Packages changed: attr dhcp hwinfo iproute2 (5.1 -> 5.2) libtool libyajl libzio lua53 mozilla-nss (3.44.1 -> 3.45) ncurses openldap2 pcre readline tcpd xz === Details === ==== attr ==== Subpackages: libattr1 - Use FAT LTO objects in order to provide proper static library. ==== dhcp ==== Subpackages: dhcp-client - dhclient-script: replace host(1) with getent, which is more lightweight (part of glibc and does not pull in bind-utils) - Use FAT LTO objects in order to provide proper static library. ==== hwinfo ==== - Use FAT LTO objects in order to provide proper static library. ==== iproute2 ==== Version update (5.1 -> 5.2) - Use FAT LTO objects in order to provide proper static library. - Use %make_build. - Update to new upstream release 5.2 * devlink: increase column size for larger shared buffers * ip: reset netns after each command in batch mode * ip addr: do not set IPv6 specific options for IPv4 addresses * ip fou: support binding FOU ports * ip link: support bridge vlan_stats_per_port * ip link: support vlan bridge binding flag * ip macsec: supporet gcm-aes-256 cipher type * ip monitor: display interfaces from all groups * ip neigh: show neighbor offload indication * rdma: add link add/delete * rdma: update node type strings * ss: add option for single line output * ss: show raw numbers for data rates with --numeric * tc: support for plug qdisc * tc: taprio: support for changing schedules * tc: taprio: support cycle_time and cycle_time_extensions * tipc: support for link broadcast method and ratio * update documentation ==== libtool ==== - Use FAT LTO objects in order to provide proper static library. ==== libyajl ==== - Use FAT LTO objects in order to provide proper static library. ==== libzio ==== - Use FAT LTO objects in order to provide proper static library ==== lua53 ==== - Use FAT LTO objects in order to provide proper static library. ==== mozilla-nss ==== Version update (3.44.1 -> 3.45) - update to NSS 3.45 (bsc#1141322) * required by Firefox 69.0 New functions * PK11_FindRawCertsWithSubject - Finds all certificates on the given slot with the given subject distinguished name and returns them as DER bytes. If no such certificates can be found, returns SECSuccess and sets *results to NULL. If a failure is encountered while fetching any of the matching certificates, SECFailure is returned and *results will be NULL. Notable changes * bmo#1540403 - Implement Delegated Credentials * bmo#1550579 - Replace ARM32 Curve25519 implementation with one from fiat-crypto * bmo#1551129 - Support static linking on Windows * bmo#1552262 - Expose a function PK11_FindRawCertsWithSubject for finding certificates with a given subject on a given slot * bmo#1546229 - Add IPSEC IKE support to softoken * bmo#1554616 - Add support for the Elbrus lcc compiler (<=1.23) * bmo#1543874 - Expose an external clock for SSL * bmo#1546477 - Various changes in response to the ongoing FIPS review Certificate Authority Changes * The following CA certificates were Removed: bmo#1552374 - CN = Certinomis - Root CA Bugs fixed * bmo#1540541 - Don't unnecessarily strip leading 0's from key material during PKCS11 import (CVE-2019-11719) * bmo#1515342 - More thorough input checking (CVE-2019-11729) * bmo#1552208 - Prohibit use of RSASSA-PKCS1-v1_5 algorithms in TLS 1.3 (CVE-2019-11727) * bmo#1227090 - Fix a potential divide-by-zero in makePfromQandSeed from lib/freebl/pqg.c (static analysis) * bmo#1227096 - Fix a potential divide-by-zero in PQG_VerifyParams from lib/freebl/pqg.c (static analysis) * bmo#1509432 - De-duplicate code between mp_set_long and mp_set_ulong * bmo#1515011 - Fix a mistake with ChaCha20-Poly1305 test code where tags could be faked. Only relevant for clients that might have copied the unit test code verbatim * bmo#1550022 - Ensure nssutil3 gets built on Android * bmo#1528174 - ChaCha20Poly1305 should no longer modify output length on failure * bmo#1549382 - Don't leak in PKCS#11 modules if C_GetSlotInfo() returns error * bmo#1551041 - Fix builds using GCC < 4.3 on big-endian architectures * bmo#1554659 - Add versioning to OpenBSD builds to fix link time errors using NSS * bmo#1553443 - Send session ticket only after handshake is marked as finished * bmo#1550708 - Fix gyp scripts on Solaris SPARC so that libfreebl_64fpu_3.so builds * bmo#1554336 - Optimize away unneeded loop in mpi.c * bmo#1559906 - fipstest: use CKM_TLS12_MASTER_KEY_DERIVE instead of vendor specific mechanism * bmo#1558126 - TLS_AES_256_GCM_SHA384 should be marked as FIPS compatible * bmo#1555207 - HelloRetryRequestCallback return code for rejecting 0-RTT * bmo#1556591 - Eliminate races in uses of PK11_SetWrapKey * bmo#1558681 - Stop using a global for anti-replay of TLS 1.3 early data * bmo#1561510 - Fix a bug where removing -arch XXX args from CC didn't work * bmo#1561523 - Add a string for the new-ish error SSL_ERROR_MISSING_POST_HANDSHAKE_AUTH_EXTENSION - split hmac subpackages to match SLE's packaging - Use -ffat-lto-objects in order to provide assembly for static libs. ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Add ncurses patch 20190810 + fix a few more coverity warnings. - Add ncurses patch 20190803 + improve loop limits in _nc_scroll_window() to handle a case where the scrolled data is a pad which is taller than the window (patch by Rob King). + amend the change to screen, because tmux relies upon that entry and does not support that feature (Debian #933572) -TD + updated ms-terminal entry & notes -TD + updated kitty entry & notes -TD + updated alacritty+common entry & notes -TD + use xterm+sl-twm for consistency -TD - Add ncurses patch 20190728 + fix a few more coverity warnings. + more documentation updates based on tctest. - Add ncurses patch 20190727 + fix a few coverity warnings. + documentation updates based on tctest. - Add ncurses patch 20190720 + fix a few warnings for gcc 4.x + add some portability/historical details to the tic, toe and infocmp manual pages. + correct fix for broken link from terminfo(5) to tabs(1) manpage (report by Sven Joachim). - Use FAT LTO objects in order to provide proper static library. ==== openldap2 ==== - Use FAT LTO objects in order to provide proper static library. ==== pcre ==== - Use FAT LTO objects in order to provide proper static library. ==== readline ==== - Rework patch readline-7.0-screen.patch again for bug boo#1143055 * Map all "screen(-xxx)?.yyy(-zzz)?" to "screen" as well as map "konsole(-xxx)?" and "gnome(-xxx)?" to "xterm" - Add official patch readline80-001 The history file reading code doesn't close the file descriptor open to the history file when it encounters a zero-length file. - Use FAT LTO objects in order to provide proper static library. ==== tcpd ==== - Use FAT LTO objects in order to provide proper static library. ==== xz ==== Subpackages: liblzma5 - Use FAT LTO objects in order to provide proper static library.