Packages changed: audit audit-secondary containers-systemd (0.0+git20201208.1b4413e -> 0.0+git20201220.ed8a6b2) glib2 (2.66.3 -> 2.66.4) glibc gmp libcap (2.43 -> 2.44) ncurses (6.2.20201031 -> 6.2.20201205) readline xen (4.14.0_12 -> 4.14.1_02) === Details === ==== audit ==== Subpackages: libaudit1 libauparse0 - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) ==== audit-secondary ==== Subpackages: audit python3-audit - Enable Aarch64 processor support. (bsc#1179515 bsc#1179806) ==== containers-systemd ==== Version update (0.0+git20201208.1b4413e -> 0.0+git20201220.ed8a6b2) - Update to version 0.0+git20201220.ed8a6b2: * Add default for FETCHMAILRC - Update to version 0.0+git20201220.0fae7ba: * Add service for fetchmail container - Update to version 0.0+git20201220.69a11d7: * Document spamassassin support * Add support for a spamassassin container - LDAP_MAIL_READER_PASSWORD was renamed to LDAP_BIND_PASSWORD - Update to version 0.0+git20201217.a84253d: * Allow to overwrite TLS key location ==== glib2 ==== Version update (2.66.3 -> 2.66.4) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.66.4: + Fix some issues in parsing floating point seconds in `GDateTime` + Fix some issues in handling invalid UTF-8 when parsing for `GDate` + Bugs fixed: glgo#GNOME/GLib#2264, glgo#GNOME/GLib!1774, glgo#GNOME/GLib!1790, glgo#GNOME/GLib!1793, glgo#GNOME/GLib!1799, glgo#GNOME/GLib!1805. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - aarch64-static-pie.patch: fix static PIE start code for BTI (bsc#1179450, BZ #27068) - iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - printf-long-double-non-normal.patch: x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - get-nprocs-cpu-online-parsing.patch: Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ==== gmp ==== - Add gmp-6.2.1-arm64-invert_limb.patch [bsc#1179751] ==== libcap ==== Version update (2.43 -> 2.44) - update to 2.44: Generally, this is a release to help package builders: no functional change to any of the generated code just documentation and make related fixes. ==== ncurses ==== Version update (6.2.20201031 -> 6.2.20201205) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20201205 + amend build-fixes for gnat 10 to work with certain systems lacking gprbuild (cf: 20200627). + eliminate an additional strlen and wsclen. + eliminate an unnecessary strlen in waddnstr() (suggested by Benjamin Abendroth). + modify inopts manpage, separating the items for nodelay and notimeout (patch by Benno Schulenberg). + correct mlterm3 kf1-kf4 (Debian #975322) -TD + add flash to mlterm3 -TD - Add ncurses patch 20201128 + add Smulx to alacritty (Christian Duerr). + add rep to PuTTY -TD + add putty+keypad -TD + add another fflush(stdout) in _nc_flush() to handle time-delays in the middle of strings such as flash when the application uses low-level calls rather than curses (cf: 20161217). + modify configure check for c89/c99 aliases of clang to use its - std option instead, because some platforms, in particular macOS, do not provide workable c89/c99 aliases. - Add ncurses patch 20201121 + fix some compiler-warnings in experimental Windows-10 driver. + add the definitions needed in recent configure-check for clang (report by Steven Pitman). - Add ncurses patch 20201114 + fix some compiler-warnings in experimental Windows-10 driver. + modify a check for parameters in terminfo capabilities to handle the special case where short extended capability strings were not converted from terminfo to termcap format. + modify CF_MIXEDCASE_FILENAMES macro, adding darwin as special case when cross-compiling (report by Eli Rykoff). - Add ncurses patch 20201107 + update kitty+common -TD + add putty+screen and putty-screen (suggested by Alexandre Montaron). + explain in ncurses.3x that functions in the tinfo library do not rely upon wide-characters (prompted by discussion with Reuben Thomas). ==== readline ==== - get rid of /lib hack and install readline in /usr. Bash is already there anyways (boo#1029961) - remove deprecated %install_info ==== xen ==== Version update (4.14.0_12 -> 4.14.1_02) - Update to Xen 4.14.1 bug fix release (bsc#1027519) xen-4.14.1-testing-src.tar.bz2 Contains the following recent security fixes bsc#1179516 XSA-359 - CVE-2020-29571 bsc#1179514 XSA-358 - CVE-2020-29570 bsc#1179513 XSA-356 - CVE-2020-29567 bsc#1178963 XSA-355 - CVE-2020-29040 bsc#1178591 XSA-351 - CVE-2020-28368 bsc#1179506 XSA-348 - CVE-2020-29566 bsc#1179502 XSA-325 - CVE-2020-29483 bsc#1179501 XSA-324 - CVE-2020-29484 bsc#1179498 XSA-322 - CVE-2020-29481 bsc#1179496 XSA-115 - CVE-2020-29480 - Dropped patches contained in new tarball 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-64bit-segbase-consistency.patch 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch 5f5b6b7a-hypfs-fix-custom-param-writes.patch 5f607915-x86-HVM-more-consistent-IO-completion.patch 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch 5f6a008e-x86-MSI-drop-read_msi_msg.patch 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch 5f6a00c4-evtchn-relax-port_is_valid.patch 5f6a00df-x86-PV-avoid-double-exception-injection.patch 5f6a00f4-evtchn-add-missing-barriers.patch 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch 5f6a0178-evtchn-address-races-with-evtchn_reset.patch 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch 5f71a21e-x86-S3-fix-shadow-stack-resume.patch 5f76ca65-evtchn-Flask-prealloc-for-send.patch 5f76caaf-evtchn-FIFO-use-stable-fields.patch 5f897c25-x86-traps-fix-read_registers-for-DF.patch 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch xsa351-1.patch xsa351-2.patch xsa351-3.patch xsa355.patch - bsc#1178736 - allow restart of xenwatchdogd, enable tuning of keep-alive interval and timeout options via XENWATCHDOGD_ARGS= add xenwatchdogd-options.patch add xenwatchdogd-restart.patch - bsc#1177112 - Fix libxc.sr.superpage.patch The receiving side may punch holes incorrectly into optimistically allocated superpages. Also reduce overhead in bitmap handling. add libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch add libxc-bitmap-long.patch add libxc-bitmap-longs.patch - boo#1029961 - Move files in xen-tools-domU to /usr/bin from /bin xen-destdir.patch Drop tmp_build.patch - bsc#1176782 - L3: xl dump-core shows missing nr_pages during core. If maxmem and current are the same the issue doesn't happen 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch - bsc#1178963 - VUL-0: xen: stack corruption from XSA-346 change (XSA-355) xsa355.patch - Fix build error with libxl.fix-libacpi-dependency.patch - Enhance libxc.migrate_tracking.patch Hide SUSEINFO messages from pause/unpause/resume from xl command. They are intended for libvirt logging, but lacked info about execution context. Remove extra logging about dirty pages in each iteration, the number of transferred pages + protocol overhead is already reported elsewhere. - Remove libxl.libxl__domain_pvcontrol.patch It is already part of 4.14.0-rc1