Packages changed: ImageMagick (7.0.9.23 -> 7.0.9.25) MozillaFirefox (73.0 -> 73.0.1) bind (9.14.9 -> 9.16.0) busybox ca-certificates (2+git20170807.10b2785 -> 2+git20200129.d1a437d) cogl cups-filters (1.25.0 -> 1.27.1) drbd-utils (9.10.0 -> 9.12.0) emacs-w3m (1.4.631 -> 1.4.632) gegl (0.4.20 -> 0.4.22) hyper-v ibus (1.5.21 -> 1.5.22) ldmtool (0.2.3 -> 0.2.4) libgphoto2 (2.5.23 -> 2.5.24) libmypaint (1.4.0 -> 1.5.0) libuv lightdm-gtk-greeter-branding-openSUSE m17n-db mariadb (10.3.20 -> 10.4.12) mutter nut perl-Glib (1.3291 -> 1.3292) pesign-obs-integration plasma5-pk-updates plasma5-thunderbolt (5.18.1 -> 5.18.2) python-Jinja2 (2.10.3 -> 2.11.1) python-cffi (1.13.2 -> 1.14.0) python-pytz (2019.2 -> 2019.3) remmina (1.4.0 -> 1.4.1) sysfsutils tpm2-0-tss (2.3.2 -> 2.3.3) tracker-miners unbound (1.9.6 -> 1.10.0) v4l2loopback vim (8.2.0257 -> 8.2.0314) wayland (1.17.0 -> 1.18.0) wireguard (0.0.20200214_k5.5.5_1 -> 0.0.20200215_k5.5.5_1) wpebackend-fdo (1.4.0 -> 1.4.1) xen (4.13.0_06 -> 4.13.0_08) xkbcomp (1.4.2 -> 1.4.3) xtables-addons (3.8_k5.5.5_1 -> 3.9_k5.5.5_1) === Details === ==== ImageMagick ==== Version update (7.0.9.23 -> 7.0.9.25) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI4 libMagickCore-7_Q16HDRI7 libMagickWand-7_Q16HDRI7 perl-PerlMagick - version update to 7.0.9.25 * Adapt to a change in command-line options in the SVG inkscape delegate. * No percent sign in lab() color. * Support connected-components:eccentricity-threshold, connected-components:major-axis-threshold, connected-components:minor-axis-threshold, connected-components:angle-threshold. * Set the alpha channel if the write mask is not enabled. * Corrected ellipse orientation when computing image moments. ==== MozillaFirefox ==== Version update (73.0 -> 73.0.1) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 73.0.1 * Resolved problems connecting to the RBC Royal Bank website (bmo#1613943) * Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bmo#1611133) * Fixed crashes when playing encrypted content on some Linux systems (bmo#1614535) - start in wayland mode when running under wayland session ==== bind ==== Version update (9.14.9 -> 9.16.0) Subpackages: bind-chrootenv bind-doc bind-utils python3-bind - Update download urls - Do not enable geoip on old distros, the geoip db was shut down so we need to use geoip2 everywhere - Upgrade to version 9.16.0 Major upgrade, see https://downloads.isc.org/isc/bind9/9.16.0/RELEASE-NOTES-bind-9.16.0.html and CHANGES file in the source tree. Major functional change: * What was set with --with-tuning=large option in older BIND9 versions is now a default, and a --with-tuning=small option was added for small (e.g. OpenWRT) systems. * A new "dnssec-policy" option has been added to named.conf to implement a key and signing policy (KASP) for zones. * The command (and manpage) bind9-config have been dropped as the BIND 9 libraries are now purely internal. No patches became obsolete through the upgrade. [bind-9.16.0.tar.xz] ==== busybox ==== - Disable CONFIG_FEATURE_NSLOOKUP_BIG as it leads to incompatible nslookup behavior ==== ca-certificates ==== Version update (2+git20170807.10b2785 -> 2+git20200129.d1a437d) - Update to version 2+git20200129.d1a437d: * rewrite in bash * java.run: don't set LANG=en_US - no longer require openssl, it's all done by p11-kit ==== cogl ==== Subpackages: cogl-lang libcogl-pango20 libcogl20 typelib-1_0-Cogl-1_0 typelib-1_0-CoglPango-1_0 - Add cogl-fix-mesa20.patch: fixes build against Mesa 20 (boo#1164688, glgo#GNOME/cogl!17). ==== cups-filters ==== Version update (1.25.0 -> 1.27.1) - Update to 1.27.1 * libcupsfilters: Let the PPD generator not put any dashes into the PPD option and choice names when translating them from IPP attribute names, to avoid that on the back-translation by CUPS no double-dashes are generated. This broke paper tray selections with tray names like "tray-1", "tray-2", ... (Issue #192, Issue #201, Debian bug #949315). * foomatic-rip: Fixed segfault when PRINTER environment variable is not supplied. * pdftopdf, pdftops, gstoraster, gstopdf, gstopxl, rastertoescpx, rastertopclx, foomatic-rip: Handle zero-page jobs (Issue #117, Pull request #196, Pull request #197, Pull request #198, Pull request #200). * texttopdf: Added support for CJK (double-width) fonts (Issue [#135], Pull request #199). * cups-browsed: Switched default for "CreateIPPPrinterQueues" from "local-only" to "All". The configure script options " - -enable-auto-setup-local-only" and "--enable-auto-setup-driverless-only" can be used to change this default (Debian bug #921252). * rastertoescpx: Fixed wrong freeing of a buffer. * pdftops: Added options "crop-to-fit" and "fill" to the pdftopdf options which the pstops called by pdftops should not apply a second time. * pdftops: Added missing "-sstdout=%stderr" to Ghostscript command line, to assure that all messages are redirected to stderr and do not mix up with the output data. - Drop add-cstring-include.patch: already present upstream - Drop foomatic-rip-fix-compilation-with-fno-common.patch: already present upstream ==== drbd-utils ==== Version update (9.10.0 -> 9.12.0) - Update to 9.12.0 * drbd.ocf: new wrc_timeout param, fail on attach failure, remove_master_score_if_peer_primary param, fail_promote_early_if_peer_primary param, improved helper logging no error if wait-connect fails * drbdadm,v9: fix dumping meta-disk in corner case * crm-fence-peer.9.sh: fix Pacemaker 2 compat * drbdsetup,v9: fixes for various json output corner cases * drbdsetup,all: prepare for netlink changes (linux v5.2+) * drbdadm,v9: fix a check for setting up connections multiple times * init: setup file backed loop devices (mapping from LINSTOR) * rr-conflict: add retry-connect option (>=drbd 9.0.20) * drbdmon: 256/16 colors; events2 handler improvements * drbdsetup,v9: new flag: force-resync (>=drbd 9.0.21) - Remove netlink-prepare-for-kernel-v5.2.patch Remove netlink-Add-NLA_F_NESTED-flag-to-nested-attribute.patch Remove cibadmin-return-code-convert.patch in 144c8cc1d ==== emacs-w3m ==== Version update (1.4.631 -> 1.4.632) - Update to current GIT HEAD (6eda3828) ==== gegl ==== Version update (0.4.20 -> 0.4.22) Subpackages: gegl-0_4 gegl-0_4-lang libgegl-0_4-0 - Update to version 0.4.22: + Build: - Updates to python gobject introspection tests, and made them able to look up babl typelib. - Build pdf:load again; missing since meson migration. - Fix OpenCL include file generation to work in non-utf8 locales. + Operations: matting-{global,levin}: fix crash when bounding boxes of input and aux differ. ==== hyper-v ==== - Revert previous non-upstream change for async name resolution Just use gethostname via hyper-v.kvp.gethostname.patch (bsc#1100758) ==== ibus ==== Version update (1.5.21 -> 1.5.22) Subpackages: ibus-gtk ibus-gtk-32bit ibus-gtk3 ibus-lang libibus-1_0-5 libibus-1_0-5-32bit typelib-1_0-IBus-1_0 - Fix dependency between ibus and ibus-dict-emoji * Keep ibus and ibus-dict-emoji from the same source * Add Conflict to remove old ibus containing emoji dictionary files - Update version to 1.5.22 * GDBusAuthObserver security fix, drop ibus-CVE-2019-14822-GDBusServer-peer-authorization.patch * Use XDG_RUNTIME_DIR for Unix socket directory * Hangul button press handling * Fix deprecated APIs * Bug fixes * Fix boo#1149065 * Fix restart crash with inotify read() (Robert Hoffmann) * Make session file header comment more clear (Jason) * Amend typos (Jason) * Add NotShowIn and Keywords keys to the desktop entry (Changwoo Ryu) * Handle small final sigma in ibus_keyval_convert_case (Alex Henrie) * Update translations. - Add ibus-fix-Signal-does-not-exist.patch. Fix build on Leap 15.1 and below - Split ibus-dict-emoji so that KDE Plasma can use IBus's emoji dictionaries without IBus daemon (boo#1161584) ==== ldmtool ==== Version update (0.2.3 -> 0.2.4) Subpackages: libldm-1_0-0 - update to version 0.2.4 - update patch Remove-deprecated-g_type_class_add_private.patch - remove upstream merged patches (werror-fixes.patch, cast_be64toh.patch) - fix buildrequires - use localsource as the github repo doesnt include yet the built tarball for 0.2.4 release ==== libgphoto2 ==== Version update (2.5.23 -> 2.5.24) Subpackages: libgphoto2-6 libgphoto2-6-lang - updated to 2.5.24 release - ptp2: * GoPro: fixed all images not visible bug * Canon EOS: lock/unlock ui before more operations * Canon Powershot SX / EOS M: some setup adjustments to make powershot sx work better * Nikon Keymission 170: try override opcodes to allow capture * Nikon DSLR: fixed a regression where 5 seconds was longer image capture shutterspeed * Sony: adjusted manualfocusing not to autofocus * Fuji: access ISO config * Sony: fixed manual focusing * Sony: specify capturetarget on camera, available on current 2019/2020 Sony * bugfixes * New ids added: * Sony Alpha RX100V, A7s, RX0 II, * Nikon Z50, Coolpix L810, KeyMission 170 * Canon PowerShot SX530HS, SX 620HS, * Canon EOS 2000D, 1500D, R2, M6 Mark 2, 250D, * Fuji X-A5, X-E3, GFX100 * GoPro Hero 7 White, 7 Silver, 7 Black, 8 Black - lumix: * New WIFI Lumix camera driver was added, using curl and libxml2. Lots of abilities supported already, also capture preview. However capture itself is not yet working. This driver needs libxml2 and libcurl to be built. - all: * Selecting camera libraries has changed a bit. - -camlibs=everything will select all and outdated drivers - -camlibs=standard will select "current day" drivers - -camlibs=standard,outdated will select "current day" and "outdated" drivers You can now also use modifiers like +canon or -canon to enable/disable selected camera libraries. The default is "standard", same as before. * fixed some issues found by AFL fuzzing, mostly in "outdated" drivers. * SECURITY.md: Small document added describing security properties of the library. ==== libmypaint ==== Version update (1.4.0 -> 1.5.0) - Update to version 1.5.0: * view zoom & view rotation. * spectral color blending (pigment mode). * new smudge settings: length multiplier, buckets, transparency. * new symmetry modes: vertical, vertical+horizontal, rotational, snowflake. * adjustable angle for symmetry modes. * optional multiple output rectangles (only relevant w. new symmetry modes). * Directional offsets are clamped to a maximum distance of 3 * 1080 pixels. - Drop libmypaint-gegl-0.4.14.patch: fixed upstream. - Drop libmypaint-gegl-shlib-version.patch: incorporated upstream. - Drop libmypaint-bump-gegl-version.patch: only applicable hunk moved to libmypaint-gegl-pkgconfig.patch; rest incorporated upstream. - Add libmypaint-gegl-pkgconfig.patch: In libmypaint-gegl.pc, change Name to libmypaint-gegl to avoid conflict with libmypaint.pc and Requires to depend on the correct version of gegl and on libmypaint - not libmypaint-@LIBMYPAINT_API_PLATFORM_VERSION@. - No longer needed to run autoreconf/autogen.sh before configure since patches that modified build files are dropped; also drop libtool BuildRequires required only for autoreconf. - Use autosetup to apply existing patch. - Bump so version in keeping with upstream (1_5-1). - Move libmypaint-gegl.pc file to libmypaint-gegl-devel package. ==== libuv ==== - Add baselibs.conf to generate 32bit lib needed for bind ==== lightdm-gtk-greeter-branding-openSUSE ==== - Use Greybird Geeko GTK theme by default. Already default in Xfce and maintained by openSUSE members. ==== m17n-db ==== Subpackages: m17n-db-lang - No longer recommend -lang: supplements are in use. - Run spec-cleaner, modernize spec. ==== mariadb ==== Version update (10.3.20 -> 10.4.12) Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - remove @VERSION@ from mariadb.service and mariadb@.service - disable testing with rpm macros as it does not work as for 10.4, needs to be investigated - update suse_skipped_tests.list for ppc - rename mariadb.rpmlintrc to mariadb-rpmlintrc - for ppc install pam_user_map.so in /lib/security - rename mariadb-10.2.12-harden_setuid.patch to mariadb-10.4.12-harden_setuid.patch to match the correct version number. - add mariadb-10.4.12-fix-install-db.patch to improve default behaviour of mysql_install_db. This prevents performing security sensitive actions to be performed but instead only warns the caller (bsc#1160868). - update to 10.4.12 * release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10412-release-notes https://mariadb.com/kb/en/library/mariadb-10412-changelog https://mariadb.com/kb/en/library/mariadb-10411-release-notes https://mariadb.com/kb/en/library/mariadb-10411-changelog * fixes for the following security vulnerabilities: CVE-2020-2574 * don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb packages CVE-2020-7221 [bsc#1160868] - add mariadb-10.2.12-harden_setuid.patch to harden auth_pam_tool setuid-root binary [bsc#1160285] - pack pam_user_map.so module in the /%{_lib}/security directory and user_map.conf configuration file in the /etc/security directory - fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895] - move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink attack [bsc#1160912] - change -DWITH_COMMENT and -DCOMPILATION_COMMENT to be SUSE/openSUSE independent - enhance mariadb.service and mariadb@.service with various options (Documentation=, User=, Group=, KillSignal=, SendSIGKILL=, Restart=, RestartSec=, CapabilityBoundingSet=, ProtectSystem=, ProtectHome=, PermissionsStartOnly= and UMask=) [bsc#1160878] - mysql-systemd-helper: use systemd-tmpfiles instead of shell script operations for a cleaner and safer creating of /run/mysql [bsc#1160883] - update to 10.4.10 * changes and improvements for 10.4 https://mariadb.com/kb/en/changes-improvements-in-mariadb-104/ * fixes for the following security vulnerabilities: none - pack mariadb variants of the mysql binaries (e.g. mariadb-dumpslow is a symlink to mysqldumpslow and the like) - refresh mariadb-10.2.4-fortify-and-O.patch - update suse_skipped_tests.list - _constraints: increase physicalmemory value - package auth_pam_tool setuid binary properly - add cracklib-password-check subpackage but do not build it right now (cracklib-dict-full >= 2.9.0 is not available yet) - add rcmariadb compat link - add mariadb.rpmlintrc file - do not move my_safe_process to bindir but use rpmlint arch-dependent-file-in-usr-share exception for it (this file is used just for the testing and it doesn't have to be in bindir ==== mutter ==== Subpackages: libmutter-5-0 mutter-data mutter-lang - Rework mutter-fix-mesa20.patch: base it on mutter upstream commit a444a4c. - Add mutter-fix-mesa20.patch: fixes build against Mesa 20 (boo#1164688). ==== nut ==== Subpackages: libupsclient1 nut-cgi - Remove obsolete chown from %post. We no more support upgrade from SUSE Linux 9 (bsc#1157325). ==== perl-Glib ==== Version update (1.3291 -> 1.3292) - Add manual license LGPL-2.1-or-later to cpanspec.yml - updated to 1.3292 see /usr/share/doc/packages/perl-Glib/ChangeLog.pre-git ==== pesign-obs-integration ==== - 0001-sign-stage3.bin-from-s390-tools-with-sign-files-bsc-.patch Hard code signing of stage3.bin of s390-tools (bsc#1163524) ==== plasma5-pk-updates ==== Subpackages: plasma5-pk-updates-lang - Add patch to avoid error messages for a locked db (boo#1161501): * 0001-Don-t-show-an-error-for-a-failed-automatic-refresh.patch ==== plasma5-thunderbolt ==== Version update (5.18.1 -> 5.18.2) Subpackages: plasma5-thunderbolt-lang - Update to 5.18.2 * New bugfix release * For more details please see: * https://www.kde.org/announcements/plasma-5.18.2.php - No code changes since 5.18.1 ==== python-Jinja2 ==== Version update (2.10.3 -> 2.11.1) - disable tests on 32bit archs - update to 2.11.1 * Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template * Drop support for Python 2.6, 3.3, and 3.4. This will be the last version to support Python 2.7 and 3.5. * Added a new ChainableUndefined class to support getitem and getattr on an undefined object. * Allow {%+ syntax (with NOP behavior) when lstrip_blocks is disabled. * Added a default parameter for the map filter. * Exclude environment globals from meta.find_undeclared_variables(). * Float literals can be written with scientific notation, like 2.56e-3. * Int and float literals can be written with the ?_? separator for legibility, like 12_345. * Fix a bug causing deadlocks in LRUCache.setdefault * The trim filter takes an optional string of characters to trim. * A new jinja2.ext.debug extension adds a {% debug %} tag to quickly dump the current context and available filters and tests. * Lexing templates with large amounts of whitespace is much faster. * Parentheses around comparisons are preserved, so {{ 2 * (3 < 5) }} outputs ?2? instead of ?False?. * Add new boolean, false, true, integer and float tests. * The environment?s finalize function is only applied to the output of expressions (constant or not), not static template data. * When providing multiple paths to FileSystemLoader, a template can have the same name as a directory. * Always return Undefined when omitting the else clause in a {{ 'foo' if bar }} expression, regardless of the environment?s undefined class. Omitting the else clause is a valid shortcut and should not raise an error when using StrictUndefined. * Fix behavior of loop control variables such as length and revindex0 when looping over a generator. * Async support is only loaded the first time an environment enables it, in order to avoid a slow initial import. * In async environments, the |map filter will await the filter call if needed. * In for loops that access loop attributes, the iterator is not advanced ahead of the current iteration unless length, revindex, nextitem, or last are accessed. This makes it less likely to break groupby results. * In async environments, the loop attributes length and revindex work for async iterators. * In async environments, values from attribute/property access will be awaited if needed. * PackageLoader doesn?t depend on setuptools or pkg_resources. * PackageLoader has limited support for PEP 420 namespace packages. * Support os.PathLike objects in FileSystemLoader and ModuleLoader * NativeTemplate correctly handles quotes between expressions. "'{{ a }}', '{{ b }}'" renders as the tuple ('1', '2') rather than the string '1, 2'. * Creating a NativeTemplate directly creates a NativeEnvironment instead of a default Environment. * After calling LRUCache.copy(), the copy?s queue methods point to the correct queue. * Compiling templates always writes UTF-8 instead of defaulting to the system encoding. * |wordwrap filter treats existing newlines as separate paragraphs to be wrapped individually, rather than creating short intermediate lines. * Add break_on_hyphens parameter to |wordwrap filter. * Cython compiled functions decorated as context functions will be passed the context. * When chained comparisons of constants are evaluated at compile time, the result follows Python?s behavior of returning False if any comparison returns False, rather than only the last one * Tracebacks for exceptions in templates show the correct line numbers and source for Python >= 3.7. * Tracebacks for template syntax errors in Python 3 no longer show internal compiler frames * Add a DerivedContextReference node that can be used by extensions to get the current context and local variables such as loop * Constant folding during compilation is applied to some node types that were previously overlooked * TemplateSyntaxError.source is not empty when raised from an included template. * Passing an Undefined value to get_template (such as through extends, import, or include), raises an UndefinedError consistently. select_template will show the undefined message in the list of attempts rather than the empty string. * TemplateSyntaxError can be pickled. ==== python-cffi ==== Version update (1.13.2 -> 1.14.0) Subpackages: python2-cffi python3-cffi - Update to 1.14.0 * ffi.dlopen() can now be called with a handle (as a void *) to an already-opened C library. * fixed a stack overflow issue for calls like lib.myfunc([large list]). * fixed a memory leak inside ffi.getwinerror() on CPython 3.x. ==== python-pytz ==== Version update (2019.2 -> 2019.3) Subpackages: python2-pytz python3-pytz - Update to 2019.3 * IANA 2019c ==== remmina ==== Version update (1.4.0 -> 1.4.1) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp - Update to release 1.4.1 * Bug-fix release * SSH fixes, should fix #2094 * Update remmina_filezilla_sftp.sh ==== sysfsutils ==== - Fix compiler issues for this package, which hasn't been touched in a while. Should be no functional change. Added patch: * sysfsutils-fix-compiler-issues.patch ==== tpm2-0-tss ==== Version update (2.3.2 -> 2.3.3) Subpackages: libtss2-esys0 libtss2-mu0 libtss2-sys0 - Update to version 2.3.3 * Fixed mixing salted and unsalted sessions in the same ESAPI context * Removed use of VLAs from TPML marshal code * Added check for object node before calling compute_session_value function * Fixed auth calculation in Esys_StartAuthSession called with optional parameters * Fixed compute_encrypted_salt error handling in Esys_StartAuthSession * Fixed exported symbols map for libtss2-mu ==== tracker-miners ==== Subpackages: tracker-miner-files tracker-miners-lang - Add upstream bug fix patches: + tracker-miners-set-cpu-io-nice.patches + tracker-miners-allow-settatr.patch ==== unbound ==== Version update (1.9.6 -> 1.10.0) Subpackages: libunbound8 unbound-anchor - update to 1.10.0 Features: - Merge RPZ support into master. Only QNAME and Response IP triggers are supported. - Added serve-stale functionality as described in draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used to configure the behavior. - Updated cachedb to honor `serve-expired-ttl`; Fixes #107. - Renamed statistic `num.zero_ttl` to `num.expired` as expired replies come with a configurable TTL value (`serve-expired-reply-ttl`). - Merge #135 from Florian Obser: Use passed in neg and key cache if non-NULL. - Fix #153: Disable validation for DSA algorithms. RFC 8624 compliance. - Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds and Frzk. Updates the unbound.service systemd file and adds a portable systemd service file. - Merge PR#154; Allow use of libbsd functions with configure option - -with-libbsd. By Robert Edmonds and Steven Chamberlain. - Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai. - Merge PR#156 from Alexander Berkes; Added unbound-control view_local_datas_remove command. Bug Fixes: - Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by Florian Obser - Update mailing list URL. - Fix #140: Document slave not downloading new zonefile upon update. - Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD. The dl_iterate_phdr() function introduced in newer versions raises compilation errors on solaris 10. - Changes to compat/getentropy_solaris.c for, ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion for older systems. - Fix 'make test' to work for --disable-sha1 configure option. - Fix out-of-bounds null-byte write in sldns_bget_token_par while parsing type WKS, reported by Luis Merino from X41 D-Sec. - Updated sldns_bget_token_par fix for also space for the zero delimiter after the character. And update for more spare space. - Fix #138: stop binding pidfile inside chroot dir in systemd service file. - Fix the relationship between serve-expired and prefetch options, patch from Saksham Manchanda from Secure64. - Fix unreachable code in ssl set options code. - Removed the dnscrypt_queries and dnscrypt_queries_chacha tests, because dnscrypt-proxy (2.0.36) does not support the test setup any more, and also the config file format does not seem to have the appropriate keys to recreate that setup. - Fix crash after reload where a stats lookup could reference old key cache and neg cache structures. - Fix for memory leak when edns subnet config options are read when compiled without edns subnet support. - Fix auth zone support for NSEC3 records without salt. - Merge PR#150 from Frzk: Systemd unit without chroot. It add contrib/unbound_nochroot.service.in, a systemd file for use with chroot: "", see comments in the file, it uses systemd protections instead. It was superceded by #151, the unbound_portable.service file. - Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes to Libs/Requires for crypto library dependencies. - iana portlist updated. - Fix to silence the tls handshake errors for broken pipe and reset by peer, unless verbosity is set to 2 or higher. - Merge PR#147; change rfc reference for reserved top level dns names. - Fix #157: undefined reference to `htobe64'. - Fix subnet tests for disabled DSA algorithm by default. - Update contrib/fastrpz.patch for clean diff with current code. - updated .gitignore for added contrib file. - Add build rule for ipset to Makefile - Add getentropy_freebsd.o to Makefile dependencies. - Fix memory leak in error condition remote.c - Fix double free in error condition view.c - Fix memory leak in do_auth_zone_transfer on success - Stop working on socket when socket() call returns an error. - Check malloc return values in TLS session ticket code - Fix fclose on error in TLS session ticket code. - Add assertion to please static analyzer - Fixed stats when replying with cached, cname-aliased records. - Added missing default values for redis cachedb backend. - Fix num_reply_addr counting in mesh and tcp drop due to size after serve_stale commit. - Fix to create and destroy rpz_lock in auth_zones structure. - Fix to lock zone before adding rpz qname trigger. - Fix to lock and release once in mesh_serve_expired_lookup. - Fix to put braces around empty if body when threading is disabled. - Fix num_reply_states and num_detached_states counting with serve_expired_callback. - Cleaner code in mesh_serve_expired_lookup. - Document in unbound.conf manpage that configuration clauses can be repeated in the configuration file. - Document 'ub_result.was_ratelimited' in libunbound. - Fix use after free on log-identity after a reload; Fixes #163. - Fix with libnettle make test with dsa disabled. - Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale fixes, but it does not compile, conflicts with new rpz code. - Fix to clean memory leak of respip_addr.lock when ip_tree deleted. - Fix compile warning when threads disabled. - Fix spelling in unbound.conf.5.in. - Stop unbound-checkconf from insisting that auth-zone and rpz zonefiles have to exist. They can not exist, and download later. - contrib/drop2rpz: perl script that converts the Spamhaus DROP-List in RPZ-Format, contributed by Andreas Schulze. - Remove unused variable. - Add respip to supported module-config options in unbound-checkconf. - Updated contrib/unbound_smf23.tar.gz with Solaris SMF service for Unbound from Yuri Voinov. ==== v4l2loopback ==== - Added v4l2loopback-dont_use_timeval.patch and v4l2loopback-drop_cast_to_time_t.patch (fix boo#1164757) ==== vim ==== Version update (8.2.0257 -> 8.2.0314) Subpackages: gvim vim-data vim-data-common - Updated to version 8.2.0314, fixes the following problems - refreshed vim-7.3-filetype_spec.patch * Cannot recognize a terminal in a popup window. * ModifyOtherKeys cannot be temporarily disabled. * Terminal in popup test sometimes fails. * Several lines of code are duplicated. * Some code not covered by tests. * Fileformat test fails on MS-Windows. * A few new Vim9 messages are not localized. * Fileformat test still fails on MS-Windows. * "eval" after "if 0" doesn't check for following command. * Terminal in popup test sometimes fails on Mac. * No check for a following command when calling a function fails. * Trycatch test fails. * Vim9: operator after list index does not work. (Yasuhiro Matsumoto) * Some code not covered by tests. * The "num64" feature is available everywhere and building without it causes problems. * ":helptags ALL" gives error for directories without write permission. (Mat?j Cepl) * Hang with combination of feedkeys(), Ex mode and :global. (Yegappan Lakshmanan) * Some Ex code not covered by tests. * Vim9: not allowing space before ")" in function call is too restrictive. (Ben Jackson) * Vim9: not all instructions covered by tests. * Channel test is flaky on Mac. * Vim9: no test for deleted :def function. * Vim9: throw in :def function not caught higher up. * Two placed signs in the same line are not combined. E.g. in the terminal debugger a breakpoint and the PC cannot be both be displayed. * Vim9: setting number option not tested. * Vim9: failing to load script var not tested. * Vim9: assignment test fails. * Unused error message. Cannot create s:var. * Cannot use popup_close() for a terminal popup. * Vim9: return in try block not tested; catch with pattern not tested. * Vim9: some float and blob operators not tested. * Vim9: :echo did not clear the rest of the line. * Running individual test differs from all tests. * Vim9: assigning [] to list doesn't work. * Vim9: CHECKNR and CHECKTYPE instructions not tested. * Various Ex commands not sufficiently tested. * Cannot use Ex command that is also a function name. * Highlighting for :s wrong when using different separator. * Mixing up "long long" and __int64 may cause problems. (John Marriott) * Compiler warnings for the Ruby interface. * Vim9 script: cannot start command with a string constant. * Vim9: ISN_STORE with argument not tested. Some cases in tv2bool() not tested. * Vim9: expression test fails without channel support. * Insufficient testing for exception handling and the "attention" prompt. * Setting 'term' may cause error in TermChanged autocommand. * TermChanged test fails in the GUI. * Terminal test if failing on some systems. * Relativenumber test fails on some systems. (James McCoy) * Vim9: :substitute(pat(repl does not work in Vim9 script. * Python 3 vim.eval not well tested. * 'showbreak' does not work for a very long line. (John Little) * Window-local values have confusing name. * Autocmd test fails on a slow system. * Short name not set for terminal buffer. ==== wayland ==== Version update (1.17.0 -> 1.18.0) Subpackages: libwayland-client0 libwayland-cursor0 libwayland-egl1 libwayland-server0 - Replace public key in keyring with 34FF9526CFEF0E97A340E2E40FDE7BE0E88F5E48 (Simon Ser ). - Update to release 1.18 * Add API to tag proxy objects to allow applications and toolkits to share the same Wayland connection * Track wayland-server timers in user-space to prevent creating too many FDs * Add wl_global_remove, a new function to mitigate race conditions with globals ==== wireguard ==== Version update (0.0.20200214_k5.5.5_1 -> 0.0.20200215_k5.5.5_1) - Update to version 0.0.20200215 * send: cleanup skb padding calculation * socket: remove useless synchronize_net ==== wpebackend-fdo ==== Version update (1.4.0 -> 1.4.1) - Update to version 1.4.1 (boo#1164688): + Fix build failures with recent compiler versions due to missing function declarations. - Drop memset-prototype.patch: fixed upstream. ==== xen ==== Version update (4.13.0_06 -> 4.13.0_08) Subpackages: xen-libs xen-tools xen-tools-domU - bsc#1160932 - VUL-0: xen: XSA-312 v1: arm: a CPU may speculate past the ERET instruction 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch - bsc#1164425 - x86: "spec-ctrl=no-xen" should also disable branch hardening 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch - Upstream bug fixes (bsc#1027519) 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch - bsc#1159755 - use fixed qemu-3.1 machine type for HVM This must be done in qemu to preserve PCI layout remove libxl.lock-qemu-machine-for-hvm.patch - jsc#SLE-10183 - script to calculate cpuid= mask add helper script from https://github.com/twizted/xen_maskcalc domUs may be migrated between different cpus from the same vendor if their visible cpuid value has incompatible feature bits masked. - jsc#SLE-10172, bsc#1055731 - handle degraded raid for xendomains add helper script and systemd service from https://github.com/luizluca/xen-tools-xendomains-wait-disk in new sub package xen-tools-xendomains-wait-disk See included README for usage instructions xendomains-wait-disks.LICENSE xendomains-wait-disks.README.md xendomains-wait-disks.sh ==== xkbcomp ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3 * Update configure.ac bug URL for gitlab migration * configure: Remove unused AC_SUBST([REQUIRED_MODULES]) * pkgconfig: Remove unneeded Requires.private * Suppress high-keycode warnings at the default warning level * xkbcomp Fix missing support for "affect" and incorrect modifier handling for ISOLock * Don't compare with string literals * Fix invalid error report on F_Accel field * Error out if we have no default path ==== xtables-addons ==== Version update (3.8_k5.5.5_1 -> 3.9_k5.5.5_1) - Update to release 3.9 * Support for Linux 5.6 [boo#1164758]