Packages changed: alsa bash installation-images-MicroOS (14.468 -> 14.470) krb5 libjansson (2.12 -> 2.13.1) openldap2 (2.4.49 -> 2.4.50) sudo (1.9.0rc2 -> 1.9.0rc4) yast2 (4.2.83 -> 4.2.84) === Details === ==== alsa ==== - Revert a problematic namehint change (boo#1171044) - Backport upstream fixes: fixes for PCM rate plugin, draining fix, topology parameter parser fix, USB device name for UCM: 0017-pcm-rate-fix-the-remaining-size-calculation-in-snd_p.patch 0018-use-case.h-add-USB-as-allowed-device-name.patch 0019-topology-Use-bool-parser-to-parse-boolean-value.patch 0020-fix-infinite-draining-of-the-rate-plugin-in-SND_PCM_.patch 0021-test-pcm_min-add-snd_pcm_drain-call-and-indentation-.patch ==== bash ==== - Fix usage of update-alternatives ==== installation-images-MicroOS ==== Version update (14.468 -> 14.470) - merge gh#openSUSE/installation-images#374 - support MicroOSNG (bsc#1170885) - 14.470 - prepare for MicroOSNG - merge gh#openSUSE/installation-images#373 - beware of bash using update-alternatives - 14.469 ==== krb5 ==== - Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d notation: libexecdir is likely changing away from /usr/lib to /usr/libexec. ==== libjansson ==== Version update (2.12 -> 2.13.1) - Update to 2.13.1 * New Features: - Add jansson_version_str() and jansson_version_cmp() for runtime version checking - Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions - Add json_object_update_recursive() * Bug fixes: - Add infinite loop check in json_deep_copy() - Enhance JANSSON_ATTRS macro to support earlier C standard(C89) - Update version detection for sphinx-build * Documentation improvements ==== openldap2 ==== Version update (2.4.49 -> 2.4.50) - updated to 2.4.50 - added 0014-ITS-8650-fix-debug-usage.patch - enabled new contrib overlay pw-argon2 - replaced FTP by HTTPS download URL for source - removed 0009-Fix-ldap-host-lookup-ipv6.patch (see bsc#1171127) OpenLDAP 2.4.50 Release (2020/04/28) Fixed client benign typos (ITS#8890) Fixed libldap type cast (ITS#9175) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap_r race on Windows mutex initialization (ITS#9181) Fixed liblunicode memory leak (ITS#9198) Fixed slapd benign typos (ITS#8890) Fixed slapd to limit depth of nested filters (ITS#9202) Fixed slapd-mdb memory leak in dnSuperiorMatch (ITS#9214) Fixed slapo-pcache database initialization (ITS#9182) Fixed slapo-ppolicy callback (ITS#9171) Build Fix olcDatabaseDummy initialization for windows (ITS#7074) Fix detection for ws2tcpip.h for windows (ITS#8383) Fix back-mdb types for windows (ITS#7878) Contrib Update ldapc++ config.guess and config.sub to support newer architectures (ITS#7855) Added pw-argon2 module (ITS#9233, ITS#8575, ITS#9203, ITS#9206) Documentation slapd-ldap(5) - Clarify idassert-authzfrom behavior (ITS#9003) slapd-meta(5) - Remove client-pr option (ITS#8683) slapdinex(8) - Fix truncate option information for back-mdb (ITS#9230) ==== sudo ==== Version update (1.9.0rc2 -> 1.9.0rc4) - Update to 1.9.0rc4 * Various spelling fixes. Bug #925. * The struct passwd passed to PAM session modules is now looked up by user name, not user-ID, when possible. Fixes a problem with the pam_limits module and configurations where multiple user names share the same ID. Debian bug #734752. * Sudo command line options that take a value may only be specified once. This is to help guard against problems caused by poorly written scripts that invoke sudo with user-controlled input. Bug #924. - Update to 1.9.0rc3 * The sudo-logsrvd package now installs a systemd service on Linux distros that use systemd. * The I/O plugin is now closed before the policy plugin on command exit. * When copying the edited files to the original path, sudoedit now allocates any additional space needed before writing. Previously, it could truncate the destination file if the file system was full. Bug #922. * Fixed a compilation issue with Python 3.8. * Changed how TLS connections are made to the log server. Instead of using a starttls type approach where TLS and plaintext connections share the same point we now use separate ports for plaintext and TLS connections. A (tls) flag can be specified after the host:port to indicate that the connection should be secured with TLS. This avoids a potention man-in-the-middle attack that could cause the connection to be forced into plaintext mode. Unfortunately, this change breaks compatibility with the previous release candidates. ==== yast2 ==== Version update (4.2.83 -> 4.2.84) - AutoYaST: Cleanup/improve issue handling (bsc#1171335). - 4.2.84