Packages changed: bluez dpdk dpdk-thunderx eekboard icewm-theme-branding (1.2.4 -> 1.2.5) libfprint (1.90.1 -> 1.90.3) libzypp (17.25.0 -> 17.25.1) nodejs14 (14.9.0 -> 14.12.0) openblas_openmp perl-Mojolicious (8.59 -> 8.60) procps python-attrs (19.3.0 -> 20.2.0) python-pyzmq tigervnc virt-manager wireshark (3.2.6 -> 3.2.7) zypper (1.14.39 -> 1.14.40) zypper-lifecycle-plugin (0.6.1596796104.87bdab7 -> 0.6.1601367426.843fe7a) === Details === ==== bluez ==== Subpackages: libbluetooth3 - Packaging: remove _service and accompanying README.md, maintenance in git did not work out as well as intended. ==== dpdk ==== - Add patches to fix vulnerability where malicious guest can harm the host using vhost crypto, this includes executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host (bsc#1176590). * 0001-vhost-crypto-fix-pool-allocation.patch * 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch * 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch * 0004-vhost-crypto-fix-incorrect-write-back-source.patch * 0005-vhost-crypto-fix-data-length-check.patch * 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch ==== dpdk-thunderx ==== - Add patches to fix vulnerability where malicious guest can harm the host using vhost crypto, this includes executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host (bsc#1176590). * 0001-vhost-crypto-fix-pool-allocation.patch * 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch * 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch * 0004-vhost-crypto-fix-incorrect-write-back-source.patch * 0005-vhost-crypto-fix-data-length-check.patch * 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch ==== eekboard ==== - fix libexecdir ==== icewm-theme-branding ==== Version update (1.2.4 -> 1.2.5) - Improve spec: * Conditionally define icewm_version to the version number used in Leap/SLE 15 code stream and Tumbleweed. - Version update to 1.2.5 * Update the format of SLE backgound image to png (bsc#1176835). * Drop upstreamed add-adwaita-legacy-iconpath-to-preference.patch. - Update spec * Keep the format of Leap background image to jpg. - fixed obsoletion of icemwm-upstream-config (bsc#1173441 bsc#1170420) - Improve spec: * Make a more explict summary since this package is not used by openSUSE Tumbleweed. * Introduce %{icewm_version} to make the provided capability had a consistent version number with icewm-config-upstream. * Explicitly obsoletes icewm-config-upstream to fix the "zypper dup" issue on Leap (bsc#1170420). ==== libfprint ==== Version update (1.90.1 -> 1.90.3) - update to 1.90.3: * New goodixmoc driver supporting Goodix USB devices: 27C6:5840 27C6:6496 27C6:60A2 * Newly added support for Synaptics device: 06CB:00E9 06CB:00DF * Fixed an issue with Synaptics devices sometimes not working at boot * Fix issue with aes3k driver (#306) * A patch for nbis required for some sensors was accidentally dropped in an earlier release Users of these sensors/drivers need to re-enroll ==== libzypp ==== Version update (17.25.0 -> 17.25.1) - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - version 17.25.1 (22) ==== nodejs14 ==== Version update (14.9.0 -> 14.12.0) Subpackages: npm14 - Update to version 14.12.0: * n-api: + create N-API version 7 + add more property defaults - Changes since version 14.9.0 * deps: + update llhttp to 2.1.2 (bsc#1176605, CVE-2020-8201) + http: add requestTimeout. Fixes Denial of Service by resource exhaustion due to unfinished HTTP/1.1 requests (bsc#1176604, CVE-2020-8251) + buffer: also alias BigUInt methods + crypto: add randomInt function + perf_hooks: add idleTime and event loop util + stream: simpler and faster Readable async iterator + stream: save error in state ==== openblas_openmp ==== - For s390/s390x add TARGET=ZARCH_GENERIC (jsc#SLE-13773). ==== perl-Mojolicious ==== Version update (8.59 -> 8.60) - updated to 8.60 see /usr/share/doc/packages/perl-Mojolicious/Changes 8.60 2020-09-27 - Improved reset method in Mojo::IOLoop to prevent close event to be emitted in affected streams. (kiwiroy) - Improved cookbook with Envoy deployment recipe. (zakame) ==== procps ==== Subpackages: libprocps8 - Replace patch procps-ng-3.3.16-comm_len.patch with upstream commitment patch procps-ng-3e1c00d0.patch (bsc#1158830) ==== python-attrs ==== Version update (19.3.0 -> 20.2.0) - update to 20.2.0: - Python 3.4 is not supported anymore. - ``attr.define()``, ``attr.frozen()``, ``attr.mutable()``, and ``attr.field()`` remain **provisional**. This release fixes a bunch of bugs and ergonomics but they remain mostly unchanged. Further changes see included CHANGELOG.rst ==== python-pyzmq ==== - raise test timeout limit to 5m and define an console encoding ==== tigervnc ==== Subpackages: libXvnc1 xorg-x11-Xvnc xorg-x11-Xvnc-module - U_0001-Properly-store-certificate-exceptions.patch, U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch * Properly store certificate exceptions (boo#1176733) - adjusted u_tigervnc-add-autoaccept-parameter.patch ==== virt-manager ==== Subpackages: virt-install virt-manager-common - Upstream bug fixes (bsc#1027942) ba08f84b-addstorage-Return-to-using-qcow2-sparse-by-default.patch a010c49b-cli-Fix-os-variant-help-introspection.patch 79ebcbcb-viewers-Fix-spice-audio.patch e5a51f63-details-Change-Close-accelerator-to-ctrl+shift+w.patch 9c13d2f8-Remove-use-of-problematic-terminology.patch ==== wireshark ==== Version update (3.2.6 -> 3.2.7) Subpackages: libwireshark13 libwiretap10 libwsutil11 wireshark-ui-qt - wireshark 3.2.7: * CVE-2020-25863: MIME Multipart dissector crash (boo#1176908) * CVE-2020-25862: TCP dissector crash (boo#1176909) * CVE-2020-25866: BLIP dissector crash (boo#1176910) - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.2.7.html ==== zypper ==== Version update (1.14.39 -> 1.14.40) Subpackages: zypper-log zypper-needs-restarting - info: Assume descriptions starting with '

' are richtext (bsc#935885) - version 1.14.40 ==== zypper-lifecycle-plugin ==== Version update (0.6.1596796104.87bdab7 -> 0.6.1601367426.843fe7a) - Version 0.6.1601367426.843fe7a - Allow wildcard matching (jsc#SLE-14168) - Implement successor handling (jsc#SLE-16251)