Packages changed: MozillaThunderbird (78.3.2 -> 78.3.3) apparmor (2.13.4 -> 2.13.5) arpwatch dos2unix (7.4.1 -> 7.4.2) drbd ethtool (5.8 -> 5.9) icewm-theme-branding ipw-firmware k3b kernel-source (5.8.14 -> 5.8.15) krename libapparmor (2.13.4 -> 2.13.5) mdadm monitoring-plugins nodejs14 (14.13.1 -> 14.14.0) patterns-kde perl-LWP-Protocol-https (6.07 -> 6.09) ruby2.7 (2.7.1 -> 2.7.2) systemsettings5 (5.20.0 -> 5.20.0.1) vm-install yast2-configuration-management (4.3.3 -> 4.3.4) yp-tools === Details === ==== MozillaThunderbird ==== Version update (78.3.2 -> 78.3.3) Subpackages: MozillaThunderbird-translations-common - Mozilla Thunderbird 78.3.3 * OpenPGP: Improved support for encrypting with subkeys * OpenPGP message status icons were not visible in message header pane * OpenPGP Key Manager was missing from Tools menu on macOS * Creating a new calendar event did not require an event title - remove python2 dependencies for TW - support wayland mode/autodetection in startup wrapper - replace some Requires to use requires_ge macro where appropriate - improve langpack build (as already used for Firefox) - add ccache statistics output to build ==== apparmor ==== Version update (2.13.4 -> 2.13.5) Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor - update to AppArmor 2.13.5 - add missing permissions to several profiles and abstractions - bugfixes in parser and tools - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - remove upstream(ed) patches - changes-since-2.13.4.diff - abstractions-X-xauth-mr582.diff - sevdb-caps-mr589.diff - libvirt-leaseshelper.patch - cap_checkpoint_restore.diff - add libapparmor-so-number.diff to fix libapparmor so version (!658) ==== arpwatch ==== - add report-iface.patch to see, where the offending change happened ==== dos2unix ==== Version update (7.4.1 -> 7.4.2) - update to 7.4.2: * translation update - add upstream signing key and verify source signature ==== drbd ==== Subpackages: drbd-kmp-default - bsc#1177910, compat to kernel v5.9 Add patch blk_alloc_queue_make_request.patch Add patch compat_generic_make_request.patch Add patch remove_congested_fn_congested_data.patch - Add tumbleweed only patch Add patch compat_blk_queue_stack_limits.patch ==== ethtool ==== Version update (5.8 -> 5.9) - update to new upstream release 5.9 * extended link state * QSFP-DD support * tunnel information (--show-tunnels) * Broadcom bnxt support * improve compatibility between ioctl and netlink output * fix cable test TDR amplitude output * get rid of build warnings * fix null pointer dereference running against old kernel (no arg) * update link mode tables * fix memory leaks and error handling found by static analysis - update compiler flags * -Wno-missing-field-initializers no longer needed * replace -W with -Wextra (preferred form) ==== icewm-theme-branding ==== - Bring back the obsoletion of icemwm-upstream-config (bsc#1173441, bsc#1170420) for SLE and Leap. ==== ipw-firmware ==== - Replace old specfile constructs. ==== k3b ==== Subpackages: k3b-lang - Add support for Musepack SV8 decoding, use musepack-devel instead of libmpcdec-devel. ==== kernel-source ==== Version update (5.8.14 -> 5.8.15) Subpackages: kernel-default kernel-docs - x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (bsc#1176907). - commit c680e93 - Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel (bsc#1177724 CVE-2020-12351). - commit 8f9e7d2 - Bluetooth: A2MP: Fix not initializing all members (CVE-2020-12352 bsc#1177725). - commit c64c556 - Update config files: CONFIG_PINCTRL_AMD=y for fixing dependency (bsc#1177049) - commit f9a8fb6 - platform/x86: intel-vbtn: Revert "Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360" (git-fixes). - net_sched: check error pointer in tcf_dump_walker() (git-fixes). - net_sched: remove a redundant goto chain check (git-fixes). - net: qrtr: ns: Fix the incorrect usage of rcu_read_lock() (git-fixes). - commit db08e19 - platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting (bsc#1012628 bsc#1175599) - commit 4144623 - Linux 5.8.15 (bsc#1012628). - net_sched: commit action insertions together (bsc#1012628). - net_sched: defer tcf_idr_insert() in tcf_action_init_1() (bsc#1012628). - net: qrtr: ns: Protect radix_tree_deref_slot() using rcu read locks (bsc#1012628). - net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails (bsc#1012628). - Input: ati_remote2 - add missing newlines when printing module parameters (bsc#1012628). - tty/vt: Do not warn when huge selection requested (bsc#1012628). - net/mlx5e: Fix driver's declaration to support GRE offload (bsc#1012628). - net/tls: race causes kernel panic (bsc#1012628). - net: bridge: fdb: don't flush ext_learn entries (bsc#1012628). - net/core: check length before updating Ethertype in skb_mpls_{push,pop} (bsc#1012628). - netlink: fix policy dump leak (bsc#1012628). - tcp: fix receive window update in tcp_add_backlog() (bsc#1012628). - mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged (bsc#1012628). - mm: validate inode in mapping_set_error() (bsc#1012628). - mmc: core: don't set limits.discard_granularity as 0 (bsc#1012628). - perf: Fix task_function_call() error handling (bsc#1012628). - afs: Fix deadlock between writeback and truncate (bsc#1012628). - net: mscc: ocelot: divide watermark value by 60 when writing to SYS_ATOP (bsc#1012628). - net: mscc: ocelot: extend watermark encoding function (bsc#1012628). - net: mscc: ocelot: split writes to pause frame enable bit and to thresholds (bsc#1012628). - net: mscc: ocelot: rename ocelot_board.c to ocelot_vsc7514.c (bsc#1012628). - rxrpc: Fix server keyring leak (bsc#1012628). - rxrpc: The server keyring isn't network-namespaced (bsc#1012628). - rxrpc: Fix some missing _bh annotations on locking conn->state_lock (bsc#1012628). - rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read() (bsc#1012628). - rxrpc: Fix rxkad token xdr encoding (bsc#1012628). - net: mvneta: fix double free of txq->buf (bsc#1012628). - vhost-vdpa: fix page pinning leakage in error path (bsc#1012628). - vhost-vdpa: fix vhost_vdpa_map() on error condition (bsc#1012628). - net: hinic: fix DEVLINK build errors (bsc#1012628). - net: stmmac: Modify configuration method of EEE timers (bsc#1012628). - net/mlx5e: Fix race condition on nhe->n pointer in neigh update (bsc#1012628). - net/mlx5e: Fix VLAN create flow (bsc#1012628). - net/mlx5e: Fix VLAN cleanup flow (bsc#1012628). - net/mlx5e: Fix return status when setting unsupported FEC mode (bsc#1012628). - net/mlx5e: Add resiliency in Striding RQ mode for packets larger than MTU (bsc#1012628). - net/mlx5: Fix request_irqs error flow (bsc#1012628). - net/mlx5: Add retry mechanism to the command entry index allocation (bsc#1012628). - net/mlx5: poll cmd EQ in case of command timeout (bsc#1012628). - net/mlx5: Avoid possible free of command entry while timeout comp handler (bsc#1012628). - net/mlx5: Fix a race when moving command interface to polling mode (bsc#1012628). - pipe: Fix memory leaks in create_pipe_files() (bsc#1012628). - octeontx2-pf: Fix synchnorization issue in mbox (bsc#1012628). - octeontx2-pf: Fix the device state on error (bsc#1012628). - octeontx2-pf: Fix TCP/UDP checksum offload for IPv6 frames (bsc#1012628). - octeontx2-af: Fix enable/disable of default NPC entries (bsc#1012628). - net: phy: realtek: fix rtl8211e rx/tx delay config (bsc#1012628). - virtio-net: don't disable guest csum when disable LRO (bsc#1012628). - net: usb: ax88179_178a: fix missing stop entry in driver_info (bsc#1012628). - r8169: fix RTL8168f/RTL8411 EPHY config (bsc#1012628). - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (bsc#1012628). - mdio: fix mdio-thunder.c dependency & build error (bsc#1012628). - bonding: set dev->needed_headroom in bond_setup_by_slave() (bsc#1012628). - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (bsc#1012628). - net: stmmac: Fix clock handling on remove path (bsc#1012628). - vmxnet3: fix cksum offload issues for non-udp tunnels (bsc#1012628). - ice: fix memory leak in ice_vsi_setup (bsc#1012628). - ice: fix memory leak if register_netdev_fails (bsc#1012628). - iavf: Fix incorrect adapter get in iavf_resume (bsc#1012628). - iavf: use generic power management (bsc#1012628). - xfrm: Use correct address family in xfrm_state_find (bsc#1012628). - net: dsa: felix: convert TAS link speed based on phylink speed (bsc#1012628). - hinic: fix wrong return value of mac-set cmd (bsc#1012628). - hinic: add log in exception handling processes (bsc#1012628). - platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP (bsc#1012628). - platform/x86: fix kconfig dependency warning for LG_LAPTOP (bsc#1012628). - net: stmmac: removed enabling eee in EEE set callback (bsc#1012628). - xsk: Do not discard packet when NETDEV_TX_BUSY (bsc#1012628). - xfrm: clone whole liftime_cur structure in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate (bsc#1012628). - xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate (bsc#1012628). - iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb() (bsc#1012628). - btrfs: move btrfs_rm_dev_replace_free_srcdev outside of all locks (bsc#1012628). - drm/amd/display: fix return value check for hdcp_work (bsc#1012628). - drm/amd/pm: Removed fixed clock in auto mode DPM (bsc#1012628). - io_uring: fix potential ABBA deadlock in ->show_fdinfo() (bsc#1012628). - btrfs: move btrfs_scratch_superblocks into btrfs_dev_replace_finishing (bsc#1012628). - drm/amdgpu: prevent double kfree ttm->sg (bsc#1012628). - openvswitch: handle DNAT tuple collision (bsc#1012628). - net: team: fix memory leak in __team_options_register (bsc#1012628). - team: set dev->needed_headroom in team_setup_by_port() (bsc#1012628). - sctp: fix sctp_auth_init_hmacs() error path (bsc#1012628). - i2c: owl: Clear NACK and BUS error bits (bsc#1012628). - i2c: meson: fixup rate calculation with filter delay (bsc#1012628). - i2c: meson: keep peripheral clock enabled (bsc#1012628). - i2c: meson: fix clock setting overwrite (bsc#1012628). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1012628). - espintcp: restore IP CB before handing the packet to xfrm (bsc#1012628). - xfrmi: drop ignore_df check before updating pmtu (bsc#1012628). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1012628). - tcp: use sendpage_ok() to detect misused .sendpage (bsc#1012628). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1012628). - mm/khugepaged: fix filemap page_to_pgoff(page) != offset (bsc#1012628). - gpiolib: Disable compat ->read() code in UML case (bsc#1012628). - RISC-V: Make sure memblock reserves the memory containing DT (bsc#1012628). - macsec: avoid use-after-free in macsec_handle_frame() (bsc#1012628). - nvme-core: put ctrl ref when module ref get fail (bsc#1012628). - platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse (bsc#1012628). - r8169: consider that PHY reset may still be in progress after applying firmware (bsc#1012628). - bpf: Prevent .BTF section elimination (bsc#1012628). - bpf: Fix sysfs export of empty BTF section (bsc#1012628). - platform/x86: asus-wmi: Fix SW_TABLET_MODE always reporting 1 on many different models (bsc#1012628). - platform/x86: thinkpad_acpi: initialize tp_nvram_state variable (bsc#1012628). - platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360 (bsc#1012628). - Platform: OLPC: Fix memleak in olpc_ec_probe (bsc#1012628). - splice: teach splice pipe reading about empty pipe buffers (bsc#1012628). - usermodehelper: reset umask to default before executing user process (bsc#1012628). - vhost: Use vhost_get_used_size() in vhost_vring_set_addr() (bsc#1012628). - vhost: Don't call access_ok() when using IOTLB (bsc#1012628). - block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (bsc#1012628). - partitions/ibm: fix non-DASD devices (bsc#1012628). - drm/nouveau/mem: guard against NULL pointer access in mem_del (bsc#1012628). - drm/nouveau/device: return error for unknown chipsets (bsc#1012628). - net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() (bsc#1012628). - exfat: fix use of uninitialized spinlock on error path (bsc#1012628). - crypto: arm64: Use x16 with indirect branch to bti_c (bsc#1012628). - bpf: Fix scalar32_min_max_or bounds tracking (bsc#1012628). - Revert "ravb: Fixed to be able to unload modules" (bsc#1012628). - fbcon: Fix global-out-of-bounds read in fbcon_get_font() (bsc#1012628). - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (bsc#1012628). - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (bsc#1012628). - commit 1dc82dd ==== krename ==== - Make krename own the locolor icon directories. kf5-filesystem doesn't own these folders anymore. ==== libapparmor ==== Version update (2.13.4 -> 2.13.5) Subpackages: libapparmor1 libapparmor1-32bit - update to AppArmor 2.13.5 - fix two potential build failures - see https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.5 for the detailed upstream changelog - add libapparmor-so-number.diff to fix libapparmor so version (!658) ==== mdadm ==== - Update to latest mdadm which is requested by jsc#SLE-13700 from partners. Mostly the purpose is for latest Intel IMSM raid support, while some other fixes are important too. - imsm: Correct minimal device size (jsc#SLE-13700) 0073-imsm-Correct-minimal-device-size.patch - Detail: show correct bitmap info for cluster raid device (jsc#SLE-13700) 0074-Detail-show-correct-bitmap-info-for-cluster-raid-dev.patch - imsm: support the Array Creation Time field in metadata (jsc#SLE-13700) 0075-imsm-support-the-Array-Creation-Time-field-in-metada.patch - imsm: show Subarray and Volume ID in --examine output (jsc#SLE-13700) 0076-imsm-show-Subarray-and-Volume-ID-in-examine-output.patch - udev: Ignore change event for imsm (jsc#SLE-13700) 0077-udev-Ignore-change-event-for-imsm.patch - Manage, imsm: Write metadata before add (jsc#SLE-13700) 0078-Manage-imsm-Write-metadata-before-add.patch - Assemble: print error message if mdadm fails assembling with --uuid option (jsc#SLE-13700) 0079-Assemble-print-error-message-if-mdadm-fails-assembli.patch - clean up meaning of small typo (jsc#SLE-13700) 0080-clean-up-meaning-of-small-typo.patch - Assemble.c: respect force flag (jsc#SLE-13700) 0081-Assemble.c-respect-force-flag.patch - mdcheck: Log when done (jsc#SLE-13700) 0082-mdcheck-Log-when-done.patch - Makefile: add EXTRAVERSION support (jsc#SLE-13700) 0083-Makefile-add-EXTRAVERSION-support.patch - uuid.c: split uuid stuffs from util.c (jsc#SLE-13700) 0084-uuid.c-split-uuid-stuffs-from-util.c.patch - Include count for \0 character when using strncpy to implement strdup. (jsc#SLE-13700) 0085-Include-count-for-0-character-when-using-strncpy-to-.patch - restripe: fix ignoring return value of read and lseek (jsc#SLE-13700) 0086-restripe-fix-ignoring-return-value-of-read-and-lseek.patch - Block overwriting existing links while manual assembly (jsc#SLE-13700) 0087-Block-overwriting-existing-links-while-manual-assemb.patch - Detect too-small device: error rather than underflow/crash (jsc#SLE-13700) 0088-Detect-too-small-device-error-rather-than-underflow-.patch - Use more secure HTTPS URLs (jsc#SLE-13700) 0089-Use-more-secure-HTTPS-URLs.patch - Update link to Intel page for IMSM (jsc#SLE-13700) 0090-Update-link-to-Intel-page-for-IMSM.patch - mdadm/Grow: prevent md's fd from being occupied during delayed time (jsc#SLE-13700) 0091-mdadm-Grow-prevent-md-s-fd-from-being-occupied-durin.patch - Specify nodes number when updating cluster nodes (jsc#SLE-13700) 0092-Specify-nodes-number-when-updating-cluster-nodes.patch - mdadm/md.4: update path to in-kernel-tree documentation (jsc#SLE-13700) 0093-mdadm-md.4-update-path-to-in-kernel-tree-documentati.patch - manual: update --examine-badblocks (jsc#SLE-13700) 0094-manual-update-examine-badblocks.patch - mdadm: treat the Dell softraid array as local array (bsc#1175004) 1003-mdadm-treat-the-Dell-softraid-array-as-local-array.patch ==== monitoring-plugins ==== Subpackages: monitoring-plugins-breeze monitoring-plugins-by_ssh monitoring-plugins-cluster monitoring-plugins-common monitoring-plugins-cups monitoring-plugins-dhcp monitoring-plugins-dig monitoring-plugins-disk monitoring-plugins-disk_smb monitoring-plugins-dns monitoring-plugins-dummy monitoring-plugins-file_age monitoring-plugins-flexlm monitoring-plugins-http monitoring-plugins-icmp monitoring-plugins-ide_smart monitoring-plugins-ifoperstatus monitoring-plugins-ifstatus monitoring-plugins-ircd monitoring-plugins-load monitoring-plugins-log monitoring-plugins-mailq monitoring-plugins-mrtg monitoring-plugins-mrtgtraf monitoring-plugins-nagios monitoring-plugins-nt monitoring-plugins-ntp_peer monitoring-plugins-ntp_time monitoring-plugins-nwstat monitoring-plugins-oracle monitoring-plugins-overcr monitoring-plugins-ping monitoring-plugins-procs monitoring-plugins-real monitoring-plugins-rpc monitoring-plugins-sensors monitoring-plugins-smtp monitoring-plugins-ssh monitoring-plugins-swap monitoring-plugins-tcp monitoring-plugins-time monitoring-plugins-ups monitoring-plugins-users monitoring-plugins-wave - add patch monitoring-plugins-2.3-check_ntp_perf_absolute.patch return ntp offset absolute (as positive value) in performance data since warn and crit are also positive values ==== nodejs14 ==== Version update (14.13.1 -> 14.14.0) Subpackages: npm14 - Update to version 14.14.0: * fs: add rm method * http: allow passing array of key/val into writeHead * src: expose v8::Isolate setup callbacks - sle12_python3_compat.patch: refreshed ==== patterns-kde ==== Subpackages: patterns-kde-kde patterns-kde-kde_edutainment patterns-kde-kde_games patterns-kde-kde_ide patterns-kde-kde_imaging patterns-kde-kde_internet patterns-kde-kde_multimedia patterns-kde-kde_office patterns-kde-kde_pim patterns-kde-kde_plasma patterns-kde-kde_utilities patterns-kde-kde_utilities_opt patterns-kde-kde_yast - Remove kdeconnect-kde recommends, as asked by the security team (boo#1177628) ==== perl-LWP-Protocol-https ==== Version update (6.07 -> 6.09) - updated to 6.09 see /usr/share/doc/packages/perl-LWP-Protocol-https/Changes 6.09 2020-07-16 13:33:05Z - Make available the version of SSL/TLS protocol used in the connection (GH#56) (Jon Jensen) 6.08 2020-03-23 20:19:22Z (TRIAL RELEASE) - Add defined check (GH#53) (Mohammad S Anwar) - Fix copyright year (GH#55) (Olaf Alders) - Upgrade Mozilla::CA dependency; originally #26 by dolmen (GH#54) (Shoichi Kaji) - Adds coverage tests (GH#51) (Juan Julin Merelo Guervs) - Migrated to DZil (GH PR#30) - Moved bug tracking from RT to GitHub (GH#48) (Olaf Alders) Rebase patch LWP-Protocol-https-6.04-systemca.diff to LWP-Protocol-https-6.09-systemca.diff ==== ruby2.7 ==== Version update (2.7.1 -> 2.7.2) Subpackages: libruby2_7-2_7 - Update to 2.7.2 (boo#1177125) This release contains intentional incompatibility. Deprecation warnings are off by default on 2.7.2 and later. You can turn on deprecation warnings by specifying the -w or -W:deprecated option at the command-line. Please check the topics below for details. - Feature #17000 2.7.2 turns off deprecation warnings by default - Feature #16345 Don?t emit deprecation warnings by default. This release contains the new version of webrick with a security fix described in the article. - CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick Complete list of changes at https://github.com/ruby/ruby/compare/v2_7_1...v2_7_2 ==== systemsettings5 ==== Version update (5.20.0 -> 5.20.0.1) Subpackages: systemsettings5-lang - Update to 5.20.0.1 * Fix users KCM string in default set of KCMs to show on home screen ==== vm-install ==== - Don't forget --extra-args when using --upgrade. vm-install-extra-args.patch ==== yast2-configuration-management ==== Version update (4.3.3 -> 4.3.4) - Clean-up the libzypp's raw cache before running the finish client (bsc#1177522). - 4.3.4 ==== yp-tools ==== - Fix dangling /var/yp/nicknames symlink after update (boo#1176526)