Packages changed:
ddclient
inxi (3.0.30 -> 3.0.32)
krb5 (1.16.1 -> 1.17)
perl-Cpanel-JSON-XS (4.08 -> 4.09)
perl-Image-ExifTool (11.24 -> 11.27)
permissions (20181116 -> 20190212)
pim-sieve-editor
rdesktop
squid
sssd
suse-module-tools (15.1.0 -> 15.1.10)
tgt (1.0.60 -> 1.0.74)
xcalc (1.0.6 -> 1.0.7)
xf86-video-chips (1.3.0 -> 1.4.0)
xf86-video-tdfx (1.4.7 -> 1.5.0)
xfce4-panel-plugin-diskperf
yast2-installation (4.1.35 -> 4.1.36)
yast2-packager (4.1.26 -> 4.1.27)
yast2-theme (4.1.9 -> 4.1.10)
=== Details ===
==== ddclient ====
- Ensure neutrality of description.
- Do not ignore errors from useradd.
- Avoid %__-type macro indirection.
==== inxi ====
Version update (3.0.30 -> 3.0.32)
- Update to version 3.0.32:
* See /usr/share/doc/packages/inxi/inxi.changelog
==== krb5 ====
Version update (1.16.1 -> 1.17)
Subpackages: krb5-32bit
- Replace old $RPM_* shell vars
- Upgrade to 1.17. Major changes:
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* "kdb5_util dump" will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Code quality:
* Python test scripts now use Python 3.
* Python test scripts now display markers in verbose output, making it
easier to find where a failure occurred within the scripts.
* The Windows build system has been simplified and updated to work
with more recent versions of Visual Studio. A large volume of
unused Windows-specific code has been removed. Visual Studio 2013
or later is now required.
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
by transactional updates; (bsc#1100126);
- Rename patches:
* krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
* krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
* krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
* krb5-1.6.3-gssapi_improve_errormessages.dif to
0004-krb5-1.6.3-gssapi_improve_errormessages.patch
* krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
* krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
* krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
* krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch
* krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch
==== perl-Cpanel-JSON-XS ====
Version update (4.08 -> 4.09)
- updated to 4.09
see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
4.09 2019-02-15 (rurban)
- Add seperate allow_dupkeys property, in relaxed (#122)
- Fixed allow_dupkeys for the XS slow path
- Silence 2 -Wunused-value warnings
- Fix ->unblessed_bool to produce modifiable perl structures (PR #121 by Pali)
==== perl-Image-ExifTool ====
Version update (11.24 -> 11.27)
Subpackages: exiftool perl-File-RandomAccess
- Update to version 11.27
* See /usr/share/doc/packages/perl-Image-ExifTool/Changes
==== permissions ====
Version update (20181116 -> 20190212)
- Update to version 20190212:
* removed old entry for wodim
* removed old entry for netatalk
* removed old entry for suidperl
* removed old entriy for utempter
* removed old entriy for hostname
* removed old directory entries
* removed old entry for qemu-bridge-helper
* removed old entries for pccardctl
* removed old entries for isdnctrl
* removed old entries for unix(2)_chkpwd
* removed old entries for mount.nfs
* removed old entries for (u)mount
* removed old entry for fileshareset
* removed old entries for KDE
* removed old entry for heartbeat
* removed old entry for gnome-control-center
* removed old entry for pcp
* removed old entry for lpdfilter
* removed old entry for scotty
* removed old entry for ia32el
* removed old entry for squid
* removed old qpopper whitelist
* removed pt_chown entries. Not needed anymore and a bad idea anyway
* removed old majordomo entry
* removed stale entries for old ncpfs tools
* removed old entry for rmtab
* Fixed typo in icinga2 whitelist entry
* New whitelisting for /usr/lib/virtualbox/VirtualBoxVM and removed stale
entries for VirtualBox
* Removed whitelist for /usr/bin/su.core. According to comment a temporary
hack introduced 2012 to help moving su from coretuils to util-linux. I
couldn't find it anywhere, so we don't need it anymore
* Remove entry for /usr/bin/yaps. We don't ship it anymore and the group that
is used doesn't exists anymore starting with Leap 15, so it will not work
there anyway. Users using this (old) package can do this individually
* removed entry for /etc/ftpaccess. We currently don't have it anywhere (and
judging from my search this has been the case for quite a while)
* Ensure consistency of entries, otherwise switching between settings becomes
problematic
* Fix spelling of SUSE
* permissions.local: fix typo
==== pim-sieve-editor ====
Subpackages: pim-sieve-editor-lang
- Remove unneeded build requirements
==== rdesktop ====
- Trim redundant wording from description.
- Use %make_install.
==== squid ====
- Revert whitespace deletions of .changes as it makes diffs a pain.
- Do not hide errors from useradd. Make scriptlets
plain sh compatible.
==== sssd ====
Subpackages: libnfsidmap-sss libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap
- Add krb-noversion.diff so sssd_pac builds even with newer krb.
==== suse-module-tools ====
Version update (15.1.0 -> 15.1.10)
- Update to version 15.1.10 (git b28b13d):
- implemented fs blacklisting logic (jsc#SLES-4085, fate#326832)
==== tgt ====
Version update (1.0.60 -> 1.0.74)
- Update to version v1.0.74 from version v1.0.60:
* tgt 1.0.74
* AIO backing store now reports a list of supported opcodes
* tgt 1.0.73
* Update tgt-admin
* fix build w/newer glibc
* Display nop_count and and nop_interval
* Quote $backing_store variable in system(), execute() and
backtick-calls
* Buffer size is stored in struct concat_buf.size field, so
use that instead of BUFSIZE since buffer size can be more
than BUFSIZE. Also, remove BUFSIZE since its not used anymore.
* tgt 1.0.72
* smc: fix snprintf warnings with gcc7
This removed the tarball v1.0.60.tar.gz, and replaced it
with v1.0.74.tar.gz, which can now be gotten using the new
_service file. This also updated the SPEC file with the new
version number and the different patch set. Remaining
patches were renumbered.
This following patches were UPDATED (refreshed):
* tgt-fix-build
* tgt-include-sys-macros-for-major.patch
The following patches were REMOVED (no longer needed):
* tgt-handle-access-of-a-target-that-has-been-removed
* tgt-missing-module-directory-not-an-error
* tgt-compare-pointer-to-null.patch
And the following patch was added (and submitted upstream):
* tgt-Fix-gcc7-string-truncation-warnings.patch
==== xcalc ====
Version update (1.0.6 -> 1.0.7)
- Update to version 1.0.7
* This release fixes things that cause warnings from gcc or
cppcheck, as well as assorted build system maintenance and
tuneups.
==== xf86-video-chips ====
Version update (1.3.0 -> 1.4.0)
- update to release 1.4.0
* This is a bug fix release of Chips & Technologies DDX for X.Org
X Server. There was an X Server crash bug with the Version 1.3
and older code when the code was converted for a newer vgaHW
ABI. This affects devices older than the HiQVideo generation.
This release fixes this particular issue. Please note that the
code may not compile against X Server 1.20 since it no longer
supports 24-bit color.
==== xf86-video-tdfx ====
Version update (1.4.7 -> 1.5.0)
- Update to version 1.5.0
* This is a maintenance release of 3dfx DDX for X.Org X Server.
The DDX compiles cleanly without compilation warnings on
X Server 1.19.6.
==== xfce4-panel-plugin-diskperf ====
Subpackages: xfce4-panel-plugin-diskperf-lang
- Added patch missing_sysmacros.patch
sys/sysmacros.h required for glibc-2.25+ (bxo#13940) and (boo#1125650)
==== yast2-installation ====
Version update (4.1.35 -> 4.1.36)
- Save the used repositories at the end of installation to not
offer the driver packages again (bsc#953522)
- 4.1.36
==== yast2-packager ====
Version update (4.1.26 -> 4.1.27)
- Automatically preselect the driver packages from new repositories
(bsc#953522)
- 4.1.27
==== yast2-theme ====
Version update (4.1.9 -> 4.1.10)
Subpackages: yast2-theme-breeze yast2-theme-oxygen
- Update oxygen icon theme (boo#1125450)
- 4.1.10