. cd will change to the starting directory for session (because the protocol offers no way to obtain the remote user's home directory). bz#2760 * sshd(8): When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria. - --- Bugfixes * ssh(1)/sshd(8): More strictly check signature types during key exchange against what was negotiated. Prevents downgrade of RSA signatures made with SHA-256/512 to SHA-1. * sshd(8): Fix support for client that advertise a protocol version of "1.99" (indicating that they are prepared to accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1 support. bz#2810 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when a rsa-sha2-256/512 signature was requested. This condition is possible when an old or non-OpenSSH agent is in use. bz#2799 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent to fatally exit if presented an invalid signature request message. * sshd_config(5): Accept yes/no flag options case-insensitively, as has been the case in ssh_config(5) for a long time. bz#2664 * ssh(1): Improve error reporting for failures during connection. Under some circumstances misleading errors were being shown. bz#2814 * ssh-keyscan(1): Add -D option to allow printing of results directly in SSHFP format. bz#2821 * regress tests: fix PuTTY interop test broken in last release's SSHv1 removal. bz#2823 * ssh(1): Compatibility fix for some servers that erroneously drop the connection when the IUTF8 (RFC8160) option is sent. * scp(1): Disable RemoteCommand and RequestTTY in the ssh session started by scp (sftp was already doing this.) * ssh-keygen(1): Refuse to create a certificate with an unusable number of principals. * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the public key during key generation. Previously it would silently ignore errors writing the comment and terminating newline. * ssh(1): Do not modify hostname arguments that are addresses by automatically forcing them to lower-case. Instead canonicalise them to resolve ambiguities (e.g. ::0001 => ::1) before they are matched against known_hosts. bz#2763 * ssh(1): Don't accept junk after "yes" or "no" responses to hostkey prompts. bz#2803 * sftp(1): Have sftp print a warning about shell cleanliness when decoding the first packet fails, which is usually caused by shells polluting stdout of non-interactive startups. bz#2800 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock time to monotonic time, allowing the packet layer to better function over a clock step and avoiding possible integer overflows during steps. * Numerous manual page fixes and improvements. ==== parted ==== Subpackages: libparted0 parted-lang - Use %license instead of %doc [bsc#1082318] ==== perl ==== Version update (5.26.1 -> 5.26.2) Subpackages: perl-base perl-doc - make perl-5.26.2 compatible with perl-5.26.1 - Update versions based on provides in perl rpm - Version update to perl-5.26.2: * Tons of bugfixes - Remove the as-needed disabling as no other distro is doing that - Use macros where possible - Remove if0 and commented out code to reduce the scope - Run tests in threads ==== perl-DateTime ==== Version update (1.48 -> 1.49) - updated to 1.49 see /usr/share/doc/packages/perl-DateTime/Changes 1.49 2018-05-20 - Updated the ppport.h with the latest version of Devel::PPPort. This fixes a compilation warning when compiling with 5.27.11. Reported by Jim Keenan. Fixed GH #81. ==== perl-Error ==== Version update (0.17025 -> 0.17026) - updated to 0.17026 see /usr/share/doc/packages/perl-Error/Changes ==== postfix ==== Version update (3.3.0 -> 3.3.1) Subpackages: postfix-doc - bsc#1087471 Unreleased Postfix update breaks SUSE Manager o Removing setting smtpd_sasl_path and smtpd_sasl_type to empty - Update to 3.3.1 * Postfix did not support running as a PID=1 process, which complicated Postfix deployment in containers. The "postfix start-fg" command will now run the Postfix master daemon as a PID=1 process if possible. Thanks for inputs from Andreas Schulze, Eray Aslan, and Viktor Dukhovni. * Segfault in the postconf(1) command after it could not open a Postfix database configuration file due to a file permission error (dereferencing a null pointer). Reported by Andreas Hasenack, fixed by Viktor Dukhovni. * The luser_relay feature became a black hole, when the luser_relay parameter was set to a non-existent local address (i.e. mail disappeared silently). Reported by J?rgen Thomsen. * Missing error propagation in the tlsproxy(8) daemon could result in a segfault after TLS handshake error (dereferencing a 0xffff...ffff pointer). This daemon handles the TLS protocol when a non-whitelisted client sends a STARTTLS command to postscreen(8). ==== python ==== Version update (2.7.14 -> 2.7.15) Subpackages: python-curses - update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch ==== python-base ==== Version update (2.7.14 -> 2.7.15) Subpackages: libpython2_7-1_0 libpython2_7-1_0-32bit python-xml - update to 2.7.15 * dozens of bugfixes, see NEWS for details - removed obsolete patches: * python-ncurses-6.0-accessors.patch * python-fix-shebang.patch * gcc8-miscompilation-fix.patch - add patch from upstream: * do-not-use-non-ascii-in-test_ssl.patch ==== python-typing ==== - Actually skip the py3 as it caused bit of fuzz but reduce the code still - Do not bother reducing the stuff to not build on 3.6, it is just providing noop package which does not hurt anything and saves 10 magic lines in spec ==== samba ==== Version update (4.8.1+git.28.de67ff4c74d -> 4.8.2+git.30.690aa93c189) Subpackages: libdcerpc-binding0 libdcerpc-binding0-32bit libdcerpc0 libdcerpc0-32bit libndr-krb5pac0 libndr-krb5pac0-32bit libndr-nbt0 libndr-nbt0-32bit libndr-standard0 libndr-standard0-32bit libndr0 libndr0-32bit libnetapi0 libnetapi0-32bit libsamba-credentials0 libsamba-credentials0-32bit libsamba-errors0 libsamba-errors0-32bit libsamba-hostconfig0 libsamba-hostconfig0-32bit libsamba-passdb0 libsamba-passdb0-32bit libsamba-util0 libsamba-util0-32bit libsamdb0 libsamdb0-32bit libsmbclient0 libsmbconf0 libsmbconf0-32bit libsmbldap2 libsmbldap2-32bit libtevent-util0 libtevent-util0-32bit libwbclient0 libwbclient0-32bit samba-client samba-client-32bit samba-doc samba-libs samba-libs-32bit samba-winbind samba-winbind-32bit - Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417). ==== systemd-rpm-macros ==== - remove confusing --user before --global Backport from https://github.com/systemd/systemd/commit/28d36da64a7a23a55e8d0a139f2620384fd058b3. This was spotted in bsc#1090785. ==== timezone ==== - in SLE 15 / Leap 15.0 yast2-country stopped setting TIMEZONE in /etc/sysconfig/clock and called systemd timedatectl instead. No longer set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. bsc#1093392 ==== timezone-java ==== - in SLE 15 / Leap 15.0 yast2-country stopped setting TIMEZONE in /etc/sysconfig/clock and called systemd timedatectl instead. No longer set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. bsc#1093392 ==== tslib ==== Version update (1.15 -> 1.16) - Update to version 1.16: * This release includes libts version 0.9.1 and the following changes: - module_raw tatung is now disabled in the default build config. Users must ./configure --enable-tatung if they rely on it. - new module_raw one-wire-ts-input for FriedlyARM devices (disabled by default) - simple tslib_version() function to get the version string * This release includes the following bugfixes: - efcba6e ts_uinput: (fix for Android) write only one input_event at a time - e63f33f invert: fix ts_read() iteration over multiple samples - 932bb4f ts_uinput: fail for unsupported old kernel versions ==== util-linux ==== Subpackages: libblkid-devel libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang - Do not run rfkill-block@.service and rfkill-unblock@service as it is just template without parameter bsc#1092820 bsc#1093176 ==== util-linux-systemd ==== - Do not run rfkill-block@.service and rfkill-unblock@service as it is just template without parameter bsc#1092820 bsc#1093176 ==== vim ==== Version update (8.0.1568 -> 8.1.0020) Subpackages: gvim vim-data vim-data-common - update to 8.1 revision 0020 - refresh disable-unreliable-tests.patch vim-8.0-ttytype-test.patch - refresh vim73-no-static-libpython.patch - added: * term command - built in terminal window - fixes: * Using "gn" may select wrong text when wrapping. * Shell command completion has duplicates * Possible crash in term_wait() * qf_init_ext() is too long. * Using freed memory when changing terminal cursor color * maparg() and mapcheck() confuse empty and non-existing. * syn_id2cterm_bg() may be undefined. * :stopinsert changes the message position. * The netrw plugin does not work. ==== wireshark ==== Version update (2.6.0 -> 2.6.1) Subpackages: libwireshark11 libwiretap8 libwscodecs0 libwsutil9 wireshark-ui-qt - Fix build with Qt 5.11 (boo#1093733) add wireshark-2.6.1-fix-Qt-5.11.patch - update to 2.6.1: This release fixes minor vulnerabilities that could be used to trigger dissector crashes or cause dissectors to go into large infinite loops by making Wireshark read specially crafted packages from the network or capture files (bsc#1094301): * CVE-2018-11354: IEEE 1905.1a dissector crash * CVE-2018-11355: RTCP dissector crash * CVE-2018-11356: DNS dissector crash * CVE-2018-11357: Multiple dissectors could consume excessive memory * CVE-2018-11358: Q.931 dissector crash * CVE-2018-11359: The RRC dissector and other dissectors could crash * CVE-2018-11360: GSM A DTAP dissector crash * CVE-2018-11361: IEEE 802.11 dissector crash * CVE-2018-11362: LDSS dissector crash - Further bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-2.6.1.html ==== xdg-utils ==== Version update (20170508 -> 20180510) - Update to version 20180510 (1.1.3): * bump version, prep for 1.1.3 release * xdg-open: use pcmanfm only if it is available (BR106161) * Add Deepin Desktop Environment support. * Avoid argument injection vulnerability in open_envvar() (CVE-2017-18266, boo#1093086) * xdg-settings: check_browser is broken under kde when just the binary is specified (BR106343) * xdg-open: Fixes LXQt behavior * xdg-mime awk script syntax error (BR104298) * Spelling fixes (BR103255) * xdg-mime.1: Add missing period * Fix tests for 1f8e58d51e6fb3f50f59ed2d8265f2f346ac68e6 - Drop fix-kde-browser-check.patch which is already included upstream ==== xen ==== Version update (4.10.0_20 -> 4.10.1_02) Subpackages: xen-doc-html xen-libs xen-tools xen-tools-domU - bsc#1092631 - VUL-0: CVE-2018-3639: xen: V4 ? Speculative Store Bypass aka "Memory Disambiguation" 5ad4923e-x86-correct-S3-resume-ordering.patch 5ad49293-x86-suppress-BTI-mitigations-around-S3.patch 5afc13ae-1-x86-read-MSR_ARCH_CAPABILITIES-once.patch 5afc13ae-2-x86-express-Xen-SPEC_CTRL-choice-as-variable.patch 5afc13ae-3-x86-merge-bti_ist_info-use_shadow_spec_ctrl.patch 5afc13ae-4-x86-fold-XEN_IBRS-ALTERNATIVES.patch 5afc13ae-5-x86-rename-bits-of-spec_ctrl-infrastructure.patch 5afc13ae-6-x86-elide-MSR_SPEC_CTRL-handling-in-idle.patch 5afc13ae-7-x86-split-X86_FEATURE_SC_MSR.patch 5afc13ae-8-x86-explicitly-set-Xen-default-SPEC_CTRL.patch 5afc13ae-9-x86-cpuid-improve-guest-policies-for-speculative.patch 5afc13ae-A-x86-introduce-spec-ctrl-cmdline-opt.patch Spectre-v4-1.patch Spectre-v4-2.patch Spectre-v4-3.patch - always call qemus xen-save-devices-state in suspend/resume to fix migration with qcow2 images (bsc#1079730) libxl.Add-a-version-check-of-QEMU-for-QMP-commands.patch libxl.qmp-Tell-QEMU-about-live-migration-or-snapshot.patch xen.bug1079730.patch - Upstream patches from Jan (bsc#1027519) 5ad600d4-x86-pv-introduce-x86emul_read_dr.patch 5ad600d4-x86-pv-introduce-x86emul_write_dr.patch 5ad8c3a7-x86-spec_ctrl-update-retpoline-decision-making.patch 5adda097-x86-HPET-fix-race-triggering-ASSERT.patch 5adda0d5-x86-HVM-never-retain-emulated-insn-cache.patch 5ae06fad-SVM-fix-intercepts-for-SYS-CALL-ENTER-MSRs.patch 5ae31917-x86-cpuidle-init-stats-lock-once.patch 5aeaeae4-introduce-vcpu_sleep_nosync_locked.patch 5aeaeaf0-sched-fix-races-in-vcpu-migration.patch 5aeb2c57-x86-retval-checks-of-set-guest-trapbounce.patch 5af1daa9-1-x86-traps-fix-dr6-handing-in-DB-handler.patch (Replaces xsa260-1.patch) 5af1daa9-2-x86-pv-move-exception-injection-into-test_all_events.patch (Replaces xsa260-2.patch) 5af1daa9-3-x86-traps-use-IST-for-DB.patch (Replaces xsa260-3.patch) 5af1daa9-4-x86-traps-fix-handling-of-DB-in-hypervisor-context.patch (Replaces xsa260-4.patch) 5af1daa9-x86-HVM-guard-against-bogus-emulator-ioreq-state.patch (Replaces xsa262.patch) 5af1daa9-x86-vpt-support-IO-APIC-routed-intr.patch (Replaces xsa261.patch) 5af97999-viridian-cpuid-leaf-40000003.patch - Fixes related to Page Table Isolation (XPTI). bsc#1074562 XSA-254 5a6703cb-x86-move-invocations-of-hvm_flush_guest_tlbs.patch 5a9985bd-x86-invpcid-support.patch 5adde9ed-xpti-fix-double-fault-handling.patch 5aec7393-1-x86-xpti-avoid-copy.patch 5aec7393-2-x86-xpti-write-cr3.patch 5aec744a-3-x86-xpti-per-domain-flag.patch 5aec744a-4-x86-xpti-use-invpcid.patch 5aec744a-5-x86-xpti-no-global-pages.patch 5aec744a-6-x86-xpti-cr3-valid-flag.patch 5aec744a-7-x86-xpti-pv_guest_cr4_to_real_cr4.patch 5aec744b-8-x86-xpti-cr3-helpers.patch 5aec74a8-9-x86-xpti-use-pcid.patch ==== xf86-video-fbdev ==== - Fix build with Xorg server 1.20 by updating to current Git. U_01-Default-to-32bpp-if-the-console-is-8bpp-and-we-weren-t-told-otherwise.patch U_02-Use-own-thunk-functions-instead-of-fbdevHW-Weak.patch U_03-Pass-the-pci-device-if-any-through-to-fbdevhw-in-probe-and-preinit.patch U_04-Initialize-pci_dev.patch U_05-Fix-shadow-fb-allocation-size-v2.patch U_11-Remove-dead-pix24bpp-variable.patch U_12-Use-shadowUpdate32to24-at-24bpp.patch U_13-Use-ifdef-instead-of-if-to-avoid-build-error.patch ==== xf86-video-intel ==== - n_fix-build-on-i686.patch * Fix build on i686 with GCC8. (bnc#1092541) ==== xf86-video-sis ==== - Fix build with Xorg server 1.20 by updating to current Git. U_06-Remove-reference-to-virtualFrom.patch U_07-xf86-video-sis-remove-the-GlxSetVisualConfigs-stub-and-friends.patch ==== zstd ==== - Use %license instead of %doc [bsc#1082318]