Packages changed: Mesa (20.1.6 -> 20.1.7) Mesa-drivers (20.1.6 -> 20.1.7) audacity brotli (1.0.7 -> 1.0.9) gpg2 (2.2.21 -> 2.2.23) orca (3.36.5 -> 3.36.6) patterns-gnome perl-DBD-SQLite (1.64 -> 1.66) phodav (2.4 -> 2.5) pipewire (0.3.9 -> 0.3.10) read-only-root-fs rubygem-parser (2.7.1.2 -> 2.7.1.4) vulkan-loader (1.2.148 -> 1.2.151) xen (4.13.0_12 -> 4.14.0_02) yast2-installation (4.3.15 -> 4.3.16) === Details === ==== Mesa ==== Version update (20.1.6 -> 20.1.7) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 20.1.7 * seventh bugfix release for the 20.1 branch - switched to llvm9 usage for Leap/SLE15 since llvm10 is not (yet) in Leap/SLE15 - version 20.1.6 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 - use again /etc/OpenCL/vendors for openSUSE Leap, i.e. use /usr/etc/OpenCL/vendors only for Tumbleweed ==== Mesa-drivers ==== Version update (20.1.6 -> 20.1.7) Subpackages: Mesa-dri Mesa-dri-nouveau Mesa-gallium Mesa-libva libvdpau_nouveau libvdpau_r300 libvdpau_r600 - update to 20.1.7 * seventh bugfix release for the 20.1 branch - switched to llvm9 usage for Leap/SLE15 since llvm10 is not (yet) in Leap/SLE15 - version 20.1.6 needed for jira#SLE/SLE-12880, jira#SLE/SLE-12882 - use again /etc/OpenCL/vendors for openSUSE Leap, i.e. use /usr/etc/OpenCL/vendors only for Tumbleweed ==== audacity ==== Subpackages: audacity-lang - Remove libavformat symlink and remove the plugins sub package. The symlink is obsoleted by linking to ffmpeg rather than dlopening it. The plugins were caused by the wrong suil version. - Add _constraints for min 6GB physicalymemory for ppc64/ppc64le - Link to ffmpeg rather than dlopening it. - Create symlink for libavformat, audacity looks for the major version only and this no longer exists in openSUSE after ffmpeg-4.3.1. See boo#1175205 ==== brotli ==== Version update (1.0.7 -> 1.0.9) Subpackages: libbrotli-devel libbrotlicommon1 libbrotlidec1 libbrotlienc1 - Add 0001-Revert-Add-runtime-linker-path-to-pkg-config-files-7.patch - Update to 1.0.9 * Fix integer overflow when input chunk is longer than 2GiB [boo#1175825] * `brotli -v` now reports raw / compressed size * decoder: minor speed / memory usage improvements * encoder: fix rare access to uninitialized data in ring-buffer - Drop brotli_Ensure-decompression-consumes-all-input.patch, brotli_Verbose-CLI+Shared-Brotli.patch (merged) ==== gpg2 ==== Version update (2.2.21 -> 2.2.23) Subpackages: dirmngr - GnuPG 2.2.23: * gpg: fix AHEAD preference list overflow boo#1176034 / CVE-2020-25125 * gpg: fix possible segv in the key cleaning code * gpgsm: fix a minor RFC2253 parser gub * scdaemon: Fix a PIN verify failure on certain OpenPGP card implementations - GnuPG 2.2.22: * gpg: Change the default key algorithm to rsa3072 * gpg: Add regular expression support for Trust Signatures on all platforms * gpg: Ignore --personal-digest-prefs for ECDSA keys * gpgsm: Make rsaPSS a de-vs compliant scheme * gpgsm: Show also the SHA256 fingerprint in key listings * gpgsm: Do not require a default keyring for --gpgconf-list * gpg-agent: Default to extended key format and record the creation time of keys Add new option --disable-extended-key-format * gpg-agent: Support the WAYLAND_DISPLAY envvar * gpg-agent: Allow using --gpgconf-list even if HOME does not exist * gpg-agent: Make the Pinentry work even if the envvar TERM is set to the empty string * scdaemon: Add a workaround for Gnuk tokens <= 2.15 which wrongly incremented the error counter when using the "verify" command of "gpg --edit-key" with only the signature key being present * dirmngr: Better handle systems with disabled IPv6 * gpgpslit: Install tool. It was not installed in the past to avoid conflicts with the version installed by GnuPG 1.4 * gpgtar: Make --files-from and --null work as documented - drop gnupg-gpgme-t-encrypt-sym.patch, upstream ==== orca ==== Version update (3.36.5 -> 3.36.6) - Update to version 3.36.6: + General: Add some sanity checks to prevent crashing due to GStreamer failure. ==== patterns-gnome ==== Subpackages: patterns-gnome-gnome patterns-gnome-gnome_basic patterns-gnome-gnome_basis patterns-gnome-gnome_basis_opt patterns-gnome-gnome_games patterns-gnome-gnome_ide patterns-gnome-gnome_imaging patterns-gnome-gnome_internet patterns-gnome-gnome_multimedia patterns-gnome-gnome_office patterns-gnome-gnome_utilities patterns-gnome-gnome_x11 patterns-gnome-gnome_yast patterns-gnome-sw_management_gnome - Drop a few suggests, making the DVD a bit smaller (no change on default installed systems): + dasher + gnome-backgrounds (50MB RPM) + python-gobject-devel ==== perl-DBD-SQLite ==== Version update (1.64 -> 1.66) - updated to 1.66 see /usr/share/doc/packages/perl-DBD-SQLite/Changes 1.66 2020-08-30 - Switched to a production version 1.65_03 2020-07-27 - Upgraded SQLite to 3.32.3 1.65_02 2020-02-08 - Upgraded SQLite to 3.31.1 1.65_01 2020-01-18 - Upgraded SQLite to 3.30.1 - Added several SQL_ types as alias (pali++) - Fixed two initialization issues (ppisar++) - Allowed create_function to return an array reference to specify the type of the value ==== phodav ==== Version update (2.4 -> 2.5) - Update to version 2.5: + Add PhodavVirtualDir & related API. + Various misc build and code fixes. ==== pipewire ==== Version update (0.3.9 -> 0.3.10) Subpackages: libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Update to version 0.3.10: * Many improvements to the pulse layer. + GStreamer pulsesink element now works. + Fixes some segfaults. + Enable rtkit for client threads. + fixes capture of monitor stream by name + implement some more extensions, this makes paman work and removes some warnings. * Many improvements to the GStreamer elements + negotiation rework, avoid calling GStreamer methods from the PipeWire callbacks because they might block and cause deadlocks. + Add support for non-string property values. + improve stability after buffer and format renegotiation. + Rework the device provider. + pipewiresink can now provide a stream that can be consumed by apps like cheese. * Many improvements to the JACK layer: + Rework the buffer_size callbacks. Make sure we call the callback from a 'safe' thread and that we don't call the process callback while the application is handling the callback. This improves stability in apps like Carla when PipeWire dynamically changes the buffer size. + Improve compatibility with apps that call get_buffer_frames() with a 0 size (calfjackrack) + JACK can now create nodes that can be set as a sink/source in PulseAudio/ALSA apps (you can make an effects rack and set that as default sink for apps). * Added a group id property for nodes. This makes it possible to schedule nodes with the same driver even when they are otherwise not linked together. To make this work well a new flag needed to be added to nodes to signal when they are ready for processing. Together with the GStreamer fixes, this makes things like: gst-launch-1.0 -v pipewiresrc path=51 stream-properties="props,node.group=1" ! audio/x-raw ! pipewiresink stream-properties="props,node.group=1" work as expected with PipeWire managing the resampling to keep the clocks of the devices in sync. This can later also be used to force devices to be grouped together to create a JACK-like scheduling group. * Streams and filter now use PIPEWIRE_NODE and PIPEWIRE_LATENCY env variables as fallback. * ACP add per device port list. This makes UCM devices expose the right ports. * Fix some segfaults in ACP and UCM. * make pw-cat use the metadata to find default devices. * The media session can now save and load audio device Profiles and Routes (volumes), stream volumes and the default sink and sources. ==== read-only-root-fs ==== - Adjust btrfsmaintenance sysconfig to not use the read-only root filesystem [bsc#1176052] ==== rubygem-parser ==== Version update (2.7.1.2 -> 2.7.1.4) - New upstream release 2.7.1.4 v2.7.1.4 (2020-06-19) - -------------------- Features implemented: * ruby28.y: add find pattern. (#714) (Ilya Bylich) * lexer.rl: reject `->...` and `->(...)` with the same error. (#713) (Ilya Bylich) * ruby28.y: accept leading args before forward arg. (#712) (Ilya Bylich) * Added `emit_forward_arg` compatibility flag. (#710) (Ilya Bylich) * ruby28.y: include entire lambda expr in lambda rule. (#708) (Ilya Bylich) * ruby28.y: extracted excessed_comma rule. (#706) (Ilya Bylich) * Source::TreeRewriter: Improved merging and representations (#703) (Marc-André Lafortune) Bugs fixed: * ruby*.y: fixed context inside lambda args and module. (#709) (Ilya Bylich) v2.7.1.3 (2020-05-26) - -------------------- API modifications: * fixed all warnings. tests are running in verbose mode now. (#685) (Ilya Bylich) Features implemented: * ruby-[parse, rewrite]: add legacy switches (#699) (Marc-André Lafortune) * Added Parser::Source::Range#to_range. (#697) (Ilya Bylich) * ruby28.y: support rescue modifier in endless method definition. (#696) (Ilya Bylich) * ruby28.y: unify kwrest and no-kwrest rules. (#694) (Ilya Bylich) * ruby28.y: add right hand assignment (#682) (Vladimir Dementyev) Bugs fixed: * fix Comment.associate for postfix conditions/loops (#688) (Marc-André Lafortune) ==== vulkan-loader ==== Version update (1.2.148 -> 1.2.151) - Update to release 1.2.151 * Fixed crash in device enumeration ==== xen ==== Version update (4.13.0_12 -> 4.14.0_02) Subpackages: xen-libs xen-tools-domU - Fix build on aarch64 with gcc10 - Package xenhypfs for aarch64 - Correct license name * GPL-3.0+ is now GPL-3.0-or-later - Upstream bug fixes (bsc#1027519) 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch - Update to Xen 4.14.0 FCS release xen-4.14.0-testing-src.tar.bz2 * Linux stubdomains (contributed by QUBES OS) * Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix) * Lightweight VM fork for fuzzing / introspection. (contributed by Intel) * Livepatch: buildid and hotpatch stack requirements * CONFIG_PV32 * Hypervisor FS support * Running Xen as a Hyper-V Guest * Domain ID randomization, persistence across save / restore * Golang binding autogeneration * KDD support for Windows 7, 8.x and 10 - Dropped patches contained in new tarball 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch xsa317.patch xsa319.patch xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch xsa328-1.patch xsa328-2.patch - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ignore-ip-command-script-errors.patch - Enhance libxc.migrate_tracking.patch After transfer of domU memory, the target host has to assemble the backend devices. Track the time prior xc_domain_unpause. - Add libxc.migrate_tracking.patch to track live migrations unconditionally in logfiles, especially in libvirt. This will track how long a domU was suspended during transit. - bsc#1173376 - VUL-0: CVE-2020-15566: xen: XSA-317 - Incorrect error handling in event channel port allocation xsa317.patch - bsc#1173377 - VUL-0: CVE-2020-15563: xen: XSA-319 - inverted code paths in x86 dirty VRAM tracking xsa319.patch - bsc#1173378 - VUL-0: CVE-2020-15565: xen: XSA-321 - insufficient cache write- back under VT-d xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch - bsc#1173380 - VUL-0: CVE-2020-15567: xen: XSA-328 - non-atomic modification of live EPT PTE xsa328-1.patch xsa328-2.patch - bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch (Replaces xsa320-1.patch) 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch (Replaces xsa320-2.patch) - Upstream bug fixes (bsc#1027519) 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch - Fixes for %_libexecdir changing to /usr/libexec - bsc#1172205 - VUL-0: CVE-2020-0543: xen: Special Register Buffer Data Sampling (SRBDS) aka "CrossTalk" (XSA-320) xsa320-1.patch xsa320-2.patch - Update to Xen 4.13.1 bug fix release (bsc#1027519) xen-4.13.1-testing-src.tar.bz2 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch - Drop patches contained in new tarball 5de65f84-gnttab-map-always-do-IOMMU-part.patch 5de65fc4-x86-avoid-HPET-use-on-certain-Intel.patch 5e15e03d-sched-fix-S3-resume-with-smt=0.patch 5e16fb6a-x86-clear-per-cpu-stub-page-info.patch 5e1da013-IRQ-u16-is-too-narrow-for-evtchn.patch 5e1dcedd-Arm-place-speculation-barrier-after-ERET.patch 5e21ce98-x86-time-update-TSC-stamp-after-deep-C-state.patch 5e286cce-VT-d-dont-pass-bridges-to-domain_context_mapping_one.patch 5e318cd4-x86-apic-fix-disabling-LVT0.patch 5e344c11-x86-HVM-relinquish-resources-from-domain_destroy.patch 5e3bd385-EFI-recheck-variable-name-strings.patch 5e3bd3d1-EFI-dont-leak-heap-VIA-XEN_EFI_get_next_variable_name.patch 5e3bd3f8-xmalloc-guard-against-overflow.patch 5e46e090-x86-smp-reset-x2apic_enabled-in-smp_send_stop.patch 5e4c00ef-VT-d-check-full-RMRR-for-E820-reserved.patch 5e4d4f5b-sched-fix-get_cpu_idle_time-with-core-sched.patch 5e4e614d-x86-spec-ctrl-no-xen-also-disables-branch-hardening.patch 5e4ec20e-x86-virtualise-MSR_PLATFORM_ID-properly.patch 5e5e7188-fix-error-path-in-cpupool_unassign_cpu_start.patch 5e6f53dd-AMD-IOMMU-fix-off-by-one-get_paging_mode.patch 5e7a371c-sched-fix-cpu-onlining-with-core-sched.patch 5e7c90cf-sched-fix-cpu-offlining-with-core-sched.patch 5e7cfb29-x86-ucode-AMD-fix-assert-in-compare_patch.patch 5e7cfb29-x86-ucode-fix-error-paths-in-apply_microcode.patch 5e7dd83b-libx86-CPUID-fix-not-just-leaf-7.patch 5e7dfbf6-x86-ucode-AMD-potential-buffer-overrun-equiv-tab.patch 5e846cce-x86-HVM-fix-AMD-ECS-handling-for-Fam10.patch 5e84905c-x86-ucode-AMD-fix-more-potential-buffer-overruns.patch 5e86f7b7-credit2-avoid-vCPUs-with-lower-creds-than-idle.patch 5e86f7fd-credit2-fix-credit-too-few-resets.patch 5e876b0f-tools-xenstore-fix-use-after-free-in-xenstored.patch 5e95ad61-xenoprof-clear-buffer-intended-to-be-shared-with-guests.patch 5e95ad8f-xenoprof-limit-consumption-of-shared-buffer-data.patch 5e95ae77-Add-missing-memory-barrier-in-the-unlock-path-of-rwlock.patch 5e95af5e-xen-gnttab-Fix-error-path-in-map_grant_ref.patch 5e95afb8-gnttab-fix-GNTTABOP_copy-continuation-handling.patch ==== yast2-installation ==== Version update (4.3.15 -> 4.3.16) - Self-update improvement: write the list of updated packages to the /.packages.self_update file in the inst-sys (bsc#1175614) - 4.3.16