Packages changed:
accountsservice
enchant
gdm
gnome-session
gnome-shell
ilmbase (2.4.0 -> 2.4.1)
iso-codes (4.1 -> 4.4)
libsecret (0.20.1 -> 0.20.3)
libssh (0.9.3 -> 0.9.4)
libtirpc (1.2.5 -> 1.2.6)
noto-coloremoji-fonts (20191119 -> 20200408)
open-iscsi
openexr (2.4.0 -> 2.4.1)
patterns-microos
perl-libwww-perl (6.43 -> 6.44)
podman (1.8.2 -> 1.9.0)
poppler (0.86.1 -> 0.87.0)
poppler-qt5 (0.86.1 -> 0.87.0)
systemd (244 -> 245)
webkit2gtk3 (2.28.0 -> 2.28.1)
xen (4.13.0_11 -> 4.13.0_12)
xfsprogs (5.5.0 -> 5.6.0)
=== Details ===
==== accountsservice ====
Subpackages: libaccountsservice0 typelib-1_0-AccountsService-1_0
- Apply as-fate318433-prevent-same-account-multi-logins.patch to Leap.
==== enchant ====
Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2
- Enable aspell support on SLE to synchronize with Leap.
==== gdm ====
Subpackages: gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0
- Add gdm-look-for-session-based-on-pid-first.patch: Look for
session based on pid first, then fall back to the uid based
approach (bsc#1159950, glgo#GNOME/gdm#526).
==== gnome-session ====
Subpackages: gnome-session-core gnome-session-default-session
- Add gnome-session-error-numbers-wrong.patch: Remove erron in log
'gnome-session-c[4905]: Error creating FIFO: File exists'
(bsc#1169165 glgo!GNOME/gnome-session#42).
==== gnome-shell ====
- Update gnome-shell-disable-ibus-when-not-installed.patch: Remove
error in journal log(bsc#1169029).
==== ilmbase ====
Version update (2.4.0 -> 2.4.1)
Subpackages: libHalf-2_4-24 libIex-2_4-24 libIlmThread-2_4-24
- version update to 2.4.1
* Various fixes for memory leaks and invalid memory accesses
* Various fixes for integer overflow with large images.
* Various cmake fixes for build/install of python modules.
* ImfMisc.h is no longer installed, since it's a private header.
- deleted patches
- Fix-the-symlinks-creation.patch (upstreamed)
==== iso-codes ====
Version update (4.1 -> 4.4)
- Update to version 4.4:
* Plenty of changes - see provided ChangeLog.md for details
- Update source url
==== libsecret ====
Version update (0.20.1 -> 0.20.3)
- Update to version 0.20.3:
+ secret-file-backend: Fix use-after-free in flatpak.
+ docs: Add man subdir only if manpage is enabled.
- Update to version 0.20.2:
+ secret-file-collection: force little-endian in GVariant.
+ Prefer g_info() over g_message().
+ meson: Don't specify shared_library().
+ docs: Make sure to set install: true.
- Rename sub-package libsecret-tools to secret-tool: Align with the
actual binary provided and remove a rpmlint warning. Add Provides
and Obsoletes to ease upgrades for our end-users.
- Drop Group tag from spec.
==== libssh ====
Version update (0.9.3 -> 0.9.4)
Subpackages: libssh-config libssh4
- Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
==== libtirpc ====
Version update (1.2.5 -> 1.2.6)
Subpackages: libtirpc-netconfig libtirpc3
- Update to libtirpc 1.2.6
- Drop patches all patches backported from this release
(0001-Add-authdes_seccreate-stub.patch,
0001-Avoid-multiple-definiton-with-gcc-fno-common.patch)
==== noto-coloremoji-fonts ====
Version update (20191119 -> 20200408)
- Update to v2020-04-08-unicode12_1
* Emoji 12.1 svg & png files
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Updated service_del_preun and service_del_postun for iscsi and
iscsiuio packges in SPEC file, so that services get started/
stopped in the correct order, and changed systemd macros so
that iscsi login service iscsi.service is not restarted during
package upgrade (bsc#1166650)
==== openexr ====
Version update (2.4.0 -> 2.4.1)
- version update to 2.4.1
* Various fixes for memory leaks and invalid memory accesses
* Various fixes for integer overflow with large images.
* Various cmake fixes for build/install of python modules.
* ImfMisc.h is no longer installed, since it's a private header.
- deleted patches
- Fix-the-symlinks-creation.patch (upstreamed)
==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap
- Install branding-openSUSE meta package
- Put apparmor-utils only on DVD, but don't install by default
(follow Tumbleweed)
==== perl-libwww-perl ====
Version update (6.43 -> 6.44)
- updated to 6.44
see /usr/share/doc/packages/perl-libwww-perl/Changes
6.44 2020-04-14 19:37:45Z
- Support basic authentication charset per RFC 7617 (GH#339) (Ville Skytt)
- Fixed POD mistake. (GH PR#338. Sebastian Paaske Tørholm)
==== podman ====
Version update (1.8.2 -> 1.9.0)
Subpackages: podman-cni-config
- Switched to simple `make binaries` for building podman
- Update podman to v1.8.2:
* Features
- Experimental support has been added for podman run
- -userns=auto, which automatically allocates a unique UID and
GID range for the new container's user namespace
- The podman play kube command now has a --network flag to
place the created pod in one or more CNI networks
- The podman commit command now supports an --iidfile flag to
write the ID of the committed image to a file
- Initial support for the new containers.conf configuration
file has been added. containers.conf allows for much more
detailed configuration of some Podman functionality
* Changes
- There has been a major cleanup of the podman info command
resulting in breaking changes. Many fields have been renamed
to better suit usage with APIv2
- All uses of the --timeout flag have been switched to prefer
the alternative --time. The --timeout flag will continue to
work, but man pages and --help will use the --time flag
instead
* Bugfixes
- Fixed a bug where some volume mounts from the host would
sometimes not properly determine the flags they should use
when mounting
- Fixed a bug where Podman was not propagating $PATH to Conmon
and the OCI runtime, causing issues for some OCI runtimes
that required it
- Fixed a bug where rootless Podman would print error messages
about missing support for systemd cgroups when run in a
container with no cgroup support
- Fixed a bug where podman play kube would not properly handle
container-only port mappings (#5610)
- Fixed a bug where the podman container prune command was not
pruning containers in the created and configured states
- Fixed a bug where Podman was not properly removing CNI IP
address allocations after a reboot (#5433)
- Fixed a bug where Podman was not properly applying the
default Seccomp profile when --security-opt was not given at
the command line
* HTTP API
- Many Libpod API endpoints have been added, including Changes,
Checkpoint, Init, and Restore
- Resolved issues where the podman system service command would
time out and exit while there were still active connections
- Stability overall has greatly improved as we prepare the API
for a beta release soon with Podman 2.0
* Misc
- The default infra image for pods has been upgraded to
k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
architecture metadata for non-AMD64 images
- The slirp4netns networking utility in rootless Podman now
uses Seccomp filtering where available for improved security
- Updated Buildah to v1.14.8
- Updated containers/storage to v1.18.2
- Updated containers/image to v5.4.3
- Updated containers/common to v0.8.1
==== poppler ====
Version update (0.86.1 -> 0.87.0)
- Update to version 0.87.0:
+ core:
- Fix crashes due to inconsistent vtables for Clang builds
- Fix leak in broken files
- Internal code improvements
+ qt5:
- Add option to get form choice for export value
- ArthurOutputDev: Avoid division by zero in updateLineDash
+ glib: Internal code improvements
+ utils: pdftohtml: Fix memory leak in HtmlOutputDev::getLinkDest
- Bump poppler_sover following upstream changes.
==== poppler-qt5 ====
Version update (0.86.1 -> 0.87.0)
- Update to version 0.87.0:
+ core:
- Fix crashes due to inconsistent vtables for Clang builds
- Fix leak in broken files
- Internal code improvements
+ qt5:
- Add option to get form choice for export value
- ArthurOutputDev: Avoid division by zero in updateLineDash
+ glib: Internal code improvements
+ utils: pdftohtml: Fix memory leak in HtmlOutputDev::getLinkDest
- Bump poppler_sover following upstream changes.
==== systemd ====
Version update (244 -> 245)
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev
- Switch back to the hybrid hierarchy
Unfortunately Kubernetes and runc are not yet ready for
cgroupsv2. Let's reconsider the unified hierarchy in a couple of
months.
- Import commit c5aa158173ced05201182d1cc18632a25cf43b94 (merge v245.4)
- Add 0001-meson-fix-build-of-udev-path_id_compat-builtin-with-.patch
- Import commit 31f82b39c811b4f731c80c2c2e7c56a0ca924a5b (merge v245.2)
d1d3f2aa15 docs: Add syntax for templated units to systemd.preset man page
3c69813c69 man: add a tiny bit of markup
bf595e788c home: fix segfault when parsing arguments in PAM module
e110f4dacb test: wait a bit after starting the test service
e8df08cfdb fix journalctl regression (#15099)
eb3a38cc23 NEWS: add late note about job trimming issue
405f0fcfdd systemctl: hide the 'glyph' column when --no-legend is requested
1c7de81f89 format-table: allow hiding a specific column
b7f2308bda core: transition to FINAL_SIGTERM state after ExecStopPost=
2867dfbf70 journalctl: show duplicate entries if they are from the same file (#14898)
[...]
- Upgrade to v245 (commit 74e2e834b4282c9bbdc12014f6ccf8d86e542b8d)
See https://github.com/openSUSE/systemd/blob/SUSE/v245/NEWS for
details.
The new tools provided by systemd repart, userdb, homed, fdisk,
pwquality, p11kit feature have been disabled for now as they require
reviews first.
Default to the "unified" cgroup hierarchy. Indeed most prominent
users of cgroup (such as libvirt, kubic) should be ready for such
change. It's still possible to switch back to the old "hybrid"
hierarchy by passing "systemd.unified_cgroup_hierarchy=0" option to
the kernel command line though.
Added 0001-Revert-job-Don-t-mark-as-redundant-if-deps-are-relev.patch:
upstream commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533 has been
reverted for now on as it introduced a behavior change which has
impacted plymouth at least.
- add systemd-network-generator.service file together with systemd-network-generator binary
==== webkit2gtk3 ====
Version update (2.28.0 -> 2.28.1)
Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles
- Update to version 2.28.1 (boo#1169658):
+ Fix position of default option element popup windows under
Wayland.
+ Fix rendering after a cross site navigation with PSON enabled
and hardware acceleration forced.
+ Fix a crash in nested wayland compositor when closing a tab
with PSON enabled.
+ Update Chrome and Firefox versions in user agent quirks.
+ Fix a crash with bubblewrap sandbox enabled.
+ Fix a crash in JavaScriptCore in ppc64el.
+ Fix the build with GStreamer 1.12.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2020-11793.
- Drop webkit2gtk3-gstreamer-build-fix.patch: Fixed upstream.
- Add webkit2gtk3-gstreamer-build-fix.patch: fix build with
gstreamer 1.12 (webkit#209296).
- Rebase webkit-process.patch.
- Use WebKit defaults for ENABLE_JIT and USE_SYSTEM_MALLOC, except
for aarch64. WebKit now sets reasonable defaults based on
architecture. Disable on aarch64 in case a user is still using
the kernel-64kb package.
- Use bubblewrap, xdg-dbus-proxy, wpe, and wpebackend-fdo on 15.2;
they had been unintentionally excluded.
- Increase mem_per_process; otherwise fails on SLE/Leap.
==== xen ====
Version update (4.13.0_11 -> 4.13.0_12)
- bsc#1169392 - VUL-0: CVE-2020-11742: xen: Bad continuation
handling in GNTTABOP_copy (XSA-318)
5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch
- bsc#1168140 - VUL-0: CVE-2020-11740, CVE-2020-11741: xen: XSA-313
multiple xenoprof issues
5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch
5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch
- bsc#1168142 - VUL-0: CVE-2020-11739: xen: XSA-314 - Missing
memory barriers in read-write unlock paths
5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch
- bsc#1168143 - VUL-0: CVE-2020-11743: xen: XSA-316 - Bad error
path in GNTTABOP_map_grant
5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch
- bsc#1167152 - L3: Xenstored Crashed during VM install Need Core
analyzed
5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch
- bsc#1165206 - Xen 4.12 DomU hang / freeze / stall / NMI watchdog
bug soft lockup CPU #0 stuck under high load / upstream with
workaround. See also bsc#1134506
5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch
5e86f7fd-credit2-fix-credit-too-few-resets.patch
- Drop for upstream solution (bsc#1165206)
01-xen-credit2-avoid-vcpus-to.patch
default-to-credit1-scheduler.patch
- Upstream bug fixes (bsc#1027519)
5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch
5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch
5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch
5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch
5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch
5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch
5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch
5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch
5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch
5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch
5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch
==== xfsprogs ====
Version update (5.5.0 -> 5.6.0)
- update to v5.6.0:
* xfs_scrub: don't set WorkingDirectory in systemd job
* xfsprogs: fix silently broken option parsing
* xfsprogs: various minor Coverity fixes
* xfs_repair: fix dir_read_buf use of libxfs_da_read_buf
* libxfs: check retval of device flush when closing
* xfs_io: set exitcode on failure appropriately
* libxfs changes merged from kernel 5.6