Packages changed: aaa_base (84.87+git20200206.ed897a1 -> 84.87+git20200207.27e2c61) bash btrfsprogs (5.4 -> 5.4.1) c-ares (1.15.0+20191108 -> 1.15.0+20200117) chrony cloud-init conmon coreutils cryptsetup (2.1.0 -> 2.3.0) curl elfutils (0.177 -> 0.178) glib2 (2.62.4 -> 2.62.5) glibc (2.30 -> 2.31) gpg2 grep (3.3 -> 3.4) grub2 installation-images-MicroOS (14.454 -> 14.456) iproute2 (5.4 -> 5.5.0) issue-generator (1.7 -> 1.8) kernel-firmware (20200122 -> 20200207) kexec-tools libcap (2.25 -> 2.32) libeconf (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69) libssh libtirpc libxcrypt (4.4.10 -> 4.4.12) libzypp (17.22.0 -> 17.22.1) microos-tools (1.0+git20190812.97ca0ee -> 1.0+git20200214.c7654a7) mozilla-nss (3.48 -> 3.49.2) nano (4.7 -> 4.8) ncurses (6.1 -> 6.2) open-lldp openssh patterns-microos permissions (1550_20191205 -> 1550_20200213) podman (1.7.0 -> 1.8.0) popt python-decorator (4.4.0 -> 4.4.1) python-packaging (19.2 -> 20.1) python-pyOpenSSL (19.0.0 -> 19.1.0) python-pyparsing (2.4.5 -> 2.4.6) python-urllib3 (1.25.6 -> 1.25.8) readline rpm-config-SUSE (0.g45 -> 0.g52) sudo (1.8.28p1 -> 1.8.31) system-users systemd tallow (19+git20191106.4b071b0 -> 21+git20200213.865ec91) tar toolbox (1.0+git20191014.3034fbc -> 1.0+git20200217.cd18bfb) === Details === ==== aaa_base ==== Version update (84.87+git20200206.ed897a1 -> 84.87+git20200207.27e2c61) - Update to version 84.87+git20200207.27e2c61: * change rp_filter to 2 to follow the current default (bsc#1160735) ==== bash ==== - Add official patch bash50-012 When using previous-history to go back beyond the beginning of the history list, it's possible to move to an incorrect partial line. - Add official patch bash50-013 Reading history entries with timestamps can result in history entries joined by linefeeds. - Add official patch bash50-014 If the current line is empty, using the emacs C-xC-e binding to enter the editor will edit the previous command instead of the current (empty) one. - Add official patch bash50-015 If alias expansion is enabled when processing the command argument to the `-c' option, an alias is defined in that command, and the command ends with the invocation of that alias, the shell's command parser can prematurely terminate before the entire command is executed. - Add official patch bash50-016 Bash waits too long to reap /dev/fd process substitutions used as redirections with loops and group commands, which can lead to file descriptor exhaustion. ==== btrfsprogs ==== Version update (5.4 -> 5.4.1) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.4.1 * build: fix docbook5 build * check: do extra verification of extent items, inode items and chunks * qgroup: return ENOTCONN if quotas not running (needs updated kernel) * other: various test fixups ==== c-ares ==== Version update (1.15.0+20191108 -> 1.15.0+20200117) - Upgrade to latest snapshot from 2020-01-17 - disable-live-tests.patch: refreshed - regression.patch: fix a regression in DNS results that contain both A and AAAA answers. - Add netcfg as the build requirement and runtime requirement. ares_getaddrinfo function uses the getservbyport_r function which requires the /etc/services file to function properly. That config file is provided by the netcfg package. Unit tests rely on it too, hence it has to be a build dependency as well. - Switch to cmake-based build. Some packages need the cmake build files. ==== chrony ==== - Add chrony-test-update-processing-of-packet-log.patch in order to fix test-suite failure. - Update clknetsim to version 79ffe44 (fixes boo#1162964). - Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. ==== cloud-init ==== - Add cloud-init-long-pass.patch (bsc#1162936, CVE-2020-8632) + Increase the default length of generated passwords - Add cloud-init-use-different-random-src.diff (bsc#1162937, CVE-2020-8631) + Use non-deterministic generator for password generation. - Update cloud-init-write-routes.patch (bsc#1163178) + Entries in the routes definition have changed causing a traceback during rout config file writing. This patch update addresses the issue by extracting the new entries properly. ==== conmon ==== - Update to v2.0.10 (bsc#1160460, bsc#1164390, jsc#ECO-1048, jsc#SLE-11485, jsc#SLE-11331): - journal logging: write to /dev/null instead of -1 - Add TimedOutMessage to config to share with go code - Fix format string to limit the size of the string to 10 characters - Persist oom files on cgroup v2 - Revert the check for the OOM counter on cgroups v1 before writing OOM file - Add --persist-dir flag to allow important container files to be written to a persistent directory - Check OOM counter on cgroups v1 before writing OOM file - Use splice(2) to copy from stdin - Kill the process group on timeout - Add --persist-dir to allow callers to specify a directory that conmon should mirror certain important files that should persist reboots (right now, just the container exit file) - Fix tight loop on OOM - Add log level trace - Separate handling of log reopen events and terminal resize events - Add CONN_SOCK_BUF_SIZE to config - Fix bug to close the sync pipe before exit command - Set masterfd_stdout before registering ctrl_cb - Upstream has an actual description, use it instead of just duplicating the summary again. - Use `%make_build` macro instead of `%{__make}` - Use `%make_install` macro instead of `%{__make} install` - Use `%{_bindir}` macro instead of `%{_usr}/bin` - Change `PREFIX` to not contain `%{buildroot}` and use the `$DESTDIR` variable - Initial release v2.0.0 ==== coreutils ==== - disable single and testsuite builds in rings/staging - remove duplicate "coreutils" in flavor to make it look nicer in OBS - minor: remove obsolete comment in spec file. - switch to multibuild - add coreutils-single subpackage that contains a single binary coreutils tool similar to busybox - package LC_CTIME directories also in lang package - split off doc package - remove info macros, handled by file trigger nowadays ==== cryptsetup ==== Version update (2.1.0 -> 2.3.0) Subpackages: libcryptsetup12 - Update to 2.3.0 (include release notes for 2.2.0) * BITLK (Windows BitLocker compatible) device access * Veritysetup now supports activation with additional PKCS7 signature of root hash through --root-hash-signature option. * Integritysetup now calculates hash integrity size according to algorithm instead of requiring an explicit tag size. * Integritysetup now supports fixed padding for dm-integrity devices. * A lot of fixes to online LUKS2 reecryption. * Add crypt_resume_by_volume_key() function to libcryptsetup. If a user has a volume key available, the LUKS device can be resumed directly using the provided volume key. No keyslot derivation is needed, only the key digest is checked. * Implement active device suspend info. Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags that informs the caller that device is suspended (luksSuspend). * Allow --test-passphrase for a detached header. Before this fix, we required a data device specified on the command line even though it was not necessary for the passphrase check. * Allow --key-file option in legacy offline encryption. The option was ignored for LUKS1 encryption initialization. * Export memory safe functions. To make developing of some extensions simpler, we now export functions to handle memory with proper wipe on deallocation. * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. * Add optional global serialization lock for memory hard PBKDF. * Abort conversion to LUKS1 with incompatible sector size that is not supported in LUKS1. * Report error (-ENOENT) if no LUKS keyslots are available. User can now distinguish between a wrong passphrase and no keyslot available. * Fix a possible segfault in detached header handling (double free). * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. * The libcryptsetup now keeps all file descriptors to underlying device open during the whole lifetime of crypt device context to avoid excessive scanning in udev (udev run scan on every descriptor close). * The luksDump command now prints more info for reencryption keyslot (when a device is in-reencryption). * New --device-size parameter is supported for LUKS2 reencryption. * New --resume-only parameter is supported for LUKS2 reencryption. * The repair command now tries LUKS2 reencryption recovery if needed. * If reencryption device is a file image, an interactive dialog now asks if reencryption should be run safely in offline mode (if autodetection of active devices failed). * Fix activation through a token where dm-crypt volume key was not set through keyring (but using old device-mapper table parameter mode). * Online reencryption can now retain all keyslots (if all passphrases are provided). Note that keyslot numbers will change in this case. * Allow volume key file to be used if no LUKS2 keyslots are present. * Print a warning if online reencrypt is called over LUKS1 (not supported). * Fix TCRYPT KDF failure in FIPS mode. * Remove FIPS mode restriction for crypt_volume_key_get. * Reduce keyslots area size in luksFormat when the header device is too small. * Make resize action accept --device-size parameter (supports units suffix). ==== curl ==== Subpackages: libcurl4 - Eliminate curl-mini: The reason for this to exist was that cmake pulled in curl into too many places, causing build cycles. A new cmake-mini was generated, eliminating that need. ==== elfutils ==== Version update (0.177 -> 0.178) Subpackages: libasm1 libdw1 libelf1 - Re-add libelf1 to baselibs.conf: we still generate a libelf-devel-32bit, which is only installable if libelf1-21bit also exists. - Exclude debuginfod sub-packages and move them to elfutils-debuginfod. - Avoid double-shipping libdebuginfo.so.1 in two different subpackages. Fixup RPM group. - Split libdebuginfod1 into libdebuginfod1 and debuginfod-client. Add Requires for these packages. - Rename debuginfod-client package to libdebuginfod1 in order to fulfil SLPP violation. - Fix variable references in specfile - Use %fillupdir macros for proper sysconfig export. - Update to version 0.178: debuginfod: New server, client tool and library to index and fetch ELF/DWARF files addressed by build-id through HTTP. doc: There are now some manual pages for functions and tools. backends: The libebl libraries are no longer dynamically loaded through dlopen, but are now compiled into libdw.so directly. readelf: -n, --notes now takes an optional "SECTION" argument. - p and -x now also handle section numbers. New option --dyn-sym to show just the dynamic symbol table. libcpu: Add RISC-V disassembler. libdw: Abbrevs and DIEs can now be read concurrently by multiple threads through the same Dwarf handle. libdwfl: Will try to use debuginfod when installed as fallback to retrieve ELF and DWARF debug data files by build-id. - remove dwelf_elf_e_machine_string.patch. - remove unused libebl-plugins and libebl-devel subpackages - new subpackages debuginfod-client, debuginfod-client-devel and debuginfod added - main package binaries are explicitely listed and man pages for the binaries are included - Add remove-run-large-elf-file.sh.patch in order to remove running run-large-elf-file.sh (it hit OOM). ==== glib2 ==== Version update (2.62.4 -> 2.62.5) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.62.5: + Fix potential relative read when calling g_printerr(), which could lead to a denial of service from a setuid-root process being used to block access to the TTY for another user. + Fix SOCKS proxy resolver sometimes not being used when resolving addresses via Happy Eyeballs (CVE-2020-6750). + Several other Happy Eyeballs fixes for address resolution. + Fix parsing of full Julian day range from `$TZ` environment variable. + Several race condition/crash fixes. + Bugs fixed: glgo#GNOME/GLib#1919, glgo#GNOME/GLib#1995, glgo#GNOME/GLib#1999, glgo#GNOME/GLib!1323, glgo#GNOME/GLib!1331, glgo#GNOME/GLib!1352, glgo#GNOME/GLib!1361, glgo#GNOME/GLib!1365, glgo#GNOME/GLib!1370, glgo#GNOME/GLib!1371. + Updated translations. - No longer recommend -lang: supplements are in use ==== glibc ==== Version update (2.30 -> 2.31) Subpackages: glibc-locale glibc-locale-base - nsswitch.conf: comment out initgroups setting, so that it defaults to the group setting (bsc#1164075) - fix-locking-in-_IO_cleanup.patch: update to latest version - Update to glibc 2.31 * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to enable features from the draft ISO C2X standard * The functions that round their results to a narrower type now have corresponding type-generic macros in * The function pthread_clockjoin_np has been added, enabling join with a terminated thread with a specific clock * New locale added: mnw_MM (Mon language spoken in Myanmar). * The DNS stub resolver will optionally send the AD (authenticated data) bit in queries if the trust-ad option is set via the options directive in /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options) * The totalorder and totalordermag functions, and the corresponding functions for other floating-point types, now take pointer arguments to avoid signaling NaNs possibly being converted to quiet NaNs in argument passing * The obsolete function stime is no longer available to newly linked binaries, and its declaration has been removed from * The gettimeofday function no longer reports information about a system-wide time zone * If a lazy binding failure happens during dlopen, during the execution of an ELF constructor, the process is now terminated - malloc-info-whitespace.patch, riscv-vfork.patch, prefer-map-32bit-exec.patch, backtrace-powerpc.patch, ldconfig-dynstr.patch: Removed. - backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC (bsc#1158996, BZ #25423) - Drop support for pluggable gconv modules (bsc#1159851) ==== gpg2 ==== - Fix build with GCC-10: [bsc#1160394] * Always use EXTERN_UNLESS_MAIN_MODULE pattern * In GCC-10, the default option -fcommon will change to -fno-common - Add gpg2-gcc10-build-fno-common.patch ==== grep ==== Version update (3.3 -> 3.4) - Switch back to system regex to avoid undefined behaviour - grep 3.4: * new --no-ignore-case option causes grep to observe case distinctions, overriding any previous -i (--ignore-case) option * '.' no longer matches some invalid byte sequences in UTF-8 locales * grep -Fw can no longer false match in non-UTF-8 multibyte locales * The exit status of 'grep -L' is no longer incorrect when standard output is /dev/null * fix some performance bugs - drop test-pcre-jitstack.diff ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix grub hangs after loading rogue image without valid signature for uefi secure boot (bsc#1159102) * grub2-verifiers-fix-system-freeze-if-verify-failed.patch - From Stefan Seyfried : Fix grub2-install fails with "not a directory" error (boo#1161641, bsc#1162403) * grub2-install-fix-not-a-directory-error.patch ==== installation-images-MicroOS ==== Version update (14.454 -> 14.456) - merge gh#openSUSE/installation-images#357 - move gconv files into initrd (bsc#1161701) - netcfg has moved files to /usr/etc - 14.456 - merge gh#openSUSE/installation-images#356 - remove explicit dependency on openssl package - mount /proc in chroot environment during image build (bsc#1160594) - fix package version comparing - 14.455 ==== iproute2 ==== Version update (5.4 -> 5.5.0) - Update to new upstream version 5.5 * bridge: support fdb get * devlink: command line option to switch netns * devlink: all changing netns on reload * devlink: new timestamp format for health report dump * ip: support for alternative device names * ip link: support to get SR-IOV VF node GUID and port GUID * ip neigh: support get * rdma: relax requirement to have PID for HW objects * rdma: stat show mr * ss: allow dumping kTLS info * tc: support action flags * tc flower: support masked port destination and source match * tc pie: add dq_rate_estimator option * tipc: new commands to set TIPC AEAD key * more json support - drop patches obsoleted by version upgrade: * ss-fix-end-of-line-printing-in-misc-ss.c.patch * no-double-definitions.patch * Revert-emp-fix-warning-on-deprecated-bison-directive.patch * Revert-tc-ematch-fix-deprecated-yacc-warning.patch - refresh * split-link-and-compile-steps-for-binaries.patch ==== issue-generator ==== Version update (1.7 -> 1.8) - Update to version 1.8 - Handle network interface renames ==== kernel-firmware ==== Version update (20200122 -> 20200207) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20200207 (git commit 6f89735800fe): * rtl_nic: update firmware for RTL8153A * rtl_bt: Update RTL8822C BT FW to V0x0998_C2B4 * linux-firmware: add firmware for MT7622 * linux-firmware: add version 2 for MT7615E * amdgpu: update to latest navi10 firmware from 19.50 * Revert "radeon: update oland rlc microcode from amdgpu" * amlogic: update video decoder firmwares * amdgpu: add renoir firmware for 19.50 * amdgpu: update raven2 firmware for 19.50 * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.12.A.13 * qca: update bluetooth firmware for QCA6174 - Update topics and alias list ==== kexec-tools ==== - Fix build errors on old distributions * kexec-tools-video-capability.patch * kexec-tools-SYS_getrandom.patch ==== libcap ==== Version update (2.25 -> 2.32) - Update to version 2.32: * Bug fix for fakeroot incompatibility (boo#1162014) * Slight perf improvement for cap_get_bound(). * C++ support for psx header inclusion. * Some new testing features for capsh - Update to version 2.31: * primarily a documentation update * fix libpam.pc to not require libpsx.pc * changed the text format of the default output of getpcap - Build using -ffat-lto-objects for static library - Update to version 2.30: * BUGFIX: arm and i386 fixes C and Go setgroups choice - used wrong syscall in 2.29. * cleaned up make clean and make install to actually work as intended * updated Gentoo libpsx.pc file from Lars Wendler * refactored the way libpsx linkage with libcap performed mutual discovery. * Previously (2.28) libpsx had an API call overridden by libcap using weak linkage function in libpsx. In 2.30 this is reversed, namely libpsx provides the stronger function and libcap has a weak "no-op" version. * a bit more consistency in handling the 'all' sets in libcap (C) and libcap/cap (Go). Namely, they both dynamically discover the number of capabilities named by the kernel and use this as the definition of 'all' for the current runtime. + libcap (C) exports cap_max_bit() to export the number of supported capabilities + libcap/cap (Go) exports cap.MaxBits() for this same value. - For changes for older releases see: * https://sites.google.com/site/fullycapable/release-notes-for-libcap - Add glibc-static-devel as build requirement as tests need it - Install libpsx.a as it seems to be needed in some cases: * https://bugs.gentoo.org/703912 ==== libeconf ==== Version update (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69) - Update to version 0.3.5+git20200203.3144b69: * Release version 0.3.5 * Use float.h instead of obsolete gnuism values.h * Remove gnuism (strdupa) * Check for empty value (NULL pointer) before calling strdup. - Update to version 0.3.4+git20200121.febebf2: * Release version 0.3.4 * Fix buffer overflow in econf_readDirs * Fix parsing of quoted strings, and values starting with delimiters * tests: add test for quoted strings * tests: tst-configdirs5: fix config dir paths ==== libssh ==== Subpackages: libssh-config libssh4 - Drop the hack to pull curl-mini: we moved the split a bit higher up and now have a non-curl linked variant of cmake in openSUSE:Factory. ==== libtirpc ==== Subpackages: libtirpc-netconfig libtirpc3 - Backport upstream fix daed7ee ("Avoid multiple-definiton with gcc -fno-common") to fix build error with gcc flag -fno-common (bsc#1160875). Tested on gcc-9 and gcc-10. 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch - Skip unneeded autogen.sh run (configure is up-to-date), drop dependencies: libtool, autoconf - Replace krb5-mini-devel/krb5-devel with pkgconfig(krb5) ==== libxcrypt ==== Version update (4.4.10 -> 4.4.12) - Update to version 4.4.12 * Another fix for GCC v10.x, which occurs on s390 architectures only. - Update to version 4.4.11 * Fixes for GCC v10.x * Change how the known-answer tests are parallelized - gcc10.patch: remove ==== libzypp ==== Version update (17.22.0 -> 17.22.1) - update translations - Replace mongoose/webrick with nginx in test suite. This patch makes use of nginx to replace the current WebServer mongoose implementation. Also adds support for registering callback functions for certain URL requests via FCGI, making it possible to mock HTTP responses and test more complex HTTP setups. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - version 17.22.1 (22) ==== microos-tools ==== Version update (1.0+git20190812.97ca0ee -> 1.0+git20200214.c7654a7) - Update to version 1.0+git20200214.c7654a7: * Remove btrfsQuota, snapper list provides now the same informations * Adjust README.md ==== mozilla-nss ==== Version update (3.48 -> 3.49.2) - update to NSS 3.49.2 Fixed bugs: * Fix compilation problems with NEON-specific code in freebl (bmo#1608327) * Fix a taskcluster issue with Python 2 / Python 3 (bmo#1608895) - update to NSS 3.49.1 3.49.1 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49.1_release_notes * Cache the most recent PBKDF2 password hash, to speed up repeated SDR operations, important with the increased KDF iteration counts (bmo#1606992) 3.49 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes * The legacy DBM database, libnssdbm, is no longer built by default when using gyp builds (bmo#1594933) * several bugfixes ==== nano ==== Version update (4.7 -> 4.8) - update to 4.8: * When something is pasted into nano, suppress auto-indentation * paste can be undone as a whole with a single M-U * Improve handling of lock files on start-up * Shift+Meta+letter key combos can be bound with 'bind Sh-M-letter' * A custom nanorc file can be specified on the command line, with - f filename or --rcfile=filename ==== ncurses ==== Version update (6.1 -> 6.2) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Add ncurses patch 20200215 + improve manual page for panel library, extending the portability section as well as documenting error-returns. + show tic's version when installing terminal database in run_tic.sh + correct check for gcc vs other compilers used in ncurses 6.0, from FreeBSD patch by Kyle Evans (cf: 20150725). + add notes for 6.2 to INSTALL. - Update to ncurses 6.2 (patch 20200212) * Add 20200212 6.2 release for upload to ftp.gnu.org + update release notes + minor build-fixes, mostly to test-package scripts * Add ncurses patch20200208 + modify check for sizeof(wchar_t) to ensure it gives useful result when cross-compiling. + drop assumption in configure script that Cygwin's linker is broken. + define NCURSES_BROKEN_LINKER if the broken-linker feature is used, to simplify configure-checks for ncurses-examples. * Add ncurses patch20200202 + reassert copyright on ncurses, per discussion in ncurses FAQ: https://invisible-island.net/ncurses/ncurses.faq.html#relicensed * Add ncurses patch20200201 + modify comparison in make_hash.c to correct a special case in collision handling for Caps-hpux11 + add testing utility report_hashing to check hash-tables used for terminfo and termcap names. + fix a missing prototype for _nc_free_and_exit(). + update a few comments about tack 1.07 + use an awk script to split too-long pathnames used in Ada95 sample programs for explain.txt - Update to tack 1.9 (patch 20200202) * Update copyright and license. Also, portability fixes. - Adopt patch ncurses-5.7-tack.dif - Adopt patch ncurses-6.1.dif which is now ncurses-6.2.dif - Add ncurses patch 20200118 + expanded description of XM in user_caps.5 + improve xm example for xterm+x11mouse, xterm+sm+1006 -TD + add history section to curs_slk.3x and curs_terminfo.3x manpages. + update alacritty entries for 0.4.0 (prompted by patch by Christian Durr) -TD + correct spelling errors found with codespell. + fix for test/configure, from xterm #352. - Add ncurses patch 20200111 + improve configure macros which check for the X11/Intrinsic.h header, to accommodate recent MacOS changes. + suppress gcc's -Winline warning; it has not been useful for some time + update config.guess, config.sub ==== open-lldp ==== Subpackages: liblldp_clif1 - BuildRequire pkgconfig(systemd) instead of systemd directly: allow OBS to shortcut through the -mini flavors. ==== openssh ==== - Add patches to fix the sandbox blocking glibc on 32bit platforms (boo#1164061): * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-seccomp-clock_gettime64.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Move fcoe-utils and irqbalance to hardware pattern, not useful on guest install. - Introduce MicroOS Desktop patterns [boo#1163453] ==== permissions ==== Version update (1550_20191205 -> 1550_20200213) Subpackages: chkstat permissions-config - Update to version 20200213: * remove obsolete/broken entries for rcp/rsh/rlogin * chkstat: handle symlinks in final path elements correctly * Revert "Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)"" * Revert "mariadb: settings for new auth_pam_tool (bsc#1160285)" - Update to version 20200204: * mariadb: settings for new auth_pam_tool (bsc#1160285) * chkstat: - add read-only fallback when /proc is not mounted (bsc#1160764) - capability handling fixes (bsc#1161779) - better error message when refusing to fix dir perms (#32) - Update to version 20200127: * fix paths of ksysguard whitelisting * fix zero-termination of error message for overly long paths ==== podman ==== Version update (1.7.0 -> 1.8.0) Subpackages: podman-cni-config - Remove: 0001-clarify-container-prune-force.patch because it's now included in the release - Update podman to v1.8.0: * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra " to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if - -all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 ==== popt ==== - fix URLs, rpm5.org is no more ==== python-decorator ==== Version update (4.4.0 -> 4.4.1) - update to 4.4.1: Changed the description to "Decorators for Humans" are requested by several users. Fixed a .rst bug in the description as seen in PyPI. ==== python-packaging ==== Version update (19.2 -> 20.1) - add issue_254.patch to fix tests under non-x86_64 pplatforms - Update to 20.1 * Fix a bug caused by reuse of an exhausted iterator. * Add type hints * Add proper trove classifiers for PyPy support * Scale back depending on ctypes for manylinux support detection * Use sys.implementation.name where appropriate for packaging.tags * Expand upon the API provded by packaging.tags * Officially support Python 3.8 * Add major, minor, and micro aliases to packaging.version.Version * Properly mark packaging has being fully typed by adding a py.typed file ==== python-pyOpenSSL ==== Version update (19.0.0 -> 19.1.0) - Update to v19.1 * Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType. Use the classes without the ``Type`` suffix instead. * The minimum ``cryptography`` version is now 2.8 * Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated ALPN should be used instead. * Support bytearray in SSL.Connection.send() by using cffi's from_buffer * The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol. ==== python-pyparsing ==== Version update (2.4.5 -> 2.4.6) - update to 2.4.6 * Fixed typos in White mapping of whitespace characters, to use correct "\u" prefix instead of "u". * fix bug in left-associative ternary operators defined using infixNotation. First reported on StackOverflow by user Jeronimo. * Backport of pyparsing_test namespace from 3.0.0, including TestParseResultsAsserts mixin class defining unittest-helper methods: . def assertParseResultsEquals( self, result, expected_list=None, expected_dict=None, msg=None) . def assertParseAndCheckList( self, expr, test_string, expected_list, msg=None, verbose=True) . def assertParseAndCheckDict( self, expr, test_string, expected_dict, msg=None, verbose=True) . def assertRunTestResults( self, run_tests_report, expected_parse_results=None, msg=None) . def assertRaisesParseException(self, exc_type=ParseException, msg=None) ==== python-urllib3 ==== Version update (1.25.6 -> 1.25.8) - update to 1.25.8 * Drop support for EOL Python 3.4 * Optimize _encode_invalid_chars * Preserve chunked parameter on retries * Allow unset SERVER_SOFTWARE in App Engine * Fix issue where URL fragment was sent within the request target. * Fix issue where an empty query section in a URL would fail to parse. * Remove TLS 1.3 support in SecureTransport due to Apple removing support. ==== readline ==== - Add official patch readline80-002 When using previous-history to go back beyond the beginning of the history list, it's possible to move to an incorrect partial line. - Add official patch readline80-003 Reading history entries with timestamps can result in history entries joined by linefeeds. - Add official patch readline80-004 If writing the history file fails, and renaming the backup history file fails, it's possible for readline's history code to return the wrong error to its caller. ==== rpm-config-SUSE ==== Version update (0.g45 -> 0.g52) - Update to version 0.g52: * Make deprecated %install_info not fail when used within if/fi construct - Update to version 0.g50: * Add missing changelog entries and fix authors * Add ldconfig_scriptlets macros for RH/Fedora compatibility * move %install_info to file triggers (boo#1152105) ==== sudo ==== Version update (1.8.28p1 -> 1.8.31) - Update to 1.8.31 Major changes between version 1.8.31 and 1.8.30: * This version fixes a potential security issue that can lead to a buffer overflow if the pwfeedback option is enabled in sudoers [CVE-2019-18634] [bsc#1162202] * The sudoedit_checkdir option now treats a user-owned directory as writable, even if it does not have the write bit set at the time of check. Symbolic links will no longer be followed by sudoedit in any user-owned directory. Bug #912. * Fixed a crash introduced in sudo 1.8.30 when suspending sudo at the password prompt. Bug #914. * Fixed compilation on systems where the mmap MAP_ANON flag is not available. Bug #915. Major changes between version 1.8.30 and 1.8.29: * Sudo now closes file descriptors before changing uids. This prevents a non-root process from interfering with sudo's ability to close file descriptors on systems that support the prlimit(2) system call. * Sudo now treats an attempt to run sudo sudoedit as simply sudoedit If the sudoers file contains a fully-qualified path to sudoedit, sudo will now treat it simply as sudoedit (with no path). Visudo will will now treat a fully-qualified path to sudoedit as an error. Bug #871. * Fixed a bug introduced in sudo 1.8.28 where sudo would warn about a missing /etc/environment file on AIX and Linux when PAM is not enabled. Bug #907. * Fixed a bug on Linux introduced in sudo 1.8.29 that prevented the askpass program from running due to an unlimited stack size resource limit. Bug #908. * If a group provider plugin has optional arguments, the argument list passed to the plugin is now NULL terminated as per the documentation. * The user's time stamp file is now only updated if both authentication and approval phases succeed. This is consistent with the behavior of sudo prior to version 1.8.23. Bug #910. * The new allow_unknown_runas_id sudoers setting can be used to enable or disable the use of unknown user or group IDs. Previously, sudo would always allow unknown user or group IDs if the sudoers entry permitted it, including via the ALL alias. As of sudo 1.8.30, the admin must explicitly enable support for unknown IDs. * The new runas_check_shell sudoers setting can be used to require that the runas user have a shell listed in the /etc/shells file. On many systems, users such as bin, do not have a valid shell and this flag can be used to prevent commands from being run as those users. * Fixed a problem restoring the SELinux tty context during reboot if mctransd is killed before sudo finishes. GitHub Issue #17. * Fixed an intermittent warning on NetBSD when sudo restores the initial stack size limit. Major changes between version 1.8.29 and 1.8.28p1: * The cvtsudoers command will now reject non-LDIF input when converting from LDIF format to sudoers or JSON formats. * The new log_allowed and log_denied sudoers settings make it possible to disable logging and auditing of allowed and/or denied commands. * The umask is now handled differently on systems with PAM or login.conf. If the umask is explicitly set in sudoers, that value is used regardless of what PAM or login.conf may specify. However, if the umask is not explicitly set in sudoers, PAM or login.conf may now override the default sudoers umask. Bug #900. * For make install, the sudoers file is no longer checked for syntax errors when DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d which may not be readable as non-root. Bug #902. * Sudo now sets most resource limits to their maximum value to avoid problems caused by insufficient resources, such as an inability to allocate memory or open files and pipes. Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if the parent process was not associated with a session. This was due to sudo passing a session ID of -1 to the plugin. - refresh sudo-sudoers.patch ==== system-users ==== Subpackages: system-group-hardware system-group-wheel system-user-nobody - Add tss user for TPM tools (boo#1162360). ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit f8adabc2b1f3e3ad150e7a3bfa88341eda5a8a57 (merge v244.2) 77c04ce5c2 hwdb: update to v245-rc1 b4eb884824 Fix typo in function name e2d4cb9843 polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it 83bfc0d8dd sd-bus: introduce API for re-enqueuing incoming messages 5926f9f172 polkit: use structured initialization 0697d0d972 polkit: on async pk requests, re-validate action/details 2589995acd polkit: reuse some common bus message appending code 5b2442d5c3 bus-polkit: rename return error parameter to ret_error 0a19ff7004 shared: split out polkit stuff from bus-util.c ? bus-polkit.c 1325dfb577 test: adapt to the new capsh format 3538fafb47 meson: update efi path detection to gnu-efi-3.0.11 3034855a5b presets: "disable" all passive targets by default c2e3046819 shared/sysctl-util: normalize repeated slashes or dots to a single value 6f4364046f dhcp6: do not use T1 and T2 longer than one provided by the lease 0ed6cda28d network: fix implicit type conversion warning by GCC-10 f6a5c02d26 bootspec: parse random-seed-mode line in loader.conf ddc5dca8a7 sd-boot: fix typo 2bbbe9ae41 test: Synchronize journal before reading from it 072485d661 sd-bus: fix introspection bug in signal parameter names 80af3cf5e3 efi: fix build. [...] - Use suse.pool.ntp.org server pool on SLE (jsc#SLE-7683) - Drop scripts-udev-convert-lib-udev-path.sh Nobody should need it these days. ==== tallow ==== Version update (19+git20191106.4b071b0 -> 21+git20200213.865ec91) - Update to version 21+git20200213.865ec91: * Add tallow.patterns man page * Add extra path for firewall-cmd - Drop 0001-Add-extra-path-for-firewall-cmd.patch, accepted upstream ==== tar ==== - No longer recommend -lang: supplements are in use. ==== toolbox ==== Version update (1.0+git20191014.3034fbc -> 1.0+git20200217.cd18bfb) - Update to version 1.0+git20200217.cd18bfb: * Multiple toolboxes, with different names * Configure `sudo` access for an user toolbox * Correctly setup the user * Add -u|--user parameter * Handle arguments with 'getopt'