Packages changed: Mesa (21.2.2 -> 21.2.3) Mesa-demo Mesa-drivers (21.2.2 -> 21.2.3) MozillaFirefox (92.0 -> 92.0.1) MozillaThunderbird (91.1.0 -> 91.1.2) audit (3.0.3 -> 3.0.5) audit-secondary (3.0.3 -> 3.0.5) blog (2.20 -> 2.21) btrfsprogs (5.14 -> 5.14.1) codec2 (1.0.0 -> 1.0.1) crypto-policies (20210225.05203d2 -> 20210917.c9d86d1) desktop-file-utils diffutils dracut (055+suse.117.ge5fc2048 -> 055+suse.119.g6c4187af) exim (4.94.2 -> 4.95) ffmpeg-4 gamin gcc gd gegl iio-sensor-proxy (3.1 -> 3.3) inotify-tools (3.20.11.0 -> 3.21.9.5) kernel-firmware (20210901 -> 20210928) knewstuff liberation-fonts (2.1.4 -> 2.1.5) libinput (1.19.0 -> 1.19.1) libmtp (1.1.18 -> 1.1.19) libnss_usrfiles libsoup libsrtp2 (2.4.1 -> 2.4.2) libstorage-ng (4.4.37 -> 4.4.41) libupnp (1.14.10 -> 1.14.12) libva libva-gl mailutils (3.8 -> 3.13) mhvtl (1.63_release+759.35ddb48e5262_k5.14.6_1 -> 1.63_release+759.35ddb48e5262_k5.14.6_2) monitoring-plugins mozjs78 (78.13.0 -> 78.14.0) nmap open-iscsi openSUSE-build-key openafs opie perl-Convert-ASN1 (0.31 -> 0.33) perl-Mail-AuthenticationResults (2.20210112 -> 2.20210915) perl-ldap perl-libwww-perl (6.56 -> 6.57) portaudio (190600_20161030 -> 190700_20210406) publicsuffix (20210908 -> 20210928) python python-base python-evtx (0.6.1 -> 0.7.4) python-jmespath python-requests-oauthlib python-tabulate rav1e rtl8812au (5.9.3.2+git20210427.6ef5d8f_k5.14.6_1 -> 5.9.3.2+git20210427.6ef5d8f_k5.14.6_2) salt (3002.2 -> 3003.3) selinux-policy systemd sysvinit (2.99 -> 3.00) tdb (1.4.3 -> 1.4.4) tevent (0.10.2 -> 0.11.0) xrdb xwayland yast2-alternatives (4.3.1 -> 4.4.0) yast2-installation (4.4.18 -> 4.4.19) yast2-slp-server (4.3.0 -> 4.4.0) yast2-storage-ng (4.4.7 -> 4.4.8) zimg (3.0.1 -> 3.0.3) === Details === ==== Mesa ==== Version update (21.2.2 -> 21.2.3) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.2.3 * third bugfix release ==== Mesa-demo ==== - Introduce new subpackage -es for GLES based demos - Symlink es2_info, es2gears_x11, es2tri to %_bindir ==== Mesa-drivers ==== Version update (21.2.2 -> 21.2.3) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon - update to 21.2.3 * third bugfix release ==== MozillaFirefox ==== Version update (92.0 -> 92.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 92.0.1 * Fixed: Fixes an issue where audio playback was not working on some Linux systems (bmo#1730499) * Fixed: Fixes issues with the findbar close button on different operating systems (bmo#1728368) ==== MozillaThunderbird ==== Version update (91.1.0 -> 91.1.2) - Mozilla Thunderbird 91.1.2 * Thunderbird will now warn if an S/MIME encrypted message includes BCC recipients * several bugfixes listed on https://www.thunderbird.net/en-US/thunderbird/91.1.2/releasenotes/ - Mozilla Thunderbird 91.1.1 * Menu item for disabling subject encryption for a single message added * Printing messages that are not currently displayed is no longer supported, including printing multiple messages at once * for bugfixes see https://www.thunderbird.net/en-US/thunderbird/91.1.1/releasenotes - MOZ_ENABLE_WAYLAND env variable now overrides automatic detection if already set before startup ==== audit ==== Version update (3.0.3 -> 3.0.5) Subpackages: libaudit1 libauparse0 - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ==== audit-secondary ==== Version update (3.0.3 -> 3.0.5) Subpackages: audit python3-audit system-group-audit - Fix hardened auditd.service (bsc#1181400) * add fix-hardened-service.patch Make /etc/audit read-write from the service. Remove PrivateDevices=true to expose /dev/* to auditd.service. - Enable stop rules for audit.service (cf. bsc#1190227) * add enable-stop-rules.patch - Change default log_format from ENRICHED to RAW (bsc#1190500): * add change-default-log_format.patch (SUSE-specific patch) - Update to version 3.0.5: * In auditd, flush uid/gid caches when user/group added/deleted/modified * Fixed various issues when dealing with corrupted logs * In auditd, check if log_file is valid before closing handle - Include fixed from 3.0.4: * Apply performance speedups to auparse library * Optimize rule loading in auditctl * Fix an auparse memory leak caused by glibc-2.33 by replacing realpath * Update syscall table to the 5.14 kernel * Fixed various issues when dealing with corrupted logs ==== blog ==== Version update (2.20 -> 2.21) Subpackages: libblogger2 - Move to /usr for UsrMerge (boo#1191057) ==== btrfsprogs ==== Version update (5.14 -> 5.14.1) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.14.1 * fixes: * defrag: fix parsing of compression (option -c) * add workaround for old kernels when reading zone sizes * let only check and restore open the fs with transid failures, namely preventing btrfstune to do so * convert: --uuid copy does not fail on duplicate uuids ==== codec2 ==== Version update (1.0.0 -> 1.0.1) - Update to version 1.0.1: * Release to support freedv-gui 1.6.1 ==== crypto-policies ==== Version update (20210225.05203d2 -> 20210917.c9d86d1) Subpackages: crypto-policies-scripts - Remove the scripts and documentation regarding fips-finish-install and test-fips-setup * Add crypto-policies-FIPS.patch - Update to version 20210917.c9d86d1: * openssl: fix disabling ChaCha20 * pacify pylint 2.11: use format strings * pacify pylint 2.11: specify explicit encoding * fix minor things found by new pylint * update-crypto-policies: --check against regenerated * update-crypto-policies: fix --check's walking order * policygenerators/gnutls: revert disabling DTLS0.9... * policygenerators/java: add javasystem backend * LEGACY: bump 1023 key size to 1024 * cryptopolicies: fix 'and' in deprecation warnings * *ssh: condition ecdh-sha2-nistp384 on SECP384R1 * nss: hopefully the last fix for nss sigalgs check * cryptopolicies: Python 3.10 compatibility * nss: postponing check + testing at least something * Rename 'policy modules' to 'subpolicies' * validation.rules: fix a missing word in error * cryptopolicies: raise errors right after warnings * update-crypto-policies: capitalize warnings * cryptopolicies: syntax-precheck scope errors * .gitlab-ci.yml, Makefile: enable codespell * all: fix several typos * docs: don't leave zero TLS/DTLS protocols on * openssl: separate TLS/DTLS MinProtocol/MaxProtocol * alg_lists: order protocols new-to-old for consistency * alg_lists: max_{d,}tls_version * update-crypto-policies: fix pregenerated + local.d * openssh: allow validation with pre-8.5 * .gitlab-ci.yml: run commit-range against upstream * openssh: Use the new name for PubkeyAcceptedKeyTypes * sha1_in_dnssec: deprecate * .gitlab-ci.yml: test commit ranges * FIPS:OSPP: sign = -*-SHA2-224 * scoped policies: documentation update * scoped policies: use new features to the fullest... * scoped policies: rewrite + minimal policy changes * scoped policies: rewrite preparations * nss: postponing the version check again, to 3.64 - Remove patches fixed upstream: crypto-policies-typos.patch - Rebase: crypto-policies-test_supported_modules_only.patch - Merge crypto-policies-asciidoc.patch into crypto-policies-no-build-manpages.patch ==== desktop-file-utils ==== - suse-update-mime-defaults: add Pantheon desktop environment ==== diffutils ==== - Skip stack overflow tests under qemu emulation (bsc#1190046) ==== dracut ==== Version update (055+suse.117.ge5fc2048 -> 055+suse.119.g6c4187af) Subpackages: dracut-mkinitrd-deprecated - Update to version 055+suse.119.g6c4187af: * fix(suse-initrd): handle cases with zero modprobe.d files (bsc#1189895) ==== exim ==== Version update (4.94.2 -> 4.95) - update to exim 4.95 * includes taintwarn (taintwarn.patch) * fast-ramp queue run * native SRS * TLS resumption * LMDB lookups with single key * smtp transport option "message_linelength_limit" * optionally ignore lookup caches * quota checking for appendfile transport during message reception * sqlite lookups allow a "file=" option * lsearch lookups allow a "ret=full" option * command line option for the notifier socket * faster TLS startup * new main config option "proxy_protocol_timeout" * expand "smtp_accept_max_per_connection" * log selector "queue_size_exclusive" * main config option "smtp_backlog_monitor" * main config option "hosts_require_helo" * main config option "allow_insecure_tainted_data" ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavdevice58_13 libavfilter7_110 libavformat58_76 libavresample4_0 libavutil56_70 libpostproc55_9 libswresample3_9 libswscale5_9 - Add ffmpeg-CVE-2020-22037.patch: Backport from upstream to fix denial of service vulnerability exists due to a memory leak in avcodec_alloc_context3 at options.c (bsc#1186756). ==== gamin ==== - Fix source URI. ==== gcc ==== Subpackages: cpp gcc-info libstdc++-devel - Move /lib/cpp to /usr/lib/cpp for the usr merge. [bsc#1191060] ==== gd ==== Subpackages: libgd3 - reenable gd/gd2 legacy formats, was disabled by upstream by default [bsc#1190762] ==== gegl ==== Subpackages: gegl-0_4 libgegl-0_4-0 - Also disable luajit on ppc64le and s390x. Package is unavailable. ==== iio-sensor-proxy ==== Version update (3.1 -> 3.3) - Update to version 3.3: * Fix a bug left-over in one of the 3.2 bug fixes where some accelerometers would fail to initialise. - Changes from version 3.2: * Fix problems parsing numbers with decimal separator. - Require gudev >= 237 for building (for consistency with upstream). - Drop the rpmlintrc file and add back appropriate service macros in pre/post scriptlets. ==== inotify-tools ==== Version update (3.20.11.0 -> 3.21.9.5) Subpackages: libinotifytools0 - update to 3.21.9.5: * Fix Wrong pointer passed to realloc * Fix offset compiler warning * various static code analyse annotations and fixes ==== kernel-firmware ==== Version update (20210901 -> 20210928) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210928 (git commit 7a30050592e2): * brcm: Add 43455 based AP6255 NVRAM for the ACEPC T8 Mini PC * linux-firmware: Update firmware file for Intel Bluetooth 9462 * amdgpu: update VCN firmware for dimgrey cavefish * amdgpu: update VCN firmware for navy flounder * amdgpu: update VCN firmware for sienna cichlid * amdgpu: update VCN firmware for vangogh * amdgpu: update VCN firmware for renoir * amdgpu: update VCN firmware for picasso * amdgpu: update VCN firmware for raven2 * amdgpu: update VCN firmware for raven * amdgpu: Add initial firmware for Beige Goby * cxgb4: Update firmware to revision 1.26.2.0 * linux-firmware: update frimware for mediatek bluetooth chip (MT7921) * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * qed: Add firmware 8.59.1.0 * linux-firmware: Update firmware file for Intel Bluetooth AX211 * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update firmware file for Intel Bluetooth 8265 * iwlwifi: add FWs for new So device types with multiple RF modules * amdgpu: add initial firmware for Yellow Carp * i915: Update ADLP DMC v2.12 * linux-firmware: add frimware for mediatek bluetooth chip (MT7922) * linux-firmware: Update AMD SEV firmware (bsc#1186938) * Revert "iwlwifi: add FW for new So/Gf device type" - Update aliases ==== knewstuff ==== Subpackages: knewstuff-imports libKF5NewStuff5 libKF5NewStuff5-lang libKF5NewStuffCore5 - Add upstream patch: * 0001-Include-a-user-agent-on-KNS-requests.patch - Add fix-crash.patch. This patch fixes a crash in DownloadWidget. (kde#443025) ==== liberation-fonts ==== Version update (2.1.4 -> 2.1.5) - Update to release 2.1.5 * More fixes to Superscript and subscript Numbers missing issues. * Fixed inconsistent weight, missing glyphs and GSUB issues. ==== libinput ==== Version update (1.19.0 -> 1.19.1) Subpackages: libinput-udev libinput10 - Update to release 1.19.1 * New: Detects (and works around) buggy devices that claim to have a high-resolution scroll wheel but which do not actually send events. * New assumption that any non-bluetooth touchpad is internal. * Jumping cursor warning has been reduced once again. ==== libmtp ==== Version update (1.1.18 -> 1.1.19) Subpackages: libmtp-udev libmtp9 - updated to 1.1.19 release - Lots of USB ids added, especially Garmin devices - use a local libusb context, not the global one - various bugfixes ==== libnss_usrfiles ==== - Install into _libdir [bsc#1191070] ==== libsoup ==== Subpackages: libsoup-3_0-0 typelib-1_0-Soup-3_0 - Ignore test failure on 32-bit arm, as it is done for 32-bit x86 https://gitlab.gnome.org/GNOME/libsoup/-/issues/236 ==== libsrtp2 ==== Version update (2.4.1 -> 2.4.2) - Update to release 2.4.2 * Fixes an unspecified regression introduced in 2.4.1 ==== libstorage-ng ==== Version update (4.4.37 -> 4.4.41) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1 - merge gh#openSUSE/libstorage-ng#833 - avoid sporadic out-of-memory during build (on Fedora) - 4.4.41 - merge gh#openSUSE/libstorage-ng#832 - added BlkDevice::can_be_removed() - 4.4.40 - merge gh#openSUSE/libstorage-ng#831 - added non-const Encryption::get_blk_device() - 4.4.39 - merge gh#openSUSE/libstorage-ng#830 - added get_encryption_type_name() - coding style - 4.4.38 ==== libupnp ==== Version update (1.14.10 -> 1.14.12) Subpackages: libixml11 libupnp17 - Update to release 1.4.12 * Changes to build system only; nothing user-visible. ==== libva ==== Subpackages: libva-drm2 libva-x11-2 libva2 - fixed JIRA number in previous changelog ==== libva-gl ==== Subpackages: libva-glx2 libva-wayland2 - fixed JIRA number in previous changelog ==== mailutils ==== Version update (3.8 -> 3.13) Subpackages: libmailutils5 - Update to mailutils 3.13 * Fix boo#1190694: mail processing escape sequences in bodies non-interactively * Improved mailbox locking * Changes in the 'locking' configuration statement. * mail utility + Fix semantics of mail sending and saving commands + Fix the -F option + Improve POSIX mailx compatible mode + Compose escapes are recognized only in interactive mode * Bugfixes + QP decoder: Accept soft line breaks (RFC 2045, 6.7, page 19). + Fix stream reference policy in filter streams. + Various bugfixes in IMAP client. + Fix handling of single-path MIME messages. * Fix expunging of mailboxes in mbox and dotmail format in a read-only directory * inc: when updating the "unseen" sequence, translate message numbers to uids * Fix default port selection in SMTP mailer * Fix building the mda utilities with mailbox quotas off * Fix bugs in the testsuite * Support for the traditional mbox format rewritten from scratch * Fix incorrect message flags in maildir * Fix persistency of UIDs for all mailbox formats * Fix message ordering in maildir. * Fix parsing of IMAP ranges * mail + Changed syntax for addressing MIME message part + write command * New utility: decodemail * readmsg + MIME messages are decoded on output + Improve searches * imap4d: implement TLS in inetd mode * imap client code + Fix handling of [TRYCREATE] and similar imap responses * sieve: quoted strings may span several lines * Dropped support for Python 2.x * Rewrite the AM_GNU_MAILUTILS macro to avoid using mailutils-config * mda: restore the message-id-header configuration statement * Changes to the libmailutils library + New functions for MIME parsing and mime object creation: * Bugfixes + Fix intermixed I/O in buffered streams + Fix handling of INTR in the "mail" utility shell + Fix compilation without libunistring + Fix operation of associative arrays in case-insensitive mode + Fix memory leaks + Fix compilation with gcc 10 + smtp mailer: fix multiple open/close on the same mailer + Fix list sort function * dotmail: fix mailbox opening in append-only mode * Fix mda testsuite * Remove deprecated ioctls * mail: fix composing MIME messages * Fix build on FreeBSD * Fix detection of Kerberos libraries * Fix build with Python 3.8 (bug #57318) - Remove patche now upstream * python38-compat.patch * silent-common-mu_tcp_wrapper_daemon.patch - Port patch mailutils-3.5-guile-2.0.patch ==== mhvtl ==== Version update (1.63_release+759.35ddb48e5262_k5.14.6_1 -> 1.63_release+759.35ddb48e5262_k5.14.6_2) - Fix failing OBS build, since it doesn't like empty DB files being installed as part of the package. The DB-creation script was copied from the Makefile (under "make install") to a SPEC-file "%post" script. ==== monitoring-plugins ==== Subpackages: monitoring-plugins-breeze monitoring-plugins-by_ssh monitoring-plugins-cluster monitoring-plugins-common monitoring-plugins-cups monitoring-plugins-dhcp monitoring-plugins-dig monitoring-plugins-disk monitoring-plugins-disk_smb monitoring-plugins-dns monitoring-plugins-dummy monitoring-plugins-file_age monitoring-plugins-flexlm monitoring-plugins-http monitoring-plugins-icmp monitoring-plugins-ide_smart monitoring-plugins-ifoperstatus monitoring-plugins-ifstatus monitoring-plugins-ircd monitoring-plugins-load monitoring-plugins-log monitoring-plugins-mailq monitoring-plugins-mrtg monitoring-plugins-mrtgtraf monitoring-plugins-nagios monitoring-plugins-nt monitoring-plugins-ntp_peer monitoring-plugins-ntp_time monitoring-plugins-nwstat monitoring-plugins-oracle monitoring-plugins-overcr monitoring-plugins-ping monitoring-plugins-procs monitoring-plugins-real monitoring-plugins-rpc monitoring-plugins-sensors monitoring-plugins-smtp monitoring-plugins-ssh monitoring-plugins-swap monitoring-plugins-tcp monitoring-plugins-time monitoring-plugins-ups monitoring-plugins-users monitoring-plugins-wave - Remove unneeded build requirement on "syslog" ==== mozjs78 ==== Version update (78.13.0 -> 78.14.0) - Update to version 78.14.0esr. ==== nmap ==== - Do not build with python2 support for SLE15-SP4, bsc#1190997 ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Update to latest from upstream, fixing: * Moving the executables from /sbin to /usr/sbin (bsc#1191054) * Remove default dependencies from iscsi-init.service (bsc#1187190) ==== openSUSE-build-key ==== - Only add openSUSE Backports key when building for a Leap system (sle_version > 0). Tumbleweed does not use Backports. ==== openafs ==== Subpackages: openafs-client openafs-kmp-64kb openafs-kmp-default - Fix %ifarch for 32-bit arm ==== opie ==== - use %_pam_moduledir (bsc#1191045) ==== perl-Convert-ASN1 ==== Version update (0.31 -> 0.33) - Fix perl-Convert-ASN1-0.31-test.patch and add -p0 - updated to 0.33 see /usr/share/doc/packages/perl-Convert-ASN1/ChangeLog 0.33 -- Wed Sep 22 19:49:53 ADT 2021 * Official CPAN release of 0.33 0.32 -- Tue Sep 21 18:45:20 ADT 2021 * examples/x509decode: parameters are optional for AlgorithmIdentifier when using [ec]dsa algorithms * t/19issue14.t: issue with warnings * Fixes #44 Redundant argument in printf warning * examples/x509decode: fix prototype error * examples/ldap: fix asn1_dump not working ==== perl-Mail-AuthenticationResults ==== Version update (2.20210112 -> 2.20210915) - updated to 2.20210915 see /usr/share/doc/packages/perl-Mail-AuthenticationResults/Changes 2.20210915 2021-09-15 11:10:20+00:00 UTC - Fix for older versions of Perl 2.20210914 2021-09-14 05:17:31+00:00 UTC - New method to copy children from 1 object to another ==== perl-ldap ==== - fix build with perl 5.34.0 ==== perl-libwww-perl ==== Version update (6.56 -> 6.57) - updated to 6.57 see /usr/share/doc/packages/perl-libwww-perl/Changes 6.57 2021-09-20 20:20:14Z - Update docs for protocols_allowed and protocols forbidden (GH#386) (Olaf Alders) ==== portaudio ==== Version update (190600_20161030 -> 190700_20210406) - Correct download source URL - Update to version v190700_20210406 - removed patch `0001-Merge-branch-ticket_275_pass_void-into-master.patch` as it is included in this release. ==== publicsuffix ==== Version update (20210908 -> 20210928) - Update to version 20210928: * Remove Clic2000 entries (#1434) * ondigitalocean.app: update comment for DigitalOcean App Platform (#1431) * add prequalifyme.today to private section (#1311) * util: gTLD data autopull updates for 2021-09-28T15:12:52 UTC (#1438) * Add *.usercontent.goog (#1417) * Add digitaloceanspaces.com & regional subdomains (#1421) * Update public_suffix_list.dat (#1426) - Update to version 20210909: * Adding new .ar SLDs and official nic.ar URL correction (#1414) ==== python ==== - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. ==== python-base ==== Subpackages: libpython2_7-1_0 python-xml - Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091 (CVE-2019-20907, bpo#39017) avoiding possible infinite loop in specifically crafted tarball. Add recursion.tar as a testing tarball for the patch. - Provide the newest setuptools wheel (bsc#1176262, CVE-2019-20916) in their correct form (bsc#1180686). - Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211 (CVE-2020-26116, bpo#39603) no longer allowing special characters in the method parameter of HTTPConnection.putrequest in httplib, stopping injection of headers. Such characters now raise ValueError. ==== python-evtx ==== Version update (0.6.1 -> 0.7.4) - Update to 0.7.4 * relax dependencies for most users #72 * show records by date filter * handling of invalid dates #43 * handling of malformed evtx files * pin dependencies due to py2 deprecation #67 * testing on pytest 4 - Drop pytest4.patch merged upstream - Fix rpmlint alternative link errors - Fix missing python2-xml requirement ==== python-jmespath ==== - Add patch remove-nose.patch: * Remove use of nose in the tests. ==== python-requests-oauthlib ==== - Use pytest to run the testsuite. ==== python-tabulate ==== - Remove unneeded BuildRequires on nose. ==== rav1e ==== - Replace rust-packaging with cargo-packaging ==== rtl8812au ==== Version update (5.9.3.2+git20210427.6ef5d8f_k5.14.6_1 -> 5.9.3.2+git20210427.6ef5d8f_k5.14.6_2) - Exclude the s390x Architecture ==== salt ==== Version update (3002.2 -> 3003.3) Subpackages: python3-salt salt-master salt-minion salt-transactional-update - Do not break master_tops for minion with version lower to 3003 - Added: * do-not-break-master_tops-for-minion-with-version-low.patch - Support querying for JSON data in external sql pillar - Added: * 3003.3-postgresql-json-support-in-pillar-423.patch - Update to Salt release version 3003.3 - See release notes: https://docs.saltstack.com/en/latest/topics/releases/3003.3.html - Added: * allow-vendor-change-option-with-zypper.patch * support-transactional-systems-microos.patch * virt-enhancements.patch - Modified: * adds-explicit-type-cast-for-port.patch * use-adler32-algorithm-to-compute-string-checksums.patch * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch * fixes-56144-to-enable-hotadd-profile-support.patch * include-aliases-in-the-fqdns-grains.patch * implementation-of-held-unheld-functions-for-state-pk.patch * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * debian-info_installed-compatibility-50453.patch * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * x509-fixes-111.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * restore-default-behaviour-of-pkg-list-return.patch * adding-preliminary-support-for-rocky.-59682-391.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * templates-move-the-globals-up-to-the-environment-jin.patch * fix-bsc-1065792.patch * add-migrated-state-and-gpg-key-management-functions-.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * improvements-on-ansiblegate-module-354.patch * add-custom-suse-capabilities-as-grains.patch * return-the-expected-powerpc-os-arch-bsc-1117995.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * implementation-of-suse_ip-execution-module-bsc-10999.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * async-batch-implementation.patch * temporary-fix-extend-the-whitelist-of-allowed-comman.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * figure-out-python-interpreter-to-use-inside-containe.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * early-feature-support-config.patch * do-not-monkey-patch-yaml-bsc-1177474.patch - Removed: * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch * fix-for-log-checking-in-x509-test.patch * do-not-make-ansiblegate-to-crash-on-python3-minions.patch * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch * move-server_id-deprecation-warning-to-reduce-log-spa.patch * re-adding-function-to-test-for-root.patch * make-profiles-a-package.patch * handle-master-tops-data-when-states-are-applied-by-t.patch * fix-unit-tests-for-batch-async-after-refactor.patch * prevent-test_mod_del_repo_multiline_values-to-fail.patch * prevent-import-errors-when-running-test_btrfs-unit-t.patch * fix-failing-unit-tests-for-batch-async.patch * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch * virt-use-dev-kvm-to-detect-kvm-383.patch * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch * add-docker-logout-237.patch * drop-wrong-mock-from-chroot-unit-test.patch * fix-async-batch-multiple-done-events.patch * fix-unit-test-for-grains-core.patch * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch * pkgrepo-support-python-2.7-function-call-295.patch * opensuse-3000-virt-defined-states-222.patch * open-suse-3002.2-xen-grub-316.patch * add-patch-support-for-allow-vendor-change-option-wit.patch * fix-the-removed-six.itermitems-and-six.-_type-262.patch * fix-aptpkg-systemd-call-bsc-1143301.patch * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch * regression-fix-of-salt-ssh-on-processing-targets-353.patch * do-not-break-repo-files-with-multiple-line-values-on.patch * 3002-set-distro-requirement-to-oldest-supported-vers.patch * integration-of-msi-authentication-with-azurearm-clou.patch * zypperpkg-filter-patterns-that-start-with-dot-244.patch * fix-for-temp-folder-definition-in-loader-unit-test.patch * fix-novendorchange-option-284.patch * backport-virt-patches-from-3001-256.patch * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch * virt-uefi-fix-backport-312.patch * add-all_versions-parameter-to-include-all-installed-.patch * add-pkg.services_need_restart-302.patch * add-batch_presence_ping_timeout-and-batch_presence_p.patch * allow-vendor-change-option-with-zypper-313.patch * avoid-traceback-when-http.query-request-cannot-be-pe.patch * changed-imports-to-vendored-tornado.patch * fix-issue-parsing-errors-in-ansiblegate-state-module.patch * sanitize-grains-loaded-from-roster_grains.json.patch * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch * add-multi-file-support-and-globbing-to-the-filetree-.patch * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch * backport-thread.is_alive-fix-390.patch * get-os_arch-also-without-rpm-package-installed.patch * python3.8-compatibility-pr-s-235.patch * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch * xfs-do-not-fails-if-type-is-not-present.patch * grains-master-can-read-grains.patch * invalidate-file-list-cache-when-cache-file-modified-.patch * move-vendor-change-logic-to-zypper-class-355.patch * implement-network.fqdns-module-function-bsc-1134860-.patch * opensuse-3000.2-virt-backports-236-257.patch * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch * batch_async-avoid-using-fnmatch-to-match-event-217.patch * provide-the-missing-features-required-for-yomi-yet-o.patch * fix-__mount_device-wrapper-254.patch * fix-ipv6-scope-bsc-1108557.patch * fix-failing-unit-tests-for-systemd.patch * use-current-ioloop-for-the-localclient-instance-of-b.patch * revert-add-patch-support-for-allow-vendor-change-opt.patch * remove-deprecated-warning-that-breaks-miniion-execut.patch * prevent-systemd-run-description-issue-when-running-a.patch * fix-grains.test_core-unit-test-277.patch * prevent-command-injection-in-the-snapper-module-bsc-.patch * backport-of-upstream-pr59492-to-3002.2-404.patch * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch * reintroducing-reverted-changes.patch * add-cpe_name-for-osversion-grain-parsing-u-49946.patch * add-hold-unhold-functions.patch * virt._get_domain-don-t-raise-an-exception-if-there-i.patch * fix-error-handling-in-openscap-module-bsc-1188647-40.patch * apply-patch-from-upstream-to-support-python-3.8.patch * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch * add-supportconfig-module-for-remote-calls-and-saltss.patch * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch * fall-back-to-pymysql.patch * fixes-cve-2018-15750-cve-2018-15751.patch * do-not-crash-when-there-are-ipv6-established-connect.patch * improve-batch_async-to-release-consumed-memory-bsc-1.patch * support-config-non-root-permission-issues-fixes-u-50.patch * transactional_update-detect-recursion-in-the-executo.patch * open-suse-3002.2-virt-network-311.patch * option-to-en-disable-force-refresh-in-zypper-215.patch * do-noop-for-services-states-when-running-systemd-in-.patch * exclude-the-full-path-of-a-download-url-to-prevent-i.patch * fix-a-wrong-rebase-in-test_core.py-180.patch * add-new-custom-suse-capability-for-saltutil-state-mo.patch * opensuse-3000-libvirt-engine-fixes-251.patch * accumulated-changes-from-yomi-167.patch * fix-async-batch-race-conditions.patch * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch * loop-fix-variable-names-for-until_no_eval.patch * batch-async-catch-exceptions-and-safety-unregister-a.patch * grains.extra-support-old-non-intel-kernels-bsc-11806.patch * backport-a-few-virt-prs-272.patch * fix-git_pillar-merging-across-multiple-__env__-repos.patch * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch * async-batch-implementation-fix-320.patch * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch * support-transactional-systems-microos-271.patch * strip-trailing-from-repo.uri-when-comparing-repos-in.patch * opensuse-3000.3-spacewalk-runner-parse-command-250.patch * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch * add-virt.all_capabilities.patch * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch * virt-pass-emulator-when-getting-domain-capabilities-.patch * fixing-streamclosed-issue.patch * fix-for-some-cves-bsc1181550.patch * transactional_update-unify-with-chroot.call.patch * do-not-raise-streamclosederror-traceback-but-only-lo.patch * fix-batch_async-obsolete-test.patch * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch * accumulated-changes-required-for-yomi-165.patch * fix-virt.update-with-cpu-defined-263.patch * remove-vendored-backports-abc-from-requirements.patch * open-suse-3002.2-bigvm-310.patch * xen-disk-fixes-264.patch * virt.network_update-handle-missing-ipv4-netmask-attr.patch * add-saltssh-multi-version-support-across-python-inte.patch ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Fix auditd service start with systemd hardening directives (boo#1190918) * add fix_auditd.patch ==== systemd ==== Subpackages: libsystemd0 libudev-devel libudev1 systemd-container systemd-doc systemd-sysvinit udev - Work around rpmlint complaining about /var/log/journal shipped with setgid bit This setgid bit has been already reviewed in the past and wasn't a concern. However we want the mode/ownership adjusted by tmpfiles and avoid the duplication of these info in rpm. - Don't ghost own any directories created dynamically by tmpfiles Again rpmlint complains but it doesn't seem to make sense to try to track all paths (including theirs perms, ownerships...) created dynamically. And 'rpm -V' is likely to report issues later with these paths anyway. This effectively partially reverts the two previous commits. - Make sure the build process won't create /var/log/journal - /var/log/journal/remote is owned by systemd-journal-remote - systemd.spec: fix a bunch of rpmlint errors/warnings - Drop systemd-logger This sub package was introduced in order to configure persistent journal and also to make sure that another syslog provider (such as rsyslog) couldn't be installed at the same time: each syslog provider conflicts with each others. However this mechanism didn't work since uninstalling systemd-logger wasn't magically turning off persistent logging because /var/log/journal is likely to be populated hence not removed. Moreover using a subpackage to configure the mode of journald was overkill and the usual ways (main conf file or drop-ins) should be preferred. - Import commit 7a5801342fe2f53e5c2a8578d6db132c0eca2d97 8d65ec4a66 test: wc is needed by test/units/testsuite-50.sh 1527bcc5dd test: make the installation of the debug tools optional in the image f4e6bf0b37 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588) - Update the dependencies of the testsuite package The debug tools are optional thus no more required. OTOH strip(1) is needed when building the test image and nc(1) is needed by some tests. - Drop git internal files from the testsuite sub-package - Adjust pam macros ==== sysvinit ==== Version update (2.99 -> 3.00) - Update to sysvinit 3.00: * Better device detection of bootlogd ==== tdb ==== Version update (1.4.3 -> 1.4.4) Subpackages: libtdb1 python3-tdb - Update to version 1.4.4 + Fix a memory leak on error + python: remove all 'from __future__ import print_function' + Fix CID 1471761 String not null terminated + Use hex_byte() in parse_hex() + Use hex_byte() in read_data() + fix studio compiler build + Fix some signed/unsigned comparisons + also use __has_attribute macro to check for attribute support + Fix clang 9 missing-field-initializer warnings + pytdb tests: add test for storev() + pytdb: add python binding for storev() + tdbtorture: Use ARRAY_DEL_ELEMENT() + py3: Remove #define PyInt_FromLong PyLong_FromLong + py3: Remove #define PyInt_AsLong PyLong_AsLong + py3: Remove #define PyInt_Check PyLong_Check + tdb: Align integer types - Drop obsolete patch ignore-tdb1-run-transaction-expand.diff - Fix header file using undefined function visibility macro; Add patch 0001-tdb-Fix-invalid-syntax-in-tdb.h.patch; (bso#14762); ==== tevent ==== Version update (0.10.2 -> 0.11.0) Subpackages: libtevent0 python3-tevent - Update to version 0.11.0 + Other minor build fixes; (bso#14526); + Add custom tag to events + Add event trace api ==== xrdb ==== - Remove fallback to /lib/cpp, it's the same package as /usr/bin/cpp anyway (boo#1191060). ==== xwayland ==== - U_glamor-Fix-handling-of-1-bit-pixmaps.patch * glamor: Fix handling of 1-bit pixmaps; fixes e.g. issues with gimp on Wayland (which needs Xwayland) (boo#1189310) ==== yast2-alternatives ==== Version update (4.3.1 -> 4.4.0) - 4.4.0 (bsc#1185510) ==== yast2-installation ==== Version update (4.4.18 -> 4.4.19) - Release the sources and close the libzypp cache to allow cleanly unmounting /mnt/var/cache/zypp directory (bsc#1189793) - 4.4.19 ==== yast2-slp-server ==== Version update (4.3.0 -> 4.4.0) - 4.4.0 (bsc#1185510) ==== yast2-storage-ng ==== Version update (4.4.7 -> 4.4.8) - Recommend to install libyui-qt-graph package (bsc#1191109) in order to offer the View/Device Graphs menu option. - 4.4.8 ==== zimg ==== Version update (3.0.1 -> 3.0.3) - Update to 3.0.3: * depth: fix out-of-bounds read in SSE2/AVX2 error diffusion (introduced in 2.5) * colorspace: revert SMPTE 240M behavior change (introduced in 3.0.2) * Changes in version 3.0.2: * api: default to ZIMG_CPU_AUTO when graph params are null * colorspace: fix incorrect SMPTE 240M transfer function * colorspace: fix underflow in AVX-512 ST.2084 transfer functions * graph: fix conversion from fullrange grey to RGB * arm: fix data alignment * x86: optimizations for AMD Zen3 processors - Add zimg-s390x-unit-tests.patch: fix unit tests on big endian systems.