Packages changed: btrfsprogs (5.6.1 -> 5.7) busybox c-ares (1.15.0+20200117 -> 1.16.1) createrepo_c (0.15.11 -> 0.16.0) fuse-overlayfs (1.0.0 -> 1.1.0) gettext-runtime gpg2 (2.2.20 -> 2.2.21) gtk2 (2.24.32+67 -> 2.24.32+70) installation-images-MicroOS (15.12 -> 15.13) iputils issue-generator (1.9 -> 1.10) kernel-firmware (20200610 -> 20200702) krunner lame libedit libgcrypt (1.8.5 -> 1.8.6) libmodulemd (2.8.3 -> 2.9.4) libslirp (4.3.0 -> 4.3.1) libzip (1.7.1 -> 1.7.3) libzypp (17.23.8 -> 17.24.0) llvm10 lua53-luasocket openal-soft perl-Bootloader (0.928 -> 0.929) permissions (1550_20200526 -> 1550_20200710) polkit-default-privs (1550+20200630.e9f182b -> 1550+20200715.6ddc764) python-blinker rsync (3.1.3 -> 3.2.2) samba (4.12.3+git.161.208cf9730ee -> 4.12.5+git.168.88cc07e6cbf) snapper (0.8.10 -> 0.8.11) webkit2gtk3 (2.28.2 -> 2.28.3) xdm zstd === Details === ==== btrfsprogs ==== Version update (5.6.1 -> 5.7) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.7: * mkfs: * new option to enable features otherwise enabled at runtime, now implemented for quotas, 'mkfs.btrfs -R quota' * fix space accounting for small image, DUP and --rootdir * option -A removed * check: detect ranges with overlapping csum items * fi usage: report correct numbers when plain RAID56 profiles are used * convert: ensure the data chunks size never exceed device size * libbtrfsutil: update documentation regarding subvolume deletion * build: support libkcapi as implementation backend for cryptographic primitives * core: global options for verbosity (-v, -q), subcommands -v or -q are aliases and will continue to work but are considered deprecated, current command output is preserved to keep scripts working * other: * build warning fixes * btrfs-debugfs ported to python 3 ==== busybox ==== - Enable syslogd for containers - Enable testsuite and package it for later rerun (for QA, jsc#CAR-15) ==== c-ares ==== Version update (1.15.0+20200117 -> 1.16.1) - Version update to 1.16.1 Security: * Prevent possible use-after-free and double-free in ares_getaddrinfo() if ares_destroy() is called prior to ares_getaddrinfo() completing. Reported by Jann Horn at Google Project Zero. Changes: * Allow TXT records on CHAOS qclass. Used for retriving things like version.bind, version.server, authoris.bind, hostname.bind, and id.server. [3] Bug fixes: * Fix Windows Unicode incompatibilities with ares_getaddrinfo() [1] * Silence false cast-align compiler warnings due to valid casts of struct sockaddr to struct sockaddr_in and struct sockaddr_in6. * MacOS should use libresolv for retrieving DNS servers, like iOS * CMake build system should populate the INCLUDE_DIRECTORIES property of installed targets [2] * Correct macros in use for the ares_getaddrinfo.3 man page - Changes in version 1.16.0 Changes: * Introduction of ares_getaddrinfo() API which provides similar output (including proper sorting as per RFC 6724) to the system native API, but utilizes different data structures in order to provide additional information such as TTLs and all aliases. Please reference the respective man pages for usage details. * Parse SOA records from ns_t_any response * CMake: Provide c-ares version in package export file * CMake: Add CPACK functionality for DEB and RPM * CMake: Generate PDB files during build * CMake: Support manpage installation Bug fixes: * Fix bad expectation in IPv6 localhost test. * AutoTools: use XC_CHECK_BUILD_FLAGS instead of XC_CHECK_USER_FLAGS to prevent complaints about CPPFLAGS in CFLAGS. * Fix .onion handling * Command line usage was out of date for adig and ahost. * Typos in manpages * If ares_getenv is defined, it must return a value on all platforms * If /etc/resolv.conf has invalid lookup values, use the defaults. * Tests: Separate live tests from SetServers* tests as only live tests should require internet access. * ares_gethostbyname() should return ENODATA if no valid A or AAAA record is found, but a CNAME was found. * CMake: Rework library function checking to prevent unintended linking with system libraries that aren't needed. * Due to use of inet_addr() it was not possible to return 255.255.255.255 from ares_gethostbyname(). * CMake: Fix building of tests on Windows - Drop regression.patch which have been fixed upstream - Refresh disable-live-tests.patch - Remove static lib since its required when doing tests and we dont want it included in package - Run spec-cleaner ==== createrepo_c ==== Version update (0.15.11 -> 0.16.0) Subpackages: libcreaterepo_c0 python3-createrepo_c - Update to 0.16.0 + Never do dir walk when --recycle-pkglist specified + Add automatic module metadata handling for repos (rh#1795936) ==== fuse-overlayfs ==== Version update (1.0.0 -> 1.1.0) - Update to v1.1.0 - use openat2(2) when available. - accept "ro" as mount option. - fix set mtime for a symlink. - fix some issues reported by static analysis. - fix potential infinite loop on a short read. - fix creating a directory if the destination already exists in the upper layer. ==== gettext-runtime ==== Subpackages: libtextstyle0 - Fix boo941629-unnessary-rpath-on-standard-path.patch (boo#941629) ==== gpg2 ==== Version update (2.2.20 -> 2.2.21) - Fix regression in latest gpg2 that makes gpgme fail to build [bsc#1174007] - Add gnupg-gpgme-t-encrypt-sym.patch - GnuPG 2.2.21: * gpg: Improve symmetric decryption speed by about 25% * gpg: Support decryption of AEAD encrypted data packets * gpg: Add option --no-include-key-block * gpg: Allow for extra padding in ECDH * gpg: Only a single pinentry is shown for symmetric encryption if the pinentry supports this * gpg: Print a note if no keys are given to --delete-key * gpg,gpgsm: The ridiculous passphrase quality bar is not anymore shown * gpgsm: Certificates without a CRL distribution point are now considered valid without looking up a CRL. The new option - -enable-issuer-based-crl-check can be used to revert to the former behaviour * gpgsm: Support rsaPSS signature verification * gpgsm: Unless CRL checking is disabled lookup a missing issuer certificate using the certificate's authorityInfoAccess * gpgsm: Print the certificate's serial number also in decimal notation * gpgsm: Fix possible NULL-deref in messages of --gen-key * scd: Support the CardOS 5 based D-Trust Card 3.1 * dirmngr: Allow http URLs with "LOOKUP --url" * wkd: Take name of sendmail from configure. Fixes an OpenBSD specific bug ==== gtk2 ==== Version update (2.24.32+67 -> 2.24.32+70) Subpackages: gtk2-tools libgtk-2_0-0 - Update to version 2.24.32+70: * Resolve GIMP segfault from accessing memory past end of pixbuf Fixes https://gitlab.gnome.org/GNOME/gtk/-/issues/2684 * Use bundle id instead of package name for the macOS preview as filename is now changed. ==== installation-images-MicroOS ==== Version update (15.12 -> 15.13) - merge gh#openSUSE/installation-images#388 - Adjust style to fix shellcheck warnings; admit this needs bash - Remove bashisms, explicitly use /bin/dash as interpreter (bsc#1172139) - 'make check' will run shellcheck on the scripts needing dash - Save 1.5 MiB RAM by switching inst_setup to dash - 15.13 ==== iputils ==== - remove unneeded libidn build dependency (boo#1174049) ==== issue-generator ==== Version update (1.9 -> 1.10) - Update to version 1.10 - Display wlan interfaces [bsc#1169070] ==== kernel-firmware ==== Version update (20200610 -> 20200702) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20200702 (git commit 74ac3b5a7e79): * amdgpu: add UVD firmware for SI asics * QCA: Update WCN3991 FW files * amdgpu: update renoir firmware from 20.20 release * amdgpu: update picasso firmware from 20.20 release * amdgpu: update raven2 firmware from 20.20 release * amdgpu: update raven firmware from 20.20 release * amdgpu: add vega20 TA firmware from 20.20 release * amdgpu: update vega20 firmware from 20.20 release * amdgpu: update vega12 firmware from 20.20 release * amdgpu: update vega10 firmware from 20.20 release * amdgpu: update navi10 firmware from 20.20 release * amdgpu: update navi14 firmware from 20.20 release * rtl_nic: add firmware for RTL8125B ==== krunner ==== - Add patch to fix ABI mismatch (kde#423003): * 0001-Do-not-remove-virtual-method-from-build.patch ==== lame ==== - Escape the "$" character in spec file, so that the non-existing variable does not get replaced by empty string ==== libedit ==== - Regenerate the build system before the build in order to avoid errors due to automake version mismatch ==== libgcrypt ==== Version update (1.8.5 -> 1.8.6) - Update to 1.8.6 * mpi: Consider +0 and -0 the same in mpi_cmp * mpi: Fix flags in mpi_copy for opaque MPI * mpi: Fix the return value of mpi_invm_generic * mpi: DSA,ECDSA: Fix use of mpi_invm - Call mpi_invm before _gcry_dsa_modify_k - Call mpi_invm before _gcry_ecc_ecdsa_sign * mpi: Constant time mpi_inv with some conditions - mpi/mpi-inv.c (mpih_add_n_cond, mpih_sub_n_cond, mpih_swap_cond) - New: mpih_abs_cond, mpi_invm_odd - Rename from _gcry_mpi_invm: mpi_invm_generic - Use mpi_invm_odd for usual odd cases: _gcry_mpi_invm * mpi: Abort on division by zero also in _gcry_mpi_tdiv_qr * Fix wrong code execution in Poly1305 ARM/NEON implementation - Set r14 to -1 at function entry: (_gcry_poly1305_armv7_neon_init_ext) * Set vZZ.16b register to zero before use in armv8 gcm implementation * random: Fix include of config.h * Fix declaration of internal function _gcry_mpi_get_ui: Don't use ulong * ecc: Fix wrong handling of shorten PK bytes - Zeros are already recovered: (_gcry_ecc_mont_decodepoint) - Update libgcrypt-ecc-ecdsa-no-blinding.patch ==== libmodulemd ==== Version update (2.8.3 -> 2.9.4) - Rebase to 2.9.4 + Deprecate reset methods in favor of clear methods + Add modulemd-validator man page + Add Module.search_streams_by_glob() + Add ModuleIndex.search_streams() method + Add Modulemd.Module.search_streams_by_nsvca_glob() + Add ModuleIndex.search_streams_by_nsvca_glob() + Add ModuleIndex.search_rpms() + Add ModuleStreamV2.search_profiles() + Add framework for handling modulemd-packager YAML documents + Return appropriate error when parsing a ModulemdStream doc fails + Rework ModulemdError and ModulemdYamlError + Improve Modulemd*ErrorEnum deprecations + Use the new error enums everywhere + Fix inconsistent error setting + Make SKIP_UNKNOWN return UNKNOWN_ATTR in strict mode + modulemd-packager: Check for extraneous attributes + Fix bug printing negative buildorder values + Handle NULL nsvca_patterns for globs + Relax handling of differing content for the same NSVCA ==== libslirp ==== Version update (4.3.0 -> 4.3.1) - Update to 4.3.1 (bsc#1172380) - A silent truncation could occur in `slirp_fmt()`, which will now print a critical message. See also #22. - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage. See !44 and !42. - Fix win32 builds by using the SLIRP_PACKED definition. - Various coverity scan errors fixed. !41 - Fix new GCC warnings. !43 - Packaging changes - Enable "set_version" source service in _service file - Move "tar" and "recompress" service to "buildtime" as outlined in the OBS user guide - Enable "package-meta" as the libslirp build process now requires access to the git metadata. ==== libzip ==== Version update (1.7.1 -> 1.7.3) - version update to 1.7.3 * Support cmake < 3.17 again. * Fix pkgconfig file (regression in 1.7.2). - deleted patches - libzip-cmake-rules.patch (upstreamed) - added patches fix libdir in pkg-config file (revive the patch from 1.7.1 and older) + libzip-pkgconfig.patch - cmake tweaks: use upstream commit - modified patches % libzip-cmake-rules.patch (refreshed) - version update to 1.7.2 * Fixes for the CMake find_project() files. * libzip moved to the CMake libzip:: NAMESPACE. * CMake usage best practice cleanups. - deleted patches - pkgconfig.patch (extended and renamed) - added patches + libzip-cmake-rules.patch ==== libzypp ==== Version update (17.23.8 -> 17.24.0) - Completey rework the purge-kernels algorithm (fix bsc#1173106) The new code is closer to the original perl script, grouping the packages by name before applying the keep spec. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output (implements #228) - version 17.24.0 (22) ==== llvm10 ==== - Factor out computation of the number of jobs into a macro. - Choose mem_per_compile_job dependent on build stage, let stage 1 on x86_64 use more memory. - More generous memory allocation on riscv64. ==== lua53-luasocket ==== - Switch to multibuild and add lua54 build target. ==== openal-soft ==== - Add SDL2 and PortAudio backends ==== perl-Bootloader ==== Version update (0.928 -> 0.929) - merge gh#openSUSE/perl-bootloader#128 - Do not warn about missing SECURE_BOOT sysconfig - 0.929 ==== permissions ==== Version update (1550_20200526 -> 1550_20200710) Subpackages: chkstat permissions-config - Update to version 20200710: * Revert "etc/permissions: remove entries for bind-chrootenv". This currently conflicts with the way the CheckSUIDPermissions rpmlint-check is implemented. - Removed dbus-libexec.patch: contained in upstream - Update to version 20200624: * rework permissions.local text (boo#1173221) * dbus-1: adjust to new libexec dir location (bsc#1171164) * permission profiles: reinstate kdesud for kde5 * etc/permissions: remove entries for bind-chrootenv * etc/permissions: remove traceroute entry * VirtualBox: remove outdated entry which is only a symlink any more * /bin/su: remove path refering to symlink * etc/permissions: remove legacy RPM directory entries * /etc/permissions: remove outdated sudo directories * singularity: remove outdated setuid-binary entries * chromium: remove now unneeded chrome_sandbox entry (bsc#1163588) * dbus-1: remove deprecated alternative paths * PolicyKit: remove outdated entries last used in SLE-11 * pcp: remove no longer needed / conflicting entries * gnats: remove entries for package removed from Factory * kdelibs4: remove entries for package removed from Factory * v4l-base: remove entries for package removed from Factory * mailman: remove entries for package deleted from Factory * gnome-pty-helper: remove dead entry no longer part of the vte package * gnokii: remove entries for package no longer in Factory * xawtv (v4l-conf): correct group ownership in easy profile * systemd-journal: remove unnecessary profile entries * thttp: make makeweb entry usable in the secure profile (bsc#1171580) ==== polkit-default-privs ==== Version update (1550+20200630.e9f182b -> 1550+20200715.6ddc764) - Update to version 1550+20200715.6ddc764: * whitelist libvirt-dbus rule file (bsc#1173093) ==== python-blinker ==== - use pytest instead of deprecated nose - added patches https://github.com/jek/blinker/pull/60 + python-blinker-remove-nose.patch ==== rsync ==== Version update (3.1.3 -> 3.2.2) - Updated to version 3.2.2 * Too many changes to list, see included NEWS.md file. - Add BR on pkgconfig(openssl), rsync now uses openssl for MD4/MD5 - Add BR on libzstd-devel and liblz4-devel to enabled lz4 and zstd compression support. - Add BR on xxhash-devel to enable xxhash checksum support. - Refresh rsync-add_back_use_slp_directive.patch - Drop rsync-both-compressions.patch, rsync-send_error_to_sender.patch, rsync-avoid-uploading-after-error.patch, rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch: Fixed upstream. ==== samba ==== Version update (4.12.3+git.161.208cf9730ee -> 4.12.5+git.168.88cc07e6cbf) Subpackages: libdcerpc-binding0 libdcerpc0 libndr-krb5pac0 libndr-nbt0 libndr-standard0 libndr1 libnetapi0 libsamba-credentials0 libsamba-errors0 libsamba-hostconfig0 libsamba-passdb0 libsamba-util0 libsamdb0 libsmbclient0 libsmbconf0 libsmbldap2 libtevent-util0 libwbclient0 samba-client samba-libs samba-libs-python3 - Update to samba 4.12.5 + Fix smbd panic on force-close share during async io; (bso#14301). + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374) + Fix DFS links; (bso#14391). + Can't use DNS functionality after a Windows DC has been in domain; (bso#14310). + ldapi search to FreeIPA crashes; (bso#14413). + Add net-ads-join dnshostname=fqdn option; (bso#14396) + Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC; (bso#14406). + docs-xml: Update list of posible VFS operations for vfs_full_audit; (bso#14386). + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382). + Client tools are not able to read gencache anymore; (bso#14370). - Update to samba 4.12.4 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159) + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). ==== snapper ==== Version update (0.8.10 -> 0.8.11) Subpackages: libsnapper5 - added error handing for failed ambit detection (bsc#1174038) - version 0.8.11 ==== webkit2gtk3 ==== Version update (2.28.2 -> 2.28.3) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.28.3: + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-13753. ==== xdm ==== - readd insserv-compat also when using systemd due to missing /etc/rc.status, etc. (boo#1174180) ==== zstd ==== - Remove not needed exports in %install section. - Use %make_build macro. - Add upstream patch fix-lib-build.patch which fixes lib-mt target.