Packages changed: ceph (14.2.2.354+g8878cf2360 -> 14.2.4.352+g2060e25d1c) expat (2.2.7 -> 2.2.8) gcc9 (9.2.1+r274709 -> 9.2.1+r275327) grub2 installation-images-MicroOS (14.434 -> 14.435) lvm2 (2.02.180 -> 2.03.05) lvm2-device-mapper (1.02.149 -> 1.02.163) patterns-base python-jsonpatch (1.23 -> 1.24) python-oauthlib (3.0.2 -> 3.1.0) python-psutil (5.6.1 -> 5.6.3) python-pyasn1 (0.4.5 -> 0.4.7) python-pycryptodome (3.8.2 -> 3.9.0) python-pytz python-setuptools python-urllib3 timezone (2019b -> 2019c) transactional-update (2.15 -> 2.16) yast2 (4.2.19 -> 4.2.23) === Details === ==== ceph ==== Version update (14.2.2.354+g8878cf2360 -> 14.2.4.352+g2060e25d1c) Subpackages: ceph-common libcephfs2 librados2 libradosstriper1 librbd1 librgw2 python3-ceph-argparse python3-cephfs python3-rados python3-rbd python3-rgw - Update to 14.2.4-352-g2060e25d1c: + rebase on top of upstream Nautilus v14.2.4 release, SHA1 75f4de193b3ea58512f204623e6c5a16e6c1e1ba for details, see https://ceph.io/releases/v14-2-4-nautilus-released/ - Update to 14.2.3-349-g7b1552ea82: + rebase on top of upstream Nautilus v14.2.3 release, SHA1 0f776cf838a1ae3130b2b73dc26be9c95c6ccc39 for details, see https://ceph.io/releases/v14-2-3-nautilus-released/ * ceph-volume: prints errors to stdout with --format json (bsc#1132767) * mgr/dashboard: Changing rgw-api-host does not get effective without disable/enable dashboard mgr module (bsc#1137503) * mgr/dashboard: Silence Alertmanager alerts (bsc#1141174) * mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759) + librbd: always try to acquire exclusive lock when removing image (bsc#1149093) ==== expat ==== Version update (2.2.7 -> 2.2.8) - Version update to 2.2.8 * Security fixes: (CVE-2019-15903, bsc#1149429) - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; * Bug fixes: - Fix cases where XML_StopParser did not have any effect when called from inside of an end element handler - xmlwf: Fix exit code for operation without "-d DIRECTORY"; previously, only "-d DIRECTORY" would give you a proper exit code: Now both cases return exit code 2. * Other changes: - examples: Improve elements.c - Autotools: Add argument --enable-xml-attr-info - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom - Autotools: Fix linking issues with "./configure LD=clang" - Autotools: Fix "make run-xmltest" for out-of-source builds - CMake: Pull all options from Expat <=2.2.7 into namespace - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO - CMake: Install expat_config.h to include directory - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..]) - CMake: Now produces a summary of applied configuration - CMake: Require C++ compiler only when tests are enabled - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) - CMake: Port "make run-xmltest" from GNU Autotools to CMake - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF - Removed patches fixed in the update: * expat-CVE-2019-15903.patch * expat-CVE-2019-15903-tests.patch - Security fix (CVE-2019-15903, bsc#1149429) * Crafted XML input results in heap-based buffer over-read by fooling the parser into changing from DTD parsing to document parsing * Added patches: - expat-CVE-2019-15903.patch - expat-CVE-2019-15903-tests.patch ==== gcc9 ==== Version update (9.2.1+r274709 -> 9.2.1+r275327) Subpackages: libgcc_s1 libstdc++6 - Add gcc9-pr91772.patch and gcc9-pr91763.patch to fix fallout of gcc9-autodetect-g-at-lto-link.patch. - Add gcc9-autodetect-g-at-lto-link.patch. [bsc#1149995] - Reorder things in cross.spec.in so the Version define comes before the first use of %version. - Revert removal of defattr, it breaks building on SLES12. - Update to gcc-9-branch head (r275327). * Pulls fix for POWER9 DARN miscompilation. (bsc#1149145, CVE-2019-15847) - Rework shared spec file parts to allow custom Summary and Description for cross compilers. Clarify their Summary and Description. [bsc#1148517] - Replace old $RPM_* shell vars by macros (where possible). - Drop defattr and BuildRoot. ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix fallback embed doesn't work when no post mbr gap at all (boo#1142229) * Refresh grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch ==== installation-images-MicroOS ==== Version update (14.434 -> 14.435) - fix sshd location so that it works with fips enabled (bsc#1140169) - 14.435 ==== lvm2 ==== Version update (2.02.180 -> 2.03.05) - Update lvm2.spec: make baselibs.conf to a common source. - Avoid creation of mixed-blocksize PV on LVM volume groups (bsc#1149408) + bug-1149408_Fix-rounding-writes-up-to-sector-size.patch + bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch - Update lvm.conf files - add devices/allow_mixed_block_sizes item - Update to LVM2.2.03.05 - To drop lvm2-clvm and lvm2-cmirrord rpms (jsc#PM-1324) - Fix Out of date package (bsc#1111734) - Fix occasional slow shutdowns with kernel 5.0.0 and up (bsc#1137648) - Remove clvmd - Remove lvmlib (api) - Remove lvmetad - Drop patches that have been merged into upstream - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch - bug-1135984_cache-support-no_discard_passdown.patch - Drop patches that have been nonexist/unsupport in upstream - bsc1080299-detect-clvm-properly.patch - bug-998893_make_pvscan_service_after_multipathd.patch - bug-978055_clvmd-try-to-refresh-device-cache-on-the-first-failu.patch - bug-950089_test-fix-lvm2-testsuite-build-error.patch - bug-1072624_test-lvmetad_dump-always-timed-out-when-using-nc.patch - tests-specify-python3-as-the-script-interpreter.patch - Update spec files - merge device-mapper, lvm2-lockd, lvm2 into one spec file - clvmd/lvmlib (api)/lvmetad had been removed, so delete related context in spec file - Update lvm.conf files - remove all lvmetad lines/keywords - add event_activation - remove fallback_to_lvm1 & related items - remove locking_type/fallback_to_clustered_locking/fallback_to_local_locking items - remove locking_library item - remove all special filter rules ==== lvm2-device-mapper ==== Version update (1.02.149 -> 1.02.163) Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec: make baselibs.conf to a common source. - Avoid creation of mixed-blocksize PV on LVM volume groups (bsc#1149408) + bug-1149408_Fix-rounding-writes-up-to-sector-size.patch + bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch - Update lvm.conf files - add devices/allow_mixed_block_sizes item - Update to LVM2.2.03.05 - To drop lvm2-clvm and lvm2-cmirrord rpms (jsc#PM-1324) - Fix Out of date package (bsc#1111734) - Fix occasional slow shutdowns with kernel 5.0.0 and up (bsc#1137648) - Remove clvmd - Remove lvmlib (api) - Remove lvmetad - Drop patches that have been merged into upstream - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch - bug-1135984_cache-support-no_discard_passdown.patch - Drop patches that have been nonexist/unsupport in upstream - bsc1080299-detect-clvm-properly.patch - bug-998893_make_pvscan_service_after_multipathd.patch - bug-978055_clvmd-try-to-refresh-device-cache-on-the-first-failu.patch - bug-950089_test-fix-lvm2-testsuite-build-error.patch - bug-1072624_test-lvmetad_dump-always-timed-out-when-using-nc.patch - tests-specify-python3-as-the-script-interpreter.patch - Update spec files - merge device-mapper, lvm2-lockd, lvm2 into one spec file - clvmd/lvmlib (api)/lvmetad had been removed, so delete related context in spec file - Update lvm.conf files - remove all lvmetad lines/keywords - add event_activation - remove fallback_to_lvm1 & related items - remove locking_type/fallback_to_clustered_locking/fallback_to_local_locking items - remove locking_library item - remove all special filter rules ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-minimal_base - Added snapper back to base pattern as recommended package, the workaround for boo#1151148 ==== python-jsonpatch ==== Version update (1.23 -> 1.24) - Update to 1.24: * test with python 3.8 ==== python-oauthlib ==== Version update (3.0.2 -> 3.1.0) - Update to 3.1.0: * OAuth2.0 Provider - Features * #660: OIDC add support of nonce, c_hash, at_hash fields * #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method * #666: Disabling query parameters for POST requests ==== python-psutil ==== Version update (5.6.1 -> 5.6.3) - Add patch to skip more tests that won't work in OBS: * skip-obs.patch - Update to 5.6.3: * 1494: [AIX] added support for Process.environ(). (patch by Arnon Yaari) * 1276: [AIX] can't get whole cmdline(). (patch by Arnon Yaari) * 1501_: [Windows] Process cmdline() and exe() raise unhandled "WinError 1168 element not found" exceptions for "Registry" and "Memory Compression" psuedo processes on Windows 10. * 1526_: [NetBSD] process cmdline() could raise MemoryError. (patch by Kamil Rytarowski) - Update to 5.6.2: * 1404: [Linux] cpu_count(logical=False) uses a second method (read from /sys/devices/system/cpu/cpu[0-9]/topology/core_id) in order to determine the number of physical CPUs in case /proc/cpuinfo does not provide this info. * 1458: provide coloured test output. Also show failures on KeyboardInterrupt. * 1464: various docfixes (always point to python3 doc, fix links, etc.). * 1478: add make command to re-run tests failed on last run. * 1456: [Linux] cpu_freq() returns None instead of 0.0 when min/max not available (patch by Alex Manuskin) * 1462: [Linux] (tests) make tests invariant to LANG setting (patch by Benjamin Drung) * 1463: cpu_distribution.py script was broken. * 1470: [Linux] disk_partitions(): fix corner case when /etc/mtab doesn't exist. (patch by Cedric Lamoriniere) * 1472: [Linux] cpu_freq() does not return all CPUs on Rasbperry-pi 3. * 1493: [Linux] cpu_freq(): handle the case where /sys/devices/system/cpu/cpufreq/ exists but is empty. ==== python-pyasn1 ==== Version update (0.4.5 -> 0.4.7) - Update to 0.4.7: * Many bugfixes all around, see CHANGES.rst ==== python-pycryptodome ==== Version update (3.8.2 -> 3.9.0) - Update to 3.9.0: * Add support for loading PEM files encrypted with AES256-CBC. * Add support for XChaCha20 and XChaCha20-Poly1305 ciphers. * Add support for bcrypt key derivation function (Crypto.Protocol.KDF.bcrypt). * Add support for left multiplication of an EC point by a scalar. * Add support for importing ECC and RSA keys in the new OpenSSH format. ==== python-pytz ==== - Add versioned dependency on timezone database to ensure the correct data is installed - Remove system_zoneinfo.patch, and instead add a symlink to the system timezone database - Replace unnecessary pytest, adding a missing __init__.py in the tests to allow the test suite to work on Python 2.7 without pytest ==== python-setuptools ==== - Define LANG in %check to fix openSUSE/SLE 15 testsuite ==== python-urllib3 ==== - Use have/skip_python2/3 macros to allow building only one flavour ==== timezone ==== Version update (2019b -> 2019c) - timezone update 2019c (bsc#1150451) * Fiji observes DST from 2019-11-10 to 2020-01-12. * Norfolk Island starts observing Australian-style DST. ==== transactional-update ==== Version update (2.15 -> 2.16) Subpackages: transactional-update-zypp-config - Update to version 2.16 - Use default command if options, but no command was given [boo#1146116] - Make sure only one process appears in `ps` output [boo#1111897] - Move update check: If a new repository is added (and ZYPPER_AUTO_IMPORT_KEYS is set) adding the new repository key won't fail any more - Avoid unnecessary snapshots / reboots by detecting zypper operations without changes more reliably (e.g. when installing an already installed package) - Update the manpage accordingly - Bugfixes: - Ignore commented lines in fstab when checking for shadowed files - Avoid warning when copying network config - Remove Perl dependency - Building documentation requires Python 3 now ==== yast2 ==== Version update (4.2.19 -> 4.2.23) - Use "display_name" tag for the product label, "label" marks a translatable text (jsc#SLE-7214) - 4.2.23 - Added support for reading products from control.xml file (jsc#SLE-7104) - 4.2.22 - support reading licenses from tar archive (jsc#SLE-7214) - 4.2.21 - Fix a problem when long warnings reports in command line (bsc#1149776). - 4.2.20