Packages changed:
ImageMagick (7.0.10.13 -> 7.0.10.18)
alsa (1.2.2 -> 1.2.3)
alsa-ucm-conf (1.2.2 -> 1.2.3)
alsa-utils (1.2.2 -> 1.2.3)
audit
busybox-links
ceph (15.2.0.108+g8cf4f02b08 -> 15.2.3.252+gf2237253cd)
cogl (1.22.6 -> 1.22.8)
dracut (050+suse.65.ge1e64674 -> 050+suse.66.g76431c83)
drbd (9.0.22~1+git.fe2b5983 -> 9.0.23~1+git.d16bfab7)
elementary-xfce-icon-theme (0.15+git6.098bd333 -> 0.15+git8.ae895abc)
evince (3.36.2 -> 3.36.3)
ffmpeg-4 (4.2.2 -> 4.2.3)
fonts-config (20190119 -> 20200609+git0.42e2b1b)
ghostscript-fonts
git (2.26.2 -> 2.27.0)
gmp
gnome-software
gnutls (3.6.13 -> 3.6.14)
gstreamer
hunspell
hwdata (0.335 -> 0.336)
icedtea-web (1.7.2 -> 1.8)
icu
iptraf-ng (1.1.4 -> 1.2.0)
konsole
krb5 (1.18.1 -> 1.18.2)
ksysguard5 (5.19.0 -> 5.19.0.1)
libgpg-error (1.37 -> 1.38)
libjcat (0.1.2 -> 0.1.2+3)
libksysguard5 (5.19.0 -> 5.19.0.1)
libnftnl (1.1.6 -> 1.1.7)
libosinfo (1.7.1 -> 1.8.0)
libqt5-qtbase
librsvg (2.48.4 -> 2.48.7)
libseccomp (2.4.2 -> 2.4.3)
libupnp
libxml2
libxml2-python
libzip (1.6.1 -> 1.7.0)
man
man-pages (5.06 -> 5.07)
memcached (1.6.5 -> 1.6.6)
mozjs68 (68.7.0 -> 68.9.0)
multipath-tools (0.8.4+31+suse.8f53764 -> 0.8.4+43+suse.908383f)
ncurses (6.2.20200502 -> 6.2.20200531)
newt
nfs-utils
nftables (0.9.4 -> 0.9.5)
nodejs-common (3.0 -> 4.0)
open-iscsi
openssh (8.1p1 -> 8.3p1)
osinfo-db (20200214 -> 20200529)
package-update-indicator
patterns-base
perl
perl-CGI (4.48 -> 4.49)
perl-Date-Manip (6.81 -> 6.82)
perl-libwww-perl (6.44 -> 6.45)
permissions (1550_20200520 -> 1550_20200526)
pidgin (2.13.0 -> 2.14.0)
postgresql
postgresql12 (12.2 -> 12.3)
pulseaudio
purge-kernels-service
python
python-base
python-greenlet (0.4.15 -> 0.4.16)
python-passlib
python-ptyprocess
python-rpm-macros (20200207.5feb6c1 -> 20200529.b301e36)
python3
python3-base
redis (6.0.4 -> 6.0.5)
remmina (1.4.5 -> 1.4.6)
rubygem-nokogiri
schily
shadow
sqlite3 (3.31.1 -> 3.32.2)
sssd (2.2.3 -> 2.3.0)
strace (5.6 -> 5.7)
suse-module-tools (15.3.2 -> 15.3.3)
systemd
texlive
timezone
timezone-java
uchardet (0.0.6 -> 0.0.7)
ucode-intel (20191115 -> 20200609)
vim
virtualbox (6.1.8 -> 6.1.10)
wireless-regdb
wireshark
xdg-utils (1.1.3+20190413 -> 1.1.3+20200220)
xdm
xen
xf86-input-wacom
xterm
yast2 (4.3.5 -> 4.3.6)
yast2-add-on (4.3.0 -> 4.3.1)
yast2-bootloader (4.3.3 -> 4.3.5)
yast2-installation (4.3.1 -> 4.3.2)
yast2-kdump (4.3.0 -> 4.3.1)
yast2-proxy (4.3.0 -> 4.3.1)
=== Details ===
==== ImageMagick ====
Version update (7.0.10.13 -> 7.0.10.18)
Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7
- version update to 7.0.10.18
* Colorspace change will remove ICC profile (reference
https://github.com/ImageMagick/ImageMagick6/issues/82).
- version update to 7.0.10.17
* Free up memory after a ICC profile is removed.
- version update to 7.0.10.16
* Don't check for incompatible ICC profiles when writing PDF images, instead
the user is expected to provide compatible image colorspaces or strip the
ICC profile with, for example, the -strip option.
* Clipping was not returning expected results (reference
https://github.com/ImageMagick/ImageMagick/discussions/2061).
* Don't write a ICC profile to PDF if the image is gray (reference
https://github.com/ImageMagick/ImageMagick/issues/2070).
==== alsa ====
Version update (1.2.2 -> 1.2.3)
Subpackages: libasound2 libasound2-32bit libatopology2
- Update to alsa-lib 1.2.3:
including previous fixes, see the detailed changes at:
https://www.alsa-project.org/wiki/Detailed_changes_v1.2.2_v1.2.3
- Drop obsoleted patches:
0001-conf-change-the-order-of-PCM-devices-in-alsa.conf.patch
0002-conf-namehint-add-omit_noargs-to-the-hint-section.patch
0003-Change-PCM-device-number-of-Asus-Xonar-U5.patch
0004-configure-add-embed-for-python3-config-python-3.8.patch
0005-conf-USB-Audio-Add-C-Media-USB-Headphone-Set-to-the-.patch
0006-topology-add-back-asrc-to-widget_map-in-dapm.c.patch
0007-ucm-clarify-the-index-syntax-for-the-device-names.patch
0008-ucm-fix-uc_mgr_scan_master_configs.patch
0009-namehint-remember-the-direction-from-the-upper-level.patch
0010-conf-fix-namehint-for-pcm.front-and-pcm.iec958.patch
0011-pcm-add-chmap-option-to-route-plugin.patch
0012-usecase-allow-indexes-also-for-modifier-names.patch
0013-ucm-fix-the-device-remove-operation.patch
0014-ucm-fix-copy-n-paste-typo-RemoveDevice-list.patch
0015-pcm-dmix-fix-sw_params-handling-of-timestamp-types-i.patch
0016-conf-USB-Audio-Fix-S-PDIF-output-of-ASUS-Xonar-AE.patch
0017-pcm-rate-fix-the-remaining-size-calculation-in-snd_p.patch
0018-use-case.h-add-USB-as-allowed-device-name.patch
0019-topology-Use-bool-parser-to-parse-boolean-value.patch
0020-fix-infinite-draining-of-the-rate-plugin-in-SND_PCM_.patch
0021-test-pcm_min-add-snd_pcm_drain-call-and-indentation-.patch
==== alsa-ucm-conf ====
Version update (1.2.2 -> 1.2.3)
- Update to alsa-ucm-conf 1.2.3:
including previous fixes, see the detailed changes at:
https://www.alsa-project.org/wiki/Detailed_changes_v1.2.2_v1.2.3
- Dropped obsoleted patches:
0001-sof-bdw-rt5677-initial-port-to-UCM2.patch
0002-ucm2-treewide-JackHWMute-fixes.patch
0003-sof-hda-dsp-Support-systems-without-integrated-graph.patch
0004-hda-dsp-add-basic-ucm-config.patch
0005-update-README-files.patch
0006-bytcr-rt5651-Fix-dmic-check-in-HiFi-Components.conf.patch
0007-chtrt5645-Add-ASUSTeKCOMPUTERINC.-T100HAN-1.0-symlin.patch
0008-chtrt5645-Add-MEDION-E1239TMD60568-0.1-Wingman.conf-.patch
0009-chtrt5645-Remove-bogus-JackHWMute-settings.patch
0010-sof-hda-dsp-change-Headphones2-to-Mic2.patch
0011-ucm2-remove-empty-enable-disable-sequence-sections.patch
0012-ucm2-fix-indentation-use-tabs.patch
0013-Add-initial-support-for-Realtek-ALC1220-TRX40-mother.patch
0014-ucm2-fix-chtrt5650-configuration-ucm-validator.patch
0015-bytcr-rt5651-fix-the-cfg-mic-in1-cfg-mic-in12-match-.patch
0016-ucm-fix-wrong-If-in-sequence-in-HiFi-dual.conf.patch
0100-ucm2-Add-profile-for-Chromebook-Asus-C300.patch
==== alsa-utils ====
Version update (1.2.2 -> 1.2.3)
- Update to alsa-utils 1.2.3:
including previous fixes, see the detailed changes at:
https://www.alsa-project.org/wiki/Detailed_changes_v1.2.2_v1.2.3
- Dropped obsoleted patches:
0001-alsaloop-reduce-cumulative-error-caused-by-non-atomi.patch
0002-alsactl-don-t-exit-on-EINTR-from-epoll_wait.patch
0003-alsactl-avoid-needless-wakeups-in-monitor-loop.patch
0004-alsactl-fix-error-handling-for-sched_setscheduler-ca.patch
0005-alsa-info.sh-add-ALT-to-DISTRO-list.patch
0006-alsa-info-initial-rpm-deb-package-info.patch
0007-alsa-info.sh-increase-version-to-0.4.65.patch
==== audit ====
Subpackages: audit-devel libaudit1 libaudit1-32bit libauparse0
- Fix specfile to require libauparse0 and libaudit1 after splitting
audit-libs (bsc#1172295)
==== busybox-links ====
Subpackages: busybox-coreutils busybox-findutils busybox-gawk busybox-grep busybox-psmisc busybox-sed busybox-tar busybox-xz
- Add conflicts: mawk to busybox-gawk
==== ceph ====
Version update (15.2.0.108+g8cf4f02b08 -> 15.2.3.252+gf2237253cd)
Subpackages: librados2 librbd1
- Up ceph-test disk constraint to address "no space left on device"
build error seen in OBS
- Update to 15.2.3-252-gf2237253cd:
+ rebase on tip of upstream "octopus" branch, SHA1 22279597fa9ca40ba2f05af9f186a99ce73a6047
* upstream v15.2.3 release
https://ceph.io/releases/v15-2-3-octopus-released/
- Update to 15.2.2-60-gf5864377ab:
+ rebase on tip of upstream "octopus" branch, SHA1 9e890709ef53ce29006c6fc754dd80e25df186d0
- Update to 15.2.2-18-g1dbcddb5d8:
+ rebase on tip of upstream "octopus" branch, SHA1 0c857e985a29d90501a285f242ea9c008df49eb8
* Upstream v15.2.2 release
https://ceph.io/releases/v15-2-2-octopus-released/
* mon, mgr: require all caps for pre-octopus tell commands (bsc#1170021, CVE-2020-10736)
- Update to 15.2.1-277-g17d346932e:
+ rebase on tip of upstream "octopus" branch, SHA1 752b293586d0c8749483e60e43c7a98c1e0d7b19
* rpm: drop "is_opensuse" conditional in SUSE-specific bcond block
(jsc#SLE-11802)
- Update to 15.2.1-246-g66cd0e5497:
+ rebase on tip of upstream "octopus" branch, SHA1 939661f696d3d9eb4d31e998a3ad1487852a4741
- Update to 15.2.1-16-gb3a86250a6:
+ rebase on tip of upstream "octopus" branch, SHA1 9fd2f65f91d9246fae2c841a6222d34d121680ee
* upstream 15.2.1 release
https://ceph.io/releases/v15-2-1-octopus-released/
+ fix Nonce reuse in msgr V2 secure mode (bsc#1166403, CVE-2020-1759)
+ prevent RGW GetObject header-splitting XSS (bsc#1166484, CVE-2020-1760)
==== cogl ====
Version update (1.22.6 -> 1.22.8)
Subpackages: cogl-lang libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0
- Update to version 1.22.8:
+ Fix building against libglvnd-provided EGL headers.
+ Stop checking the Automake version.
+ Fix compiler warnings with GCC ? 9.
+ Ensure we don't close the same X display twice.
+ Test suite fixes.
+ Free pipeline state last.
- Drop cogl-fix-mesa20.patch: Fixed upstream. Following this, drop
libtool BuildRequires and autoreconf call, no longer needed.
==== dracut ====
Version update (050+suse.65.ge1e64674 -> 050+suse.66.g76431c83)
- Update to version 050+suse.66.g76431c83:
* 95iscsi: fix missing space when compiling cmdline args (bsc#1172816)
==== drbd ====
Version update (9.0.22~1+git.fe2b5983 -> 9.0.23~1+git.d16bfab7)
Subpackages: drbd-kmp-default
- bsc#1172761, Update to drbd-9.0.23-1
* fix a deadlock (regression introduced in 9.0.22) that can happen when
new current UUID is generated while a connection gets established
* Do not create a new data generation if the node has
'allow-remote-read = no' set, is primary, and the local disk fails
(because it has no access to good data anyome)
* fix a deadlock (regression introduced in 9.0.22) that can be
triggered if a minor is added into a resource with an established
connection
* generate new UUID immediately if a primary loses a disk due to an IO
error
* fix read requests on diskless nodes that hit a read error on a
diskful node; the retry on another diskful node works, but a bug
could lead to a log-storm on the diskless node
* fix removal of diskless nodes from clusters with quorum enabled
(initiated from the diskless itself)
* fix wrongly declined state changes if connections are established
concurrently
* fix continuation of initial resync; before that the initial resync
always started from the beginning if it was interrupted
* use rwsem _non_owner() operations to avoid false positives of
lock-dep when running on a debug kernel
* fix a sometimes missed resync if only a diskless node was primary
since the day0 UUID
* fix a corner case where a SyncSource node does not recognise
that a SyncTarget node declared the resync as finished
* update compat up to Linux 5.6
- Remove patch without_pr_warning.patch since change in 7e6a20f7
- jsc#11801, enable buildrt for Leap15.2 but Tumbleweed.
==== elementary-xfce-icon-theme ====
Version update (0.15+git6.098bd333 -> 0.15+git8.ae895abc)
- Update to version 0.15+git8.ae895abc:
* Fixed nm-applet icon in notification bubble and vpn indicator
lock (issue #212)
* Fixed several contrast problems and added new colored
software-update icons
==== evince ====
Version update (3.36.2 -> 3.36.3)
Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0
- Update to version 3.36.3:
+ pdf: Revert "support 'de facto' tooltip feature"
(glgo#GNOME/evince#1414). Reopens issues
(glgo#GNOME/evince#1409 and glgo#GNOME/evince#1410).
==== ffmpeg-4 ====
Version update (4.2.2 -> 4.2.3)
Subpackages: libavcodec58 libavdevice58 libavfilter7 libavformat58 libavresample4 libavutil56 libpostproc55 libswresample3 libswscale5
- Update to version 4.2.3:
* Stable bug fix release, mainly codecs and format fixes.
- Drop 0001-avcodec-cbs_jpeg-Check-length-for-SOS.patch: Fixed
upstream.
==== fonts-config ====
Version update (20190119 -> 20200609+git0.42e2b1b)
- Add a _service file
- Add code in %post to check the value of
FORCE_MODIFY_DEFAULT_FONT_SETTINGS_IN_NEXT_UPDATE and if it's
set to yes, empty or it doesn't exist, then update the values
of FORCE_HINTSTYLE, USE_LCDFILTER and USE_RGBA in
/etc/sysconfig/fonts-config to use the default settings
established in the 20181211 release (boo#1172022)
- Update to 20200609+git0.42e2b1b:
* Add variable to allow fonts-config to update default settings
* Fix en-US, en-GB font matching
==== ghostscript-fonts ====
Subpackages: ghostscript-fonts-other ghostscript-fonts-std
- Add a ghostscript-fonts-std-converted subpackage with fonts from
ghostscript-fonts-std converted to TrueType format (boo#1169444)
==== git ====
Version update (2.26.2 -> 2.27.0)
Subpackages: git-core git-cvs git-daemon git-email git-gui git-svn git-web gitk
- git 2.27.0:
* "git describe" will always use the "long" version when giving
its output based misplaced tags
* "git pull" issues a warning message until the pull.rebase
configuration variable is explicitly given
* The transport protocol version 2, which was promoted to the
default in Git 2.26 release, turned out to have some remaining
rough edges, so it has been demoted from the default
* A handful of options to configure SSL when talking to proxies
have been added
* Smudge/clean conversion filters are now given more information
* many bug fixes, improvements, and additional workflow options
- drop upstreamed patches:
* 0001-fetch-pack-return-enum-from-process_acks.patch
* 0002-fetch-pack-in-protocol-v2-in_vain-only-after-ACK.patch
* 0003-fetch-pack-in-protocol-v2-reset-in_vain-upon-ACK.patch
- drop unneeded patches:
* 0001-DOC-Move-to-DocBook-5-when-using-asciidoctor.patch
* 0002-Also-use-DocBook-5-stylesheet-when-generating-HTML-o.patch
==== gmp ====
Subpackages: gmp-devel libgmp10 libgmp10-32bit libgmpxx4
- correct license statement (library itself is no GPL-3.0)
==== gnome-software ====
Subpackages: gnome-software-lang
- Add gnome-software-failed-offline-update-notification.patch:
plugin-loader: handle offline update errors properly(bsc#1161095,
glgo#GNOME/gnome-software!471).
==== gnutls ====
Version update (3.6.13 -> 3.6.14)
Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-32bit libgnutls30-hmac
- Fix a memory leak that could lead to a DoS attack against Samba
servers (bsc#1172663)
* add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
- Temporarily disable broken guile reauth test (bsc#1171565)
* add gnutls-temporarily_disable_broken_guile_reauth_test
- Update to 3.6.14
* libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
The TLS server would not bind the session ticket encryption key with a
value supplied by the application until the initial key rotation, allowing
attacker to bypass authentication in TLS 1.3 and recover previous
conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
[GNUTLS-SA-2020-06-03, CVSS: high]
* libgnutls: Fixed handling of certificate chain with cross-signed
intermediate CA certificates (#1008). (bsc#1172461)
* libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
* libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
(2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
Key Identifier (AKI) properly (#989, #991).
* certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
* libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
Also both accelerated and non-accelerated implementations check key block
according to FIPS-140-2 IG A.9 (!1233).
* libgnutls: Added support for AES-SIV ciphers (#463).
* libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
* libgnutls: No longer use internal symbols exported from Nettle (!1235)
* API and ABI modifications:
GNUTLS_CIPHER_AES_128_SIV: Added
GNUTLS_CIPHER_AES_256_SIV: Added
GNUTLS_CIPHER_AES_192_GCM: Added
gnutls_pkcs7_print_signature_info: Added
- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
the keyring
- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
==== gstreamer ====
Subpackages: gstreamer-lang gstreamer-utils libgstreamer-1_0-0 typelib-1_0-Gst-1_0
- adjust / ship more 32bit stuff for Wine usage (bsc#1172304)
==== hunspell ====
Subpackages: hunspell-tools libhunspell-1_7-0
- security update
- added patches
fix CVE-2019-16707 [bsc#1151867], invalid read operation in SuggestMgr:leftcommonsubstring in suggestmgr.cxx
+ hunspell-CVE-2019-16707.patch
==== hwdata ====
Version update (0.335 -> 0.336)
- Update to version 0.336:
+ Updated pci, usb and vendor ids.
==== icedtea-web ====
Version update (1.7.2 -> 1.8)
Subpackages: icedtea-web-javadoc
- Update to 1.8.0
* added support for javafx-desc and so allowing run of pure javafx
only applications
* --nosecurity enhanced for possibility to skip invalid signatures
* enhanced to allow resources to be read also from j2se/java
element (OmegaT)
* PR3644 - java.lang.NoClassDefFoundError: Could not initialize
class net.sourceforge.jnlp.runtime
.JNLPRuntime$DeploymentConfigurationHolder
* deployment.config now support generic url instead just file
* Added support for windows desktop shortcuts via
https://github.com/DmitriiShamrikov/mslinks
* cache can now be operated by groups, list by -Xcacheids (details
via -verbose, can filter by regex), Xclearcache now can clear
only selected id. There is also gui to operate cache via id in
itweb-settings now.
* desktop shortcut name get shortened to title or file if title is
missing.
* shared native launchers
* scripted launchers rework: Windows bat launchers rewritten to be
feature complete, Linux shell launchers made portable, build
enhanced to produce platform independent image
==== icu ====
Subpackages: libicu67 libicu67-ledata
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
==== iptraf-ng ====
Version update (1.1.4 -> 1.2.0)
- Update to release 1.2.0
* A set of minor bugfixes.
* Fix CPU hogging if the interface gets removed [rhbz#1572750]
- Drop iptraf-ng-1.1.4-fix-Floating-point-exception-in-tcplog_flowra.patch,
build-use-wide-version-of-lpanel-when-needed.patch,
0001-ifstats-make-sort-by-ifname-the-only-mode-of-operati.patch
(merged)
- Add 0001-Revert-TPACKET_V3-mlock-mmap-ed-address-space-into-R.patch
==== konsole ====
Subpackages: konsole-part konsole-part-lang
- Add upstream patches to fix possible crash when closing a session
in KonsolePart (boo#1169408, kde#420817, kde#420695, kde#415762):
* Fix-crash-when-closing-session-in-KonsolePart-via-menu.patch
* Fix-konsolepart-segfault-when-closing-after-showing-context-menu.patch
==== krb5 ====
Version update (1.18.1 -> 1.18.2)
Subpackages: krb5-32bit krb5-client
- Update to 1.18.2
* Fix a SPNEGO regression where an acceptor using the default credential
would improperly filter mechanisms, causing a negotiation failure.
* Fix a bug where the KDC would fail to issue tickets if the local krbtgt
principal's first key has a single-DES enctype.
* Add stub functions to allow old versions of OpenSSL libcrypto to link
against libkrb5.
* Fix a NegoEx bug where the client name and delegated credential might
not be reported.
- Update logrotate script, call systemd to reload the services
instead of init-scripts. (boo#1169357)
- Don't add the lto flags to the public link options. (boo#1172038)
==== ksysguard5 ====
Version update (5.19.0 -> 5.19.0.1)
Subpackages: ksysguard5-lang
- Update to 5.19.0.1
* New bugfix release
- Changes since 5.19.0:
* Use new name for dbus interface too
* Don't prefix value output with mount point
==== libgpg-error ====
Version update (1.37 -> 1.38)
Subpackages: libgpg-error0 libgpg-error0-32bit
- Update to 1.38:
* New option parser features to implement system wide
configuration files
* New functions to build file names
* New function to help reallocating arrays
* Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
gawk5.patch
==== libjcat ====
Version update (0.1.2 -> 0.1.2+3)
- Update to version 0.1.2+3:
* Validate that gpgme_op_verify_result() returned at least one
signature (CVE-2020-10759).
==== libksysguard5 ====
Version update (5.19.0 -> 5.19.0.1)
Subpackages: libksysguard5-helper libksysguard5-imports libksysguard5-lang
- Update to 5.19.0.1
* New bugfix release
- Changes since 5.19.0:
* Use new name for dbus interface
==== libnftnl ====
Version update (1.1.6 -> 1.1.7)
- Update to release 1.1.7
* udata: add NFTNL_UDATA_SET_DATA_INTERVAL
==== libosinfo ====
Version update (1.7.1 -> 1.8.0)
Subpackages: libosinfo-1_0-0 libosinfo-lang typelib-1_0-Libosinfo-1_0
- Update to version 1.8.0
Changes in this release include:
* Several CI improvements
* Several release scripts improvements
* Several translations improvements
* Several syntax-check improvements
* Code cleanup in order to modernize the GObject usage
* Add API to get whether a firmware is supported or not
* Add API to get "cloud-image-username"
==== libqt5-qtbase ====
Subpackages: libQt5Concurrent5 libQt5Core5 libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-mysql libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk3
- Add patch to fix tool menu placement (boo#1172754, QTBUG-84462):
* 0001-Fix-QToolButton-menus-showing-on-primary-screens-in-.patch
==== librsvg ====
Version update (2.48.4 -> 2.48.7)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 librsvg-lang rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.48.7:
+ Fix failing tests.
- Update to version 2.48.6:
+ Fix build on big-endian machines.
- Update to version 2.48.5:
+ Support multiple fonts in the font-family property. Previously
in font-family="Foo, Bar, Baz" only Foo would get used.
+ Catch overflow when rendering files with a huge viewBox.
+ Don't panic with an empty objectBoundingBox for a mask.
+ Fix introspection data for rsvg_handle_set_stylesheet.
+ Fixes to the librsvg_crate documentation.
+ Loading raster images for inclusion in an SVG and producing
GdkPixbufs is now faster.
==== libseccomp ====
Version update (2.4.2 -> 2.4.3)
- Update to release 2.4.3
* Add list of authorized release signatures to README.md
* Fix multiplexing issue with s390/s390x shm* syscalls
* Remove the static flag from libseccomp tools compilation
* Add define for __SNR_ppoll
* Fix potential memory leak identified by clang in the
scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
SNR_ppoll.patch (merged)
==== libupnp ====
Subpackages: libixml11 libupnp16
- Add 0001-Fixes-177-NULL-pointer-dereference-in-FindServiceCon.patch
[boo#1172625]
==== libxml2 ====
Subpackages: libxml2-2 libxml2-2-32bit libxml2-tools
- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]
- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
* Add patch libxml2-CVE-2019-19956.patch
==== libxml2-python ====
- Fix invalid xmlns references since the fix for CVE-2019-19956 [bsc#1172021]
- Revert upstream commit 5a02583c7e683896d84878bd90641d8d9b0d0549
* Add patch libxml2-CVE-2019-19956.patch
==== libzip ====
Version update (1.6.1 -> 1.7.0)
- libzip 1.7.0:
* Add support for encrypting using traditional PKWare encryption
* Add functions for querying supported compression and encryption
methods
* Add the ZIP_SOURCE_GET_FILE_ATTRIBUTES` source command
* Refactor stdio file backend
* Add CMake find_project() support
==== man ====
- Switch to user:group man:man within mandb.service (boo#1172575)
==== man-pages ====
Version update (5.06 -> 5.07)
- version update to 5.07
New and rewritten pages
- ----------------------
ioctl_fslabel.2
New page documenting filesystem get/set label ioctl(2) operations
Removed pages
- ------------
ioctl_list.2
This page was first added more than 20 years ago. Since
that time it has seen hardly any update, and is by now
very much out of date, as reported by Heinrich Schuchardt
and confirmed by Eugene Syromyatnikov.
Newly documented interfaces in existing pages
- --------------------------------------------
adjtimex.2
Document clock_adjtime(2)
clock_getres.2
Explain dynamic clocks
clone.2
Document the clone3() CLONE_INTO_CGROUP flag
mremap.2
Document MREMAP_DONTUNMAP
open.2
Document fs.protected_fifos and fs.protected_regular
prctl.2
Add PR_SPEC_INDIRECT_BRANCH for SPECULATION_CTRL prctls
Add PR_SPEC_DISABLE_NOEXEC for SPECULATION_CTRL prctls
Add PR_PAC_RESET_KEYS (arm64)
ptrace.2
Document PTRACE_SET_SYSCALL
proc.5
Document /proc/sys/fs/protected_regular
Document /proc/sys/fs/protected_fifos
Document /proc/sys/fs/aio-max-nr and /proc/sys/fs/aio-nr
- deleted patches
- man-pages-remove-ioctl_list-reference.patch (upstreamed)
==== memcached ====
Version update (1.6.5 -> 1.6.6)
- update to 1.6.6:
* Fix crash on shutdown when handling signals with TLS enabled
* Disable aarch64 hw crc32 function for now
* Pull in BigEndian-compatible crc32c
* minimum libevent version is 2.x
==== mozjs68 ====
Version update (68.7.0 -> 68.9.0)
- Update to version 68.9.0esr:
* CVE-2020-12399: Timing attack on DSA signatures in NSS library
* CVE-2020-12405: Use-after-free in SharedWorkerService
* CVE-2020-12406: JavaScript Type confusion with NativeTypes
* CVE-2020-12410: Memory safety bugs fixed in Firefox 77 and
Firefox ESR 68.9
- Changes from version 68.8.0esr:
* CVE-2020-12387: Use-after-free during worker shutdown
* CVE-2020-12388: Sandbox escape with improperly guarded Access
Tokens
* CVE-2020-12389: Sandbox escape with improperly separated
process types
* CVE-2020-6831: Buffer overflow in SCTP chunk input validation
* CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'
* CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully
escape website-controlled data, potentially leading to command
injection
* CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and
Firefox ESR 68.8
- Drop gcc10-include-fix.patch: Fixed upstream.
- Add Drop_backwards_test-Nuuk.patch: This is now Nuuk in tzdata.
==== multipath-tools ====
Version update (0.8.4+31+suse.8f53764 -> 0.8.4+43+suse.908383f)
Subpackages: kpartx libmpath0
- Update to version 0.8.4+43+suse.908383f:
* enable negated regular expression syntax in conf file
* change default devnode blacklist to
'!^(sd[a-z]|dasd[a-z]|nvme[0-9])'
- Update to version 0.8.4+40+suse.b06c2e5a:
- Fix udev rule processing during coldplug (bsc#1172157)
* 11-dm-mpath.rules: Fix udev rule processing during coldplug
- Fix compilation with gcc-10
* fix boolean value with json-c 0.14
* libmultipath: fix condlog NULL argument in uevent_get_env_var
- Reviewed upstream changes:
* simplify failed_wwid code
* centralize path validation code
- Use pkgconfig for BuildRequires
==== ncurses ====
Version update (6.2.20200502 -> 6.2.20200531)
Subpackages: libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base terminfo-iterm terminfo-screen
- Add ncurses patch 20200531
+ correct configure version-check/warnng for g++ to allow for 10.x
+ re-enable "bel" in konsole-base (report by Nia Huang)
+ add linux-s entry (patch by Alexandre Montaron).
+ drop long-obsolete convert_configure.pl
+ add test/test_parm.c, for checking tparm changes.
+ improve parameter-checking for tparm, adding function _nc_tiparm() to
handle the most-used case, which accepts only numeric parameters
(report/testcase by "puppet-meteor").
+ use a more conservative estimate of the buffer-size in lib_tparm.c's
save_text() and save_number(), in case the sprintf() function
passes-through unexpected characters from a format specifier
(report/testcase by "puppet-meteor").
+ add a check for end-of-string in cvtchar to handle a malformed
string in infotocap (report/testcase by "puppet-meteor").
- Add ncurses patch 20200523
+ update version-check for gnat to allow for gnat 10.x to 99.x
+ fix an uninitialized variable in lib_mouse.c changes (cf: 20200502)
+ add a check in EmitRange to guard against repeat_char emitting digits
which could be interpreted as BSD-style padding when --enable-bsdpad
is configured (report/patch by Hiltjo Posthuma).
+ add --disable-pkg-ldflags to suppress EXTRA_LDFLAGS from the
generated pkg-config and ncurses*-config files, to simplify
configuring in the case where rpath is used but the packager wants
to hide the feature (report by Michael Stapelberg).
> fixes for building with Visual Studio C++ and msys2 (patches by
"Maarten Anonymous"):
+ modify CF_SHARED_OPTS to generate a script which translates linker
options into Visual Studio's dialect.
+ omit parentheses around function-names in generated lib_gen.c to
- Add ncurses patch 20200516
+ add notes on termcap.h header in curs_termcap.3x
+ update notes on vscode / xterm.js -TD
- Add ncurses patch 20200509
+ add "-r" option to the dots test-programs, to help with scripting
a performance comparison.
+ build-fix test/move_field.c for NetBSD curses, whose form headers
use different names than SVr4 or ncurses.
==== newt ====
- Split doc build into separate spec file
- As the example scripts are "pointless", just don't install them
==== nfs-utils ====
Subpackages: libnfsidmap1 nfs-client nfs-doc nfs-kernel-server
- Remove README.NFSv4. It is out dated and not useful. All
the configation described is now done automatically.
(bsc#1171448)
==== nftables ====
Version update (0.9.4 -> 0.9.5)
Subpackages: libnftables1
- Update to release 0.9.5
* Support for set counters.
* Support for restoring set element counters via nft -f.
* Counter support for flowtables.
* typeof concatenations support for sets.
* Support for concatenated ranges in anonymous sets.
* Allow to reject packets with 802.1q from the bridge family.
* Support for matching on the conntrack ID.
- Drop anonset-crashfix.patch (upstream solved differently)
==== nodejs-common ====
Version update (3.0 -> 4.0)
- Add nodejs-default, npm-default and nodejs-devel-default subpackages
to provide latest, best supported nodejs for current architecture
and codestream.
nodejs-default - nodejs runtime only
npm-default - if you need npm + nodejs
nodejs-devel-default - if you need npm + nodejs + compile modules
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Merged in latest upstream. Summary:
* Let initiator name be created by iscsi-init.service.
* iscsi: fix fd leak
* iscsi: Add break to while loop
* Fix compiler complaint about string copy in iscsiuio
* Fix a compiler complaint about writing one byte
* Fix issue with zero-length arrays at end of struct
* Add iscsi-init.service
* Proper disconnect of TCP connection
* Fix SIGPIPE loop in signal handler
* Update iscsi-iname.c
* log:modify iSCSI shared memory permissions for logs
* Ignore iface.example in iface match checks
* More changes for musl.
* Fix type mismatch under musl.
* Change include of <sys/poll.h> to <poll.h>
* iscsi-iname: fix iscsi-iname -p access NULL pointer without given IQN prefix
Note that the "Add iscsi-init.service" change adds a new systemd
service called "iscsi-init", that creates the iSCSI initiator name
file /etc/iscsi/initiatorname.iscsi, if and only if it does not
exist. This obviates the need to do this from the SPEC file, now
updated.
Since this was not a version-number update, in addition to modifying
the SPEC file, also updates:
* open-iscsi-SUSE-latest.diff.bz2
==== openssh ====
Version update (8.1p1 -> 8.3p1)
Subpackages: openssh-helpers
- Version update to 8.3p1:
= Potentially-incompatible changes
* sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it.
= New features
* sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts.
* sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks.
* ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding.
* all: allow loading public keys from the unencrypted envelope of a
private key file if no corresponding public key file is present.
* ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
possible instead of the (slower) portable C implementation included
in OpenSSH.
* ssh-keygen(1): add ability to dump the contents of a binary key
revocation list via "ssh-keygen -lQf /path".
- Additional changes from 8.2p1 release:
= Potentially-incompatible changes
* ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates.
* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
server.
* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.
* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
by MaxStartups.
* ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one). It needs to be installed
in the expected path, typically under /usr/libexec or similar.
= New features
* This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication. In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.
* sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns.
* ssh(1)/sshd(8): make the LE (low effort) DSCP code point available
via the IPQoS directive.
* ssh(1): when AddKeysToAgent=yes is set and the key contains no
comment, add the key to the agent with the key's path as the
comment.
* ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509
subjects as key comments, rather than simply listing the PKCS#11
provider library path.
* ssh-keygen(1): allow PEM export of DSA and ECDSA keys.
* ssh(1), sshd(8): make zlib compile-time optional, available via the
Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure
option for OpenSSH portable.
* sshd(8): when clients get denied by MaxStartups, send a
notification prior to the SSH2 protocol banner according to
RFC4253 section 4.2.
* ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt
program, pass a hint to the program to describe the type of
desired prompt. The possible values are "confirm" (indicating
that a yes/no confirmation dialog with no text entry should be
shown), "none" (to indicate an informational message only), or
blank for the original ssh-askpass behaviour of requesting a
password/phrase.
* ssh(1): allow forwarding a different agent socket to the path
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
option to accepting an explicit path or the name of an environment
variable in addition to yes/no.
* ssh-keygen(1): add a new signature operations "find-principals" to
look up the principal associated with a signature from an allowed-
signers file.
* sshd(8): expose the number of currently-authenticating connections
along with the MaxStartups limit in the process title visible to
"ps".
- Rebased patches:
* openssh-7.7p1-cavstest-ctr.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-fips.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-no_fork-no_pid_file.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-8.0p1-gssapi-keyex.patch
* openssh-8.1p1-audit.patch
* openssh-8.1p1-seccomp-clock_nanosleep.patch
- Removed openssh-7.7p1-seed-prng.patch (bsc#1165158).
==== osinfo-db ====
Version update (20200214 -> 20200529)
- Update database to version 20200529
- Drop 5bbe30db-opensuse-add-info-about-UEFI-support.patch
==== package-update-indicator ====
Subpackages: package-update-indicator-lang
- Adding patch org.guido-berhoerster.code.package-update-indicator.desktop.in.patch
fixing package-update-indicator should not start within
Gnome or KDE (boo#1172623)
==== patterns-base ====
Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced
- Suggest postfix from the basesystem pattern: suggested packages
are not flagged for installation, but give the solver a hint. So
in case something wants an MTA (smtp_daemon), openSUSE installs
will all default to postfix (as the base pattern is generally
installed). Users are still free to switch as they wish
(boo#1136078).
==== perl ====
Subpackages: perl-base perl-doc
- Fixes for %_libexecdir changing to /usr/libexec
==== perl-CGI ====
Version update (4.48 -> 4.49)
- updated to 4.49
see /usr/share/doc/packages/perl-CGI/Changes
4.49 2020-06-08
[ FIX ]
- remove deprecation warning as no longer in core (GH #221)
==== perl-Date-Manip ====
Version update (6.81 -> 6.82)
updated to 6.82
see /usr/share/doc/packages/perl-Date-Manip/Changes
6.82 2020-06-01
- Time zone fixes
Newest zoneinfo data (tzdata 2020a).
==== perl-libwww-perl ====
Version update (6.44 -> 6.45)
- updated to 6.45
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.45 2020-06-08 14:51:28Z
- Fix Client-Warning: Internal response sometimes reset (GH#341) (Jonathan
Dahan and Julien Fiegehenn)
==== permissions ====
Version update (1550_20200520 -> 1550_20200526)
Subpackages: chkstat permissions-config permissions-doc
- Update to version 20200526:
* profiles: add entries for enlightenment (bsc#1171686)
==== pidgin ====
Version update (2.13.0 -> 2.14.0)
Subpackages: libpurple libpurple-lang libpurple-tcl
- Update to version 2.14.0:
+ General:
* Fixed a memory leak in search results (pidgin.im#17292).
* Support SNI with GnuTLS (pidgin.im#17300 tiagosalem).
* Add additional error handling to NSS and GnuTLS.
+ libpurple:
* Add invisible buddy support to support presence/name/photos
for non-buddies (pidgin.im#17295).
* Make purple-remote compatible with both Python 2 and Python 3.
* Fix some leaky deprecation warnings.
* Fix HTML logs which were writing invalid HTML
(pidgin.im#17280).
* Fix use after free in purple_smiley_set_data_impl.
* Added the chat_send_file ability to protocol plugins.
+ Pidgin:
* Treat <p> tags as line breaks when pasting.
* Reverted pidgin.im#17232.
It caused more harm than good.
+ Bonjour:
* Always use port fallback for IPv4 addresses.
+ XMPP:
* Support for XEP-0198 Stream Management.
* Decrease delay for file transfer using streamhosts.
+ Voice & Video:
* Improve webcam failure handling.
* Show error when creating media pipeline fails.
* Clip audio level reporting (pidgin.im#14426).
* Keep track of devices managed by GstDeviceMonitor.
* Ignore PulseAudio monitors.
* Backport native Voice & Video prefs from 3.0.
* Fix building against GStreamer 0.10.
* Fix initial delay on incoming audio.
* Properly cleanup timeouts.
* Add an audio mixer so mixed sources don't cause a pipe
failure.
* Add screen share support for Wayland via XDP Portal.
* Handle unplug and replug events of selected media device.
- Rebase pidgin-nonblock-common.patch.
- Drop pidgin-enable-sni-gnutls.patch,
pidgin-Leaky-deprecation-clean-ups.patch: fixed upstream.
- Drop pidgin-ncurses-6.0-accessors.patch: moved to the libgnt
package.
- Drop support for openSUSE older than Leap 15.0.
==== postgresql ====
Subpackages: postgresql-contrib postgresql-llvmjit postgresql-server
- Disable LLVM on SLE (bsc#1172274).
- Conflict with versions of the binary packages prior to the
May 2020 update, because we changed the package layout at that
point and need a clean cutover.
==== postgresql12 ====
Version update (12.2 -> 12.3)
Subpackages: libpq5 postgresql12-contrib postgresql12-llvmjit postgresql12-server
- update to 12.3 (bsc#1171924).
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/12/release-12-3.html
- Unify the spec file to work across all current PostgreSQL
versions to simplify future maintenance.
- Move from the "libs" build flavour to a "mini" package that will
only be used inside the build service and not get shipped, to
avoid confusion with the debuginfo packages (bsc#1148643).
- update to 12.3
https://www.postgresql.org/about/news/2038/
https://www.postgresql.org/docs/12/release-12-3.html
- Temporarily disable JIT support on SLE until support status of
clang has been clarified.
- We only need clang for LLVM, not clang-devel.
==== pulseaudio ====
Subpackages: libpulse-mainloop-glib0 libpulse0 pulseaudio-bash-completion pulseaudio-gdm-hooks pulseaudio-lang pulseaudio-module-bluetooth pulseaudio-module-gsettings pulseaudio-module-x11 pulseaudio-module-zeroconf pulseaudio-utils pulseaudio-zsh-completion
- for libpulse-devel-32bit, require libpulse0-32bit + libpulse-mainloop-glib0-32bit
to help wine development (bsc#1172301)
==== purge-kernels-service ====
- Add split provides for upgrade from old dracut (boo#1168727).
==== python ====
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
==== python-base ====
Subpackages: libpython2_7-1_0
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
==== python-greenlet ====
Version update (0.4.15 -> 0.4.16)
- update to 0.4.16:
- Support for DEC Alpha architecture
- Support for Python 3.9
- Support for Python 3.10a0
==== python-passlib ====
- replace nose with pytest
==== python-ptyprocess ====
- replace nose with unittest
==== python-rpm-macros ====
Version update (20200207.5feb6c1 -> 20200529.b301e36)
Subpackages: python-rpm-generators
- Update to version 20200529.b301e36:
* update-alternatives are quiet during install
==== python3 ====
Subpackages: python3-curses python3-dbm
- add requires python3-base on libpython subpackage (bsc#1167008)
- build against Sphinx 2.x until python is compatible with
Sphinx 3.x (see gh#python/cpython#19397, bpo#40204)
- Fix build with SQLite 3.32 (bpo#40783)
add bpo40784-Fix-sqlite3-deterministic-test.patch
==== python3-base ====
Subpackages: libpython3_8-1_0
- add requires python3-base on libpython subpackage (bsc#1167008)
- build against Sphinx 2.x until python is compatible with
Sphinx 3.x (see gh#python/cpython#19397, bpo#40204)
- Fix build with SQLite 3.32 (bpo#40783)
add bpo40784-Fix-sqlite3-deterministic-test.patch
==== redis ====
Version update (6.0.4 -> 6.0.5)
- redis 6.0.5:
* Fix handling of speical chars in ACL LOAD
* Make Redis Cluster more robust about operation errors that may
lead to two clusters to mix together
* Revert the sendfile() implementation of RDB transfer
* Fix TLS certificate loading for chained certificates
* Fix AOF rewirting of KEEPTTL SET option
* Fix MULTI/EXEC behavior during -BUSY script errors
==== remmina ====
Version update (1.4.5 -> 1.4.6)
Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp
- Update to release 1.4.6
* Hotkey language fixed
* Fetch news from remmina.org optional
* allow saving notes in connection profile
* RDP: Improving hardware option parsing
* Rearranged widgets in a new Behavior tab
* Add separator only when there are saved profiles. Fixes #1914
* Implementing resume all for FTP file transfer, should fix #2210
* Edit or connect using multiple profile files from the command line
* Desktop session files for Remmina kiosk are optional
* Spelling fixes
* Translation fixes/improvements
* Feat/lebowski
- Disabled news
- Enabled kiosk sessions
==== rubygem-nokogiri ====
Subpackages: ruby2.6-rubygem-nokogiri ruby2.7-rubygem-nokogiri
- add fix so we no longer need mini_portile2. This is only needed
when not building against system libraries (boo#1171881)
https://github.com/sparklemotion/nokogiri/issues/2033
==== schily ====
Subpackages: cdda2wav cdrecord libcdrdeflt1_0 libdeflt1_0 libedc_ecc1_0 libedc_ecc_dec1_0 libfile1_0 libfind4_0 libparanoia1_0 librmt1_0 librscg1_0 libscg1_0 libscgcmd1_0 libschily2_0 mkisofs readcd spax star
- Update to release 2020.06.09
* star: A new option -one-file has been added that causes star
to exit after a single file has been extracted as a result
from a pattern match or command line argument match.
* star: A new option iskip=# has been introduced. The argument
is the number of bytes to skip before looking for the first
archive header in the first tape block read after star
started.
* star: A new option mtskip=# has been introduced. This option
causes star to issue a "mt fsr xxx" equivalent on a tape
archive.
==== shadow ====
- Use pure #!/bin/sh in:
* useradd.local
* userdel-post.local
* userdel-pre.local
==== sqlite3 ====
Version update (3.31.1 -> 3.32.2)
Subpackages: libsqlite3-0
- SQLite 3.32.2:
* Fix a long-standing bug in the byte-code engine that can cause
a COMMIT command report as success when in fact it failed to commit
- SQLite 3.32.1:
* CVE-2020-13435: Malicious SQL statements could have crashed the
process that is running SQLite (boo#1172091)
- SQLite 3.32.0:
* Add support for approximate ANALYZE using the PRAGMA
analysis_limit command
* Add the bytecode virtual table
* Add the checksum VFS shim to the set of run-time loadable
extensions included in the source tree
* Add the iif() SQL function.
* INSERT and UPDATE statements now always apply column affinity
before computing CHECK constraints
* Increase the default upper bound on the number of parameters
from 999 to 32766
* Add code for the UINT collating sequence as an optional
loadable extension
* multiple enhancements to the CLI
- drop upstreamed patches:
* 04885763c4cd00cb-s390-compatibility.patch
* b20503aaf5b6595a-adapt-FTS-tests-for-big-endian.patch
==== sssd ====
Version update (2.2.3 -> 2.3.0)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap
- Update to release 2.3.0
* SSSD can now handle hosts and networks nsswitch databases
(see resolve_provider option).
* By default, authentication request only refresh user's
initgroups if it is expired or there is not active user's
session (see pam_initgroups_scheme option).
* OpenSSL is used as default crypto provider, NSS is deprecated.
* The AD provider now defaults to GSS-SPNEGO SASL mechanism
(see ldap_sasl_mech option).
* The AD provider can now be configured to use only ldaps port
(see ad_use_ldaps option).
* SSSD now accepts host entries from GPO's security filter.
* New debug level (0x10000) added for low level LDB messages
only (see sssd.conf man page).
- Drop sssd-gpo_host_security_filter-2.2.2.patch,
0001-Resolve-computer-lookup-failure-when-sam-cn.patch,
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch (merged)
- Drop 0001-Fix-build-failure-against-samba-4.12.0rc1.patch
(unapplicable)
==== strace ====
Version update (5.6 -> 5.7)
- Update to strace 5.7
* Improvements
* Implemented interval specification in "when=" subexpression of syscall
tampering expressions.
* Added -e trace=%clock option for tracing syscalls reading of modifying
system clocks.
* Implemented decoding of BPF_LINK_CREATE and BPF_LINK_UPDATE bpf
syscall commands.
* Updated decoding of clone3 syscall to match Linux 5.7.
* Updated lists of BPF_*, BTRFS_*, CLONE_*, FAN_*, IORING_*, KVM_*,
LWTUNNEL_*, MREMAP_*, PERF_*, SECCOMP_*, UFFDIO_*, V4L2_*, and XDP_*
constants.
* Updated lists of ioctl commands from Linux 5.7.
* Bug fixes
* Fixed decoding of getdents and getdents64 syscalls when they return
a lot of directory entries.
* Fixed pathtrace matching of openat2 syscall.
==== suse-module-tools ====
Version update (15.3.2 -> 15.3.3)
- Reverted back to tar_scm source service
(obs_scm doesn't work well for Ring0 packages)
- Update to version 15.3.3:
* spec: remove SLE/openSUSE difference in allow_unsupported_modules
(jsc#SLE-12255)
* spec: use same fs_blacklist on SLE and openSUSE
(jsc#SLE-12255, jsc#SLE-3926)
* spec: use br_netfilter softdep only for SLE12
(jsc#SLE-12255, bsc#1166531, boo#1158817, bsc#937216)
==== systemd ====
Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-doc systemd-lang systemd-logger systemd-sysvinit udev
- Import commit a6d31d1a02c2718a064bbbc40d003668acf72769
bb6e2f7906 pid1: update manager settings on reload too (bsc#1163109)
e9e8907b06 watchdog: reduce watchdog pings in timeout interval
385a8f9846 udev: rename the persistent link for ATA devices (bsc#1164538)
66018a12ae tmpfiles: remove unnecessary assert (bsc#1171145)
- Disable bump of /proc/sys/fs/nr-open
Hopefully a _temporary_ workaround until bsc#1165351 is fixed
otherwise user instances crashes the system is using NIS (and the
nscd cache is empty).
==== texlive ====
Subpackages: libkpathsea6 libsynctex2
- Properly configure luajit
==== timezone ====
- timezone modifies a file below /usr/share (boo#1172521)
- zdump --version reported "unknown" (boo#1172055)
==== timezone-java ====
- timezone modifies a file below /usr/share (boo#1172521)
- zdump --version reported "unknown" (boo#1172055)
==== uchardet ====
Version update (0.0.6 -> 0.0.7)
- Update to version 0.0.7
* New supports:
+ Croatian - ISO-8859-2, ISO-8859-13, ISO-8859-16, IBM852,
Windows-1250 and MAC-CENTRALEUROPE
+ Czech - Windows-1250, ISO-8859-2, IBM852 and
Mac-CentralEurope.
+ Estonian - ISO-8859-4, ISO-8859-13, ISO-8859-13,
Windows-1252 and Windows-1257.
+ Finnish - ISO-8859-1, ISO-8859-4, ISO-8859-9, ISO-8859-13,
ISO-8859-15 and WINDOWS-1252.
+ Irish Gaelic - ISO-8859-1, ISO-8859-9, ISO-8859-15 and
WINDOWS-1252.
+ Italian - ISO-8859-1, ISO-8859-3, ISO-8859-9, ISO-8859-15
and WINDOWS-1252.
+ Latvian - ISO-8859-4, ISO-8859-10 and ISO-8859-13
+ Lithuanian - ISO-8859-4, IISO-8859-10 and SO-8859-13
+ Maltese - ISO-8859-3.
+ Polish - ISO-8859-2, ISO-8859-13, ISO-8859-16,
Windows-1250, IBM852, MAC-CENTRALEUROPE.
+ Portuguese - ISO-8859-1, ISO-8859-9, ISO-8859-15 and
Windows-1252.
+ Romanian - ISO-8859-2, ISO-8859-16, Windows-1250 and
IBM852.
+ Slovak - Windows-1250, ISO-8859-2, IBM852 and
Mac-CentralEurope.
+ Slovene - ISO-8859-2, ISO-8859-16, Windows-1250, IBM852
and MAC-CENTRALEUROPE.
+ Swedish - ISO-8859-1, ISO-8859-4, ISO-8859-9, ISO-8859-15
and WINDOWS-1252.
* EUC-KR now returned as UHC: despite differences, mostly
upward compatible. Let's return UHC until separate detection
machines are implemented.
* uchardet CLI tool now supports the end-of-options -- option
to be able to process any file starting with a dash.
* uchardet_handle_data() API considers an empty string input
as successful processing to improve automatic detection from
random input sources.
* Repository code now requires C++1 standard.
* Several bugs fixed.
==== ucode-intel ====
Version update (20191115 -> 20200609)
- Updated Intel CPU Microcode to 20200609 (bsc#1172466)
Fixes for:
- CVE-2020-0543: Fixed a side channel attack against special registers
which could have resulted in leaking of read values to cores other
than the one which called it. This attack is known as Special Register
Buffer Data Sampling (SRBDS) or "CrossTalk" (bsc#1154824).
- CVE-2020-0548,CVE-2020-0549: Additional ucode updates were supplied to
mitigate the Vector Register and L1D Eviction Sampling aka "CacheOutAttack"
attacks. (bsc#1156353)
== 20200602_DEMO Release ==
- - Updates upon 20200520 release --
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
- --- new platforms ----------------------------------------
- --- updated platforms ------------------------------------
HSW C0 6-3c-3/32 00000027->00000028 Core Gen4
BDW-U/Y E0/F0 6-3d-4/c0 0000002e->0000002f Core Gen5
HSW-U C0/D0 6-45-1/72 00000025->00000026 Core Gen4
HSW-H C0 6-46-1/32 0000001b->0000001c Core Gen4
BDW-H/E3 E0/G0 6-47-1/22 00000021->00000022 Core Gen5
SKL-U/Y D0 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKL-U23e K1 6-4e-3/c0 000000d6->000000dc Core Gen6 Mobile
SKX-SP B1 6-55-3/97 01000151->01000157 Xeon Scalable
SKX-SP H0/M0/U0 6-55-4/b7 02000065->02006906 Xeon Scalable
SKX-D M1 6-55-4/b7 02000065->02006906 Xeon D-21xx
CLX-SP B0 6-55-6/bf 0400002c->04002f01 Xeon Scalable Gen2
CLX-SP B1 6-55-7/bf 0500002c->04002f01 Xeon Scalable Gen2
SKL-H/S R0/N0 6-5e-3/36 000000d6->000000dc Core Gen6; Xeon E3 v5
AML-Y22 H0 6-8e-9/10 000000ca->000000d6 Core Gen8 Mobile
KBL-U/Y H0 6-8e-9/c0 000000ca->000000d6 Core Gen7 Mobile
CFL-U43e D0 6-8e-a/c0 000000ca->000000d6 Core Gen8 Mobile
WHL-U W0 6-8e-b/d0 000000ca->000000d6 Core Gen8 Mobile
AML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
CML-Y42 V0 6-8e-c/94 000000ca->000000d6 Core Gen10 Mobile
WHL-U V0 6-8e-c/94 000000ca->000000d6 Core Gen8 Mobile
KBL-G/H/S/E3 B0 6-9e-9/2a 000000ca->000000d6 Core Gen7; Xeon E3 v6
CFL-H/S/E3 U0 6-9e-a/22 000000ca->000000d6 Core Gen8 Desktop, Mobile, Xeon E
CFL-S B0 6-9e-b/02 000000ca->000000d6 Core Gen8
CFL-H/S P0 6-9e-c/22 000000ca->000000d6 Core Gen9
CFL-H R0 6-9e-d/22 000000ca->000000d6 Core Gen9 Mobile
- Updated Intel CPU Microcode to 20200520
Processor Identifier Version Products
Model Stepping F-MO-S/PI Old->New
- --- new platforms ----------------------------------------
- --- updated platforms ------------------------------------
SNB-E/EN/EP C1/M0 6-2d-6/6d 0000061f->00000621 Xeon E3/E5, Core X
SNB-E/EN/EP C2/M1 6-2d-7/6d 00000718->0000071a Xeon E3/E5, Core X
==== vim ====
Subpackages: gvim vim-data vim-data-common
- remove duplicated settings in defaults.vim from SUSE vimrc
- move SUSE vim settings to /usr in data-common package so leave
/etc/vimrc to the admin.
- require data-common in vim-small so it gets the settings
- install spec file template as plugin as vim-small doesn't support
it
==== virtualbox ====
Version update (6.1.8 -> 6.1.10)
Subpackages: virtualbox-guest-tools virtualbox-guest-x11 virtualbox-kmp-default
- Version bump to 6.1.10 (released June 05 2020 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
GUI: Fixed crash when using Qt on Xwayland sessions (bug #19583)
GUI: Fixed mouse pointer doesn't work properly in Windows guests when scaling is on (bug #19597)
VBoxManage: Fixed crash of 'VBoxManage internalcommands repairhd' when processing invalid input (bug #19579)
Settings: disable audio input and audio output by default for new VMs (bug #19527)
Guest Additions: Fixed resizing and multi monitor handling for Wayland guests. (bug #19496)
Guest Additions: Fixed VBoxClient error: The parent session seems to be non-X11. (bug #19590)
Linux host and guest: Linux kernel version 5.7 support. (bug #19516
File "fix_wayland_crash.patch" is removed - fixed upstream.
- Gsoap 2.8.103 changes the way that "soap_socket_errno" is handled.
File "handle_gsoap_208103.patch" is added.
Handle case where Wayland chooses wrong video. File "fix_wayland_crash.patch" is added.
==== wireless-regdb ====
- Fixes for %_libexecdir changing to /usr/libexec
==== wireshark ====
Subpackages: libwireshark13 libwiretap10 libwsutil11 wireshark-ui-qt
- Add _constraints for ppc/ppc64le that need more than 3GB to build
==== xdg-utils ====
Version update (1.1.3+20190413 -> 1.1.3+20200220)
- Update to version 1.1.3+20200220:
* fixed #166: xdg-open dose not search correctly in directories with spaces in the name
==== xdm ====
Subpackages: xdm-xsession
- Fixes for %_libexecdir changing to /usr/libexec
==== xen ====
Subpackages: xen-libs xen-tools xen-tools-domU
- Fixes for %_libexecdir changing to /usr/libexec
- bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer
Data Sampling (SRBDS) aka "CrossTalk" (XSA-320)
xsa320-1.patch
xsa320-2.patch
==== xf86-input-wacom ====
- U_Change-default-gesture-mode-touchpad-on-touchscreen-.patch
* disable gesture mode on Touchscreens by default (boo#1172669)
==== xterm ====
Subpackages: xterm-bin
- Fixes for %_libexecdir changing to /usr/libexec
==== yast2 ====
Version update (4.3.5 -> 4.3.6)
Subpackages: yast2-logs
- Fix Xen detection (bsc#1172742).
- 4.3.6
==== yast2-add-on ====
Version update (4.3.0 -> 4.3.1)
- Reduce autoyast profile size if addons are empty (bsc#1172749)
- 4.3.1
==== yast2-bootloader ====
Version update (4.3.3 -> 4.3.5)
- AutoYaST: import AutoInstall only when needed (related to
bsc#1171335).
- 4.3.5
- AutoYaST: Cleanup/improve issue handling (bsc#1171335).
- 4.3.4
==== yast2-installation ====
Version update (4.3.1 -> 4.3.2)
- Fixed yupdate script to correctly install the needed Ruby gems
(bsc#1172793)
- 4.3.2
==== yast2-kdump ====
Version update (4.3.0 -> 4.3.1)
- Reduce autoyast profile size if kdump is disabled (bsc#1172749)
- 4.3.1
==== yast2-proxy ====
Version update (4.3.0 -> 4.3.1)
- Reduce autoyast profile size if proxy is disabled (bsc#1172749)
- 4.3.1