Packages changed: dbus-1 (1.12.16 -> 1.12.20) fuse (2.9.8 -> 2.9.9) fuse-overlayfs (1.1.0 -> 1.1.2) irqbalance (1.6.0+git20200317.0348a3b -> 1.7.0) less (562 -> 563) libressl (3.1.3 -> 3.1.4) libyaml (0.2.4 -> 0.2.5) openldap2 rsync (3.2.2 -> 3.2.3) sqlite3 (3.32.3 -> 3.33.0) === Details === ==== dbus-1 ==== Version update (1.12.16 -> 1.12.20) Subpackages: libdbus-1-3 - Update to 1.12.20 * On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) - From 1.12.18 * CVE-2020-12049: If a message contains more file descriptors than can be sent, close those that did get through before reporting error. Previously, a local attacker could cause the system dbus-daemon (or another system service with its own DBusServer) to run out of file descriptors, by repeatedly connecting to the server and sending fds that would get leaked. Thanks to Kevin Backhouse of GitHub Security Lab. (dbus#294, GHSL-2020-057; Simon McVittie) * Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) * The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 (fd.o #48816, dbus!115; Chris Morin) * Fix a wrong environment variable name in dbus-daemon(1) (dbus#275, dbus!122; Mubin, Philip Withnall) * Fix formatting of dbus_message_append_args example (dbus!126, Felipe Franciosi) * Avoid a test failure on Linux when built in a container as uid 0, but without the necessary privileges to increase resource limits (dbus!58, Debian #908092; Simon McVittie) * When building with CMake, cope with libX11 in a non-standard location (dbus!129, Tuomo Rinne) - Run spec-cleaner - Move generation of API docs to a separate package, avoid doxygen dependency for building main package. - Build x11 and devel-doc (API doc) using _multibuild. - Drop no longer required call to autoreconf, remove obsolete BuildRequires for libtool and autoconf-archive. ==== fuse ==== Version update (2.9.8 -> 2.9.9) - update to 2.9.9: * Added OpenAFS to whitelist (so users can now mount FUSE filesystems on mountpoints within OpenAFS filesystems). * Added a test of seekdir to test_syscalls. * Fixed readdir bug when non-zero offsets are given to filler and the filesystem client, after reading a whole directory, re-reads it from a non-zero offset e. g. by calling seekdir followed by readdir. ==== fuse-overlayfs ==== Version update (1.1.0 -> 1.1.2) - udpate to 1.1.2 - fix build issues with libmusl. - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. ==== irqbalance ==== Version update (1.6.0+git20200317.0348a3b -> 1.7.0) - update to 1.7.0: * Strlen checking for IRQBALANCE_BANNED_CPU env var * Typo cleanup in SOCKET_TMPFS * consolidation of numa node creation on non-numa systems * fix uninitialized use of package_mask in affinity setup * use num_online_cpus instead of core_count * fix a null ptr crash in do_one_cpu * make list searching common from glib * fix a calloc parameter bug * remove some unused variables * use g_list_free_full * remove redundant call to free_cl_opts * fix some resource leaks in main() * fix some use after free issues in check_for_irq_ban * fix resource leaks in irqballance-ui, and in add_one_node - remove Correct-capitalizing-in-service-file.patch: upstream ==== less ==== Version update (562 -> 563) - update to 563: * Update Unicode tables. * Treat Hangul Jamo medial vowels and final consonants as zero width. * Display error message immediately when -o is toggled and input is not a pipe. * Fix regression: make screen repaint when "squished" and a no-movement command is given. * Fix erroneous EOF calculation when F command is interrupted. * Make WIN32C version include this fix from 551: Don't count lines in initial screen if using -X with -F. * Fix display bug in WIN32C version. * Fix memory corruption when built with libtermcap. * Support libtinfow. ==== libressl ==== Version update (3.1.3 -> 3.1.4) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.1.4 * TLS 1.3 client improvements: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. ==== libyaml ==== Version update (0.2.4 -> 0.2.5) - update to 0.2.5: * Allow question marks in plain scalars in flow collections * Emitter: Don't output trailing space for empty scalar nodes * Emitter: Output space after an alias mapping key * Add -h and --flow (on|off|keep) to run-*-test-suite * Remove unnecessary include and malloc * Add specific files back to .gitignore * Output error position in run-parser-test-suite.c * A couple patches to improve test suite support ==== openldap2 ==== - Drop obsolete, not working DB_CONFIG - Remove init.d header from start script, does not work - Use bash for start script as syntax is not POSIX sh supported - Remove UPDATE_NEEDED section in start script, does never match - Remove remaining rc.status usage in start script ==== rsync ==== Version update (3.2.2 -> 3.2.3) - Updated to version 3.2.3 * Fixes a memory usage regression introduced in 3.2.2 * Too many changes to list, see included NEWS.md file. - acls.diff, time-limit.diff and xattrs.diff are now upstream. - Drop rsync-add_back_use_slp_directive.patch, included in upstream slp.diff - Add BR on c++_compiler needed for SIMD support - Add --enable-simd configure option on x86_64 - Change BR on xxhash-devel to pkgconfig(libxxhash) and depend on xxhash >= 0.8.0 since this is needed for XXH3 - Use xxhash only on suse_version >= 1550 since xxhash 0.8.0 is not available elsewhere. ==== sqlite3 ==== Version update (3.32.3 -> 3.33.0) - SQLite 3.33.0: * Support for UPDATE FROM following the PostgreSQL syntax * Increase the maximum size of database files to 281 TB * Extend the PRAGMA integrity_check statement so that it can optionally be limited to verifying just a single table and its indexes, rather than the entire database file. * Add the decimal extension for doing arbitrary-precision decimal arithmetic * Enhancements to the ieee754 extension for working with IEEE 754 binary64 numbers * cli: Add four new output modes: "box", "json", "markdown", and "table" * cli: The "column" output mode automatically expands columns to contain the longest output row and automatically turns ".header" on if it has not been previously set * cli: The "quote" output mode honors ".separator" * cli: The decimal extension and the ieee754 extension are built-in to the CLI * multiple query planner improvements