Packages changed: alsa (1.2.2 -> 1.2.3) audit busybox-links cogl (1.22.6 -> 1.22.8) conmon (2.0.16 -> 2.0.17) dracut (050+suse.65.ge1e64674 -> 050+suse.66.g76431c83) fcoe-utils (1.0.32 -> 1.0.33) ffmpeg-4 (4.2.2 -> 4.2.3) fonts-config (20190119 -> 20200609+git0.42e2b1b) ghostscript-fonts gmp gnome-software gnutls (3.6.13 -> 3.6.14) gstreamer hunspell hwdata (0.335 -> 0.336) icu installation-images-MicroOS (15.4 -> 15.5) konsole krb5 (1.18.1 -> 1.18.2) ksysguard5 (5.19.0 -> 5.19.0.1) libgpg-error (1.37 -> 1.38) libjcat (0.1.2 -> 0.1.2+3) libksysguard5 (5.19.0 -> 5.19.0.1) libnftnl (1.1.6 -> 1.1.7) libosinfo (1.7.1 -> 1.8.0) libqt5-qtbase librsvg (2.48.4 -> 2.48.7) libseccomp (2.4.2 -> 2.4.3) libxml2 libzip (1.6.1 -> 1.7.0) mozjs68 (68.7.0 -> 68.9.0) multipath-tools (0.8.4+31+suse.8f53764 -> 0.8.4+43+suse.908383f) ncurses (6.2.20200502 -> 6.2.20200531) newt open-iscsi openssh (8.1p1 -> 8.3p1) osinfo-db (20200214 -> 20200529) patterns-base perl perl-libwww-perl (6.44 -> 6.45) permissions (1550_20200520 -> 1550_20200526) pulseaudio purge-kernels-service python-rpm-macros (20200207.5feb6c1 -> 20200529.b301e36) python3 python3-base shadow sqlite3 (3.31.1 -> 3.32.2) sssd (2.2.3 -> 2.3.0) suse-module-tools (15.3.2 -> 15.3.3) systemd timezone ucode-intel (20191115 -> 20200609) vim xdg-utils (1.1.3+20190413 -> 1.1.3+20200220) xdm xen xterm yast2 (4.3.5 -> 4.3.6) === Details === ==== alsa ==== Version update (1.2.2 -> 1.2.3) - Update to alsa-lib 1.2.3: including previous fixes, see the detailed changes at: https://www.alsa-project.org/wiki/Detailed_changes_v1.2.2_v1.2.3 - Drop obsoleted patches: 0001-conf-change-the-order-of-PCM-devices-in-alsa.conf.patch 0002-conf-namehint-add-omit_noargs-to-the-hint-section.patch 0003-Change-PCM-device-number-of-Asus-Xonar-U5.patch 0004-configure-add-embed-for-python3-config-python-3.8.patch 0005-conf-USB-Audio-Add-C-Media-USB-Headphone-Set-to-the-.patch 0006-topology-add-back-asrc-to-widget_map-in-dapm.c.patch 0007-ucm-clarify-the-index-syntax-for-the-device-names.patch 0008-ucm-fix-uc_mgr_scan_master_configs.patch 0009-namehint-remember-the-direction-from-the-upper-level.patch 0010-conf-fix-namehint-for-pcm.front-and-pcm.iec958.patch 0011-pcm-add-chmap-option-to-route-plugin.patch 0012-usecase-allow-indexes-also-for-modifier-names.patch 0013-ucm-fix-the-device-remove-operation.patch 0014-ucm-fix-copy-n-paste-typo-RemoveDevice-list.patch 0015-pcm-dmix-fix-sw_params-handling-of-timestamp-types-i.patch 0016-conf-USB-Audio-Fix-S-PDIF-output-of-ASUS-Xonar-AE.patch 0017-pcm-rate-fix-the-remaining-size-calculation-in-snd_p.patch 0018-use-case.h-add-USB-as-allowed-device-name.patch 0019-topology-Use-bool-parser-to-parse-boolean-value.patch 0020-fix-infinite-draining-of-the-rate-plugin-in-SND_PCM_.patch 0021-test-pcm_min-add-snd_pcm_drain-call-and-indentation-.patch ==== audit ==== Subpackages: libaudit1 libauparse0 - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs (bsc#1172295) ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-psmisc busybox-xz - Add conflicts: mawk to busybox-gawk ==== cogl ==== Version update (1.22.6 -> 1.22.8) Subpackages: libcogl-pango20 libcogl20 - Update to version 1.22.8: + Fix building against libglvnd-provided EGL headers. + Stop checking the Automake version. + Fix compiler warnings with GCC ? 9. + Ensure we don't close the same X display twice. + Test suite fixes. + Free pipeline state last. - Drop cogl-fix-mesa20.patch: Fixed upstream. Following this, drop libtool BuildRequires and autoreconf call, no longer needed. ==== conmon ==== Version update (2.0.16 -> 2.0.17) - Update to v2.0.17 - Add option to delay execution of exit command ==== dracut ==== Version update (050+suse.65.ge1e64674 -> 050+suse.66.g76431c83) Subpackages: dracut-ima - Update to version 050+suse.66.g76431c83: * 95iscsi: fix missing space when compiling cmdline args (bsc#1172816) ==== fcoe-utils ==== Version update (1.0.32 -> 1.0.33) - Updated with latest upstream v1.0.33 from v1.0.32: * Added "-Wextra" and enabled "-Werror" for compiling * Ignore auto-generated files * Update systemd service files (several updates) * A bunch of gcc-10-related fixes, such as marking unused arguments, fixing strncpy()s, string truncation/overflow * better error handling/retry for link issues (like EBUSY) * replace use of "ifconfig" with "ip" in debug scripts * fix long-standing issue with netlink buffer resizing * move bash completions to proper system directory This replaces fcoe-utils-v1.0.32.tar.xz with fcoe-utils-v1.0.33.tar.xz, and it does away with the following patches, since they are all fixed upstream: * 0003-systemctl-cannot-start-fcoemon.socket.patch * 0004-fcoemon-Correctly-handle-options-in-the-service-file.patch * 0005-fcoe.service-Add-foreground-to-prevent-fcoemon-to-be.patch * 0006-fipvlan-fixup-return-value-on-error.patch * 0008-Use-correct-socket-for-fcoemon.socket.patch * 0012-fcoemon-Retry-fcm_link_getlink-on-EBUSY.patch * fcoe-utils-1.0.29-make.patch * fcoe-utils-stop-using-ifconfig.patch And the following patch was removed because we can successfully compile with "-Werror" now: * 0009-disable-Werror-building.patch ==== ffmpeg-4 ==== Version update (4.2.2 -> 4.2.3) Subpackages: libavcodec58 libavformat58 libavutil56 libswresample3 - Update to version 4.2.3: * Stable bug fix release, mainly codecs and format fixes. - Drop 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch: Fixed upstream. ==== fonts-config ==== Version update (20190119 -> 20200609+git0.42e2b1b) - Add a _service file - Add code in %post to check the value of FORCE_MODIFY_DEFAULT_FONT_SETTINGS_IN_NEXT_UPDATE and if it's set to yes, empty or it doesn't exist, then update the values of FORCE_HINTSTYLE, USE_LCDFILTER and USE_RGBA in /etc/sysconfig/fonts-config to use the default settings established in the 20181211 release (boo#1172022) - Update to 20200609+git0.42e2b1b: * Add variable to allow fonts-config to update default settings * Fix en-US, en-GB font matching ==== ghostscript-fonts ==== Subpackages: ghostscript-fonts-other ghostscript-fonts-std - Add a ghostscript-fonts-std-converted subpackage with fonts from ghostscript-fonts-std converted to TrueType format (boo#1169444) ==== gmp ==== - correct license statement (library itself is no GPL-3.0) ==== gnome-software ==== - Add gnome-software-failed-offline-update-notification.patch: plugin-loader: handle offline update errors properly(bsc#1161095, glgo#GNOME/gnome-software!471). ==== gnutls ==== Version update (3.6.13 -> 3.6.14) - Fix a memory leak that could lead to a DoS attack against Samba servers (bsc#1172663) * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch - Temporarily disable broken guile reauth test (bsc#1171565) * add gnutls-temporarily_disable_broken_guile_reauth_test - Update to 3.6.14 * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. The TLS server would not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) [GNUTLS-SA-2020-06-03, CVSS: high] * libgnutls: Fixed handling of certificate chain with cross-signed intermediate CA certificates (#1008). (bsc#1172461) * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority Key Identifier (AKI) properly (#989, #991). * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). Also both accelerated and non-accelerated implementations check key block according to FIPS-140-2 IG A.9 (!1233). * libgnutls: Added support for AES-SIV ciphers (#463). * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). * libgnutls: No longer use internal symbols exported from Nettle (!1235) * API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added - Add key D605848ED7E69871: public key "Daiki Ueno " to the keyring - Drop gnutls-fips_correct_nettle_soversion.patch (upstream) ==== gstreamer ==== Subpackages: libgstreamer-1_0-0 - adjust / ship more 32bit stuff for Wine usage (bsc#1172304) ==== hunspell ==== - security update - added patches fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx + hunspell-CVE-2019-16707.patch ==== hwdata ==== Version update (0.335 -> 0.336) - Update to version 0.336: + Updated pci, usb and vendor ids. ==== icu ==== Subpackages: libicu67 libicu67-ledata - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) ==== installation-images-MicroOS ==== Version update (15.4 -> 15.5) - merge gh#openSUSE/installation-images#384 - Add missed file to instsys. bsc#1158522 [Build 101.1] openQA test fails in windows_client_remotelogin - 15.5 ==== konsole ==== Subpackages: konsole-part - Add upstream patches to fix possible crash when closing a session in KonsolePart (boo#1169408, kde#420817, kde#420695, kde#415762): * Fix-crash-when-closing-session-in-KonsolePart-via-menu.patch * Fix-konsolepart-segfault-when-closing-after-showing-context-menu.patch ==== krb5 ==== Version update (1.18.1 -> 1.18.2) - Update to 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. - Update logrotate script, call systemd to reload the services instead of init-scripts. (boo#1169357) - Don't add the lto flags to the public link options. (boo#1172038) ==== ksysguard5 ==== Version update (5.19.0 -> 5.19.0.1) - Update to 5.19.0.1 * New bugfix release - Changes since 5.19.0: * Use new name for dbus interface too * Don't prefix value output with mount point ==== libgpg-error ==== Version update (1.37 -> 1.38) - Update to 1.38: * New option parser features to implement system wide configuration files * New functions to build file names * New function to help reallocating arrays * Protect gpgrt_inc_errorcount against counter overflow - drop needless autotools build dependencies that were added for gawk5.patch ==== libjcat ==== Version update (0.1.2 -> 0.1.2+3) - Update to version 0.1.2+3: * Validate that gpgme_op_verify_result() returned at least one signature (CVE-2020-10759). ==== libksysguard5 ==== Version update (5.19.0 -> 5.19.0.1) Subpackages: libksysguard5-helper libksysguard5-imports - Update to 5.19.0.1 * New bugfix release - Changes since 5.19.0: * Use new name for dbus interface ==== libnftnl ==== Version update (1.1.6 -> 1.1.7) - Update to release 1.1.7 * udata: add NFTNL_UDATA_SET_DATA_INTERVAL ==== libosinfo ==== Version update (1.7.1 -> 1.8.0) Subpackages: libosinfo-1_0-0 - Update to version 1.8.0 Changes in this release include: * Several CI improvements * Several release scripts improvements * Several translations improvements * Several syntax-check improvements * Code cleanup in order to modernize the GObject usage * Add API to get whether a firmware is supported or not * Add API to get "cloud-image-username" ==== libqt5-qtbase ==== Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 - Add patch to fix tool menu placement (boo#1172754, QTBUG-84462): * 0001-Fix-QToolButton-menus-showing-on-primary-screens-in-.patch ==== librsvg ==== Version update (2.48.4 -> 2.48.7) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 typelib-1_0-Rsvg-2_0 - Update to version 2.48.7: + Fix failing tests. - Update to version 2.48.6: + Fix build on big-endian machines. - Update to version 2.48.5: + Support multiple fonts in the font-family property. Previously in font-family="Foo, Bar, Baz" only Foo would get used. + Catch overflow when rendering files with a huge viewBox. + Don't panic with an empty objectBoundingBox for a mask. + Fix introspection data for rsvg_handle_set_stylesheet. + Fixes to the librsvg_crate documentation. + Loading raster images for inclusion in an SVG and producing GdkPixbufs is now faster. ==== libseccomp ==== Version update (2.4.2 -> 2.4.3) - Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool - Drop no-static.diff, libseccomp-fix_aarch64-test.patch, SNR_ppoll.patch (merged) ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021] - Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549 * Add patch libxml2-CVE-2019-19956.patch ==== libzip ==== Version update (1.6.1 -> 1.7.0) - libzip 1.7.0: * Add support for encrypting using traditional PKWare encryption * Add functions for querying supported compression and encryption methods * Add the ZIP_SOURCE_GET_FILE_ATTRIBUTES` source command * Refactor stdio file backend * Add CMake find_project() support ==== mozjs68 ==== Version update (68.7.0 -> 68.9.0) - Update to version 68.9.0esr: * CVE-2020-12399: Timing attack on DSA signatures in NSS library * CVE-2020-12405: Use-after-free in SharedWorkerService * CVE-2020-12406: JavaScript Type confusion with NativeTypes * CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 - Changes from version 68.8.0esr: * CVE-2020-12387: Use-after-free during worker shutdown * CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389: Sandbox escape with improperly separated process types * CVE-2020-6831: Buffer overflow in SCTP chunk input validation * CVE-2020-12392: Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Drop gcc10-include-fix.patch: Fixed upstream. - Add Drop_backwards_test-Nuuk.patch: This is now Nuuk in tzdata. ==== multipath-tools ==== Version update (0.8.4+31+suse.8f53764 -> 0.8.4+43+suse.908383f) Subpackages: kpartx libmpath0 - Update to version 0.8.4+43+suse.908383f: * enable negated regular expression syntax in conf file * change default devnode blacklist to '!^(sd[a-z]|dasd[a-z]|nvme[0-9])' - Update to version 0.8.4+40+suse.b06c2e5a: - Fix udev rule processing during coldplug (bsc#1172157) * 11-dm-mpath.rules: Fix udev rule processing during coldplug - Fix compilation with gcc-10 * fix boolean value with json-c 0.14 * libmultipath: fix condlog NULL argument in uevent_get_env_var - Reviewed upstream changes: * simplify failed_wwid code * centralize path validation code - Use pkgconfig for BuildRequires ==== ncurses ==== Version update (6.2.20200502 -> 6.2.20200531) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Add ncurses patch 20200531 + correct configure version-check/warnng for g++ to allow for 10.x + re-enable "bel" in konsole-base (report by Nia Huang) + add linux-s entry (patch by Alexandre Montaron). + drop long-obsolete convert_configure.pl + add test/test_parm.c, for checking tparm changes. + improve parameter-checking for tparm, adding function _nc_tiparm() to handle the most-used case, which accepts only numeric parameters (report/testcase by "puppet-meteor"). + use a more conservative estimate of the buffer-size in lib_tparm.c's save_text() and save_number(), in case the sprintf() function passes-through unexpected characters from a format specifier (report/testcase by "puppet-meteor"). + add a check for end-of-string in cvtchar to handle a malformed string in infotocap (report/testcase by "puppet-meteor"). - Add ncurses patch 20200523 + update version-check for gnat to allow for gnat 10.x to 99.x + fix an uninitialized variable in lib_mouse.c changes (cf: 20200502) + add a check in EmitRange to guard against repeat_char emitting digits which could be interpreted as BSD-style padding when --enable-bsdpad is configured (report/patch by Hiltjo Posthuma). + add --disable-pkg-ldflags to suppress EXTRA_LDFLAGS from the generated pkg-config and ncurses*-config files, to simplify configuring in the case where rpath is used but the packager wants to hide the feature (report by Michael Stapelberg). > fixes for building with Visual Studio C++ and msys2 (patches by "Maarten Anonymous"): + modify CF_SHARED_OPTS to generate a script which translates linker options into Visual Studio's dialect. + omit parentheses around function-names in generated lib_gen.c to - Add ncurses patch 20200516 + add notes on termcap.h header in curs_termcap.3x + update notes on vscode / xterm.js -TD - Add ncurses patch 20200509 + add "-r" option to the dots test-programs, to help with scripting a performance comparison. + build-fix test/move_field.c for NetBSD curses, whose form headers use different names than SVr4 or ncurses. ==== newt ==== - Split doc build into separate spec file - As the example scripts are "pointless", just don't install them ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Merged in latest upstream. Summary: * Let initiator name be created by iscsi-init.service. * iscsi: fix fd leak * iscsi: Add break to while loop * Fix compiler complaint about string copy in iscsiuio * Fix a compiler complaint about writing one byte * Fix issue with zero-length arrays at end of struct * Add iscsi-init.service * Proper disconnect of TCP connection * Fix SIGPIPE loop in signal handler * Update iscsi-iname.c * log:modify iSCSI shared memory permissions for logs * Ignore iface.example in iface match checks * More changes for musl. * Fix type mismatch under musl. * Change include of to * iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix Note that the "Add iscsi-init.service" change adds a new systemd service called "iscsi-init", that creates the iSCSI initiator name file /etc/iscsi/initiatorname.iscsi, if and only if it does not exist. This obviates the need to do this from the SPEC file, now updated. Since this was not a version-number update, in addition to modifying the SPEC file, also updates: * open-iscsi-SUSE-latest.diff.bz2 ==== openssh ==== Version update (8.1p1 -> 8.3p1) - Version update to 8.3p1: = Potentially-incompatible changes * sftp(1): reject an argument of "-1" in the same way as ssh(1) and scp(1) do instead of accepting and silently ignoring it. = New features * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow .shosts files but not .rhosts. * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a sshd_config, not just before any Match blocks. * ssh(1): add %TOKEN percent expansion for the LocalFoward and RemoteForward keywords when used for Unix domain socket forwarding. * all: allow loading public keys from the unencrypted envelope of a private key file if no corresponding public key file is present. * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where possible instead of the (slower) portable C implementation included in OpenSSH. * ssh-keygen(1): add ability to dump the contents of a binary key revocation list via "ssh-keygen -lQf /path". - Additional changes from 8.2p1 release: = Potentially-incompatible changes * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures (i.e. the client and server CASignatureAlgorithms option) and will use the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) CA signs new certificates. * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. * ssh-keygen(1): the command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). It needs to be installed in the expected path, typically under /usr/libexec or similar. = New features * This release adds support for FIDO/U2F hardware authenticators to OpenSSH. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In OpenSSH FIDO devices are supported by new public key types "ecdsa-sk" and "ed25519-sk", along with corresponding certificate types. * sshd(8): add an Include sshd_config keyword that allows including additional configuration files via glob(3) patterns. * ssh(1)/sshd(8): make the LE (low effort) DSCP code point available via the IPQoS directive. * ssh(1): when AddKeysToAgent=yes is set and the key contains no comment, add the key to the agent with the key's path as the comment. * ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509 subjects as key comments, rather than simply listing the PKCS#11 provider library path. * ssh-keygen(1): allow PEM export of DSA and ECDSA keys. * ssh(1), sshd(8): make zlib compile-time optional, available via the Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure option for OpenSSH portable. * sshd(8): when clients get denied by MaxStartups, send a notification prior to the SSH2 protocol banner according to RFC4253 section 4.2. * ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt program, pass a hint to the program to describe the type of desired prompt. The possible values are "confirm" (indicating that a yes/no confirmation dialog with no text entry should be shown), "none" (to indicate an informational message only), or blank for the original ssh-askpass behaviour of requesting a password/phrase. * ssh(1): allow forwarding a different agent socket to the path specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to accepting an explicit path or the name of an environment variable in addition to yes/no. * ssh-keygen(1): add a new signature operations "find-principals" to look up the principal associated with a signature from an allowed- signers file. * sshd(8): expose the number of currently-authenticating connections along with the MaxStartups limit in the process title visible to "ps". - Rebased patches: * openssh-7.7p1-cavstest-ctr.patch * openssh-7.7p1-cavstest-kdf.patch * openssh-7.7p1-fips.patch * openssh-7.7p1-fips_checks.patch * openssh-7.7p1-ldap.patch * openssh-7.7p1-no_fork-no_pid_file.patch * openssh-7.7p1-sftp_print_diagnostic_messages.patch * openssh-8.0p1-gssapi-keyex.patch * openssh-8.1p1-audit.patch * openssh-8.1p1-seccomp-clock_nanosleep.patch - Removed openssh-7.7p1-seed-prng.patch (bsc#1165158). ==== osinfo-db ==== Version update (20200214 -> 20200529) - Update database to version 20200529 - Drop 5bbe30db-opensuse-add-info-about-UEFI-support.patch ==== patterns-base ==== Subpackages: patterns-base-base patterns-base-bootloader patterns-base-minimal_base patterns-base-x11 - Suggest postfix from the basesystem pattern: suggested packages are not flagged for installation, but give the solver a hint. So in case something wants an MTA (smtp_daemon), openSUSE installs will all default to postfix (as the base pattern is generally installed). Users are still free to switch as they wish (boo#1136078). ==== perl ==== Subpackages: perl-base - Fixes for %_libexecdir changing to /usr/libexec ==== perl-libwww-perl ==== Version update (6.44 -> 6.45) - updated to 6.45 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.45 2020-06-08 14:51:28Z - Fix Client-Warning: Internal response sometimes reset (GH#341) (Jonathan Dahan and Julien Fiegehenn) ==== permissions ==== Version update (1550_20200520 -> 1550_20200526) Subpackages: chkstat permissions-config - Update to version 20200526: * profiles: add entries for enlightenment (bsc#1171686) ==== pulseaudio ==== Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils - for libpulse-devel-32bit, require libpulse0-32bit + libpulse-mainloop-glib0-32bit to help wine development (bsc#1172301) ==== purge-kernels-service ==== - Add split provides for upgrade from old dracut (boo#1168727). ==== python-rpm-macros ==== Version update (20200207.5feb6c1 -> 20200529.b301e36) - Update to version 20200529.b301e36: * update-alternatives are quiet during install ==== python3 ==== - add requires python3-base on libpython subpackage (bsc#1167008) - build against Sphinx 2.x until python is compatible with Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) - Fix build with SQLite 3.32 (bpo#40783) add bpo40784-Fix-sqlite3-deterministic-test.patch ==== python3-base ==== Subpackages: libpython3_8-1_0 - add requires python3-base on libpython subpackage (bsc#1167008) - build against Sphinx 2.x until python is compatible with Sphinx 3.x (see gh#python/cpython#19397, bpo#40204) - Fix build with SQLite 3.32 (bpo#40783) add bpo40784-Fix-sqlite3-deterministic-test.patch ==== shadow ==== - Use pure #!/bin/sh in: * useradd.local * userdel-post.local * userdel-pre.local ==== sqlite3 ==== Version update (3.31.1 -> 3.32.2) - SQLite 3.32.2: * Fix a long-standing bug in the byte-code engine that can cause a COMMIT command report as success when in fact it failed to commit - SQLite 3.32.1: * CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (boo#1172091) - SQLite 3.32.0: * Add support for approximate ANALYZE using the PRAGMA analysis_limit command * Add the bytecode virtual table * Add the checksum VFS shim to the set of run-time loadable extensions included in the source tree * Add the iif() SQL function. * INSERT and UPDATE statements now always apply column affinity before computing CHECK constraints * Increase the default upper bound on the number of parameters from 999 to 32766 * Add code for the UINT collating sequence as an optional loadable extension * multiple enhancements to the CLI - drop upstreamed patches: * 04885763c4cd00cb-s390-compatibility.patch * b20503aaf5b6595a-adapt-FTS-tests-for-big-endian.patch ==== sssd ==== Version update (2.2.3 -> 2.3.0) Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Update to release 2.3.0 * SSSD can now handle hosts and networks nsswitch databases (see resolve_provider option). * By default, authentication request only refresh user's initgroups if it is expired or there is not active user's session (see pam_initgroups_scheme option). * OpenSSL is used as default crypto provider, NSS is deprecated. * The AD provider now defaults to GSS-SPNEGO SASL mechanism (see ldap_sasl_mech option). * The AD provider can now be configured to use only ldaps port (see ad_use_ldaps option). * SSSD now accepts host entries from GPO's security filter. * New debug level (0x10000) added for low level LDB messages only (see sssd.conf man page). - Drop sssd-gpo_host_security_filter-2.2.2.patch, 0001-Resolve-computer-lookup-failure-when-sam-cn.patch, 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch (merged) - Drop 0001-Fix-build-failure-against-samba-4.12.0rc1.patch (unapplicable) ==== suse-module-tools ==== Version update (15.3.2 -> 15.3.3) - Reverted back to tar_scm source service (obs_scm doesn't work well for Ring0 packages) - Update to version 15.3.3: * spec: remove SLE/openSUSE difference in allow_unsupported_modules (jsc#SLE-12255) * spec: use same fs_blacklist on SLE and openSUSE (jsc#SLE-12255, jsc#SLE-3926) * spec: use br_netfilter softdep only for SLE12 (jsc#SLE-12255, bsc#1166531, boo#1158817, bsc#937216) ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit a6d31d1a02c2718a064bbbc40d003668acf72769 bb6e2f7906 pid1: update manager settings on reload too (bsc#1163109) e9e8907b06 watchdog: reduce watchdog pings in timeout interval 385a8f9846 udev: rename the persistent link for ATA devices (bsc#1164538) 66018a12ae tmpfiles: remove unnecessary assert (bsc#1171145) - Disable bump of /proc/sys/fs/nr-open Hopefully a _temporary_ workaround until bsc#1165351 is fixed otherwise user instances crashes the system is using NIS (and the nscd cache is empty). ==== timezone ==== - timezone modifies a file below /usr/share (boo#1172521) - zdump --version reported "unknown" (boo#1172055) ==== ucode-intel ==== Version update (20191115 -> 20200609) - Updated Intel CPU Microcode to 20200609 (bsc#1172466) Fixes for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This attack is known as Special Register Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824). - CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to mitigate the Vector Register and L1D Eviction Sampling aka "CacheOutAttack" attacks. (bsc#1156353) == 20200602_DEMO Release == - - Updates upon 20200520 release -- Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New - --- new platforms ---------------------------------------- - --- updated platforms ------------------------------------ HSW C0 6-3c-3/32 00000027->00000028 Core Gen4 BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5 HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4 HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4 BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5 SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2 CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2 SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5 AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6 CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8 CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9 CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile - Updated Intel CPU Microcode to 20200520 Processor Identifier Version Products Model Stepping F-MO-S/PI Old->New - --- new platforms ---------------------------------------- - --- updated platforms ------------------------------------ SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X ==== vim ==== Subpackages: vim-data-common - remove duplicated settings in defaults.vim from SUSE vimrc - move SUSE vim settings to /usr in data-common package so leave /etc/vimrc to the admin. - require data-common in vim-small so it gets the settings - install spec file template as plugin as vim-small doesn't support it ==== xdg-utils ==== Version update (1.1.3+20190413 -> 1.1.3+20200220) - Update to version 1.1.3+20200220: * fixed #166: xdg-open dose not search correctly in directories with spaces in the name ==== xdm ==== - Fixes for %_libexecdir changing to /usr/libexec ==== xen ==== - Fixes for %_libexecdir changing to /usr/libexec - bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) xsa320-1.patch xsa320-2.patch ==== xterm ==== - Fixes for %_libexecdir changing to /usr/libexec ==== yast2 ==== Version update (4.3.5 -> 4.3.6) - Fix Xen detection (bsc#1172742). - 4.3.6