Packages changed: coreutils cracklib (2.9.6 -> 2.9.7) curl (7.70.0 -> 7.71.0) dhcp dracut (050+suse.66.g76431c83 -> 050+suse.67.g28be2f36) gcc10 (10.1.1+git40 -> 10.1.1+git290) glibc installation-images-MicroOS (15.5 -> 15.9) libzypp (17.23.7 -> 17.23.8) ncurses (6.2.20200531 -> 6.2.20200613) python-setuptools python3 python3-base sqlite3 (3.32.2 -> 3.32.3) systemd transactional-update (2.21.1 -> 2.22) yast2 (4.3.8 -> 4.3.9) === Details === ==== coreutils ==== - coreutils-gnulib-disable-test-float.patch: Add patch to temporarily disable the gnulib test 'test-float' failing on ppc and ppc64le. - coreutils.spec: Reference the patch. While at it, avoid conditional Patch and Source entries as that break cross-platform builds from source RPMs. ==== cracklib ==== Version update (2.9.6 -> 2.9.7) Subpackages: libcrack2 - Update to version 2.9.7: + fix a buffer overflow processing long words. - Drop 0003-overflow-processing-gecos.patch and 0004-overflow-processing-long-words.patch: fixed upstream. - Update source URI. - Remove use of translation-update-upstream. It cannot be added to ring 0 on leap, and 2.9.7 has some translation fixes (bsc#1172396). ==== curl ==== Version update (7.70.0 -> 7.71.0) Subpackages: libcurl4 - Update to 7.71.0 [bsc#1173026, CVE-2020-8169][bsc#1173027, CVE-2020-8177] * Changes: - CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl) - setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency - setopt: support certificate options in memory with struct curl_blob - tool: Add option --retry-all-errors to retry on any error * Bugfixes: - *_sspi: fix bad uses of CURLE_NOT_BUILT_IN - altsvc: bump to h3-29 - altsvc: fix 'dsthost' may be used uninitialized in this function - altsvc: fix parser for lines ending with CRLF - altsvc: remove the num field from the altsvc struct - asyn-*: remove support for never-used NULL entry pointers - azure: use matrix strategy to avoid configuration redundancy - build: disable more code/data when built without proxy support - buildconf: remove -print from the find command that removes files - checksrc: enhance the ASTERISKSPACE and update code accordingly - cirrus: disable SFTP and SCP tests - CMake: add ENABLE_ALT_SVC option - CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) - CMake: add libssh build support - configure: fix pthread check with static boringssl - configure: for wolfSSL, check for the DES func needed for NTLM - configure: only strip first -L from LDFLAGS - configure: repair the check if argv can be written to - configure: the wolfssh backend does not provide SCP - connect: improve happy eyeballs handling - connect: make happy eyeballs work for QUIC (again) - curl: remove -J "informational" written on stdout - Curl_addrinfo: use one malloc instead of three - dynbuf: introduce internal generic dynamic buffer functions - easy: fix dangling pointer on easy_perform fail - examples/ephiperfifo: turn off interval when setting timerfd - examples/http2-down/upload: add error checks - FILEFORMAT: add more features that tests can depend on - FILEFORMAT: describe verify/stderr - ftp: make domore_getsock() return the secondary socket properly - ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void) - ftp: shut down the secondary connection properly when SSL is used - GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT - hostip: make Curl_printable_address not return anything - http2: keep trying to send pending frames after req.upload_done - http2: simplify and clean up trailer handling - http: move header storage to Curl_easy from connectdata - libssh2: improved error output for wrong quote syntax - libssh2: keep sftp errors as 'unsigned long' - libssh2: set the expected total size in SCP upload init - multi: add defensive check on data->multi->num_alive - multi: implement wait using winsock events - ngtcp2: cleanup memory when failing to connect - ngtcp2: fix build with current ngtcp2 master implementing draft 28 - ngtcp2: fix happy eyeballs quic connect crash - ngtcp2: introduce qlog support - ngtcp2: never call fprintf() in lib code in release version - ngtcp2: update with recent API changes - ntlm: enable NTLM support with wolfSSL - OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN - openssl: set FLAG_TRUSTED_FIRST unconditionally - projects: Add crypt32.lib to dependencies for all OpenSSL configs - quiche: clean up memory properly when failing to connect - quiche: enable qlog output - quiche: update SSLKEYLOGFILE support - Revert "ssh: ignore timeouts during disconnect" - select: fix overflow protection in Curl_socket_check - sendf: make failf() use the mvsnprintf() return code - server/sws: fix asan warning on use of uninitialized variable - server/util: fix logmsg format using curl_off_t argument - sha256: fixed potentially uninitialized variable - share: don not set the share flag it something fails - sockfilt: make select_ws stop waiting on exit signal event - socks: detect connection close during handshake - socks: fix expected length of SOCKS5 reply - socks: remove unreachable breaks in socks.c and mime.c - source cleanup: remove all custom typedef structs - timeouts: change millisecond timeouts to timediff_t from time_t - timeouts: move ms timeouts to timediff_t from int and long - tool_cfgable: free login_options at exit - tool_getparam: -i is not OK if -J is used - tool_getparam: fix memory leak in parse_args - tool_operate: fixed potentially uninitialized variables - tool_paramhlp: fixed potentially uninitialized strtol() variable - transfer: close connection after excess data has been read - typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *' - unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode' - url: accept "any length" credentials for proxy auth - url: alloc the download buffer at transfer start - url: make the updated credentials URL-encoded in the URL - url: reject too long input when parsing credentials - url: sort the protocol schemes in rough popularity order - urlapi: accept :: as a valid IPv6 address - urldata: leave the HTTP method untouched in the set.* struct - urlglob: treat literal IPv6 addresses with zone IDs as a host name - user-agent.d: spell out what happens given a blank argument - vauth/cleartext: fix theoretical integer overflow - version.d: expanded and alpha-sorted - vtls: Extract and simplify key log file handling from OpenSSL - wolfssl: add SSLKEYLOGFILE support - wording: avoid blacklist/whitelist stereotypes - write-out.d: added "response_code" ==== dhcp ==== Subpackages: dhcp-client - insserv is not required anymore - Fixes for %_libexecdir changing to /usr/libexec ==== dracut ==== Version update (050+suse.66.g76431c83 -> 050+suse.67.g28be2f36) Subpackages: dracut-ima - Update to version 050+suse.67.g28be2f36: * 35network-legacy: Fix dual stack setups (bsc#1172807) ==== gcc10 ==== Version update (10.1.1+git40 -> 10.1.1+git290) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to gcc-10 branch head (c91e43e9363bd119a695d6450), git290. * Includes fix for PR95719, fixing LibreOffice. - Enable c++ for arm-none-eabi - Update to gcc-10 branch head (b0461f44076c26ced5526e4fd6), git68. - Add gcc10-foffload-default.patch to make offloading ignore offload targets that have not been installed both at compile and runtime (for the libgomp plugin part). ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - long-double-alias.patch: Fix build with GCC 10 when long double = double - nscd-gc-cycle.patch: nscd: bump GC cycle during cache pruning (bsc#1171878, BZ #26130) ==== installation-images-MicroOS ==== Version update (15.5 -> 15.9) - merge gh#openSUSE/installation-images#390 - updated list of branches - 15.9 - merge gh#openSUSE/installation-images#389 - aarch64: add ipa kernel module - add system-group-wheel to rescue system - 15.8 - merge gh#openSUSE/installation-images#387 - Add YaST dir (workaround for bsc#1172898) - 15.7 - merge gh#openSUSE/installation-images#386 - Add /bin/dash to reduce script memory consumption (bsc#1172139) - 15.6 ==== libzypp ==== Version update (17.23.7 -> 17.23.8) - Fix core dump with corrupted history file (bsc#1170801) - version 17.23.8 (22) ==== ncurses ==== Version update (6.2.20200531 -> 6.2.20200613) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Run ldconfig local on %buildroot %_lib to get links done (boo#1173222) - Add ncurses patch 20200606 + add xterm+256color2, xterm+88color2, to deprecate nonstandard usage in xterm+256color, xterm+88color -TD + add shifted Linux console keys in linux+sfkeys entry for screen.linux (report by Alexandre Montaron). + use vt100+enq in screen (report by Alexandre Montaron). + add screen.linux-s alias (suggested by Alexandre Montaron). - Add ncurses patch 20200613 + update list of functions in ncurses.3x + move dlclose() call from lib_mouse.c to delscreen() to avoid a case in the former which could be called from SIGTSTP handler (Debian [#961097]). ==== python-setuptools ==== - use local source dir for pytest imports gh#openSUSE/python-rpm-macros#48 ==== python3 ==== - Replace OBS_dev-shm.patch with the upstream PR#20944 ==== python3-base ==== Subpackages: libpython3_8-1_0 - Replace OBS_dev-shm.patch with the upstream PR#20944 ==== sqlite3 ==== Version update (3.32.2 -> 3.32.3) - SQLite 3.32.3: * Fix Heap Buffer Overflow in multiSelectOrderBy * Fix Assertion `flags3==pIn3->flags' failed * Fix Assertion `pExpr->pAggInfo==pAggInfo' failed * Fix Segfault in sqlite3Select * Fix Use after free in resetAccumulator CVE-2020-13871 boo#1172646 ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - migrate-sysconfig-i18n.sh: fix marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. ==== transactional-update ==== Version update (2.21.1 -> 2.22) Subpackages: transactional-update-zypp-config - Version 2.22 - Use pkgconf to determine installation paths - Enable SSL connections in update shell [boo#1149131] & [boo#1133891] ==== yast2 ==== Version update (4.3.8 -> 4.3.9) - Add a method to change the selection of the network backend to be used (related to bsc#1172749) - 4.3.9