Packages changed:
ImageMagick (7.0.9.23 -> 7.0.9.25)
MozillaFirefox (73.0 -> 73.0.1)
bind (9.14.9 -> 9.16.0)
busybox
ca-certificates (2+git20170807.10b2785 -> 2+git20200129.d1a437d)
cogl
cups-filters (1.25.0 -> 1.27.1)
drbd-utils (9.10.0 -> 9.12.0)
emacs-w3m (1.4.631 -> 1.4.632)
gegl (0.4.20 -> 0.4.22)
hyper-v
ibus (1.5.21 -> 1.5.22)
ldmtool (0.2.3 -> 0.2.4)
libgphoto2 (2.5.23 -> 2.5.24)
libmypaint (1.4.0 -> 1.5.0)
libuv
lightdm-gtk-greeter-branding-openSUSE
m17n-db
mariadb (10.3.20 -> 10.4.12)
mutter
nut
perl-Glib (1.3291 -> 1.3292)
pesign-obs-integration
plasma5-pk-updates
plasma5-thunderbolt (5.18.1 -> 5.18.2)
python-Jinja2 (2.10.3 -> 2.11.1)
python-cffi (1.13.2 -> 1.14.0)
python-pytz (2019.2 -> 2019.3)
remmina (1.4.0 -> 1.4.1)
sysfsutils
tpm2-0-tss (2.3.2 -> 2.3.3)
tracker-miners
unbound (1.9.6 -> 1.10.0)
v4l2loopback
vim (8.2.0257 -> 8.2.0314)
wayland (1.17.0 -> 1.18.0)
wireguard (0.0.20200214_k5.5.5_1 -> 0.0.20200215_k5.5.5_1)
wpebackend-fdo (1.4.0 -> 1.4.1)
xen (4.13.0_06 -> 4.13.0_08)
xkbcomp (1.4.2 -> 1.4.3)
xtables-addons (3.8_k5.5.5_1 -> 3.9_k5.5.5_1)
=== Details ===
==== ImageMagick ====
Version update (7.0.9.23 -> 7.0.9.25)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7 perl-PerlMagick
- version update to 7.0.9.25
* Adapt to a change in command-line options in the SVG inkscape delegate.
* No percent sign in lab() color.
* Support connected-components:eccentricity-threshold,
connected-components:major-axis-threshold,
connected-components:minor-axis-threshold,
connected-components:angle-threshold.
* Set the alpha channel if the write mask is not enabled.
* Corrected ellipse orientation when computing image moments.
==== MozillaFirefox ====
Version update (73.0 -> 73.0.1)
Subpackages: MozillaFirefox-translations-common
- Mozilla Firefox 73.0.1
* Resolved problems connecting to the RBC Royal Bank website
(bmo#1613943)
* Fixed Firefox unexpectedly exiting when leaving Print Preview mode
(bmo#1611133)
* Fixed crashes when playing encrypted content on some Linux systems
(bmo#1614535)
- start in wayland mode when running under wayland session
==== bind ====
Version update (9.14.9 -> 9.16.0)
Subpackages: bind-chrootenv bind-doc bind-utils python3-bind
- Update download urls
- Do not enable geoip on old distros, the geoip db was shut down
so we need to use geoip2 everywhere
- Upgrade to version 9.16.0
Major upgrade, see
https://downloads.isc.org/isc/bind9/9.16.0/RELEASE-NOTES-bind-9.16.0.html
and
CHANGES file in the source tree.
Major functional change:
* What was set with --with-tuning=large option in older BIND9
versions is now a default, and a --with-tuning=small option was
added for small (e.g. OpenWRT) systems.
* A new "dnssec-policy" option has been added to named.conf to
implement a key and signing policy (KASP) for zones.
* The command (and manpage) bind9-config have been dropped as the
BIND 9 libraries are now purely internal.
No patches became obsolete through the upgrade.
[bind-9.16.0.tar.xz]
==== busybox ====
- Disable CONFIG_FEATURE_NSLOOKUP_BIG as it leads to incompatible
nslookup behavior
==== ca-certificates ====
Version update (2+git20170807.10b2785 -> 2+git20200129.d1a437d)
- Update to version 2+git20200129.d1a437d:
* rewrite in bash
* java.run: don't set LANG=en_US
- no longer require openssl, it's all done by p11-kit
==== cogl ====
Subpackages: cogl-lang libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0
- Add cogl-fix-mesa20.patch: fixes build against Mesa 20
(boo#1164688, glgo#GNOME/cogl!17).
==== cups-filters ====
Version update (1.25.0 -> 1.27.1)
- Update to 1.27.1
* libcupsfilters: Let the PPD generator not put any dashes into
the PPD option and choice names when translating them from IPP
attribute names, to avoid that on the back-translation by CUPS
no double-dashes are generated. This broke paper tray selections
with tray names like "tray-1", "tray-2", ... (Issue #192,
Issue #201, Debian bug #949315).
* foomatic-rip: Fixed segfault when PRINTER environment variable
is not supplied.
* pdftopdf, pdftops, gstoraster, gstopdf, gstopxl, rastertoescpx,
rastertopclx, foomatic-rip: Handle zero-page jobs (Issue #117,
Pull request #196, Pull request #197, Pull request #198, Pull
request #200).
* texttopdf: Added support for CJK (double-width) fonts (Issue
[#135], Pull request #199).
* cups-browsed: Switched default for "CreateIPPPrinterQueues"
from "local-only" to "All". The configure script options "
- -enable-auto-setup-local-only" and
"--enable-auto-setup-driverless-only" can be used to change
this default (Debian bug #921252).
* rastertoescpx: Fixed wrong freeing of a buffer.
* pdftops: Added options "crop-to-fit" and "fill" to the pdftopdf
options which the pstops called by pdftops should not apply a
second time.
* pdftops: Added missing "-sstdout=%stderr" to Ghostscript command
line, to assure that all messages are redirected to stderr and
do not mix up with the output data.
- Drop add-cstring-include.patch: already present upstream
- Drop foomatic-rip-fix-compilation-with-fno-common.patch: already
present upstream
==== drbd-utils ====
Version update (9.10.0 -> 9.12.0)
- Update to 9.12.0
* drbd.ocf: new wrc_timeout param, fail on attach failure,
remove_master_score_if_peer_primary param,
fail_promote_early_if_peer_primary param, improved helper logging
no error if wait-connect fails
* drbdadm,v9: fix dumping meta-disk in corner case
* crm-fence-peer.9.sh: fix Pacemaker 2 compat
* drbdsetup,v9: fixes for various json output corner cases
* drbdsetup,all: prepare for netlink changes (linux v5.2+)
* drbdadm,v9: fix a check for setting up connections multiple times
* init: setup file backed loop devices (mapping from LINSTOR)
* rr-conflict: add retry-connect option (>=drbd 9.0.20)
* drbdmon: 256/16 colors; events2 handler improvements
* drbdsetup,v9: new flag: force-resync (>=drbd 9.0.21)
- Remove netlink-prepare-for-kernel-v5.2.patch
Remove netlink-Add-NLA_F_NESTED-flag-to-nested-attribute.patch
Remove cibadmin-return-code-convert.patch in 144c8cc1d
==== emacs-w3m ====
Version update (1.4.631 -> 1.4.632)
- Update to current GIT HEAD (6eda3828)
==== gegl ====
Version update (0.4.20 -> 0.4.22)
Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0
- Update to version 0.4.22:
+ Build:
- Updates to python gobject introspection tests, and made them
able to look up babl typelib.
- Build pdf:load again; missing since meson migration.
- Fix OpenCL include file generation to work in non-utf8
locales.
+ Operations: matting-{global,levin}: fix crash when bounding
boxes of input and aux differ.
==== hyper-v ====
- Revert previous non-upstream change for async name resolution
Just use gethostname via hyper-v.kvp.gethostname.patch (bsc#1100758)
==== ibus ====
Version update (1.5.21 -> 1.5.22)
Subpackages: ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5 libibus-1_0-5-32bit typelib-1_0-IBus-1_0
- Fix dependency between ibus and ibus-dict-emoji
* Keep ibus and ibus-dict-emoji from the same source
* Add Conflict to remove old ibus containing emoji dictionary
files
- Update version to 1.5.22
* GDBusAuthObserver security fix, drop
ibus-CVE-2019-14822-GDBusServer-peer-authorization.patch
* Use XDG_RUNTIME_DIR for Unix socket directory
* Hangul button press handling
* Fix deprecated APIs
* Bug fixes
* Fix boo#1149065
* Fix restart crash with inotify read() (Robert Hoffmann)
* Make session file header comment more clear (Jason)
* Amend typos (Jason)
* Add NotShowIn and Keywords keys to the desktop entry (Changwoo Ryu)
* Handle small final sigma in ibus_keyval_convert_case (Alex Henrie)
* Update translations.
- Add ibus-fix-Signal-does-not-exist.patch. Fix build on Leap 15.1 and below
- Split ibus-dict-emoji so that KDE Plasma can use IBus's emoji
dictionaries without IBus daemon (boo#1161584)
==== ldmtool ====
Version update (0.2.3 -> 0.2.4)
Subpackages: libldm-1_0-0
- update to version 0.2.4
- update patch Remove-deprecated-g_type_class_add_private.patch
- remove upstream merged patches (werror-fixes.patch, cast_be64toh.patch)
- fix buildrequires
- use localsource as the github repo doesnt include yet the built tarball
for 0.2.4 release
==== libgphoto2 ====
Version update (2.5.23 -> 2.5.24)
Subpackages: libgphoto2-6 libgphoto2-6-lang
- updated to 2.5.24 release
- ptp2:
* GoPro: fixed all images not visible bug
* Canon EOS: lock/unlock ui before more operations
* Canon Powershot SX / EOS M: some setup adjustments to make powershot sx work better
* Nikon Keymission 170: try override opcodes to allow capture
* Nikon DSLR: fixed a regression where 5 seconds was longer image capture shutterspeed
* Sony: adjusted manualfocusing not to autofocus
* Fuji: access ISO config
* Sony: fixed manual focusing
* Sony: specify capturetarget on camera, available on current 2019/2020 Sony
* bugfixes
* New ids added:
* Sony Alpha RX100V, A7s, RX0 II,
* Nikon Z50, Coolpix L810, KeyMission 170
* Canon PowerShot SX530HS, SX 620HS,
* Canon EOS 2000D, 1500D, R2, M6 Mark 2, 250D,
* Fuji X-A5, X-E3, GFX100
* GoPro Hero 7 White, 7 Silver, 7 Black, 8 Black
- lumix:
* New WIFI Lumix camera driver was added, using curl and libxml2.
Lots of abilities supported already, also capture preview.
However capture itself is not yet working.
This driver needs libxml2 and libcurl to be built.
- all:
* Selecting camera libraries has changed a bit.
- -camlibs=everything will select all and outdated drivers
- -camlibs=standard will select "current day" drivers
- -camlibs=standard,outdated will select "current day" and "outdated" drivers
You can now also use modifiers like +canon or -canon to enable/disable selected camera libraries.
The default is "standard", same as before.
* fixed some issues found by AFL fuzzing, mostly in "outdated" drivers.
* SECURITY.md: Small document added describing security properties of the library.
==== libmypaint ====
Version update (1.4.0 -> 1.5.0)
- Update to version 1.5.0:
* view zoom & view rotation.
* spectral color blending (pigment mode).
* new smudge settings: length multiplier, buckets, transparency.
* new symmetry modes: vertical, vertical+horizontal, rotational,
snowflake.
* adjustable angle for symmetry modes.
* optional multiple output rectangles (only relevant w. new
symmetry modes).
* Directional offsets are clamped to a maximum distance of 3 *
1080 pixels.
- Drop libmypaint-gegl-0.4.14.patch: fixed upstream.
- Drop libmypaint-gegl-shlib-version.patch: incorporated upstream.
- Drop libmypaint-bump-gegl-version.patch: only applicable hunk
moved to libmypaint-gegl-pkgconfig.patch; rest incorporated
upstream.
- Add libmypaint-gegl-pkgconfig.patch: In libmypaint-gegl.pc,
change Name to libmypaint-gegl to avoid conflict with
libmypaint.pc and Requires to depend on the correct version of
gegl and on libmypaint - not
libmypaint-@LIBMYPAINT_API_PLATFORM_VERSION@.
- No longer needed to run autoreconf/autogen.sh before configure
since patches that modified build files are dropped; also drop
libtool BuildRequires required only for autoreconf.
- Use autosetup to apply existing patch.
- Bump so version in keeping with upstream (1_5-1).
- Move libmypaint-gegl.pc file to libmypaint-gegl-devel package.
==== libuv ====
- Add baselibs.conf to generate 32bit lib needed for bind
==== lightdm-gtk-greeter-branding-openSUSE ====
- Use Greybird Geeko GTK theme by default. Already default in Xfce
and maintained by openSUSE members.
==== m17n-db ====
Subpackages: m17n-db-lang
- No longer recommend -lang: supplements are in use.
- Run spec-cleaner, modernize spec.
==== mariadb ====
Version update (10.3.20 -> 10.4.12)
Subpackages: libmariadbd19 mariadb-client mariadb-errormessages
- remove @VERSION@ from mariadb.service and mariadb@.service
- disable testing with rpm macros as it does not work as for 10.4,
needs to be investigated
- update suse_skipped_tests.list for ppc
- rename mariadb.rpmlintrc to mariadb-rpmlintrc
- for ppc install pam_user_map.so in /lib/security
- rename mariadb-10.2.12-harden_setuid.patch to
mariadb-10.4.12-harden_setuid.patch to match the correct version number.
- add mariadb-10.4.12-fix-install-db.patch to improve default behaviour of
mysql_install_db. This prevents performing security sensitive actions to
be performed but instead only warns the caller (bsc#1160868).
- update to 10.4.12
* release notes and changelog:
https://mariadb.com/kb/en/library/mariadb-10412-release-notes
https://mariadb.com/kb/en/library/mariadb-10412-changelog
https://mariadb.com/kb/en/library/mariadb-10411-release-notes
https://mariadb.com/kb/en/library/mariadb-10411-changelog
* fixes for the following security vulnerabilities:
CVE-2020-2574
* don't let mysql_install_db set SUID bit for auth_pam_tool
in rpm/deb packages CVE-2020-7221 [bsc#1160868]
- add mariadb-10.2.12-harden_setuid.patch to harden auth_pam_tool
setuid-root binary [bsc#1160285]
- pack pam_user_map.so module in the /%{_lib}/security directory
and user_map.conf configuration file in the /etc/security directory
- fix race condition with mysql_upgrade_info status file by moving
it to the location owned by root (/var/lib/misc) CVE-2019-18901
[bsc#1160895]
- move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade
to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't
use it for a symlink attack [bsc#1160912]
- change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be
SUSE/openSUSE independent
- enhance mariadb.service and mariadb@.service with various options
(Documentation=, User=, Group=, KillSignal=, SendSIGKILL=,
Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=,
ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878]
- mysql-systemd-helper: use systemd-tmpfiles instead of shell
script operations for a cleaner and safer creating of /run/mysql
[bsc#1160883]
- update to 10.4.10
* changes and improvements for 10.4
https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/
* fixes for the following security vulnerabilities: none
- pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow
is a symlink to mysqldumpslow and the like)
- refresh mariadb-10.2.4-fortify-and-O.patch
- update suse_skipped_tests.list
- _constraints: increase physicalmemory value
- package auth_pam_tool setuid binary properly
- add cracklib-password-check subpackage but do not build it right
now (cracklib-dict-full >= 2.9.0 is not available yet)
- add rcmariadb compat link
- add mariadb.rpmlintrc file
- do not move my_safe_process to bindir but use rpmlint
arch-dependent-file-in-usr-share exception for it (this file
is used just for the testing and it doesn't have to be in bindir
==== mutter ====
Subpackages: libmutter-5-0 mutter-data mutter-lang
- Rework mutter-fix-mesa20.patch: base it on mutter upstream commit
a444a4c.
- Add mutter-fix-mesa20.patch: fixes build against Mesa 20
(boo#1164688).
==== nut ====
Subpackages: libupsclient1 nut-cgi
- Remove obsolete chown from %post. We no more support upgrade from
SUSE Linux 9 (bsc#1157325).
==== perl-Glib ====
Version update (1.3291 -> 1.3292)
- Add manual license LGPL-2.1-or-later to cpanspec.yml
- updated to 1.3292
see /usr/share/doc/packages/perl-Glib/ChangeLog.pre-git
==== pesign-obs-integration ====
- 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch
Hard code signing of stage3.bin of s390-tools (bsc#1163524)
==== plasma5-pk-updates ====
Subpackages: plasma5-pk-updates-lang
- Add patch to avoid error messages for a locked db (boo#1161501):
* 0001-Don-t-show-an-error-for-a-failed-automatic-refresh.patch
==== plasma5-thunderbolt ====
Version update (5.18.1 -> 5.18.2)
Subpackages: plasma5-thunderbolt-lang
- Update to 5.18.2
* New bugfix release
* For more details please see:
* https://www.kde.org/announcements/plasma-5.18.2.php
- No code changes since 5.18.1
==== python-Jinja2 ====
Version update (2.10.3 -> 2.11.1)
- disable tests on 32bit archs
- update to 2.11.1
* Fix a bug that prevented looking up a key after an attribute
({{ data.items[1:] }}) in an async template
* Drop support for Python 2.6, 3.3, and 3.4. This will be the last version
to support Python 2.7 and 3.5.
* Added a new ChainableUndefined class to support getitem and getattr
on an undefined object.
* Allow {%+ syntax (with NOP behavior) when lstrip_blocks is disabled.
* Added a default parameter for the map filter.
* Exclude environment globals from meta.find_undeclared_variables().
* Float literals can be written with scientific notation, like 2.56e-3.
* Int and float literals can be written with the ?_? separator
for legibility, like 12_345.
* Fix a bug causing deadlocks in LRUCache.setdefault
* The trim filter takes an optional string of characters to trim.
* A new jinja2.ext.debug extension adds a {% debug %} tag to quickly dump
the current context and available filters and tests.
* Lexing templates with large amounts of whitespace is much faster.
* Parentheses around comparisons are preserved, so {{ 2 * (3 < 5) }} outputs
?2? instead of ?False?.
* Add new boolean, false, true, integer and float tests.
* The environment?s finalize function is only applied to the output of expressions
(constant or not), not static template data.
* When providing multiple paths to FileSystemLoader, a template can have
the same name as a directory.
* Always return Undefined when omitting the else clause in a {{ 'foo' if bar }}
expression, regardless of the environment?s undefined class. Omitting
the else clause is a valid shortcut and should not raise an error when using
StrictUndefined.
* Fix behavior of loop control variables such as length and revindex0 when
looping over a generator.
* Async support is only loaded the first time an environment enables it,
in order to avoid a slow initial import.
* In async environments, the |map filter will await the filter call if needed.
* In for loops that access loop attributes, the iterator is not advanced ahead
of the current iteration unless length, revindex, nextitem, or last are accessed.
This makes it less likely to break groupby results.
* In async environments, the loop attributes length and revindex work for async iterators.
* In async environments, values from attribute/property access will be awaited if needed.
* PackageLoader doesn?t depend on setuptools or pkg_resources.
* PackageLoader has limited support for PEP 420 namespace packages.
* Support os.PathLike objects in FileSystemLoader and ModuleLoader
* NativeTemplate correctly handles quotes between expressions. "'{{ a }}', '{{ b }}'"
renders as the tuple ('1', '2') rather than the string '1, 2'.
* Creating a NativeTemplate directly creates a NativeEnvironment instead
of a default Environment.
* After calling LRUCache.copy(), the copy?s queue methods point to the correct queue.
* Compiling templates always writes UTF-8 instead of defaulting to the system encoding.
* |wordwrap filter treats existing newlines as separate paragraphs to be wrapped
individually, rather than creating short intermediate lines.
* Add break_on_hyphens parameter to |wordwrap filter.
* Cython compiled functions decorated as context functions will be passed the context.
* When chained comparisons of constants are evaluated at compile time,
the result follows Python?s behavior of returning False if any comparison
returns False, rather than only the last one
* Tracebacks for exceptions in templates show the correct line numbers
and source for Python >= 3.7.
* Tracebacks for template syntax errors in Python 3 no longer show
internal compiler frames
* Add a DerivedContextReference node that can be used by extensions to get
the current context and local variables such as loop
* Constant folding during compilation is applied to some node types
that were previously overlooked
* TemplateSyntaxError.source is not empty when raised from an included template.
* Passing an Undefined value to get_template (such as through extends, import,
or include), raises an UndefinedError consistently. select_template will show
the undefined message in the list of attempts rather than the empty string.
* TemplateSyntaxError can be pickled.
==== python-cffi ====
Version update (1.13.2 -> 1.14.0)
Subpackages: python2-cffi python3-cffi
- Update to 1.14.0
* ffi.dlopen() can now be called with a handle (as a void *) to an already-opened C library.
* fixed a stack overflow issue for calls like lib.myfunc([large list]).
* fixed a memory leak inside ffi.getwinerror() on CPython 3.x.
==== python-pytz ====
Version update (2019.2 -> 2019.3)
Subpackages: python2-pytz python3-pytz
- Update to 2019.3
* IANA 2019c
==== remmina ====
Version update (1.4.0 -> 1.4.1)
Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp
- Update to release 1.4.1
* Bug-fix release
* SSH fixes, should fix #2094
* Update remmina_filezilla_sftp.sh
==== sysfsutils ====
- Fix compiler issues for this package, which hasn't been touched
in a while. Should be no functional change. Added patch:
* sysfsutils-fix-compiler-issues.patch
==== tpm2-0-tss ====
Version update (2.3.2 -> 2.3.3)
Subpackages: libtss2-esys0 libtss2-mu0 libtss2-sys0
- Update to version 2.3.3
* Fixed mixing salted and unsalted sessions in the same ESAPI
context
* Removed use of VLAs from TPML marshal code
* Added check for object node before calling compute_session_value
function
* Fixed auth calculation in Esys_StartAuthSession called with
optional parameters
* Fixed compute_encrypted_salt error handling in
Esys_StartAuthSession
* Fixed exported symbols map for libtss2-mu
==== tracker-miners ====
Subpackages: tracker-miner-files tracker-miners-lang
- Add upstream bug fix patches:
+ tracker-miners-set-cpu-io-nice.patches
+ tracker-miners-allow-settatr.patch
==== unbound ====
Version update (1.9.6 -> 1.10.0)
Subpackages: libunbound8 unbound-anchor
- update to 1.10.0
Features:
- Merge RPZ support into master. Only QNAME and Response IP triggers are
supported.
- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Merge #135 from Florian Obser: Use passed in neg and key cache
if non-NULL.
- Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance.
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
and Frzk. Updates the unbound.service systemd file and adds a portable
systemd service file.
- Merge PR#154; Allow use of libbsd functions with configure option
- -with-libbsd. By Robert Edmonds and Steven Chamberlain.
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
- Merge PR#156 from Alexander Berkes; Added unbound-control
view_local_datas_remove command.
Bug Fixes:
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
Florian Obser
- Update mailing list URL.
- Fix #140: Document slave not downloading new zonefile upon update.
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
The dl_iterate_phdr() function introduced in newer versions raises
compilation errors on solaris 10.
- Changes to compat/getentropy_solaris.c for,
ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion
for older systems.
- Fix 'make test' to work for --disable-sha1 configure option.
- Fix out-of-bounds null-byte write in sldns_bget_token_par while
parsing type WKS, reported by Luis Merino from X41 D-Sec.
- Updated sldns_bget_token_par fix for also space for the zero
delimiter after the character. And update for more spare space.
- Fix #138: stop binding pidfile inside chroot dir in systemd service
file.
- Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
because dnscrypt-proxy (2.0.36) does not support the test setup
any more, and also the config file format does not seem to have the
appropriate keys to recreate that setup.
- Fix crash after reload where a stats lookup could reference old key
cache and neg cache structures.
- Fix for memory leak when edns subnet config options are read when
compiled without edns subnet support.
- Fix auth zone support for NSEC3 records without salt.
- Merge PR#150 from Frzk: Systemd unit without chroot. It add
contrib/unbound_nochroot.service.in, a systemd file for use with
chroot: "", see comments in the file, it uses systemd protections
instead. It was superceded by #151, the unbound_portable.service
file.
- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
to Libs/Requires for crypto library dependencies.
- iana portlist updated.
- Fix to silence the tls handshake errors for broken pipe and reset
by peer, unless verbosity is set to 2 or higher.
- Merge PR#147; change rfc reference for reserved top level dns names.
- Fix #157: undefined reference to `htobe64'.
- Fix subnet tests for disabled DSA algorithm by default.
- Update contrib/fastrpz.patch for clean diff with current code.
- updated .gitignore for added contrib file.
- Add build rule for ipset to Makefile
- Add getentropy_freebsd.o to Makefile dependencies.
- Fix memory leak in error condition remote.c
- Fix double free in error condition view.c
- Fix memory leak in do_auth_zone_transfer on success
- Stop working on socket when socket() call returns an error.
- Check malloc return values in TLS session ticket code
- Fix fclose on error in TLS session ticket code.
- Add assertion to please static analyzer
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
- Fix num_reply_addr counting in mesh and tcp drop due to size
after serve_stale commit.
- Fix to create and destroy rpz_lock in auth_zones structure.
- Fix to lock zone before adding rpz qname trigger.
- Fix to lock and release once in mesh_serve_expired_lookup.
- Fix to put braces around empty if body when threading is disabled.
- Fix num_reply_states and num_detached_states counting with
serve_expired_callback.
- Cleaner code in mesh_serve_expired_lookup.
- Document in unbound.conf manpage that configuration clauses can be
repeated in the configuration file.
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes #163.
- Fix with libnettle make test with dsa disabled.
- Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale
fixes, but it does not compile, conflicts with new rpz code.
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
- Fix compile warning when threads disabled.
- Fix spelling in unbound.conf.5.in.
- Stop unbound-checkconf from insisting that auth-zone and rpz
zonefiles have to exist. They can not exist, and download later.
- contrib/drop2rpz: perl script that converts the Spamhaus DROP-List
in RPZ-Format, contributed by Andreas Schulze.
- Remove unused variable.
- Add respip to supported module-config options in unbound-checkconf.
- Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for
Unbound from Yuri Voinov.
==== v4l2loopback ====
- Added v4l2loopback-dont_use_timeval.patch and
v4l2loopback-drop_cast_to_time_t.patch (fix boo#1164757)
==== vim ====
Version update (8.2.0257 -> 8.2.0314)
Subpackages: gvim vim-data vim-data-common
- Updated to version 8.2.0314, fixes the following problems
- refreshed vim-7.3-filetype_spec.patch
* Cannot recognize a terminal in a popup window.
* ModifyOtherKeys cannot be temporarily disabled.
* Terminal in popup test sometimes fails.
* Several lines of code are duplicated.
* Some code not covered by tests.
* Fileformat test fails on MS-Windows.
* A few new Vim9 messages are not localized.
* Fileformat test still fails on MS-Windows.
* "eval" after "if 0" doesn't check for following command.
* Terminal in popup test sometimes fails on Mac.
* No check for a following command when calling a function fails.
* Trycatch test fails.
* Vim9: operator after list index does not work. (Yasuhiro Matsumoto)
* Some code not covered by tests.
* The "num64" feature is available everywhere and building without it
causes problems.
* ":helptags ALL" gives error for directories without write
permission. (Mat?j Cepl)
* Hang with combination of feedkeys(), Ex mode and :global. (Yegappan
Lakshmanan)
* Some Ex code not covered by tests.
* Vim9: not allowing space before ")" in function call is too
restrictive. (Ben Jackson)
* Vim9: not all instructions covered by tests.
* Channel test is flaky on Mac.
* Vim9: no test for deleted :def function.
* Vim9: throw in :def function not caught higher up.
* Two placed signs in the same line are not combined. E.g. in the terminal
debugger a breakpoint and the PC cannot be both be displayed.
* Vim9: setting number option not tested.
* Vim9: failing to load script var not tested.
* Vim9: assignment test fails.
* Unused error message. Cannot create s:var.
* Cannot use popup_close() for a terminal popup.
* Vim9: return in try block not tested; catch with pattern not tested.
* Vim9: some float and blob operators not tested.
* Vim9: :echo did not clear the rest of the line.
* Running individual test differs from all tests.
* Vim9: assigning [] to list<string> doesn't work.
* Vim9: CHECKNR and CHECKTYPE instructions not tested.
* Various Ex commands not sufficiently tested.
* Cannot use Ex command that is also a function name.
* Highlighting for :s wrong when using different separator.
* Mixing up "long long" and __int64 may cause problems. (John Marriott)
* Compiler warnings for the Ruby interface.
* Vim9 script: cannot start command with a string constant.
* Vim9: ISN_STORE with argument not tested. Some cases in tv2bool()
not tested.
* Vim9: expression test fails without channel support.
* Insufficient testing for exception handling and the "attention" prompt.
* Setting 'term' may cause error in TermChanged autocommand.
* TermChanged test fails in the GUI.
* Terminal test if failing on some systems.
* Relativenumber test fails on some systems. (James McCoy)
* Vim9: :substitute(pat(repl does not work in Vim9 script.
* Python 3 vim.eval not well tested.
* 'showbreak' does not work for a very long line. (John Little)
* Window-local values have confusing name.
* Autocmd test fails on a slow system.
* Short name not set for terminal buffer.
==== wayland ====
Version update (1.17.0 -> 1.18.0)
Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0
- Replace public key in keyring with
34FF9526CFEF0E97A340E2E40FDE7BE0E88F5E48
(Simon Ser <contact at emersion.fr>).
- Update to release 1.18
* Add API to tag proxy objects to allow applications and
toolkits to share the same Wayland connection
* Track wayland-server timers in user-space to prevent creating
too many FDs
* Add wl_global_remove, a new function to mitigate race
conditions with globals
==== wireguard ====
Version update (0.0.20200214_k5.5.5_1 -> 0.0.20200215_k5.5.5_1)
- Update to version 0.0.20200215
* send: cleanup skb padding calculation
* socket: remove useless synchronize_net
==== wpebackend-fdo ====
Version update (1.4.0 -> 1.4.1)
- Update to version 1.4.1 (boo#1164688):
+ Fix build failures with recent compiler versions due to missing
function declarations.
- Drop memset-prototype.patch: fixed upstream.
==== xen ====
Version update (4.13.0_06 -> 4.13.0_08)
Subpackages: xen-libs xen-tools xen-tools-domU
- bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate
past the ERET instruction
5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch
- bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch
hardening
5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch
- Upstream bug fixes (bsc#1027519)
5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch
5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch
5e318cd4-x86-apic-fix-disabling-LVT0.patch
5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch
5e3bd385-EFI-recheck-variable-name-strings.patch
5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch
5e3bd3f8-xmalloc-guard-against-overflow.patch
5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch
5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch
5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch
- bsc#1159755 - use fixed qemu-3.1 machine type for HVM
This must be done in qemu to preserve PCI layout
remove libxl.lock-qemu-machine-for-hvm.patch
- jsc#SLE-10183 - script to calculate cpuid= mask
add helper script from https://github.com/twizted/xen_maskcalc
domUs may be migrated between different cpus from the same vendor
if their visible cpuid value has incompatible feature bits masked.
- jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains
add helper script and systemd service from
https://github.com/luizluca/xen-tools-xendomains-wait-disk
in new sub package xen-tools-xendomains-wait-disk
See included README for usage instructions
xendomains-wait-disks.LICENSE
xendomains-wait-disks.README.md
xendomains-wait-disks.sh
==== xkbcomp ====
Version update (1.4.2 -> 1.4.3)
- Update to version 1.4.3
* Update configure.ac bug URL for gitlab migration
* configure: Remove unused AC_SUBST([REQUIRED_MODULES])
* pkgconfig: Remove unneeded Requires.private
* Suppress high-keycode warnings at the default warning level
* xkbcomp Fix missing support for "affect" and incorrect modifier
handling for ISOLock
* Don't compare with string literals
* Fix invalid error report on F_Accel field
* Error out if we have no default path
==== xtables-addons ====
Version update (3.8_k5.5.5_1 -> 3.9_k5.5.5_1)
- Update to release 3.9
* Support for Linux 5.6 [boo#1164758]