Packages changed:
cups (2.3b6 -> 2.3.3)
dhcp
glib2 (2.64.6 -> 2.66.2)
grub2
kernel-source (5.8.15 -> 5.9.1)
libpwquality (1.4.2 -> 1.4.4)
librsvg (2.48.8 -> 2.50.1)
libwpe (1.6.0 -> 1.8.0)
microos-tools (2.5 -> 2.6)
open-vm-tools (11.1.5 -> 11.2.0)
perl-URI (1.76 -> 5.05)
transactional-update (2.27 -> 2.28)
wpebackend-fdo (1.6.1 -> 1.8.0)
=== Details ===
==== cups ====
Version update (2.3b6 -> 2.3.3)
Subpackages: cups-client cups-config libcups2 libcupsimage2
- Version upgrade to 2.3.3:
- CVE-2020-3898: The `ppdOpen` function did not handle invalid UI
constraint. `ppdcSource::get_resolution` function did not
handle invalid resolution strings.
- CVE-2019-8842: The `ippReadIO` function may under-read an
extension field.
- Fixed WARNING_OPTIONS support for GCC 9.x
Changes in CUPS 2.3.2:
Localization updates
Changes in CUPS 2.3.1:
- CVE-2019-2228: The `ippSetValuetag` function did not validate
the default language value.
- Fixed a crash bug in the web interface.
- The PPD cache code now looks up page sizes using their
dimensions.
- PPD files containing "custom" option keywords did not work.
- Added a workaround for the scheduler's systemd support.
- Added a DigestOptions directive for the `client.conf` file to
control whether MD5-based Digest authentication is allowed.
- Fixed a bug in the handling of printer resource files.
- The libusb-based USB backend now reports an error when the
distribution permissions are wrong.
- Added paint can labels to Dymo driver.
- The `ippeveprinter` program now supports authentication.
- The `ippeveprinter` program now advertises DNS-SD services on
the correct interfaces, and provides a way to turn them off.
- The `--with-dbusdir` option was ignored by the configure
script.
- Sandboxed applications were not able to get the default
printer.
- Log file access controls were not preserved by `cupsctl`.
- Default printers set with `lpoptions` did not work in all
cases.
- Fixed an error in the jobs web interface template.
- Fixed an off-by-one error in `ippEnumString`.
- Fixed some new compiler warnings.
- Fixed a few issues with the Apple Raster support.
- The IPP backend did not detect all cases where a job should be
retried using a raster format.
- Fixed spelling of "fold-accordion".
- Fixed the default common name for TLS certificates used by
`ippeveprinter`.
- Fixed the option names used for IPP Everywhere finishing
options.
- Added support for the second roll of the DYMO Twin/DUO label
printers.
Changes in CUPS v2.3.0:
- CVE-2019-8696 and CVE-2019-8675: Fixed SNMP buffer overflows.
- Added a GPL2/LGPL2 exception to the new CUPS license terms.
- Fixed a bug in the scheduler job cleanup code.
- Fixed builds when there is no TLS library.
- "make" failed with GZIP options.
- Fixed potential excess logging from the scheduler when removing
job files.
- Fixed a NULL pointer dereference bug in `httpGetSubField2`.
- Added FIPS-140 workarounds for GNU TLS.
- The scheduler no longer provides a default value for the
description.
- The scheduler now logs jobs held for authentication using the
error level so it is clear what happened.
- The `lpadmin` command did not always update the PPD file for
changes to the `cupsIPPSupplies` and `cupsSNMPSupplies` keywords.
- The scheduler now uses both the group's membership list as well
as the various OS-specific membership functions to determine
whether a user belongs to a named group.
- Added USB quirks rule for HP LaserJet 1015.
- Fixed some PPD parser issues.
- The IPP parser no longer allows invalid member attributes in
collections.
- The configure script now treats the "wheel" group as a
potential system group.
- Fixed IPP buffer overflow.
- Fixed memory disclosure issue in the scheduler.
- Fixed DoS issues in the scheduler.
- Fixed an issue with unsupported "sides" values in the IPP
backend.
- The scheduler would restart continuously when idle and printers
were not shared.
- Fixed an issue with `EXPECT !name WITH-VALUE ...` tests.
- Fixed a command ordering issue in the Zebra ZPL driver.
- Fixed a memory leak in `ppdOpen`.
Changes in CUPS v2.3rc1:
- The `cups-config` script no longer adds extra libraries when linking against
shared libraries.
- The supplied example print documents have been optimized for
size.
- The `cupsctl` command now prevents setting "cups-files.conf"
directives.
- The "forbidden" message in the web interface is now explained.
- The footer in the web interface covered some content on small
displays.
- The libusb-based USB backend now enforces read limits,
improving print speed in many cases.
- The `ippeveprinter` command now looks for print commands in
the "command" subdirectory.
- The `ipptool` command now supports `$date-current` and
`$date-start` variables to insert the current and starting date
and time values, as well as ISO-8601 relative time values such
as "PT30S" for 30 seconds in the future.
Changes in CUPS v2.3b8
- Media size matching now uses a tolerance of 0.5mm.
- The lpadmin command would hang with a bad PPD file.
- Fixed a potential crash bug in cups-driverd.
- Fixed a performance regression with large PPDs.
- Fixed a memory reallocation bug in HTTP header value expansion.
- Timed out job submission now yields an error.
- Restored minimal support for the `Emulators` keyword in PPD
files to allow old Samsung printer drivers to continue to work.
- The scheduler did not encode octetString values like
"job-password" correctly for the print filters.
- The `cupsCheckDestSupported` function did not check octetString
values correctly.
- Added support for `UserAgentTokens` directive in "client.conf".
- Updated the systemd service file for cupsd.
- The `ippValidateAttribute` function did not catch all instances
of invalid UTF-8 strings.
- Fixed an issue with the self-signed certificates generated by
GNU TLS.
- Fixed a potential memory leak when reading at the end of a
file.
- Fixed potential unaligned accesses in the string pool.
- Fixed a potential memory leak when loading a PPD file.
- Added a USB quirks rule for the Lexmark E120n.
- Updated the USB quirks rule for Zebra label printers.
- The lpadmin command, web interface, and scheduler all queried
an IPP Everywhere printer differently, resulting in different
PPDs for the same printer.
- The web interface no longer provides access to the log files.
- Non-Kerberized printing to Windows via IPP was broken.
- The scheduler no longer stops a printer if an error occurs when
a job is canceled or aborted.
- Added a USB quirks rule for the DYMO 450 Turbo.
- Added a USB quirks rule for Xerox printers.
- The scheduler's self-signed certificate did not include all of
the alternate names for the server when using GNU TLS.
- Fixed some PPD caching and IPP Everywhere PPD
accounting/password bugs.
- Fixed `PreserveJobHistory` bug with time values.
- The scheduler no longer advertises the HTTP methods it
supports.
- The scheduler did not always idle exit as quickly as it could.
- Added a new `ippeveprinter` command based on the old ippserver
sample code.
Changes in CUPS v2.3b7
- Running ppdmerge with the same input and output filenames did
not work as advertised.
- Rebase let-cupsd-start-after-network.patch and
cups-config-libs.patch.
- Drop issue5509-fix-utf-8-validation-issue.patch and
issue5453.patch: fixed upstream.
==== dhcp ====
Subpackages: dhcp-client
- Complete the /var/run -> /run migration by renaming
/var/lib/dhcp/var/run accordingly (boo#1177951).
==== glib2 ====
Version update (2.64.6 -> 2.66.2)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Enable building of documentation:
+ Toggle gtk_doc from bcond_with to bcond_without.
+ Use sed to replace gtk-doc version in
docs/reference/meson.build with 1.32.
- Update to version 2.66.2:
+ Important and time-critical fix to DST transitions which will
happen in Europe on 2020-10-25 on distributions which use the
?slim? tzdata format (which is now the default in tzdata/tzcode
2020b).
+ Further timezone handling changes to restore support for
changing the timezone when `/etc/localtime/` changes.
+ Fix deadlock on Windows when `G_SLICE` is set in the
environment.
+ Fix UTF-8 validation when escaping URI components.
+ Updated translations.
- Update to version 2.66.1:
+ A performance problem where timezones were reloaded from disk
every time a `GTimeZone` was created has been fixed, but this
means that changes to `/etc/localtime` will not take effect
until a process restarts; future changes in a subsequent 2.66.x
release will improve this.
+ Security fix for incorrect scope/zone ID parsing in URIs.
+ Updated translations.
- Update to version 2.66.0:
+ * Bugs fixed:
- Missing tab in makefile rule.
- guri: Fix user passed to g_uri_split_with_user() not being
NULL'd.
+ Updated translations.
- Update to version 2.65.3:
+ Fixes to the new `statx()` calls ? note that since GLib 2.65.2
uses `statx()` (if available) instead of
`stat()`/`fstat()`/`lstat()`/`fstatat()`, syscall sandboxing
for third party applications might need to be updated.
+ Updated translations.
- Update to version 2.65.2:
+ Support `statx()` and `G_FILE_ATTRIBUTE_TIME_CREATED`.
+ Fix deadlock in `g_subprocess_communicate_async()`.
+ Add `%f`/microsecond placeholder support to
`g_date_time_format()`.
- Changes from version 2.65.1:
+ Add `GUri` API for parsing, building and representing URIs
according to [RFC 3986](https://tools.ietf.org/html/rfc3986).
+ Fix handling of xattr data with embedded nuls.
+ Add `g_file_set_contents_full()` which gives more control over
fsyncs.
+ Add a `x-gvfs-notrash` option to disable trash on certain
mounts.
+ Support ?slim? TZif files generated with `zic -b slim`.
+ Support emitting profiling marks from `GMainContext` to sysprof
capture files.
+ Accept IPv6 zone IDs in `g_hostname_is_ip_address()`.
+ Updated translations.
- Rebase glib2-gdbus-codegen-version.patch.
- Build without gtk-doc: it would require a not yet released
version of gtk-doc.
==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi
- Fix grub2-install error with "failed to get canonical path of
`/boot/grub2/i386-pc'." (bsc#1177957)
* Modified 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
- Fix https boot interrupted by unrecognised network address error message
(bsc#1172952)
* 0001-add-support-for-UEFI-network-protocols.patch
- grub2.spec: Fix bare words used as string in expression which is no longer
allowed in rpm 4.16
- Improve the error handling when grub2-install fails with short mbr gap
(bsc#1176062)
* 0001-Warn-if-MBR-gap-is-small-and-user-uses-advanced-modu.patch
* 0002-grub-install-Avoid-incompleted-install-on-i386-pc.patch
==== kernel-source ====
Version update (5.8.15 -> 5.9.1)
- vt_ioctl: fix GIO_UNIMAP regression (5.9 GIO_UNIMAP regression).
- commit 15946ea
- kernel-binary.spec.in: pack scripts/module.lds into kernel-$flavor-devel
Since mainline commit 596b0474d3d9 ("kbuild: preprocess module linker
script") in 5.10-rc1, scripts/module.lds linker script is needed to build
out of tree modules. Add it into kernel-$flavor-devel subpackage.
- commit fe37c16
- drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
(bsc#1177973).
- drm/amd/display: Fix kernel panic by dal_gpio_open() error
(bsc#1177973).
- commit 3f21462
- series.conf: cleanup
- move to "almost mainline" section:
patches.suse/coresight-fix-offset-by-one-error-in-counting-ports.patch
- commit 8e0635b
- Refresh
patches.suse/coresight-fix-offset-by-one-error-in-counting-ports.patch.
Update upstream status.
- commit 7b40cc9
- Linux 5.9.1 (bsc#1012628).
- Bluetooth: MGMT: Fix not checking if BT_HS is enabled
(bsc#1012628).
- media: usbtv: Fix refcounting mixup (bsc#1012628).
- USB: serial: option: add Cellient MPL200 card (bsc#1012628).
- USB: serial: option: Add Telit FT980-KS composition
(bsc#1012628).
- staging: comedi: check validity of wMaxPacketSize of usb
endpoints found (bsc#1012628).
- USB: serial: pl2303: add device-id for HP GC device
(bsc#1012628).
- USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART
adapters (bsc#1012628).
- vt_ioctl: make VT_RESIZEX behave like VT_RESIZE (bsc#1012628).
- reiserfs: Initialize inode keys properly (bsc#1012628).
- reiserfs: Fix oops during mount (bsc#1012628).
- Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers"
(bsc#1012628).
- crypto: bcm - Verify GCM/CCM key length in setkey (bsc#1012628).
- crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
(bsc#1012628).
- commit b7f511b
- update patches metadata
- update upstream references:
patches.suse/Bluetooth-A2MP-Fix-not-initializing-all-members.patch
patches.suse/Bluetooth-L2CAP-Fix-calling-sk_filter-on-non-socket-.patch
- commit b1f22f7
==== libpwquality ====
Version update (1.4.2 -> 1.4.4)
Subpackages: libpwquality-tools libpwquality1 pam_pwquality
- update to 1.4.4
* e11f2bd Fix regression with enabling cracklib check
* 02e6728 Use make macros in rpm spec file
* xxxxxxx Translated using Weblate (Polish, Turkish, Ukrainian)
- update to 1.4.3
* 1213d33 Update translation files
* a951fbe Add --disable-cracklib-check configure parameter
* 6a8845b fixup static compilation
* 92c6066 python: Add missing getters/setters for newly added settings
* bfef79d Add usersubstr check
* 09a2e65 pam_pwquality: Add debug message for the local_users_only option
* a6f7705 Fix some gcc warnings
* 8c8a260 pwmake: Properly validate the bits parameter.
* 7be4797 we use Fedora Weblate now
* xxxxxxx Translated using Weblate (Azerbaijani, Bulgarian,
Chinese (Simplified), Czech, French, Friulian, Hungarian, Italian,
Japanese, Norwegian Bokmål, Persian, Russian, Spanish, Turkish)
==== librsvg ====
Version update (2.48.8 -> 2.50.1)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 rsvg-thumbnailer typelib-1_0-Rsvg-2_0
- Update to version 2.50.1:
+ SVG2: Support a chain of uri() filters in the "filter"
property.
+ Support CSS selectors for attribute matching, like
rect[attr^="prefix"].
+ Fixed the geometry_for_layer() APIs to not ignore the passed
viewport.
+ Fixed CSS "import" so it allows only files from the same base
directory.
+ The pkg-config files (*.pc) do not define the 'svgz_supported'
and 'css_supported' variables anymore. These variables were
hardcoded to 'true' and unchanged since 2011.
+ The source repository no longer produces a
librsvg-uninstalled.pc file.
- Update to version 2.50.0:
+ Librsvg now consumes much less memory for large SVG files.
+ The 'font' shorthand in is now supported in CSS. Librsvg
ignores the 'line-height' sub-property because it cannot be
done easily with Pango, but everything else in 'font' should
work now.
+ Many new features from SVG2:
- radialGradient now supports the "fr" property from SVG2.
- Support href attribute in addition to xlink:href per SVG2.
- Ignore missing filter references per SVG2.
- Support the mix-blend-mode property from SVG2 and the
Compositing and Blending Level 1 specification, so layers can
be composited with operators like multiply/screen/color-burn.
- Support the paint-order property from SVG2, so one can pick
the order in which a path's fill/stroke/markers are drawn.
+ Updated translations.
==== libwpe ====
Version update (1.6.0 -> 1.8.0)
- Update to version 1.8.0:
+ New build configuration system based on Meson. The existing
CMake-based system is still maintained, and both produce the
same outputs.
+ Hidden visibility is now used by default for symbols, and only
those belonging to the public API are exported.
- Switch to meson.
==== microos-tools ====
Version update (2.5 -> 2.6)
- Update to version 2.6
- Don't delete autorelabel file in initrd
==== open-vm-tools ====
Version update (11.1.5 -> 11.2.0)
Subpackages: libvmtools0
- Update to 11.2.0 (build 16938113) (boo#1177987)
+ Fixed memory leak occurs in disk device mapping information for IDE,
SATA or SAS (LSI Logic SAS) disks configured in the guest.
+ The following issues and pull requests reported on
https://github.com/vmware/open-vm-tools have been addressed:
https://github.com/vmware/open-vm-tools/issues/429
https://github.com/vmware/open-vm-tools/pull/431
https://github.com/vmware/open-vm-tools/pull/432
https://github.com/vmware/open-vm-tools/issues/452
+ A number of Coverity reported errors and false positives have been
addressed.
+ A complete list of the granular changes that are in the open-vm-tools
11.2.0 release is available at:
https://github.com/vmware/open-vm-tools/blob/stable-11.2.0/open-vm-tools/ChangeLog
- Update pam-vmtoolsd.patch (boo#1177987): removed the pam_securetty.so line
from the new suse file. Modified the Makefile.am to copy the suse file to
the /etc/pam.d/vmtoolsd file rather than the default generic file.
==== perl-URI ====
Version update (1.76 -> 5.05)
- updated to 5.05
see /usr/share/doc/packages/perl-URI/Changes
5.05 2020-10-21 13:00:44Z
- Bump all versions to 5.05 in order to remove various version mismatches.
(GH #77) (Olaf Alders)
- Add a simple test case for an ipv6 host (GH#66) (Olaf Alders)
==== transactional-update ====
Version update (2.27 -> 2.28)
Subpackages: transactional-update-zypp-config
- Version 2.28
- Add 'setup-selinux' command for easy setup of a SELinux system
- Allow complex commands for the 'run' command
- SELinux: Fix /etc / overlay labeling
==== wpebackend-fdo ====
Version update (1.6.1 -> 1.8.0)
- Update to version 1.8.0:
+ Added new API for the audio rendering protocol, which allows
embedders to receive audio samples instead of letting WPE
WebKit handle their playback.
+ Added support to export frames using EGLStreams, which can be
used e.g. with Nvidia GPUs.
+ New build configuration system based on Meson. The existing
CMake-based system is still maintained, and both produce the
same outputs.
+ Use libepoxy for EGL operations.
- Switch to meson.
- Add epoxy to BuildRequires: new dependency.